Class: Aws::WAFV2::Types::ManagedRuleGroupStatement

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/types.rb

Overview

Note:

When making an API call, you may pass ManagedRuleGroupStatement data as a hash:

{
  vendor_name: "VendorName", # required
  name: "EntityName", # required
  version: "VersionKeyString",
  excluded_rules: [
    {
      name: "EntityName", # required
    },
  ],
  scope_down_statement: {
    byte_match_statement: {
      search_string: "data", # required
      field_to_match: { # required
        single_header: {
          name: "FieldToMatchData", # required
        },
        single_query_argument: {
          name: "FieldToMatchData", # required
        },
        all_query_arguments: {
        },
        uri_path: {
        },
        query_string: {
        },
        body: {
          oversize_handling: "CONTINUE", # accepts CONTINUE, MATCH, NO_MATCH
        },
        method: {
        },
        json_body: {
          match_pattern: { # required
            all: {
            },
            included_paths: ["JsonPointerPath"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
          oversize_handling: "CONTINUE", # accepts CONTINUE, MATCH, NO_MATCH
        },
        headers: {
          match_pattern: { # required
            all: {
            },
            included_headers: ["FieldToMatchData"],
            excluded_headers: ["FieldToMatchData"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
        },
        cookies: {
          match_pattern: { # required
            all: {
            },
            included_cookies: ["SingleCookieName"],
            excluded_cookies: ["SingleCookieName"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
        },
      },
      text_transformations: [ # required
        {
          priority: 1, # required
          type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
        },
      ],
      positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
    },
    sqli_match_statement: {
      field_to_match: { # required
        single_header: {
          name: "FieldToMatchData", # required
        },
        single_query_argument: {
          name: "FieldToMatchData", # required
        },
        all_query_arguments: {
        },
        uri_path: {
        },
        query_string: {
        },
        body: {
          oversize_handling: "CONTINUE", # accepts CONTINUE, MATCH, NO_MATCH
        },
        method: {
        },
        json_body: {
          match_pattern: { # required
            all: {
            },
            included_paths: ["JsonPointerPath"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
          oversize_handling: "CONTINUE", # accepts CONTINUE, MATCH, NO_MATCH
        },
        headers: {
          match_pattern: { # required
            all: {
            },
            included_headers: ["FieldToMatchData"],
            excluded_headers: ["FieldToMatchData"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
        },
        cookies: {
          match_pattern: { # required
            all: {
            },
            included_cookies: ["SingleCookieName"],
            excluded_cookies: ["SingleCookieName"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
        },
      },
      text_transformations: [ # required
        {
          priority: 1, # required
          type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
        },
      ],
      sensitivity_level: "LOW", # accepts LOW, HIGH
    },
    xss_match_statement: {
      field_to_match: { # required
        single_header: {
          name: "FieldToMatchData", # required
        },
        single_query_argument: {
          name: "FieldToMatchData", # required
        },
        all_query_arguments: {
        },
        uri_path: {
        },
        query_string: {
        },
        body: {
          oversize_handling: "CONTINUE", # accepts CONTINUE, MATCH, NO_MATCH
        },
        method: {
        },
        json_body: {
          match_pattern: { # required
            all: {
            },
            included_paths: ["JsonPointerPath"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
          oversize_handling: "CONTINUE", # accepts CONTINUE, MATCH, NO_MATCH
        },
        headers: {
          match_pattern: { # required
            all: {
            },
            included_headers: ["FieldToMatchData"],
            excluded_headers: ["FieldToMatchData"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
        },
        cookies: {
          match_pattern: { # required
            all: {
            },
            included_cookies: ["SingleCookieName"],
            excluded_cookies: ["SingleCookieName"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
        },
      },
      text_transformations: [ # required
        {
          priority: 1, # required
          type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
        },
      ],
    },
    size_constraint_statement: {
      field_to_match: { # required
        single_header: {
          name: "FieldToMatchData", # required
        },
        single_query_argument: {
          name: "FieldToMatchData", # required
        },
        all_query_arguments: {
        },
        uri_path: {
        },
        query_string: {
        },
        body: {
          oversize_handling: "CONTINUE", # accepts CONTINUE, MATCH, NO_MATCH
        },
        method: {
        },
        json_body: {
          match_pattern: { # required
            all: {
            },
            included_paths: ["JsonPointerPath"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
          oversize_handling: "CONTINUE", # accepts CONTINUE, MATCH, NO_MATCH
        },
        headers: {
          match_pattern: { # required
            all: {
            },
            included_headers: ["FieldToMatchData"],
            excluded_headers: ["FieldToMatchData"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
        },
        cookies: {
          match_pattern: { # required
            all: {
            },
            included_cookies: ["SingleCookieName"],
            excluded_cookies: ["SingleCookieName"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
        },
      },
      comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
      size: 1, # required
      text_transformations: [ # required
        {
          priority: 1, # required
          type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
        },
      ],
    },
    geo_match_statement: {
      country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW, XK
      forwarded_ip_config: {
        header_name: "ForwardedIPHeaderName", # required
        fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
      },
    },
    rule_group_reference_statement: {
      arn: "ResourceArn", # required
      excluded_rules: [
        {
          name: "EntityName", # required
        },
      ],
    },
    ip_set_reference_statement: {
      arn: "ResourceArn", # required
      ip_set_forwarded_ip_config: {
        header_name: "ForwardedIPHeaderName", # required
        fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
        position: "FIRST", # required, accepts FIRST, LAST, ANY
      },
    },
    regex_pattern_set_reference_statement: {
      arn: "ResourceArn", # required
      field_to_match: { # required
        single_header: {
          name: "FieldToMatchData", # required
        },
        single_query_argument: {
          name: "FieldToMatchData", # required
        },
        all_query_arguments: {
        },
        uri_path: {
        },
        query_string: {
        },
        body: {
          oversize_handling: "CONTINUE", # accepts CONTINUE, MATCH, NO_MATCH
        },
        method: {
        },
        json_body: {
          match_pattern: { # required
            all: {
            },
            included_paths: ["JsonPointerPath"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
          oversize_handling: "CONTINUE", # accepts CONTINUE, MATCH, NO_MATCH
        },
        headers: {
          match_pattern: { # required
            all: {
            },
            included_headers: ["FieldToMatchData"],
            excluded_headers: ["FieldToMatchData"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
        },
        cookies: {
          match_pattern: { # required
            all: {
            },
            included_cookies: ["SingleCookieName"],
            excluded_cookies: ["SingleCookieName"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
        },
      },
      text_transformations: [ # required
        {
          priority: 1, # required
          type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
        },
      ],
    },
    rate_based_statement: {
      limit: 1, # required
      aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
      scope_down_statement: {
        # recursive Statement
      },
      forwarded_ip_config: {
        header_name: "ForwardedIPHeaderName", # required
        fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
      },
    },
    and_statement: {
      statements: [ # required
        {
          # recursive Statement
        },
      ],
    },
    or_statement: {
      statements: [ # required
        {
          # recursive Statement
        },
      ],
    },
    not_statement: {
      statement: { # required
        # recursive Statement
      },
    },
    managed_rule_group_statement: {
      vendor_name: "VendorName", # required
      name: "EntityName", # required
      version: "VersionKeyString",
      excluded_rules: [
        {
          name: "EntityName", # required
        },
      ],
      scope_down_statement: {
        # recursive Statement
      },
      managed_rule_group_configs: [
        {
          login_path: "LoginPathString",
          payload_type: "JSON", # accepts JSON, FORM_ENCODED
          username_field: {
            identifier: "FieldIdentifier", # required
          },
          password_field: {
            identifier: "FieldIdentifier", # required
          },
        },
      ],
    },
    label_match_statement: {
      scope: "LABEL", # required, accepts LABEL, NAMESPACE
      key: "LabelMatchKey", # required
    },
    regex_match_statement: {
      regex_string: "RegexPatternString", # required
      field_to_match: { # required
        single_header: {
          name: "FieldToMatchData", # required
        },
        single_query_argument: {
          name: "FieldToMatchData", # required
        },
        all_query_arguments: {
        },
        uri_path: {
        },
        query_string: {
        },
        body: {
          oversize_handling: "CONTINUE", # accepts CONTINUE, MATCH, NO_MATCH
        },
        method: {
        },
        json_body: {
          match_pattern: { # required
            all: {
            },
            included_paths: ["JsonPointerPath"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
          oversize_handling: "CONTINUE", # accepts CONTINUE, MATCH, NO_MATCH
        },
        headers: {
          match_pattern: { # required
            all: {
            },
            included_headers: ["FieldToMatchData"],
            excluded_headers: ["FieldToMatchData"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
        },
        cookies: {
          match_pattern: { # required
            all: {
            },
            included_cookies: ["SingleCookieName"],
            excluded_cookies: ["SingleCookieName"],
          },
          match_scope: "ALL", # required, accepts ALL, KEY, VALUE
          oversize_handling: "CONTINUE", # required, accepts CONTINUE, MATCH, NO_MATCH
        },
      },
      text_transformations: [ # required
        {
          priority: 1, # required
          type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
        },
      ],
    },
  },
  managed_rule_group_configs: [
    {
      login_path: "LoginPathString",
      payload_type: "JSON", # accepts JSON, FORM_ENCODED
      username_field: {
        identifier: "FieldIdentifier", # required
      },
      password_field: {
        identifier: "FieldIdentifier", # required
      },
    },
  ],
}

A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.

You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#excluded_rulesArray<Types::ExcludedRule>

The rules in the referenced rule group whose actions are set to Count. When you exclude a rule, WAF evaluates it exactly as it would if the rule action setting were Count. This is a useful option for testing the rules in a rule group without modifying how they handle your web traffic.

Returns:



7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/types.rb', line 7494

class ManagedRuleGroupStatement < Struct.new(
  :vendor_name,
  :name,
  :version,
  :excluded_rules,
  :scope_down_statement,
  :managed_rule_group_configs)
  SENSITIVE = []
  include Aws::Structure
end

#managed_rule_group_configsArray<Types::ManagedRuleGroupConfig>

Additional information that's used by a managed rule group. Most managed rule groups don't require this.

Use this for the account takeover prevention managed rule group AWSManagedRulesATPRuleSet, to provide information about the sign-in page of your application.

You can provide multiple individual ManagedRuleGroupConfig objects for any rule group configuration, for example UsernameField and PasswordField. The configuration that you provide depends on the needs of the managed rule group. For the ATP managed rule group, you provide the following individual configuration objects: LoginPath, PasswordField, PayloadType and UsernameField.

Returns:



7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/types.rb', line 7494

class ManagedRuleGroupStatement < Struct.new(
  :vendor_name,
  :name,
  :version,
  :excluded_rules,
  :scope_down_statement,
  :managed_rule_group_configs)
  SENSITIVE = []
  include Aws::Structure
end

#nameString

The name of the managed rule group. You use this, along with the vendor name, to identify the rule group.

Returns:

  • (String)


7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/types.rb', line 7494

class ManagedRuleGroupStatement < Struct.new(
  :vendor_name,
  :name,
  :version,
  :excluded_rules,
  :scope_down_statement,
  :managed_rule_group_configs)
  SENSITIVE = []
  include Aws::Structure
end

#scope_down_statementTypes::Statement

An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group. Requests are only evaluated by the rule group if they match the scope-down statement. You can use any nestable Statement in the scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.

Returns:



7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/types.rb', line 7494

class ManagedRuleGroupStatement < Struct.new(
  :vendor_name,
  :name,
  :version,
  :excluded_rules,
  :scope_down_statement,
  :managed_rule_group_configs)
  SENSITIVE = []
  include Aws::Structure
end

#vendor_nameString

The name of the managed rule group vendor. You use this, along with the rule group name, to identify the rule group.

Returns:

  • (String)


7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/types.rb', line 7494

class ManagedRuleGroupStatement < Struct.new(
  :vendor_name,
  :name,
  :version,
  :excluded_rules,
  :scope_down_statement,
  :managed_rule_group_configs)
  SENSITIVE = []
  include Aws::Structure
end

#versionString

The version of the managed rule group to use. If you specify this, the version setting is fixed until you change it. If you don't specify this, WAF uses the vendor's default version, and then keeps the version at the vendor's default when the vendor updates the managed rule group settings.

Returns:

  • (String)


7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/types.rb', line 7494

class ManagedRuleGroupStatement < Struct.new(
  :vendor_name,
  :name,
  :version,
  :excluded_rules,
  :scope_down_statement,
  :managed_rule_group_configs)
  SENSITIVE = []
  include Aws::Structure
end