A single action condition for a "Condition" in a logging filter.

Inspect all of the elements that WAF has parsed and extracted from the web request JSON body that are within the "JsonBody" MatchScope. This is used with the "FieldToMatch" option JsonBody.

Specifies that WAF should allow the request and optionally defines additional custom handling for the request.

All query arguments of a web request.

A logical rule statement used to combine other rule statements with AND logic. You provide more than one "Statement" within the AndStatement.

Specifies that WAF should block the request and optionally defines additional custom handling for the response to the web request.

The body of a web request. This immediately follows the request headers.

A rule statement that defines a string match search for WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the WAF console and the developer guide, this is refered to as a string match statement.

A single match condition for a "Filter".

Specifies that WAF should count the request. Optionally defines additional custom handling for the request.

A custom header for custom request and response handling. This is used in "CustomResponse" and "CustomRequestHandling".

Custom request handling behavior that inserts custom headers into a web request. You can add custom request handling for the rule actions allow and count.

A custom response to send to the client. You can define a custom response for rule actions and default web ACL actions that are set to "BlockAction".

The response body to use in a custom response to a web request. This is referenced by key from "CustomResponse" CustomResponseBodyKey.

In a "WebACL", this is the action that you want WAF to perform when a web request doesn't match any of the rules in the WebACL. The default action must be a terminating action, so you can't use count.

Specifies a single rule to exclude from the rule group. Excluding a rule overrides its action setting for the rule group in the web ACL, setting it to COUNT. This effectively excludes the rule from acting on web requests.

The part of a web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of a web request, create a separate rule statement for each component.

A single logging filter, used in "LoggingFilter".

A rule group that's defined for an Firewall Manager WAF policy.

The processing guidance for an Firewall Manager rule. This is like a regular rule "Statement", but it can only contain a rule group reference.

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

A rule statement used to identify web requests based on country of origin.

Part of the response from "GetSampledRequests". This is a complex type that appears as Headers in the response syntax. HTTPHeader contains the names and values of all of the headers that appear in one of the web requests.

Part of the response from "GetSampledRequests". This is a complex type that appears as Request in the response syntax. HTTPRequest contains information about one of the web requests.

Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0. For information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an "IPSet" that specifies the addresses you want to detect, then use the ARN of that set in this statement. To create an IP set, see "CreateIPSet".

High-level information about an "IPSet", returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage an IPSet, and the ARN, that you provide to the "IPSetReferenceStatement" to use the address set in a "Rule".

The body of a web request, inspected as JSON. The body immediately follows the request headers. This is used in the "FieldToMatch" specification.

The patterns to look for in the JSON body. WAF inspects the results of these pattern matches against the rule inspection criteria. This is used with the "FieldToMatch" option JsonBody.

A single label container. This is used as an element of a label array in multiple contexts, for example, in RuleLabels inside a "Rule" and in Labels inside a "SampledHTTPRequest".

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL.

A single label name condition for a "Condition" in a logging filter.

List of labels used by one or more of the rules of a "RuleGroup". This summary object is used for the following rule group lists:

Defines an association between Amazon Kinesis Data Firehose destinations and a web ACL resource, for logging from WAF. As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.

Filtering that specifies which web requests are kept in the logs and which are dropped, defined for a web ACL's "LoggingConfiguration".

A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling "ListAvailableManagedRuleGroups".

High-level information about a managed rule group, returned by "ListAvailableManagedRuleGroups". This provides information like the name and vendor name, that you provide when you add a "ManagedRuleGroupStatement" to a web ACL. Managed rule groups include Amazon Web Services Managed Rules rule groups, which are free of charge to WAF customers, and Marketplace managed rule groups, which you can subscribe to through Marketplace.

Describes a single version of a managed rule group.

A set of rules that is managed by Amazon Web Services and Marketplace sellers to provide versioned managed rule groups for customers of WAF.

High-level information for a managed rule set.

Information for a single version of a managed rule set.

The HTTP method of a web request. The method indicates the type of operation that the request is asking the origin to perform.

Specifies that WAF should do nothing. This is generally used to try out a rule without performing any actions. You set the OverrideAction on the "Rule".

A logical rule statement used to negate the results of another rule statement. You provide one "Statement" within the NotStatement.

A logical rule statement used to combine other rule statements with OR logic. You provide more than one "Statement" within the OrStatement.

The override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like RuleGroupReferenceStatement and ManagedRuleGroupStatement.

The query string of a web request. This is the part of a URL that appears after a ? character, if any.

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a temporary block on requests from an IP address that is sending excessive requests.

The set of IP addresses that are currently blocked for a rate-based statement.

A single regular expression. This is used in a "RegexPatternSet".

Contains one or more regular expressions.

A rule statement used to search web request components for matches with regular expressions. To use this, create a "RegexPatternSet" that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set. To create a regex pattern set, see "CreateRegexPatternSet".

High-level information about a "RegexPatternSet", returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a RegexPatternSet, and the ARN, that you provide to the "RegexPatternSetReferenceStatement" to use the pattern set in a "Rule".

A single rule, which you can use in a "WebACL" or "RuleGroup" to identify web requests that you want to allow, block, or count. Each rule includes one top-level "Statement" that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.

The action that WAF should take on a web request when it matches a rule's statement. Settings at the web ACL level can override the rule action setting.

A rule group defines a collection of rules to inspect and control web requests that you can use in a "WebACL". When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.

A rule statement used to run the rules that are defined in a "RuleGroup". To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.

High-level information about a "RuleGroup", returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a RuleGroup, and the ARN, that you provide to the "RuleGroupReferenceStatement" to use the rule group in a "Rule".

High-level information about a "Rule", returned by operations like "DescribeManagedRuleGroup". This provides information like the ID, that you can use to retrieve and manage a RuleGroup, and the ARN, that you provide to the "RuleGroupReferenceStatement" to use the rule group in a "Rule".

Represents a single sampled web request. The response from "GetSampledRequests" includes a SampledHTTPRequests complex type that appears as SampledRequests in the response syntax. SampledHTTPRequests contains an array of SampledHTTPRequest objects.

One of the headers in a web request, identified by name, for example, User-Agent or Referer. This setting isn't case sensitive.

One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

Attackers sometimes insert malicious SQL code into web requests in an effort to extract data from your database. To allow or block web requests that appear to contain malicious SQL code, create one or more SQL injection match conditions. An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want WAF to inspect. Later in the process, when you create a web ACL, you specify whether to allow or block requests that appear to contain malicious SQL code.

The processing guidance for a "Rule", used by WAF to determine whether a web request matches the rule.

A tag associated with an Amazon Web Services resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing or other management. Typically, the tag key represents a category, such as "environment", and the tag value represents a specific value within that category, such as "test," "development," or "production". Or you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.

The collection of tagging definitions for an Amazon Web Services resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing or other management. Typically, the tag key represents a category, such as "environment", and the tag value represents a specific value within that category, such as "test," "development," or "production". Or you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.

In a "GetSampledRequests" request, the StartTime and EndTime objects specify the time range for which you want WAF to return a sample of web requests.

The path component of the URI of a web request. This is the part of a web request that identifies a resource. For example, /images/daily-ad.jpg.

A version of the named managed rule group, that the rule group's vendor publishes for use by customers.

Defines and enables Amazon CloudWatch metrics and web request sample collection.

A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types "Rule", "RuleGroup", and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, or an AppSync GraphQL API.

High-level information about a "WebACL", returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a WebACL, and the ARN, that you provide to operations like "AssociateWebACL".

A rule statement that defines a cross-site scripting (XSS) match search for WAF to apply to web requests. XSS attacks are those where the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers. The XSS match statement provides the location in requests that you want WAF to search and text transformations to use on the search area before WAF searches for character sequences that are likely to be malicious strings.