A single action condition for a "Condition" in a logging filter.

Inspect all of the elements that WAF has parsed and extracted from the web request component that you've identified in your "FieldToMatch" specifications.

Specifies that WAF should allow the request and optionally defines additional custom handling for the request.

Inspect all query arguments of the web request.

A logical rule statement used to combine other rule statements with AND logic. You provide more than one "Statement" within the AndStatement.

Details for your use of the account takeover prevention managed rule group, AWSManagedRulesATPRuleSet. This configuration is used in ManagedRuleGroupConfig.

Details for your use of the Bot Control managed rule group, AWSManagedRulesBotControlRuleSet. This configuration is used in ManagedRuleGroupConfig.

Specifies that WAF should block the request and optionally defines additional custom handling for the response to the web request.

Inspect the body of the web request. The body immediately follows the request headers.

A rule statement that defines a string match search for WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the WAF console and the developer guide, this is called a string match statement.

Specifies that WAF should run a CAPTCHA check against the request:

Specifies how WAF should handle CAPTCHA evaluations. This is available at the web ACL level and in each rule.

The result from the inspection of the web request for a valid CAPTCHA token.

Specifies that WAF should run a Challenge check against the request to verify that the request is coming from a legitimate client session:

Specifies how WAF should handle Challenge evaluations. This is available at the web ACL level and in each rule.

The result from the inspection of the web request for a valid challenge token.

A single match condition for a "Filter".

The filter to use to identify the subset of cookies to inspect in a web request.

Inspect the cookies in the web request. You can specify the parts of the cookies to inspect and you can narrow the set of cookies to inspect by including or excluding specific keys.

Specifies that WAF should count the request. Optionally defines additional custom handling for the request.

A custom header for custom request and response handling. This is used in "CustomResponse" and "CustomRequestHandling".

Custom request handling behavior that inserts custom headers into a web request. You can add custom request handling for WAF to use when the rule action doesn't block the request. For example, CaptchaAction for requests with valid t okens, and AllowAction.

A custom response to send to the client. You can define a custom response for rule actions and default web ACL actions that are set to "BlockAction".

The response body to use in a custom response to a web request. This is referenced by key from "CustomResponse" CustomResponseBodyKey.

In a "WebACL", this is the action that you want WAF to perform when a web request doesn't match any of the rules in the WebACL. The default action must be a terminating action.

Specifies a single rule in a rule group whose action you want to override to Count.

The part of the web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.

A single logging filter, used in "LoggingFilter".

A rule group that's defined for an Firewall Manager WAF policy.

The processing guidance for an Firewall Manager rule. This is like a regular rule "Statement", but it can only contain a rule group reference.

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

A rule statement that labels web requests by country and region and that matches against web requests based on country code. A geo match rule labels every request that it inspects regardless of whether it finds a match.

The filter to use to identify the subset of headers to inspect in a web request.

Inspect all headers in the web request. You can specify the parts of the headers to inspect and you can narrow the set of headers to inspect by including or excluding specific keys.

Part of the response from "GetSampledRequests". This is a complex type that appears as Headers in the response syntax. HTTPHeader contains the names and values of all of the headers that appear in one of the web requests.

Part of the response from "GetSampledRequests". This is a complex type that appears as Request in the response syntax. HTTPRequest contains information about one of the web requests.

Used for CAPTCHA and challenge token settings. Determines how long a CAPTCHA or challenge timestamp remains valid after WAF updates it for a successful CAPTCHA or challenge response.

Contains zero or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0. For information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an "IPSet" that specifies the addresses you want to detect, then use the ARN of that set in this statement. To create an IP set, see "CreateIPSet".

High-level information about an "IPSet", returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage an IPSet, and the ARN, that you provide to the "IPSetReferenceStatement" to use the address set in a "Rule".

Inspect the body of the web request as JSON. The body immediately follows the request headers.

The patterns to look for in the JSON body. WAF inspects the results of these pattern matches against the rule inspection criteria. This is used with the "FieldToMatch" option JsonBody.

A single label container. This is used as an element of a label array in multiple contexts, for example, in RuleLabels inside a "Rule" and in Labels inside a "SampledHTTPRequest".

A rule statement to match against labels that have been added to the web request by rules that have already run in the web ACL.

A single label name condition for a "Condition" in a logging filter.

List of labels used by one or more of the rules of a "RuleGroup". This summary object is used for the following rule group lists:

Defines an association between logging destinations and a web ACL resource, for logging from WAF. As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.

Filtering that specifies which web requests are kept in the logs and which are dropped, defined for a web ACL's "LoggingConfiguration".

Additional information that's used by a managed rule group. Many managed rule groups don't require this.

A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling "ListAvailableManagedRuleGroups".

High-level information about a managed rule group, returned by "ListAvailableManagedRuleGroups". This provides information like the name and vendor name, that you provide when you add a "ManagedRuleGroupStatement" to a web ACL. Managed rule groups include Amazon Web Services Managed Rules rule groups, which are free of charge to WAF customers, and Amazon Web Services Marketplace managed rule groups, which you can subscribe to through Amazon Web Services Marketplace.

Describes a single version of a managed rule group.

A set of rules that is managed by Amazon Web Services and Amazon Web Services Marketplace sellers to provide versioned managed rule groups for customers of WAF.

High-level information for a managed rule set.

Information for a single version of a managed rule set.

Inspect the HTTP method of the web request. The method indicates the type of operation that the request is asking the origin to perform.

Information for a release of the mobile SDK, including release notes and tags.

Specifies that WAF should do nothing. This is used for the OverrideAction setting on a "Rule" when the rule uses a rule group reference statement.

A logical rule statement used to negate the results of another rule statement. You provide one "Statement" within the NotStatement.

A logical rule statement used to combine other rule statements with OR logic. You provide more than one "Statement" within the OrStatement.

The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only.

Details about your login page password field for request inspection, used in the AWSManagedRulesATPRuleSet RequestInspection configuration.

Inspect the query string of the web request. This is the part of a URL that appears after a ? character, if any.

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a temporary block on requests from an IP address that is sending excessive requests.

The set of IP addresses that are currently blocked for a "RateBasedStatement".

A single regular expression. This is used in a "RegexPatternSet".

A rule statement used to search web request components for a match against a single regular expression.

Contains one or more regular expressions.

A rule statement used to search web request components for matches with regular expressions. To use this, create a "RegexPatternSet" that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set. To create a regex pattern set, see "CreateRegexPatternSet".

High-level information about a "RegexPatternSet", returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a RegexPatternSet, and the ARN, that you provide to the "RegexPatternSetReferenceStatement" to use the pattern set in a "Rule".

High level information for an SDK release.

The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.

The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.

Configures inspection of the response body. WAF can inspect the first 65,536 bytes (64 KB) of the response body. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.

Configures inspection of the response header. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.

Configures inspection of the response JSON. WAF can inspect the first 65,536 bytes (64 KB) of the response JSON. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.

Configures inspection of the response status code. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.

A single rule, which you can use in a "WebACL" or "RuleGroup" to identify web requests that you want to allow, block, or count. Each rule includes one top-level "Statement" that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.

The action that WAF should take on a web request when it matches a rule's statement. Settings at the web ACL level can override the rule action setting.

Action setting to use in the place of a rule action that is configured inside the rule group. You specify one override for each rule whose action you want to change.

A rule group defines a collection of rules to inspect and control web requests that you can use in a "WebACL". When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.

A rule statement used to run the rules that are defined in a "RuleGroup". To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.

High-level information about a "RuleGroup", returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a RuleGroup, and the ARN, that you provide to the "RuleGroupReferenceStatement" to use the rule group in a "Rule".

High-level information about a "Rule", returned by operations like "DescribeManagedRuleGroup". This provides information like the ID, that you can use to retrieve and manage a RuleGroup, and the ARN, that you provide to the "RuleGroupReferenceStatement" to use the rule group in a "Rule".

Represents a single sampled web request. The response from "GetSampledRequests" includes a SampledHTTPRequests complex type that appears as SampledRequests in the response syntax. SampledHTTPRequests contains an array of SampledHTTPRequest objects.

Inspect one of the headers in the web request, identified by name, for example, User-Agent or Referer. The name isn't case sensitive.

Inspect one query argument in the web request, identified by name, for example UserName or SalesRegion. The name isn't case sensitive.

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

A rule statement that inspects for malicious SQL code. Attackers insert malicious SQL code into web requests to do things like modify your database or extract data from it.

The processing guidance for a "Rule", used by WAF to determine whether a web request matches the rule.

A tag associated with an Amazon Web Services resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing or other management. Typically, the tag key represents a category, such as "environment", and the tag value represents a specific value within that category, such as "test," "development," or "production". Or you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.

The collection of tagging definitions for an Amazon Web Services resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing or other management. Typically, the tag key represents a category, such as "environment", and the tag value represents a specific value within that category, such as "test," "development," or "production". Or you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.

In a "GetSampledRequests" request, the StartTime and EndTime objects specify the time range for which you want WAF to return a sample of web requests.

Inspect the path component of the URI of the web request. This is the part of the web request that identifies a resource. For example, /images/daily-ad.jpg.

Details about your login page username field for request inspection, used in the AWSManagedRulesATPRuleSet RequestInspection configuration.

A version of the named managed rule group, that the rule group's vendor publishes for use by customers.

Defines and enables Amazon CloudWatch metrics and web request sample collection.

A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types "Rule", "RuleGroup", and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.

High-level information about a "WebACL", returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a WebACL, and the ARN, that you provide to operations like "AssociateWebACL".

A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.