Class: Aws::NetworkFirewall::Types::RulesSourceList

Inherits:

Struct

• Object
• Struct
• Aws::NetworkFirewall::Types::RulesSourceList

Defined in:

gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb

Overview

Note:

When making an API call, you may pass RulesSourceList data as a hash:

{
  targets: ["CollectionMember_String"], # required
  target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
  generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
}

Stateful inspection criteria for a domain list rule group.

For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.

By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the HOME_NET rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see RuleVariables in this guide and Stateful domain list rule groups in Network Firewall in the Network Firewall Developer Guide.

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #generated_rules_type ⇒ String

  Whether you want to allow or deny access to the domains in your target list.

• #target_types ⇒ Array<String>

  The protocols you want to inspect.

• #targets ⇒ Array<String>

  The domains that you want to inspect for in your traffic flows.

Instance Attribute Details

#generated_rules_type ⇒ String

Whether you want to allow or deny access to the domains in your target list.

Returns:

• (String)

# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 3783

class RulesSourceList < Struct.new(
  :targets,
  :target_types,
  :generated_rules_type)
  SENSITIVE = []
  include Aws::Structure
end

#target_types ⇒ Array<String>

The protocols you want to inspect. Specify TLS_SNI for HTTPS. Specify HTTP_HOST for HTTP. You can specify either or both.

Returns:

• (Array<String>)

# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 3783

class RulesSourceList < Struct.new(
  :targets,
  :target_types,
  :generated_rules_type)
  SENSITIVE = []
  include Aws::Structure
end

#targets ⇒ Array<String>

The domains that you want to inspect for in your traffic flows. Valid domain specifications are the following:

• Explicit names. For example, abc.example.com matches only the domain abc.example.com.

• Names that use a domain wildcard, which you indicate with an initial '.'. For example,.example.com matches example.com and matches all subdomains of example.com, such as abc.example.com and www.example.com.

Returns:

• (Array<String>)

# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 3783

class RulesSourceList < Struct.new(
  :targets,
  :target_types,
  :generated_rules_type)
  SENSITIVE = []
  include Aws::Structure
end