ActivatedRule
The ActivatedRule
object in an UpdateWebACL request specifies a Rule
that you want to insert or delete,
the priority of the Rule
in the WebACL
, and the action that you want AWS WAF to take when a web request matches the Rule
(ALLOW
, BLOCK
, or COUNT
).
To specify whether to insert or delete a Rule
, use the Action
parameter in the WebACLUpdate data type.
Contents
- Action
-
Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the
Rule
. Valid values forAction
include the following:-
ALLOW
: CloudFront responds with the requested object. -
BLOCK
: CloudFront responds with an HTTP 403 (Forbidden) status code. -
COUNT
: AWS WAF increments a counter of requests that match the conditions in the rule and then continues to inspect the web request based on the remaining rules in the web ACL.
ActivatedRule|OverrideAction
applies only when updating or adding aRuleGroup
to aWebACL
. In this case you do not useActivatedRule|Action
. For all other update requests,ActivatedRule|Action
is used instead ofActivatedRule|OverrideAction
.Type: WafAction object
Required: No
-
- OverrideAction
-
Use the
OverrideAction
to test yourRuleGroup
.Any rule in a
RuleGroup
can potentially block a request. If you set theOverrideAction
toNone
, theRuleGroup
will block a request if any individual rule in theRuleGroup
matches the request and is configured to block that request. However if you first want to test theRuleGroup
, set theOverrideAction
toCount
. TheRuleGroup
will then override any block action specified by individual rules contained within the group. Instead of blocking matching requests, those requests will be counted. You can view a record of counted requests using GetSampledRequests.ActivatedRule|OverrideAction
applies only when updating or adding aRuleGroup
to aWebACL
. In this case you do not useActivatedRule|Action
. For all other update requests,ActivatedRule|Action
is used instead ofActivatedRule|OverrideAction
.Type: WafOverrideAction object
Required: No
- Priority
-
Specifies the order in which the
Rules
in aWebACL
are evaluated. Rules with a lower value forPriority
are evaluated beforeRules
with a higher value. The value must be a unique integer. If you add multipleRules
to aWebACL
, the values don't need to be consecutive.Type: Integer
Required: Yes
- RuleId
-
The
RuleId
for aRule
. You useRuleId
to get more information about aRule
(see GetRule), update aRule
(see UpdateRule), insert aRule
into aWebACL
or delete a one from aWebACL
(see UpdateWebACL), or delete aRule
from AWS WAF (see DeleteRule).RuleId
is returned by CreateRule and by ListRules.Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Required: Yes
- Type
-
The rule type, either
REGULAR
, as defined by Rule,RATE_BASED
, as defined by RateBasedRule, orGROUP
, as defined by RuleGroup. The default is REGULAR. Although this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without setting the type, the UpdateWebACL request will fail because the request tries to add a REGULAR rule with the specified ID, which does not exist.Type: String
Valid Values:
REGULAR | RATE_BASED | GROUP
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: