This is AWS WAF Classic
documentation. For more information, see AWS WAF Classic
in the developer guide. For the latest version of AWS WAF
, use the AWS WAFV2 API and see the AWS WAF Developer Guide
. With the latest version, AWS WAF has a single set of endpoints for regional and global use.
Creates an XssMatchSet
, which you use to allow, block, or count requests that contain cross-site scripting attacks in the specified part of web requests. AWS WAF searches for character sequences that are likely to be malicious strings.
To create and configure an
, perform the following steps:
- Use GetChangeToken to get the change token that you provide in the
ChangeToken parameter of a
- Submit a
GetChangeToken to get the change token that you provide in the
ChangeToken parameter of an UpdateXssMatchSet request.
- Submit an UpdateXssMatchSet request to specify the parts of web requests in which you want to allow, block, or count cross-site scripting attacks.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide