ManagedRuleGroupStatement - AWS WAFV2

ManagedRuleGroupStatement

A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.

You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.

Note

You are charged additional fees when you use the AWS WAF Bot Control managed rule group AWSManagedRulesBotControlRuleSet or the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet. For more information, see AWS WAF Pricing.

Contents

ExcludedRules

The rules in the referenced rule group whose actions are set to Count. When you exclude a rule, AWS WAF evaluates it exactly as it would if the rule action setting were Count. This is a useful option for testing the rules in a rule group without modifying how they handle your web traffic.

Type: Array of ExcludedRule objects

Array Members: Maximum number of 100 items.

Required: No

ManagedRuleGroupConfigs

Additional information that's used by a managed rule group. Most managed rule groups don't require this.

Use this for the account takeover prevention managed rule group AWSManagedRulesATPRuleSet, to provide information about the sign-in page of your application.

You can provide multiple individual ManagedRuleGroupConfig objects for any rule group configuration, for example UsernameField and PasswordField. The configuration that you provide depends on the needs of the managed rule group. For the ATP managed rule group, you provide the following individual configuration objects: LoginPath, PasswordField, PayloadType and UsernameField.

Type: Array of ManagedRuleGroupConfig objects

Array Members: Minimum number of 1 item.

Required: No

Name

The name of the managed rule group. You use this, along with the vendor name, to identify the rule group.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: ^[\w\-]+$

Required: Yes

ScopeDownStatement

An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group. Requests are only evaluated by the rule group if they match the scope-down statement. You can use any nestable Statement in the scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.

Type: Statement object

Required: No

VendorName

The name of the managed rule group vendor. You use this, along with the rule group name, to identify the rule group.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: .*\S.*

Required: Yes

Version

The version of the managed rule group to use. If you specify this, the version setting is fixed until you change it. If you don't specify this, AWS WAF uses the vendor's default version, and then keeps the version at the vendor's default when the vendor updates the managed rule group settings.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: ^[\w#:\.\-/]+$

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: