AWS v6.77.0, Apr 9 25

AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi

aws.wafv2.WebAcl

Explore with Pulumi AI

AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi

Create WebAcl Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new WebAcl(name: string, args: WebAclArgs, opts?: CustomResourceOptions);

@overload
def WebAcl(resource_name: str,
           args: WebAclArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def WebAcl(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           association_config: Optional[WebAclAssociationConfigArgs] = None,
           captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
           challenge_config: Optional[WebAclChallengeConfigArgs] = None,
           custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
           default_action: Optional[WebAclDefaultActionArgs] = None,
           description: Optional[str] = None,
           name: Optional[str] = None,
           name_prefix: Optional[str] = None,
           rule_json: Optional[str] = None,
           rules: Optional[Sequence[WebAclRuleArgs]] = None,
           scope: Optional[str] = None,
           tags: Optional[Mapping[str, str]] = None,
           token_domains: Optional[Sequence[str]] = None,
           visibility_config: Optional[WebAclVisibilityConfigArgs] = None)

func NewWebAcl(ctx *Context, name string, args WebAclArgs, opts ...ResourceOption) (*WebAcl, error)

public WebAcl(string name, WebAclArgs args, CustomResourceOptions? opts = null)

public WebAcl(String name, WebAclArgs args)
public WebAcl(String name, WebAclArgs args, CustomResourceOptions options)

type: aws:wafv2:WebAcl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args WebAclArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args WebAclArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args WebAclArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args WebAclArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args WebAclArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

WebAcl Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The WebAcl resource accepts the following input properties:

DefaultAction WebAclDefaultAction: Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
Scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
VisibilityConfig WebAclVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
AssociationConfig WebAclAssociationConfig: Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
CaptchaConfig WebAclCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
ChallengeConfig WebAclChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
CustomResponseBodies List<WebAclCustomResponseBody>: Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
Description string: Friendly description of the WebACL.
Name string: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with name_prefix.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
RuleJson string: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with rule_json set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
Rules List<WebAclRule>: Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
Tags Dictionary<string, string>: Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TokenDomains List<string>: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

DefaultAction WebAclDefaultActionArgs: Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
Scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
VisibilityConfig WebAclVisibilityConfigArgs: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
AssociationConfig WebAclAssociationConfigArgs: Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
CaptchaConfig WebAclCaptchaConfigArgs: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
ChallengeConfig WebAclChallengeConfigArgs: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
CustomResponseBodies []WebAclCustomResponseBodyArgs: Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
Description string: Friendly description of the WebACL.
Name string: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with name_prefix.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
RuleJson string: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with rule_json set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
Rules []WebAclRuleArgs: Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
Tags map[string]string: Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TokenDomains []string: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

defaultAction WebAclDefaultAction: Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
scope String: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
visibilityConfig WebAclVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
associationConfig WebAclAssociationConfig: Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
captchaConfig WebAclCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
challengeConfig WebAclChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
customResponseBodies List<WebAclCustomResponseBody>: Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
description String: Friendly description of the WebACL.
name String: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with name_prefix.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
ruleJson String: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with rule_json set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules List<WebAclRule>: Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
tags Map<String,String>: Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tokenDomains List<String>: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

defaultAction WebAclDefaultAction: Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
visibilityConfig WebAclVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
associationConfig WebAclAssociationConfig: Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
captchaConfig WebAclCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
challengeConfig WebAclChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
customResponseBodies WebAclCustomResponseBody[]: Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
description string: Friendly description of the WebACL.
name string: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with name_prefix.
namePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
ruleJson string: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with rule_json set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules WebAclRule[]: Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
tags {[key: string]: string}: Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tokenDomains string[]: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

default_action WebAclDefaultActionArgs: Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
scope str: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
visibility_config WebAclVisibilityConfigArgs: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
association_config WebAclAssociationConfigArgs: Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
captcha_config WebAclCaptchaConfigArgs: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
challenge_config WebAclChallengeConfigArgs: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
custom_response_bodies Sequence[WebAclCustomResponseBodyArgs]: Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
description str: Friendly description of the WebACL.
name str: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with name_prefix.
name_prefix str: Creates a unique name beginning with the specified prefix. Conflicts with name.
rule_json str: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with rule_json set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules Sequence[WebAclRuleArgs]: Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
tags Mapping[str, str]: Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
token_domains Sequence[str]: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

defaultAction Property Map: Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
scope String: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
visibilityConfig Property Map: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
associationConfig Property Map: Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
captchaConfig Property Map: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
challengeConfig Property Map: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
customResponseBodies List<Property Map>: Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
description String: Friendly description of the WebACL.
name String: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with name_prefix.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
ruleJson String: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with rule_json set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules List<Property Map>: Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
tags Map<String>: Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tokenDomains List<String>: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

Outputs

All input properties are implicitly available as output properties. Additionally, the WebAcl resource produces the following output properties:

ApplicationIntegrationUrl string: The URL to use in SDK integrations with managed rule groups.
Arn string: The ARN of the WAF WebACL.
Capacity int: Web ACL capacity units (WCUs) currently being used by this web ACL.
Id string: The provider-assigned unique ID for this managed resource.
LockToken string
TagsAll Dictionary<string, string>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

ApplicationIntegrationUrl string: The URL to use in SDK integrations with managed rule groups.
Arn string: The ARN of the WAF WebACL.
Capacity int: Web ACL capacity units (WCUs) currently being used by this web ACL.
Id string: The provider-assigned unique ID for this managed resource.
LockToken string
TagsAll map[string]string: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

applicationIntegrationUrl String: The URL to use in SDK integrations with managed rule groups.
arn String: The ARN of the WAF WebACL.
capacity Integer: Web ACL capacity units (WCUs) currently being used by this web ACL.
id String: The provider-assigned unique ID for this managed resource.
lockToken String
tagsAll Map<String,String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

applicationIntegrationUrl string: The URL to use in SDK integrations with managed rule groups.
arn string: The ARN of the WAF WebACL.
capacity number: Web ACL capacity units (WCUs) currently being used by this web ACL.
id string: The provider-assigned unique ID for this managed resource.
lockToken string
tagsAll {[key: string]: string}: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

application_integration_url str: The URL to use in SDK integrations with managed rule groups.
arn str: The ARN of the WAF WebACL.
capacity int: Web ACL capacity units (WCUs) currently being used by this web ACL.
id str: The provider-assigned unique ID for this managed resource.
lock_token str
tags_all Mapping[str, str]: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

applicationIntegrationUrl String: The URL to use in SDK integrations with managed rule groups.
arn String: The ARN of the WAF WebACL.
capacity Number: Web ACL capacity units (WCUs) currently being used by this web ACL.
id String: The provider-assigned unique ID for this managed resource.
lockToken String
tagsAll Map<String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.

Look up Existing WebAcl Resource

Get an existing WebAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: WebAclState, opts?: CustomResourceOptions): WebAcl

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        application_integration_url: Optional[str] = None,
        arn: Optional[str] = None,
        association_config: Optional[WebAclAssociationConfigArgs] = None,
        capacity: Optional[int] = None,
        captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
        challenge_config: Optional[WebAclChallengeConfigArgs] = None,
        custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
        default_action: Optional[WebAclDefaultActionArgs] = None,
        description: Optional[str] = None,
        lock_token: Optional[str] = None,
        name: Optional[str] = None,
        name_prefix: Optional[str] = None,
        rule_json: Optional[str] = None,
        rules: Optional[Sequence[WebAclRuleArgs]] = None,
        scope: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        token_domains: Optional[Sequence[str]] = None,
        visibility_config: Optional[WebAclVisibilityConfigArgs] = None) -> WebAcl

func GetWebAcl(ctx *Context, name string, id IDInput, state *WebAclState, opts ...ResourceOption) (*WebAcl, error)

public static WebAcl Get(string name, Input<string> id, WebAclState? state, CustomResourceOptions? opts = null)

public static WebAcl get(String name, Output<String> id, WebAclState state, CustomResourceOptions options)

resources:  _:    type: aws:wafv2:WebAcl    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

ApplicationIntegrationUrl string: The URL to use in SDK integrations with managed rule groups.
Arn string: The ARN of the WAF WebACL.
AssociationConfig WebAclAssociationConfig: Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
Capacity int: Web ACL capacity units (WCUs) currently being used by this web ACL.
CaptchaConfig WebAclCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
ChallengeConfig WebAclChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
CustomResponseBodies List<WebAclCustomResponseBody>: Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
DefaultAction WebAclDefaultAction: Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
Description string: Friendly description of the WebACL.
LockToken string
Name string: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with name_prefix.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
RuleJson string: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with rule_json set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
Rules List<WebAclRule>: Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
Scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
Tags Dictionary<string, string>: Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
TokenDomains List<string>: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
VisibilityConfig WebAclVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

ApplicationIntegrationUrl string: The URL to use in SDK integrations with managed rule groups.
Arn string: The ARN of the WAF WebACL.
AssociationConfig WebAclAssociationConfigArgs: Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
Capacity int: Web ACL capacity units (WCUs) currently being used by this web ACL.
CaptchaConfig WebAclCaptchaConfigArgs: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
ChallengeConfig WebAclChallengeConfigArgs: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
CustomResponseBodies []WebAclCustomResponseBodyArgs: Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
DefaultAction WebAclDefaultActionArgs: Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
Description string: Friendly description of the WebACL.
LockToken string
Name string: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with name_prefix.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
RuleJson string: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with rule_json set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
Rules []WebAclRuleArgs: Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
Scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
Tags map[string]string: Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
TokenDomains []string: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
VisibilityConfig WebAclVisibilityConfigArgs: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

applicationIntegrationUrl String: The URL to use in SDK integrations with managed rule groups.
arn String: The ARN of the WAF WebACL.
associationConfig WebAclAssociationConfig: Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
capacity Integer: Web ACL capacity units (WCUs) currently being used by this web ACL.
captchaConfig WebAclCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
challengeConfig WebAclChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
customResponseBodies List<WebAclCustomResponseBody>: Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
defaultAction WebAclDefaultAction: Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
description String: Friendly description of the WebACL.
lockToken String
name String: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with name_prefix.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
ruleJson String: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with rule_json set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules List<WebAclRule>: Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
scope String: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
tags Map<String,String>: Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
tokenDomains List<String>: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
visibilityConfig WebAclVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

applicationIntegrationUrl string: The URL to use in SDK integrations with managed rule groups.
arn string: The ARN of the WAF WebACL.
associationConfig WebAclAssociationConfig: Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
capacity number: Web ACL capacity units (WCUs) currently being used by this web ACL.
captchaConfig WebAclCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
challengeConfig WebAclChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
customResponseBodies WebAclCustomResponseBody[]: Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
defaultAction WebAclDefaultAction: Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
description string: Friendly description of the WebACL.
lockToken string
name string: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with name_prefix.
namePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
ruleJson string: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with rule_json set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules WebAclRule[]: Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
tags {[key: string]: string}: Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
tokenDomains string[]: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
visibilityConfig WebAclVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

application_integration_url str: The URL to use in SDK integrations with managed rule groups.
arn str: The ARN of the WAF WebACL.
association_config WebAclAssociationConfigArgs: Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
capacity int: Web ACL capacity units (WCUs) currently being used by this web ACL.
captcha_config WebAclCaptchaConfigArgs: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
challenge_config WebAclChallengeConfigArgs: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
custom_response_bodies Sequence[WebAclCustomResponseBodyArgs]: Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
default_action WebAclDefaultActionArgs: Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
description str: Friendly description of the WebACL.
lock_token str
name str: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with name_prefix.
name_prefix str: Creates a unique name beginning with the specified prefix. Conflicts with name.
rule_json str: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with rule_json set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules Sequence[WebAclRuleArgs]: Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
scope str: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
tags Mapping[str, str]: Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
token_domains Sequence[str]: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
visibility_config WebAclVisibilityConfigArgs: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

applicationIntegrationUrl String: The URL to use in SDK integrations with managed rule groups.
arn String: The ARN of the WAF WebACL.
associationConfig Property Map: Specifies custom configurations for the associations between the web ACL and protected resources. See association_config below for details.
capacity Number: Web ACL capacity units (WCUs) currently being used by this web ACL.
captchaConfig Property Map: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captcha_config below for details.
challengeConfig Property Map: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challenge_config below for details.
customResponseBodies List<Property Map>: Defines custom response bodies that can be referenced by custom_response actions. See custom_response_body below for details.
defaultAction Property Map: Action to perform if none of the rules contained in the WebACL match. See default_action below for details.
description String: Friendly description of the WebACL.
lockToken String
name String: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with name_prefix.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
ruleJson String: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with rule_json set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules List<Property Map>: Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
scope String: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
tags Map<String>: Map of key-value pairs to associate with the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>: Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
tokenDomains List<String>: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
visibilityConfig Property Map: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.

Supporting Types

Note: There are over 200 nested types for this resource. Only the first 200 types are included in this documentation.

WebAclAssociationConfig
, WebAclAssociationConfigArgs

RequestBodies List<WebAclAssociationConfigRequestBody>: Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.

RequestBodies []WebAclAssociationConfigRequestBody: Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.

requestBodies List<WebAclAssociationConfigRequestBody>: Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.

requestBodies WebAclAssociationConfigRequestBody[]: Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.

request_bodies Sequence[WebAclAssociationConfigRequestBody]: Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.

requestBodies List<Property Map>: Customizes the request body that your protected resource forward to AWS WAF for inspection. See request_body below for details.

WebAclAssociationConfigRequestBody
, WebAclAssociationConfigRequestBodyArgs

ApiGateways List<WebAclAssociationConfigRequestBodyApiGateway>: Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See api_gateway below for details.
AppRunnerServices List<WebAclAssociationConfigRequestBodyAppRunnerService>: Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See app_runner_service below for details.
Cloudfronts List<WebAclAssociationConfigRequestBodyCloudfront>: Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
CognitoUserPools List<WebAclAssociationConfigRequestBodyCognitoUserPool>: Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognito_user_pool below for details.
VerifiedAccessInstances List<WebAclAssociationConfigRequestBodyVerifiedAccessInstance>: Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verified_access_instance below for details.

ApiGateways []WebAclAssociationConfigRequestBodyApiGateway: Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See api_gateway below for details.
AppRunnerServices []WebAclAssociationConfigRequestBodyAppRunnerService: Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See app_runner_service below for details.
Cloudfronts []WebAclAssociationConfigRequestBodyCloudfront: Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
CognitoUserPools []WebAclAssociationConfigRequestBodyCognitoUserPool: Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognito_user_pool below for details.
VerifiedAccessInstances []WebAclAssociationConfigRequestBodyVerifiedAccessInstance: Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verified_access_instance below for details.

apiGateways List<WebAclAssociationConfigRequestBodyApiGateway>: Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See api_gateway below for details.
appRunnerServices List<WebAclAssociationConfigRequestBodyAppRunnerService>: Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See app_runner_service below for details.
cloudfronts List<WebAclAssociationConfigRequestBodyCloudfront>: Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
cognitoUserPools List<WebAclAssociationConfigRequestBodyCognitoUserPool>: Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognito_user_pool below for details.
verifiedAccessInstances List<WebAclAssociationConfigRequestBodyVerifiedAccessInstance>: Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verified_access_instance below for details.

apiGateways WebAclAssociationConfigRequestBodyApiGateway[]: Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See api_gateway below for details.
appRunnerServices WebAclAssociationConfigRequestBodyAppRunnerService[]: Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See app_runner_service below for details.
cloudfronts WebAclAssociationConfigRequestBodyCloudfront[]: Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
cognitoUserPools WebAclAssociationConfigRequestBodyCognitoUserPool[]: Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognito_user_pool below for details.
verifiedAccessInstances WebAclAssociationConfigRequestBodyVerifiedAccessInstance[]: Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verified_access_instance below for details.

api_gateways Sequence[WebAclAssociationConfigRequestBodyApiGateway]: Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See api_gateway below for details.
app_runner_services Sequence[WebAclAssociationConfigRequestBodyAppRunnerService]: Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See app_runner_service below for details.
cloudfronts Sequence[WebAclAssociationConfigRequestBodyCloudfront]: Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
cognito_user_pools Sequence[WebAclAssociationConfigRequestBodyCognitoUserPool]: Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognito_user_pool below for details.
verified_access_instances Sequence[WebAclAssociationConfigRequestBodyVerifiedAccessInstance]: Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verified_access_instance below for details.

apiGateways List<Property Map>: Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See api_gateway below for details.
appRunnerServices List<Property Map>: Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See app_runner_service below for details.
cloudfronts List<Property Map>: Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
cognitoUserPools List<Property Map>: Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognito_user_pool below for details.
verifiedAccessInstances List<Property Map>: Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verified_access_instance below for details.

WebAclAssociationConfigRequestBodyApiGateway
, WebAclAssociationConfigRequestBodyApiGatewayArgs

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

default_size_inspection_limit str: Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

WebAclAssociationConfigRequestBodyAppRunnerService
, WebAclAssociationConfigRequestBodyAppRunnerServiceArgs

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

default_size_inspection_limit str: Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

WebAclAssociationConfigRequestBodyCloudfront
, WebAclAssociationConfigRequestBodyCloudfrontArgs

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

default_size_inspection_limit str: Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

WebAclAssociationConfigRequestBodyCognitoUserPool
, WebAclAssociationConfigRequestBodyCognitoUserPoolArgs

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

default_size_inspection_limit str: Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

WebAclAssociationConfigRequestBodyVerifiedAccessInstance
, WebAclAssociationConfigRequestBodyVerifiedAccessInstanceArgs

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

default_size_inspection_limit str: Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

WebAclCaptchaConfig
, WebAclCaptchaConfigArgs

ImmunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

ImmunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunity_time_property WebAclCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunityTimeProperty Property Map: Defines custom immunity time. See immunity_time_property below for details.

WebAclCaptchaConfigImmunityTimeProperty
, WebAclCaptchaConfigImmunityTimePropertyArgs

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Integer: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunity_time int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

WebAclChallengeConfig
, WebAclChallengeConfigArgs

ImmunityTimeProperty WebAclChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

ImmunityTimeProperty WebAclChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunityTimeProperty WebAclChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunityTimeProperty WebAclChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunity_time_property WebAclChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunityTimeProperty Property Map: Defines custom immunity time. See immunity_time_property below for details.

WebAclChallengeConfigImmunityTimeProperty
, WebAclChallengeConfigImmunityTimePropertyArgs

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Integer: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunity_time int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

WebAclCustomResponseBody
, WebAclCustomResponseBodyArgs

Content string: Payload of the custom response.
ContentType string: Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
Key string: Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

Content string: Payload of the custom response.
ContentType string: Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
Key string: Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

content String: Payload of the custom response.
contentType String: Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
key String: Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

content string: Payload of the custom response.
contentType string: Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
key string: Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

content str: Payload of the custom response.
content_type str: Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
key str: Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

content String: Payload of the custom response.
contentType String: Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
key String: Unique key identifying the custom response body. This is referenced by the custom_response_body_key argument in the custom_response block.

WebAclDefaultAction
, WebAclDefaultActionArgs

Allow WebAclDefaultActionAllow: Specifies that AWS WAF should allow requests by default. See allow below for details.
Block WebAclDefaultActionBlock: Specifies that AWS WAF should block requests by default. See block below for details.

Allow WebAclDefaultActionAllow: Specifies that AWS WAF should allow requests by default. See allow below for details.
Block WebAclDefaultActionBlock: Specifies that AWS WAF should block requests by default. See block below for details.

allow WebAclDefaultActionAllow: Specifies that AWS WAF should allow requests by default. See allow below for details.
block WebAclDefaultActionBlock: Specifies that AWS WAF should block requests by default. See block below for details.

allow WebAclDefaultActionAllow: Specifies that AWS WAF should allow requests by default. See allow below for details.
block WebAclDefaultActionBlock: Specifies that AWS WAF should block requests by default. See block below for details.

allow WebAclDefaultActionAllow: Specifies that AWS WAF should allow requests by default. See allow below for details.
block WebAclDefaultActionBlock: Specifies that AWS WAF should block requests by default. See block below for details.

allow Property Map: Specifies that AWS WAF should allow requests by default. See allow below for details.
block Property Map: Specifies that AWS WAF should block requests by default. See block below for details.

WebAclDefaultActionAllow
, WebAclDefaultActionAllowArgs

CustomRequestHandling WebAclDefaultActionAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclDefaultActionAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclDefaultActionAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclDefaultActionAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclDefaultActionAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See custom_request_handling below for details.

WebAclDefaultActionAllowCustomRequestHandling
, WebAclDefaultActionAllowCustomRequestHandlingArgs

InsertHeaders List<WebAclDefaultActionAllowCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclDefaultActionAllowCustomRequestHandlingInsertHeader: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclDefaultActionAllowCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclDefaultActionAllowCustomRequestHandlingInsertHeader[]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclDefaultActionAllowCustomRequestHandlingInsertHeader]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclDefaultActionAllowCustomRequestHandlingInsertHeader
, WebAclDefaultActionAllowCustomRequestHandlingInsertHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclDefaultActionBlock
, WebAclDefaultActionBlockArgs

CustomResponse WebAclDefaultActionBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

CustomResponse WebAclDefaultActionBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

customResponse WebAclDefaultActionBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

customResponse WebAclDefaultActionBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

custom_response WebAclDefaultActionBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

customResponse Property Map: Defines a custom response for the web request. See custom_response below for details.

WebAclDefaultActionBlockCustomResponse
, WebAclDefaultActionBlockCustomResponseArgs

ResponseCode int: The HTTP status code to return to the client.
CustomResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
ResponseHeaders List<WebAclDefaultActionBlockCustomResponseResponseHeader>: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

ResponseCode int: The HTTP status code to return to the client.
CustomResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
ResponseHeaders []WebAclDefaultActionBlockCustomResponseResponseHeader: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode Integer: The HTTP status code to return to the client.
customResponseBodyKey String: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
responseHeaders List<WebAclDefaultActionBlockCustomResponseResponseHeader>: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode number: The HTTP status code to return to the client.
customResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
responseHeaders WebAclDefaultActionBlockCustomResponseResponseHeader[]: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

response_code int: The HTTP status code to return to the client.
custom_response_body_key str: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
response_headers Sequence[WebAclDefaultActionBlockCustomResponseResponseHeader]: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode Number: The HTTP status code to return to the client.
customResponseBodyKey String: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
responseHeaders List<Property Map>: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

WebAclDefaultActionBlockCustomResponseResponseHeader
, WebAclDefaultActionBlockCustomResponseResponseHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclRule
, WebAclRuleArgs

Name string: Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
Priority int: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
Statement WebAclRuleStatement: The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.
VisibilityConfig WebAclRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
Action WebAclRuleAction: Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
CaptchaConfig WebAclRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.
ChallengeConfig WebAclRuleChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the rule level. See challenge_config below for details.
OverrideAction WebAclRuleOverrideAction: Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.
RuleLabels List<WebAclRuleRuleLabel>: Labels to apply to web requests that match the rule match statement. See rule_label below for details.

Name string: Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
Priority int: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
Statement WebAclRuleStatement: The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.
VisibilityConfig WebAclRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
Action WebAclRuleAction: Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
CaptchaConfig WebAclRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.
ChallengeConfig WebAclRuleChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the rule level. See challenge_config below for details.
OverrideAction WebAclRuleOverrideAction: Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.
RuleLabels []WebAclRuleRuleLabel: Labels to apply to web requests that match the rule match statement. See rule_label below for details.

name String: Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
priority Integer: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
statement WebAclRuleStatement: The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.
visibilityConfig WebAclRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
action WebAclRuleAction: Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
captchaConfig WebAclRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.
challengeConfig WebAclRuleChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the rule level. See challenge_config below for details.
overrideAction WebAclRuleOverrideAction: Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.
ruleLabels List<WebAclRuleRuleLabel>: Labels to apply to web requests that match the rule match statement. See rule_label below for details.

name string: Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
priority number: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
statement WebAclRuleStatement: The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.
visibilityConfig WebAclRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
action WebAclRuleAction: Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
captchaConfig WebAclRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.
challengeConfig WebAclRuleChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the rule level. See challenge_config below for details.
overrideAction WebAclRuleOverrideAction: Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.
ruleLabels WebAclRuleRuleLabel[]: Labels to apply to web requests that match the rule match statement. See rule_label below for details.

name str: Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
priority int: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
statement WebAclRuleStatement: The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.
visibility_config WebAclRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
action WebAclRuleAction: Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
captcha_config WebAclRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.
challenge_config WebAclRuleChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the rule level. See challenge_config below for details.
override_action WebAclRuleOverrideAction: Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.
rule_labels Sequence[WebAclRuleRuleLabel]: Labels to apply to web requests that match the rule match statement. See rule_label below for details.

name String: Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
priority Number: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
statement Property Map: The AWS WAF processing statement for the rule, for example byte_match_statement or geo_match_statement. See statement below for details.
visibilityConfig Property Map: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibility_config below for details.
action Property Map: Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
captchaConfig Property Map: Specifies how AWS WAF should handle CAPTCHA evaluations. See captcha_config below for details.
challengeConfig Property Map: Specifies how AWS WAF should handle Challenge evaluations on the rule level. See challenge_config below for details.
overrideAction Property Map: Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like rule_group_reference_statement and managed_rule_group_statement. See override_action below for details.
ruleLabels List<Property Map>: Labels to apply to web requests that match the rule match statement. See rule_label below for details.

WebAclRuleAction
, WebAclRuleActionArgs

Allow WebAclRuleActionAllow: Instructs AWS WAF to allow the web request. See allow below for details.
Block WebAclRuleActionBlock: Instructs AWS WAF to block the web request. See block below for details.
Captcha WebAclRuleActionCaptcha: Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
Challenge WebAclRuleActionChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
Count WebAclRuleActionCount: Instructs AWS WAF to count the web request and allow it. See count below for details.

Allow WebAclRuleActionAllow: Instructs AWS WAF to allow the web request. See allow below for details.
Block WebAclRuleActionBlock: Instructs AWS WAF to block the web request. See block below for details.
Captcha WebAclRuleActionCaptcha: Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
Challenge WebAclRuleActionChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
Count WebAclRuleActionCount: Instructs AWS WAF to count the web request and allow it. See count below for details.

allow WebAclRuleActionAllow: Instructs AWS WAF to allow the web request. See allow below for details.
block WebAclRuleActionBlock: Instructs AWS WAF to block the web request. See block below for details.
captcha WebAclRuleActionCaptcha: Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
challenge WebAclRuleActionChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
count WebAclRuleActionCount: Instructs AWS WAF to count the web request and allow it. See count below for details.

allow WebAclRuleActionAllow: Instructs AWS WAF to allow the web request. See allow below for details.
block WebAclRuleActionBlock: Instructs AWS WAF to block the web request. See block below for details.
captcha WebAclRuleActionCaptcha: Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
challenge WebAclRuleActionChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
count WebAclRuleActionCount: Instructs AWS WAF to count the web request and allow it. See count below for details.

allow WebAclRuleActionAllow: Instructs AWS WAF to allow the web request. See allow below for details.
block WebAclRuleActionBlock: Instructs AWS WAF to block the web request. See block below for details.
captcha WebAclRuleActionCaptcha: Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
challenge WebAclRuleActionChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
count WebAclRuleActionCount: Instructs AWS WAF to count the web request and allow it. See count below for details.

allow Property Map: Instructs AWS WAF to allow the web request. See allow below for details.
block Property Map: Instructs AWS WAF to block the web request. See block below for details.
captcha Property Map: Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
challenge Property Map: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
count Property Map: Instructs AWS WAF to count the web request and allow it. See count below for details.

WebAclRuleActionAllow
, WebAclRuleActionAllowArgs

CustomRequestHandling WebAclRuleActionAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclRuleActionAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclRuleActionAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See custom_request_handling below for details.

WebAclRuleActionAllowCustomRequestHandling
, WebAclRuleActionAllowCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleActionAllowCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclRuleActionAllowCustomRequestHandlingInsertHeader: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclRuleActionAllowCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclRuleActionAllowCustomRequestHandlingInsertHeader[]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclRuleActionAllowCustomRequestHandlingInsertHeader]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclRuleActionAllowCustomRequestHandlingInsertHeader
, WebAclRuleActionAllowCustomRequestHandlingInsertHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclRuleActionBlock
, WebAclRuleActionBlockArgs

CustomResponse WebAclRuleActionBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

CustomResponse WebAclRuleActionBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

customResponse WebAclRuleActionBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

customResponse WebAclRuleActionBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

custom_response WebAclRuleActionBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

customResponse Property Map: Defines a custom response for the web request. See custom_response below for details.

WebAclRuleActionBlockCustomResponse
, WebAclRuleActionBlockCustomResponseArgs

ResponseCode int: The HTTP status code to return to the client.
CustomResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
ResponseHeaders List<WebAclRuleActionBlockCustomResponseResponseHeader>: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

ResponseCode int: The HTTP status code to return to the client.
CustomResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
ResponseHeaders []WebAclRuleActionBlockCustomResponseResponseHeader: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode Integer: The HTTP status code to return to the client.
customResponseBodyKey String: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
responseHeaders List<WebAclRuleActionBlockCustomResponseResponseHeader>: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode number: The HTTP status code to return to the client.
customResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
responseHeaders WebAclRuleActionBlockCustomResponseResponseHeader[]: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

response_code int: The HTTP status code to return to the client.
custom_response_body_key str: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
response_headers Sequence[WebAclRuleActionBlockCustomResponseResponseHeader]: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode Number: The HTTP status code to return to the client.
customResponseBodyKey String: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
responseHeaders List<Property Map>: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

WebAclRuleActionBlockCustomResponseResponseHeader
, WebAclRuleActionBlockCustomResponseResponseHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclRuleActionCaptcha
, WebAclRuleActionCaptchaArgs

CustomRequestHandling WebAclRuleActionCaptchaCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclRuleActionCaptchaCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionCaptchaCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionCaptchaCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclRuleActionCaptchaCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See custom_request_handling below for details.

WebAclRuleActionCaptchaCustomRequestHandling
, WebAclRuleActionCaptchaCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader[]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader
, WebAclRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclRuleActionChallenge
, WebAclRuleActionChallengeArgs

CustomRequestHandling WebAclRuleActionChallengeCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclRuleActionChallengeCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionChallengeCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionChallengeCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclRuleActionChallengeCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See custom_request_handling below for details.

WebAclRuleActionChallengeCustomRequestHandling
, WebAclRuleActionChallengeCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleActionChallengeCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclRuleActionChallengeCustomRequestHandlingInsertHeader: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclRuleActionChallengeCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclRuleActionChallengeCustomRequestHandlingInsertHeader[]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclRuleActionChallengeCustomRequestHandlingInsertHeader]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclRuleActionChallengeCustomRequestHandlingInsertHeader
, WebAclRuleActionChallengeCustomRequestHandlingInsertHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclRuleActionCount
, WebAclRuleActionCountArgs

CustomRequestHandling WebAclRuleActionCountCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclRuleActionCountCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionCountCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleActionCountCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclRuleActionCountCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See custom_request_handling below for details.

WebAclRuleActionCountCustomRequestHandling
, WebAclRuleActionCountCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleActionCountCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclRuleActionCountCustomRequestHandlingInsertHeader: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclRuleActionCountCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclRuleActionCountCustomRequestHandlingInsertHeader[]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclRuleActionCountCustomRequestHandlingInsertHeader]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclRuleActionCountCustomRequestHandlingInsertHeader
, WebAclRuleActionCountCustomRequestHandlingInsertHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclRuleCaptchaConfig
, WebAclRuleCaptchaConfigArgs

ImmunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

ImmunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunity_time_property WebAclRuleCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunityTimeProperty Property Map: Defines custom immunity time. See immunity_time_property below for details.

WebAclRuleCaptchaConfigImmunityTimeProperty
, WebAclRuleCaptchaConfigImmunityTimePropertyArgs

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Integer: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunity_time int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

WebAclRuleChallengeConfig
, WebAclRuleChallengeConfigArgs

ImmunityTimeProperty WebAclRuleChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

ImmunityTimeProperty WebAclRuleChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunityTimeProperty WebAclRuleChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunityTimeProperty WebAclRuleChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunity_time_property WebAclRuleChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunity_time_property below for details.

immunityTimeProperty Property Map: Defines custom immunity time. See immunity_time_property below for details.

WebAclRuleChallengeConfigImmunityTimeProperty
, WebAclRuleChallengeConfigImmunityTimePropertyArgs

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Integer: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunity_time int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

WebAclRuleOverrideAction
, WebAclRuleOverrideActionArgs

Count WebAclRuleOverrideActionCount: Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.
None WebAclRuleOverrideActionNone: Don't override the rule action setting. Configured as an empty block {}.

Count WebAclRuleOverrideActionCount: Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.
None WebAclRuleOverrideActionNone: Don't override the rule action setting. Configured as an empty block {}.

count WebAclRuleOverrideActionCount: Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.
none WebAclRuleOverrideActionNone: Don't override the rule action setting. Configured as an empty block {}.

count WebAclRuleOverrideActionCount: Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.
none WebAclRuleOverrideActionNone: Don't override the rule action setting. Configured as an empty block {}.

count WebAclRuleOverrideActionCount: Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.
none WebAclRuleOverrideActionNone: Don't override the rule action setting. Configured as an empty block {}.

count Property Map: Override the rule action setting to count (i.e., only count matches). Configured as an empty block {}.
none Property Map: Don't override the rule action setting. Configured as an empty block {}.

WebAclRuleRuleLabel
, WebAclRuleRuleLabelArgs

Name string: Label string.

Name string: Label string.

name String: Label string.

name string: Label string.

name str: Label string.

name String: Label string.

WebAclRuleStatement
, WebAclRuleStatementArgs

AndStatement WebAclRuleStatementAndStatement: Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
ByteMatchStatement WebAclRuleStatementByteMatchStatement: Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
GeoMatchStatement WebAclRuleStatementGeoMatchStatement: Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
IpSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement: Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
LabelMatchStatement WebAclRuleStatementLabelMatchStatement: Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
ManagedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement: Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.
NotStatement WebAclRuleStatementNotStatement: Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
OrStatement WebAclRuleStatementOrStatement: Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
RateBasedStatement WebAclRuleStatementRateBasedStatement: Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.
RegexMatchStatement WebAclRuleStatementRegexMatchStatement: Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
RegexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
RuleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement: Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.
SizeConstraintStatement WebAclRuleStatementSizeConstraintStatement: Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
SqliMatchStatement WebAclRuleStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
XssMatchStatement WebAclRuleStatementXssMatchStatement: Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

AndStatement WebAclRuleStatementAndStatement: Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
ByteMatchStatement WebAclRuleStatementByteMatchStatement: Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
GeoMatchStatement WebAclRuleStatementGeoMatchStatement: Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
IpSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement: Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
LabelMatchStatement WebAclRuleStatementLabelMatchStatement: Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
ManagedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement: Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.
NotStatement WebAclRuleStatementNotStatement: Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
OrStatement WebAclRuleStatementOrStatement: Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
RateBasedStatement WebAclRuleStatementRateBasedStatement: Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.
RegexMatchStatement WebAclRuleStatementRegexMatchStatement: Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
RegexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
RuleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement: Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.
SizeConstraintStatement WebAclRuleStatementSizeConstraintStatement: Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
SqliMatchStatement WebAclRuleStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
XssMatchStatement WebAclRuleStatementXssMatchStatement: Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement WebAclRuleStatementAndStatement: Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
byteMatchStatement WebAclRuleStatementByteMatchStatement: Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
geoMatchStatement WebAclRuleStatementGeoMatchStatement: Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
ipSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement: Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
labelMatchStatement WebAclRuleStatementLabelMatchStatement: Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
managedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement: Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.
notStatement WebAclRuleStatementNotStatement: Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
orStatement WebAclRuleStatementOrStatement: Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
rateBasedStatement WebAclRuleStatementRateBasedStatement: Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.
regexMatchStatement WebAclRuleStatementRegexMatchStatement: Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
regexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
ruleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement: Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.
sizeConstraintStatement WebAclRuleStatementSizeConstraintStatement: Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
sqliMatchStatement WebAclRuleStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
xssMatchStatement WebAclRuleStatementXssMatchStatement: Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement WebAclRuleStatementAndStatement: Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
byteMatchStatement WebAclRuleStatementByteMatchStatement: Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
geoMatchStatement WebAclRuleStatementGeoMatchStatement: Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
ipSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement: Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
labelMatchStatement WebAclRuleStatementLabelMatchStatement: Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
managedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement: Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.
notStatement WebAclRuleStatementNotStatement: Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
orStatement WebAclRuleStatementOrStatement: Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
rateBasedStatement WebAclRuleStatementRateBasedStatement: Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.
regexMatchStatement WebAclRuleStatementRegexMatchStatement: Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
regexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
ruleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement: Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.
sizeConstraintStatement WebAclRuleStatementSizeConstraintStatement: Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
sqliMatchStatement WebAclRuleStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
xssMatchStatement WebAclRuleStatementXssMatchStatement: Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

and_statement WebAclRuleStatementAndStatement: Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
byte_match_statement WebAclRuleStatementByteMatchStatement: Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
geo_match_statement WebAclRuleStatementGeoMatchStatement: Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
ip_set_reference_statement WebAclRuleStatementIpSetReferenceStatement: Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
label_match_statement WebAclRuleStatementLabelMatchStatement: Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
managed_rule_group_statement WebAclRuleStatementManagedRuleGroupStatement: Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.
not_statement WebAclRuleStatementNotStatement: Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
or_statement WebAclRuleStatementOrStatement: Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
rate_based_statement WebAclRuleStatementRateBasedStatement: Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.
regex_match_statement WebAclRuleStatementRegexMatchStatement: Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
regex_pattern_set_reference_statement WebAclRuleStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
rule_group_reference_statement WebAclRuleStatementRuleGroupReferenceStatement: Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.
size_constraint_statement WebAclRuleStatementSizeConstraintStatement: Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
sqli_match_statement WebAclRuleStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
xss_match_statement WebAclRuleStatementXssMatchStatement: Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement Property Map: Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
byteMatchStatement Property Map: Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
geoMatchStatement Property Map: Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
ipSetReferenceStatement Property Map: Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
labelMatchStatement Property Map: Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
managedRuleGroupStatement Property Map: Rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See managed_rule_group_statement below for details.
notStatement Property Map: Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
orStatement Property Map: Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
rateBasedStatement Property Map: Rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. This statement can not be nested. See rate_based_statement below for details.
regexMatchStatement Property Map: Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
regexPatternSetReferenceStatement Property Map: Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
ruleGroupReferenceStatement Property Map: Rule statement used to run the rules that are defined in an WAFv2 Rule Group. See rule_group_reference_statement below for details.
sizeConstraintStatement Property Map: Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
sqliMatchStatement Property Map: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
xssMatchStatement Property Map: Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

WebAclRuleStatementAndStatement
, WebAclRuleStatementAndStatementArgs

Statements List<WebAclRuleStatement>: The statements to combine.

Statements []WebAclRuleStatement: The statements to combine.

statements List<WebAclRuleStatement>: The statements to combine.

statements WebAclRuleStatement[]: The statements to combine.

statements Sequence[WebAclRuleStatement]: The statements to combine.

statements List<Property Map>: The statements to combine.

WebAclRuleStatementByteMatchStatement
, WebAclRuleStatementByteMatchStatementArgs

PositionalConstraint string: Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
SearchString string: String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
TextTransformations List<WebAclRuleStatementByteMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

PositionalConstraint string: Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
SearchString string: String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
TextTransformations []WebAclRuleStatementByteMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

positionalConstraint String: Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
searchString String: String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
textTransformations List<WebAclRuleStatementByteMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

positionalConstraint string: Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
searchString string: String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
textTransformations WebAclRuleStatementByteMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

positional_constraint str: Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
search_string str: String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
text_transformations Sequence[WebAclRuleStatementByteMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
field_to_match WebAclRuleStatementByteMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

positionalConstraint String: Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
searchString String: String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch Property Map: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

WebAclRuleStatementByteMatchStatementFieldToMatch
, WebAclRuleStatementByteMatchStatementFieldToMatchArgs

AllQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders List<WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers List<WebAclRuleStatementByteMatchStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders []WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers []WebAclRuleStatementByteMatchStatementFieldToMatchHeader: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<WebAclRuleStatementByteMatchStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder[]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers WebAclRuleStatementByteMatchStatementFieldToMatchHeader[]: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
header_orders Sequence[WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers Sequence[WebAclRuleStatementByteMatchStatementFieldToMatchHeader]: Inspect the request headers. See headers below for details.
ja3_fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string WebAclRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
single_query_argument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uri_path WebAclRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies Property Map: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<Property Map>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<Property Map>: Inspect the request headers. See headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See json_body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See single_header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See single_query_argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

WebAclRuleStatementByteMatchStatementFieldToMatchBody
, WebAclRuleStatementByteMatchStatementFieldToMatchBodyArgs

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementByteMatchStatementFieldToMatchCookies
, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesArgs

MatchPatterns List<WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

MatchPatterns []WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

match_patterns Sequence[WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern
, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

All WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

WebAclRuleStatementByteMatchStatementFieldToMatchHeader
, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderArgs

MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern
, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

All WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder
, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint
, WebAclRuleStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint
, WebAclRuleStatementByteMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody
, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyArgs

MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

All WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader
, WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeaderArgs

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name str: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument
, WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name str: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementByteMatchStatementTextTransformation
, WebAclRuleStatementByteMatchStatementTextTransformationArgs

Priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: Transformation to apply, please refer to the Text Transformation documentation for more details.

WebAclRuleStatementGeoMatchStatement
, WebAclRuleStatementGeoMatchStatementArgs

CountryCodes List<string>: Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
ForwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

CountryCodes []string: Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
ForwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

countryCodes List<String>: Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

countryCodes string[]: Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

country_codes Sequence[str]: Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwarded_ip_config WebAclRuleStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

countryCodes List<String>: Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwardedIpConfig Property Map: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

WebAclRuleStatementGeoMatchStatementForwardedIpConfig
, WebAclRuleStatementGeoMatchStatementForwardedIpConfigArgs

FallbackBehavior string: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: Name of the HTTP header to use for the IP address.

FallbackBehavior string: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: Name of the HTTP header to use for the IP address.

fallbackBehavior String: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: Name of the HTTP header to use for the IP address.

fallbackBehavior string: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName string: Name of the HTTP header to use for the IP address.

fallback_behavior str: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
header_name str: Name of the HTTP header to use for the IP address.

fallbackBehavior String: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: Name of the HTTP header to use for the IP address.

WebAclRuleStatementIpSetReferenceStatement
, WebAclRuleStatementIpSetReferenceStatementArgs

Arn string: The Amazon Resource Name (ARN) of the IP Set that this statement references.
IpSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

Arn string: The Amazon Resource Name (ARN) of the IP Set that this statement references.
IpSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

arn String: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ipSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

arn string: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ipSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

arn str: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ip_set_forwarded_ip_config WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

arn String: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ipSetForwardedIpConfig Property Map: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig
, WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

FallbackBehavior string: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: Name of the HTTP header to use for the IP address.
Position string: Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

FallbackBehavior string: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: Name of the HTTP header to use for the IP address.
Position string: Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior String: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: Name of the HTTP header to use for the IP address.
position String: Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior string: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName string: Name of the HTTP header to use for the IP address.
position string: Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallback_behavior str: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
header_name str: Name of the HTTP header to use for the IP address.
position str: Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior String: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: Name of the HTTP header to use for the IP address.
position String: Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

WebAclRuleStatementLabelMatchStatement
, WebAclRuleStatementLabelMatchStatementArgs

Key string: String to match against.
Scope string: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

Key string: String to match against.
Scope string: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key String: String to match against.
scope String: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key string: String to match against.
scope string: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key str: String to match against.
scope str: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key String: String to match against.
scope String: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

WebAclRuleStatementManagedRuleGroupStatement
, WebAclRuleStatementManagedRuleGroupStatementArgs

Name string: Name of the managed rule group.
VendorName string: Name of the managed rule group vendor.
ManagedRuleGroupConfigs List<WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig>: Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details
RuleActionOverrides List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride>: Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.
ScopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement: Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.
Version string: Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.

Name string: Name of the managed rule group.
VendorName string: Name of the managed rule group vendor.
ManagedRuleGroupConfigs []WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig: Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details
RuleActionOverrides []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride: Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.
ScopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement: Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.
Version string: Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.

name String: Name of the managed rule group.
vendorName String: Name of the managed rule group vendor.
managedRuleGroupConfigs List<WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig>: Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details
ruleActionOverrides List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride>: Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.
scopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement: Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.
version String: Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.

name string: Name of the managed rule group.
vendorName string: Name of the managed rule group vendor.
managedRuleGroupConfigs WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig[]: Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details
ruleActionOverrides WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride[]: Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.
scopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement: Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.
version string: Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.

name str: Name of the managed rule group.
vendor_name str: Name of the managed rule group vendor.
managed_rule_group_configs Sequence[WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig]: Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details
rule_action_overrides Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride]: Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.
scope_down_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement: Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.
version str: Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.

name String: Name of the managed rule group.
vendorName String: Name of the managed rule group vendor.
managedRuleGroupConfigs List<Property Map>: Additional information that's used by a managed rule group. Only one rule attribute is allowed in each config. See managed_rule_group_configs for more details
ruleActionOverrides List<Property Map>: Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. See rule_action_override below for details.
scopeDownStatement Property Map: Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See statement above for details.
version String: Version of the managed rule group. You can set Version_1.0 or Version_1.1 etc. If you want to use the default version, do not set anything.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs

AwsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet: Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
AwsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet: Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
AwsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet: Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details
LoginPath string: The path of the login endpoint for your application.
PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField: Details about your login page password field. See password_field for more details.
PayloadType string: The payload type for your login endpoint, either JSON or form encoded.
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField: Details about your login page username field. See username_field for more details.

AwsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet: Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
AwsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet: Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
AwsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet: Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details
LoginPath string: The path of the login endpoint for your application.
PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField: Details about your login page password field. See password_field for more details.
PayloadType string: The payload type for your login endpoint, either JSON or form encoded.
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField: Details about your login page username field. See username_field for more details.

awsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet: Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
awsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet: Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
awsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet: Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details
loginPath String: The path of the login endpoint for your application.
passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField: Details about your login page password field. See password_field for more details.
payloadType String: The payload type for your login endpoint, either JSON or form encoded.
usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField: Details about your login page username field. See username_field for more details.

awsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet: Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
awsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet: Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
awsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet: Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details
loginPath string: The path of the login endpoint for your application.
passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField: Details about your login page password field. See password_field for more details.
payloadType string: The payload type for your login endpoint, either JSON or form encoded.
usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField: Details about your login page username field. See username_field for more details.

aws_managed_rules_acfp_rule_set WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet: Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
aws_managed_rules_atp_rule_set WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet: Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
aws_managed_rules_bot_control_rule_set WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet: Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details
login_path str: The path of the login endpoint for your application.
password_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField: Details about your login page password field. See password_field for more details.
payload_type str: The payload type for your login endpoint, either JSON or form encoded.
username_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField: Details about your login page username field. See username_field for more details.

awsManagedRulesAcfpRuleSet Property Map: Additional configuration for using the Account Creation Fraud Prevention managed rule group. Use this to specify information such as the registration page of your application and the type of content to accept or reject from the client.
awsManagedRulesAtpRuleSet Property Map: Additional configuration for using the Account Takeover Protection managed rule group. Use this to specify information such as the sign-in page of your application and the type of content to accept or reject from the client.
awsManagedRulesBotControlRuleSet Property Map: Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. See aws_managed_rules_bot_control_rule_set for more details
loginPath String: The path of the login endpoint for your application.
passwordField Property Map: Details about your login page password field. See password_field for more details.
payloadType String: The payload type for your login endpoint, either JSON or form encoded.
usernameField Property Map: Details about your login page username field. See username_field for more details.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetArgs

CreationPath string: The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
RegistrationPagePath string: The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
RequestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection: The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
EnableRegexInPath bool: Whether or not to allow the use of regular expressions in the login page path.
ResponseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection: The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

CreationPath string: The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
RegistrationPagePath string: The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
RequestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection: The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
EnableRegexInPath bool: Whether or not to allow the use of regular expressions in the login page path.
ResponseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection: The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

creationPath String: The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
registrationPagePath String: The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection: The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
enableRegexInPath Boolean: Whether or not to allow the use of regular expressions in the login page path.
responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection: The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

creationPath string: The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
registrationPagePath string: The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection: The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
enableRegexInPath boolean: Whether or not to allow the use of regular expressions in the login page path.
responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection: The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

creation_path str: The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
registration_page_path str: The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
request_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection: The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
enable_regex_in_path bool: Whether or not to allow the use of regular expressions in the login page path.
response_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection: The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

creationPath String: The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
registrationPagePath String: The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users. This page must accept GET text/html requests.
requestInspection Property Map: The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
enableRegexInPath Boolean: Whether or not to allow the use of regular expressions in the login page path.
responseInspection Property Map: The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionArgs

PayloadType string: The payload type for your login endpoint, either JSON or form encoded.
AddressFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields: The names of the fields in the request payload that contain your customer's primary physical address. See address_fields for more details.
EmailField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField: The name of the field in the request payload that contains your customer's email. See email_field for more details.
PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField: Details about your login page password field. See password_field for more details.
PhoneNumberFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields: The names of the fields in the request payload that contain your customer's primary phone number. See phone_number_fields for more details.
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField: Details about your login page username field. See username_field for more details.

PayloadType string: The payload type for your login endpoint, either JSON or form encoded.
AddressFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields: The names of the fields in the request payload that contain your customer's primary physical address. See address_fields for more details.
EmailField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField: The name of the field in the request payload that contains your customer's email. See email_field for more details.
PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField: Details about your login page password field. See password_field for more details.
PhoneNumberFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields: The names of the fields in the request payload that contain your customer's primary phone number. See phone_number_fields for more details.
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField: Details about your login page username field. See username_field for more details.

payloadType String: The payload type for your login endpoint, either JSON or form encoded.
addressFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields: The names of the fields in the request payload that contain your customer's primary physical address. See address_fields for more details.
emailField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField: The name of the field in the request payload that contains your customer's email. See email_field for more details.
passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField: Details about your login page password field. See password_field for more details.
phoneNumberFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields: The names of the fields in the request payload that contain your customer's primary phone number. See phone_number_fields for more details.
usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField: Details about your login page username field. See username_field for more details.

payloadType string: The payload type for your login endpoint, either JSON or form encoded.
addressFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields: The names of the fields in the request payload that contain your customer's primary physical address. See address_fields for more details.
emailField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField: The name of the field in the request payload that contains your customer's email. See email_field for more details.
passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField: Details about your login page password field. See password_field for more details.
phoneNumberFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields: The names of the fields in the request payload that contain your customer's primary phone number. See phone_number_fields for more details.
usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField: Details about your login page username field. See username_field for more details.

payload_type str: The payload type for your login endpoint, either JSON or form encoded.
address_fields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields: The names of the fields in the request payload that contain your customer's primary physical address. See address_fields for more details.
email_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField: The name of the field in the request payload that contains your customer's email. See email_field for more details.
password_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField: Details about your login page password field. See password_field for more details.
phone_number_fields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields: The names of the fields in the request payload that contain your customer's primary phone number. See phone_number_fields for more details.
username_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField: Details about your login page username field. See username_field for more details.

payloadType String: The payload type for your login endpoint, either JSON or form encoded.
addressFields Property Map: The names of the fields in the request payload that contain your customer's primary physical address. See address_fields for more details.
emailField Property Map: The name of the field in the request payload that contains your customer's email. See email_field for more details.
passwordField Property Map: Details about your login page password field. See password_field for more details.
phoneNumberFields Property Map: The names of the fields in the request payload that contain your customer's primary phone number. See phone_number_fields for more details.
usernameField Property Map: Details about your login page username field. See username_field for more details.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs

Identifiers List<string>: The names of the address fields.

Identifiers []string: The names of the address fields.

identifiers List<String>: The names of the address fields.

identifiers string[]: The names of the address fields.

identifiers Sequence[str]: The names of the address fields.

identifiers List<String>: The names of the address fields.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs

Identifier string: The name of the field in the request payload that contains your customer's email.

Identifier string: The name of the field in the request payload that contains your customer's email.

identifier String: The name of the field in the request payload that contains your customer's email.

identifier string: The name of the field in the request payload that contains your customer's email.

identifier str: The name of the field in the request payload that contains your customer's email.

identifier String: The name of the field in the request payload that contains your customer's email.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs

Identifier string: The name of the password field.

Identifier string: The name of the password field.

identifier String: The name of the password field.

identifier string: The name of the password field.

identifier str: The name of the password field.

identifier String: The name of the password field.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs

Identifiers List<string>: The names of the phone number fields.

Identifiers []string: The names of the phone number fields.

identifiers List<String>: The names of the phone number fields.

identifiers string[]: The names of the phone number fields.

identifiers Sequence[str]: The names of the phone number fields.

identifiers List<String>: The names of the phone number fields.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs

Identifier string: The name of the username field.

Identifier string: The name of the username field.

identifier String: The name of the username field.

identifier string: The name of the username field.

identifier str: The name of the username field.

identifier String: The name of the username field.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionArgs

BodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains: Configures inspection of the response body. See body_contains for more details.
Header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader: Configures inspection of the response header.See header for more details.
Json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson: Configures inspection of the response JSON. See json for more details.
StatusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode: Configures inspection of the response status code.See status_code for more details.

BodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains: Configures inspection of the response body. See body_contains for more details.
Header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader: Configures inspection of the response header.See header for more details.
Json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson: Configures inspection of the response JSON. See json for more details.
StatusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode: Configures inspection of the response status code.See status_code for more details.

bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains: Configures inspection of the response body. See body_contains for more details.
header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader: Configures inspection of the response header.See header for more details.
json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson: Configures inspection of the response JSON. See json for more details.
statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode: Configures inspection of the response status code.See status_code for more details.

bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains: Configures inspection of the response body. See body_contains for more details.
header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader: Configures inspection of the response header.See header for more details.
json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson: Configures inspection of the response JSON. See json for more details.
statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode: Configures inspection of the response status code.See status_code for more details.

body_contains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains: Configures inspection of the response body. See body_contains for more details.
header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader: Configures inspection of the response header.See header for more details.
json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson: Configures inspection of the response JSON. See json for more details.
status_code WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode: Configures inspection of the response status code.See status_code for more details.

bodyContains Property Map: Configures inspection of the response body. See body_contains for more details.
header Property Map: Configures inspection of the response header.See header for more details.
json Property Map: Configures inspection of the response JSON. See json for more details.
statusCode Property Map: Configures inspection of the response status code.See status_code for more details.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContainsArgs

FailureStrings List<string>: Strings in the body of the response that indicate a failed login attempt.
SuccessStrings List<string>: Strings in the body of the response that indicate a successful login attempt.

FailureStrings []string: Strings in the body of the response that indicate a failed login attempt.
SuccessStrings []string: Strings in the body of the response that indicate a successful login attempt.

failureStrings List<String>: Strings in the body of the response that indicate a failed login attempt.
successStrings List<String>: Strings in the body of the response that indicate a successful login attempt.

failureStrings string[]: Strings in the body of the response that indicate a failed login attempt.
successStrings string[]: Strings in the body of the response that indicate a successful login attempt.

failure_strings Sequence[str]: Strings in the body of the response that indicate a failed login attempt.
success_strings Sequence[str]: Strings in the body of the response that indicate a successful login attempt.

failureStrings List<String>: Strings in the body of the response that indicate a failed login attempt.
successStrings List<String>: Strings in the body of the response that indicate a successful login attempt.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeaderArgs

FailureValues List<string>: Values in the response header with the specified name that indicate a failed login attempt.
Name string: The name of the header to use.
SuccessValues List<string>: Values in the response header with the specified name that indicate a successful login attempt.

FailureValues []string: Values in the response header with the specified name that indicate a failed login attempt.
Name string: The name of the header to use.
SuccessValues []string: Values in the response header with the specified name that indicate a successful login attempt.

failureValues List<String>: Values in the response header with the specified name that indicate a failed login attempt.
name String: The name of the header to use.
successValues List<String>: Values in the response header with the specified name that indicate a successful login attempt.

failureValues string[]: Values in the response header with the specified name that indicate a failed login attempt.
name string: The name of the header to use.
successValues string[]: Values in the response header with the specified name that indicate a successful login attempt.

failure_values Sequence[str]: Values in the response header with the specified name that indicate a failed login attempt.
name str: The name of the header to use.
success_values Sequence[str]: Values in the response header with the specified name that indicate a successful login attempt.

failureValues List<String>: Values in the response header with the specified name that indicate a failed login attempt.
name String: The name of the header to use.
successValues List<String>: Values in the response header with the specified name that indicate a successful login attempt.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJsonArgs

FailureValues List<string>: Values in the response header with the specified name that indicate a failed login attempt.
Identifier string: The identifier for the value to match against in the JSON.
SuccessValues List<string>: Values in the response header with the specified name that indicate a successful login attempt.

FailureValues []string: Values in the response header with the specified name that indicate a failed login attempt.
Identifier string: The identifier for the value to match against in the JSON.
SuccessValues []string: Values in the response header with the specified name that indicate a successful login attempt.

failureValues List<String>: Values in the response header with the specified name that indicate a failed login attempt.
identifier String: The identifier for the value to match against in the JSON.
successValues List<String>: Values in the response header with the specified name that indicate a successful login attempt.

failureValues string[]: Values in the response header with the specified name that indicate a failed login attempt.
identifier string: The identifier for the value to match against in the JSON.
successValues string[]: Values in the response header with the specified name that indicate a successful login attempt.

failure_values Sequence[str]: Values in the response header with the specified name that indicate a failed login attempt.
identifier str: The identifier for the value to match against in the JSON.
success_values Sequence[str]: Values in the response header with the specified name that indicate a successful login attempt.

failureValues List<String>: Values in the response header with the specified name that indicate a failed login attempt.
identifier String: The identifier for the value to match against in the JSON.
successValues List<String>: Values in the response header with the specified name that indicate a successful login attempt.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCodeArgs

FailureCodes List<int>: Status codes in the response that indicate a failed login attempt.
SuccessCodes List<int>: Status codes in the response that indicate a successful login attempt.

FailureCodes []int: Status codes in the response that indicate a failed login attempt.
SuccessCodes []int: Status codes in the response that indicate a successful login attempt.

failureCodes List<Integer>: Status codes in the response that indicate a failed login attempt.
successCodes List<Integer>: Status codes in the response that indicate a successful login attempt.

failureCodes number[]: Status codes in the response that indicate a failed login attempt.
successCodes number[]: Status codes in the response that indicate a successful login attempt.

failure_codes Sequence[int]: Status codes in the response that indicate a failed login attempt.
success_codes Sequence[int]: Status codes in the response that indicate a successful login attempt.

failureCodes List<Number>: Status codes in the response that indicate a failed login attempt.
successCodes List<Number>: Status codes in the response that indicate a successful login attempt.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs

LoginPath string: The path of the login endpoint for your application.
EnableRegexInPath bool: Whether or not to allow the use of regular expressions in the login page path.
RequestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection: The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
ResponseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection: The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

LoginPath string: The path of the login endpoint for your application.
EnableRegexInPath bool: Whether or not to allow the use of regular expressions in the login page path.
RequestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection: The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
ResponseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection: The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

loginPath String: The path of the login endpoint for your application.
enableRegexInPath Boolean: Whether or not to allow the use of regular expressions in the login page path.
requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection: The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection: The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

loginPath string: The path of the login endpoint for your application.
enableRegexInPath boolean: Whether or not to allow the use of regular expressions in the login page path.
requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection: The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection: The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

login_path str: The path of the login endpoint for your application.
enable_regex_in_path bool: Whether or not to allow the use of regular expressions in the login page path.
request_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection: The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
response_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection: The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

loginPath String: The path of the login endpoint for your application.
enableRegexInPath Boolean: Whether or not to allow the use of regular expressions in the login page path.
requestInspection Property Map: The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage. See request_inspection for more details.
responseInspection Property Map: The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates. Note that Response Inspection is available only on web ACLs that protect CloudFront distributions. See response_inspection for more details.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs

PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField: Details about your login page password field. See password_field for more details.
PayloadType string: The payload type for your login endpoint, either JSON or form encoded.
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField: Details about your login page username field. See username_field for more details.

PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField: Details about your login page password field. See password_field for more details.
PayloadType string: The payload type for your login endpoint, either JSON or form encoded.
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField: Details about your login page username field. See username_field for more details.

passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField: Details about your login page password field. See password_field for more details.
payloadType String: The payload type for your login endpoint, either JSON or form encoded.
usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField: Details about your login page username field. See username_field for more details.

passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField: Details about your login page password field. See password_field for more details.
payloadType string: The payload type for your login endpoint, either JSON or form encoded.
usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField: Details about your login page username field. See username_field for more details.

password_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField: Details about your login page password field. See password_field for more details.
payload_type str: The payload type for your login endpoint, either JSON or form encoded.
username_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField: Details about your login page username field. See username_field for more details.

passwordField Property Map: Details about your login page password field. See password_field for more details.
payloadType String: The payload type for your login endpoint, either JSON or form encoded.
usernameField Property Map: Details about your login page username field. See username_field for more details.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs

Identifier string: The name of the password field.

Identifier string: The name of the password field.

identifier String: The name of the password field.

identifier string: The name of the password field.

identifier str: The name of the password field.

identifier String: The name of the password field.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs

Identifier string: The name of the username field.

Identifier string: The name of the username field.

identifier String: The name of the username field.

identifier string: The name of the username field.

identifier str: The name of the username field.

identifier String: The name of the username field.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs

BodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains: Configures inspection of the response body. See body_contains for more details.
Header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader: Configures inspection of the response header.See header for more details.
Json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson: Configures inspection of the response JSON. See json for more details.
StatusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode: Configures inspection of the response status code.See status_code for more details.

BodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains: Configures inspection of the response body. See body_contains for more details.
Header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader: Configures inspection of the response header.See header for more details.
Json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson: Configures inspection of the response JSON. See json for more details.
StatusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode: Configures inspection of the response status code.See status_code for more details.

bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains: Configures inspection of the response body. See body_contains for more details.
header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader: Configures inspection of the response header.See header for more details.
json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson: Configures inspection of the response JSON. See json for more details.
statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode: Configures inspection of the response status code.See status_code for more details.

bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains: Configures inspection of the response body. See body_contains for more details.
header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader: Configures inspection of the response header.See header for more details.
json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson: Configures inspection of the response JSON. See json for more details.
statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode: Configures inspection of the response status code.See status_code for more details.

body_contains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains: Configures inspection of the response body. See body_contains for more details.
header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader: Configures inspection of the response header.See header for more details.
json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson: Configures inspection of the response JSON. See json for more details.
status_code WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode: Configures inspection of the response status code.See status_code for more details.

bodyContains Property Map: Configures inspection of the response body. See body_contains for more details.
header Property Map: Configures inspection of the response header.See header for more details.
json Property Map: Configures inspection of the response JSON. See json for more details.
statusCode Property Map: Configures inspection of the response status code.See status_code for more details.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContainsArgs

FailureStrings List<string>: Strings in the body of the response that indicate a failed login attempt.
SuccessStrings List<string>: Strings in the body of the response that indicate a successful login attempt.

FailureStrings []string: Strings in the body of the response that indicate a failed login attempt.
SuccessStrings []string: Strings in the body of the response that indicate a successful login attempt.

failureStrings List<String>: Strings in the body of the response that indicate a failed login attempt.
successStrings List<String>: Strings in the body of the response that indicate a successful login attempt.

failureStrings string[]: Strings in the body of the response that indicate a failed login attempt.
successStrings string[]: Strings in the body of the response that indicate a successful login attempt.

failure_strings Sequence[str]: Strings in the body of the response that indicate a failed login attempt.
success_strings Sequence[str]: Strings in the body of the response that indicate a successful login attempt.

failureStrings List<String>: Strings in the body of the response that indicate a failed login attempt.
successStrings List<String>: Strings in the body of the response that indicate a successful login attempt.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeaderArgs

FailureValues List<string>: Values in the response header with the specified name that indicate a failed login attempt.
Name string: The name of the header to use.
SuccessValues List<string>: Values in the response header with the specified name that indicate a successful login attempt.

FailureValues []string: Values in the response header with the specified name that indicate a failed login attempt.
Name string: The name of the header to use.
SuccessValues []string: Values in the response header with the specified name that indicate a successful login attempt.

failureValues List<String>: Values in the response header with the specified name that indicate a failed login attempt.
name String: The name of the header to use.
successValues List<String>: Values in the response header with the specified name that indicate a successful login attempt.

failureValues string[]: Values in the response header with the specified name that indicate a failed login attempt.
name string: The name of the header to use.
successValues string[]: Values in the response header with the specified name that indicate a successful login attempt.

failure_values Sequence[str]: Values in the response header with the specified name that indicate a failed login attempt.
name str: The name of the header to use.
success_values Sequence[str]: Values in the response header with the specified name that indicate a successful login attempt.

failureValues List<String>: Values in the response header with the specified name that indicate a failed login attempt.
name String: The name of the header to use.
successValues List<String>: Values in the response header with the specified name that indicate a successful login attempt.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJsonArgs

FailureValues List<string>: Values in the response header with the specified name that indicate a failed login attempt.
Identifier string: The identifier for the value to match against in the JSON.
SuccessValues List<string>: Values in the response header with the specified name that indicate a successful login attempt.

FailureValues []string: Values in the response header with the specified name that indicate a failed login attempt.
Identifier string: The identifier for the value to match against in the JSON.
SuccessValues []string: Values in the response header with the specified name that indicate a successful login attempt.

failureValues List<String>: Values in the response header with the specified name that indicate a failed login attempt.
identifier String: The identifier for the value to match against in the JSON.
successValues List<String>: Values in the response header with the specified name that indicate a successful login attempt.

failureValues string[]: Values in the response header with the specified name that indicate a failed login attempt.
identifier string: The identifier for the value to match against in the JSON.
successValues string[]: Values in the response header with the specified name that indicate a successful login attempt.

failure_values Sequence[str]: Values in the response header with the specified name that indicate a failed login attempt.
identifier str: The identifier for the value to match against in the JSON.
success_values Sequence[str]: Values in the response header with the specified name that indicate a successful login attempt.

failureValues List<String>: Values in the response header with the specified name that indicate a failed login attempt.
identifier String: The identifier for the value to match against in the JSON.
successValues List<String>: Values in the response header with the specified name that indicate a successful login attempt.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs

FailureCodes List<int>: Status codes in the response that indicate a failed login attempt.
SuccessCodes List<int>: Status codes in the response that indicate a successful login attempt.

FailureCodes []int: Status codes in the response that indicate a failed login attempt.
SuccessCodes []int: Status codes in the response that indicate a successful login attempt.

failureCodes List<Integer>: Status codes in the response that indicate a failed login attempt.
successCodes List<Integer>: Status codes in the response that indicate a successful login attempt.

failureCodes number[]: Status codes in the response that indicate a failed login attempt.
successCodes number[]: Status codes in the response that indicate a successful login attempt.

failure_codes Sequence[int]: Status codes in the response that indicate a failed login attempt.
success_codes Sequence[int]: Status codes in the response that indicate a successful login attempt.

failureCodes List<Number>: Status codes in the response that indicate a failed login attempt.
successCodes List<Number>: Status codes in the response that indicate a successful login attempt.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSetArgs

InspectionLevel string: The inspection level to use for the Bot Control rule group.
EnableMachineLearning bool: Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to true.

InspectionLevel string: The inspection level to use for the Bot Control rule group.
EnableMachineLearning bool: Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to true.

inspectionLevel String: The inspection level to use for the Bot Control rule group.
enableMachineLearning Boolean: Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to true.

inspectionLevel string: The inspection level to use for the Bot Control rule group.
enableMachineLearning boolean: Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to true.

inspection_level str: The inspection level to use for the Bot Control rule group.
enable_machine_learning bool: Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to true.

inspectionLevel String: The inspection level to use for the Bot Control rule group.
enableMachineLearning Boolean: Applies only to the targeted inspection level. Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Defaults to true.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordFieldArgs

Identifier string: The name of the password field.

Identifier string: The name of the password field.

identifier String: The name of the password field.

identifier string: The name of the password field.

identifier str: The name of the password field.

identifier String: The name of the password field.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameFieldArgs

Identifier string: The name of the username field.

Identifier string: The name of the username field.

identifier String: The name of the username field.

identifier string: The name of the username field.

identifier str: The name of the username field.

identifier String: The name of the username field.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideArgs

ActionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse: Override action to use, in place of the configured action of the rule in the rule group. See action for details.
Name string: Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.

ActionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse: Override action to use, in place of the configured action of the rule in the rule group. See action for details.
Name string: Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.

actionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse: Override action to use, in place of the configured action of the rule in the rule group. See action for details.
name String: Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.

actionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse: Override action to use, in place of the configured action of the rule in the rule group. See action for details.
name string: Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.

action_to_use WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse: Override action to use, in place of the configured action of the rule in the rule group. See action for details.
name str: Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.

actionToUse Property Map: Override action to use, in place of the configured action of the rule in the rule group. See action for details.
name String: Name of the rule to override. See the documentation for a list of names in the appropriate rule group in use.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseArgs

Allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow
Block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock
Captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha: Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
Challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
Count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

Allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow
Block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock
Captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha: Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
Challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
Count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow
block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock
captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha: Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow
block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock
captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha: Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow
block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock
captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha: Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

allow Property Map
block Property Map
captcha Property Map: Instructs AWS WAF to run a Captcha check against the web request. See captcha below for details.
challenge Property Map: Instructs AWS WAF to run a check against the request to verify that the request is coming from a legitimate client session. See challenge below for details.
count Property Map

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowArgs

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See custom_request_handling below for details.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader[]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockArgs

CustomResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

CustomResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

customResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

customResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

custom_response WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse: Defines a custom response for the web request. See custom_response below for details.

customResponse Property Map: Defines a custom response for the web request. See custom_response below for details.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseArgs

ResponseCode int: The HTTP status code to return to the client.
CustomResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
ResponseHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader>: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

ResponseCode int: The HTTP status code to return to the client.
CustomResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
ResponseHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode Integer: The HTTP status code to return to the client.
customResponseBodyKey String: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
responseHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader>: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode number: The HTTP status code to return to the client.
customResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
responseHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader[]: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

response_code int: The HTTP status code to return to the client.
custom_response_body_key str: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
response_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader]: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

responseCode Number: The HTTP status code to return to the client.
customResponseBodyKey String: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a custom_response_body block of this resource.
responseHeaders List<Property Map>: The response_header blocks used to define the HTTP response headers added to the response. See response_header below for details.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaArgs

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See custom_request_handling below for details.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader[]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeArgs

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See custom_request_handling below for details.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader[]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountArgs

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling: Defines custom handling for the web request. See custom_request_handling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See custom_request_handling below for details.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader[]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader]: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

insertHeaders List<Property Map>: The insert_header blocks used to define HTTP headers added to the request. See insert_header below for details.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader
, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs

AndStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement: Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
ByteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement: Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
GeoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement: Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
IpSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement: Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
LabelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement: Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
NotStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement: Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
OrStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement: Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
RegexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement: Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
RegexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
SizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement: Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
SqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
XssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement: Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

AndStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement: Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
ByteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement: Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
GeoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement: Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
IpSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement: Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
LabelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement: Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
NotStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement: Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
OrStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement: Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
RegexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement: Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
RegexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
SizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement: Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
SqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
XssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement: Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement: Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
byteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement: Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
geoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement: Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
ipSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement: Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
labelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement: Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
notStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement: Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
orStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement: Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
regexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement: Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
regexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
sizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement: Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
sqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
xssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement: Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement: Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
byteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement: Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
geoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement: Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
ipSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement: Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
labelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement: Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
notStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement: Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
orStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement: Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
regexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement: Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
regexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
sizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement: Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
sqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
xssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement: Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

and_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement: Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
byte_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement: Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
geo_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement: Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
ip_set_reference_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement: Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
label_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement: Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
not_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement: Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
or_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement: Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
regex_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement: Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
regex_pattern_set_reference_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
size_constraint_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement: Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
sqli_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
xss_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement: Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

andStatement Property Map: Logical rule statement used to combine other rule statements with AND logic. See and_statement below for details.
byteMatchStatement Property Map: Rule statement that defines a string match search for AWS WAF to apply to web requests. See byte_match_statement below for details.
geoMatchStatement Property Map: Rule statement used to identify web requests based on country of origin. See geo_match_statement below for details.
ipSetReferenceStatement Property Map: Rule statement used to detect web requests coming from particular IP addresses or address ranges. See ip_set_reference_statement below for details.
labelMatchStatement Property Map: Rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL. See label_match_statement below for details.
notStatement Property Map: Logical rule statement used to negate the results of another rule statement. See not_statement below for details.
orStatement Property Map: Logical rule statement used to combine other rule statements with OR logic. See or_statement below for details.
regexMatchStatement Property Map: Rule statement used to search web request components for a match against a single regular expression. See regex_match_statement below for details.
regexPatternSetReferenceStatement Property Map: Rule statement used to search web request components for matches with regular expressions. See regex_pattern_set_reference_statement below for details.
sizeConstraintStatement Property Map: Rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See size_constraint_statement below for more details.
sqliMatchStatement Property Map: An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See sqli_match_statement below for details.
xssMatchStatement Property Map: Rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See xss_match_statement below for details.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementArgs

Statements List<WebAclRuleStatement>: The statements to combine.

Statements []WebAclRuleStatement: The statements to combine.

statements List<WebAclRuleStatement>: The statements to combine.

statements WebAclRuleStatement[]: The statements to combine.

statements Sequence[WebAclRuleStatement]: The statements to combine.

statements List<Property Map>: The statements to combine.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementArgs

PositionalConstraint string: Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
SearchString string: String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

PositionalConstraint string: Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
SearchString string: String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

positionalConstraint String: Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
searchString String: String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

positionalConstraint string: Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
searchString string: String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

positional_constraint str: Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
search_string str: String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

positionalConstraint String: Area within the portion of a web request that you want AWS WAF to search for search_string. Valid values include the following: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD. See the AWS documentation for more information.
searchString String: String value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in field_to_match. The maximum length of the value is 50 bytes.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch Property Map: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchArgs

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder[]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader[]: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader]: Inspect the request headers. See headers below for details.
ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies Property Map: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<Property Map>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<Property Map>: Inspect the request headers. See headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See json_body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See single_header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See single_query_argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBodyArgs

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesArgs

MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderArgs

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyArgs

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeaderArgs

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name str: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name str: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformationArgs

Priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: Transformation to apply, please refer to the Text Transformation documentation for more details.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs

CountryCodes List<string>: Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
ForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

CountryCodes []string: Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
ForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

countryCodes List<String>: Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

countryCodes string[]: Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

country_codes Sequence[str]: Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwarded_ip_config WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

countryCodes List<String>: Array of two-character country codes, for example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. See the documentation for valid values.
forwardedIpConfig Property Map: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See forwarded_ip_config below for details.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfigArgs

FallbackBehavior string: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: Name of the HTTP header to use for the IP address.

FallbackBehavior string: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: Name of the HTTP header to use for the IP address.

fallbackBehavior String: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: Name of the HTTP header to use for the IP address.

fallbackBehavior string: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName string: Name of the HTTP header to use for the IP address.

fallback_behavior str: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
header_name str: Name of the HTTP header to use for the IP address.

fallbackBehavior String: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: Name of the HTTP header to use for the IP address.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementArgs

Arn string: The Amazon Resource Name (ARN) of the IP Set that this statement references.
IpSetForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

Arn string: The Amazon Resource Name (ARN) of the IP Set that this statement references.
IpSetForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

arn String: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ipSetForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

arn string: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ipSetForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

arn str: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ip_set_forwarded_ip_config WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

arn String: The Amazon Resource Name (ARN) of the IP Set that this statement references.
ipSetForwardedIpConfig Property Map: Configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See ip_set_forwarded_ip_config below for more details.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

FallbackBehavior string: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: Name of the HTTP header to use for the IP address.
Position string: Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

FallbackBehavior string: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
HeaderName string: Name of the HTTP header to use for the IP address.
Position string: Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior String: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: Name of the HTTP header to use for the IP address.
position String: Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior string: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName string: Name of the HTTP header to use for the IP address.
position string: Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallback_behavior str: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
header_name str: Name of the HTTP header to use for the IP address.
position str: Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

fallbackBehavior String: Match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: MATCH or NO_MATCH.
headerName String: Name of the HTTP header to use for the IP address.
position String: Position in the header to search for the IP address. Valid values include: FIRST, LAST, or ANY. If ANY is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatementArgs

Key string: String to match against.
Scope string: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

Key string: String to match against.
Scope string: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key String: String to match against.
scope String: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key string: String to match against.
scope string: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key str: String to match against.
scope str: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

key String: String to match against.
scope String: Specify whether you want to match using the label name or just the namespace. Valid values are LABEL or NAMESPACE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementArgs

Statements List<WebAclRuleStatement>: The statements to combine.

Statements []WebAclRuleStatement: The statements to combine.

statements List<WebAclRuleStatement>: The statements to combine.

statements WebAclRuleStatement[]: The statements to combine.

statements Sequence[WebAclRuleStatement]: The statements to combine.

statements List<Property Map>: The statements to combine.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementArgs

Statements List<WebAclRuleStatement>: The statements to combine.

Statements []WebAclRuleStatement: The statements to combine.

statements List<WebAclRuleStatement>: The statements to combine.

statements WebAclRuleStatement[]: The statements to combine.

statements Sequence[WebAclRuleStatement]: The statements to combine.

statements List<Property Map>: The statements to combine.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementArgs

RegexString string: String representing the regular expression. Minimum of 1 and maximum of 512 characters.
TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

RegexString string: String representing the regular expression. Minimum of 1 and maximum of 512 characters.
TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

regexString String: String representing the regular expression. Minimum of 1 and maximum of 512 characters.
textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

regexString string: String representing the regular expression. Minimum of 1 and maximum of 512 characters.
textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

regex_string str: String representing the regular expression. Minimum of 1 and maximum of 512 characters.
text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch: The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

regexString String: String representing the regular expression. Minimum of 1 and maximum of 512 characters.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch Property Map: The part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchArgs

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder[]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader[]: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader]: Inspect the request headers. See headers below for details.
ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies Property Map: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<Property Map>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<Property Map>: Inspect the request headers. See headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See json_body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See single_header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See single_query_argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBodyArgs

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesArgs

MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderArgs

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyArgs

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeaderArgs

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name str: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgumentArgs

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name str: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformationArgs

Priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: Transformation to apply, please refer to the Text Transformation documentation for more details.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementArgs

Arn string: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

Arn string: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

arn String: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

arn string: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

arn str: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

arn String: The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch Property Map: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchArgs

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder[]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader[]: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader]: Inspect the request headers. See headers below for details.
ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies Property Map: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<Property Map>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<Property Map>: Inspect the request headers. See headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See json_body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See single_header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See single_query_argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBodyArgs

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesArgs

MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderArgs

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyArgs

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name str: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgumentArgs

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name str: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformationArgs

Priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: Transformation to apply, please refer to the Text Transformation documentation for more details.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementArgs

ComparisonOperator string: Operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
Size int: Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

ComparisonOperator string: Operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
Size int: Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

comparisonOperator String: Operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
size Integer: Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

comparisonOperator string: Operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
size number: Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

comparison_operator str: Operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
size int: Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

comparisonOperator String: Operator to use to compare the request part to the size setting. Valid values include: EQ, NE, LE, LT, GE, or GT.
size Number: Size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch Property Map: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchArgs

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder[]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader[]: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader]: Inspect the request headers. See headers below for details.
ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies Property Map: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<Property Map>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<Property Map>: Inspect the request headers. See headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See json_body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See single_header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See single_query_argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBodyArgs

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesArgs

MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderArgs

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyArgs

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeaderArgs

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name str: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name str: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformationArgs

Priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: Transformation to apply, please refer to the Text Transformation documentation for more details.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementArgs

TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
SensitivityLevel string: Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
SensitivityLevel string: Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
sensitivityLevel String: Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
sensitivityLevel string: Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
sensitivity_level str: Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch Property Map: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.
sensitivityLevel String: Sensitivity that you want AWS WAF to use to inspect for SQL injection attacks. Valid values include: LOW, HIGH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchArgs

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder[]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader[]: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader]: Inspect the request headers. See headers below for details.
ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies Property Map: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<Property Map>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<Property Map>: Inspect the request headers. See headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See json_body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See single_header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See single_query_argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBodyArgs

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesArgs

MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderArgs

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. Valid values include: MATCH or NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyArgs

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
MatchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
InvalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
OversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope string: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior string: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling string: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
match_scope str: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalid_fallback_behavior str: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversize_handling str: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

matchPattern Property Map: The patterns to look for in the JSON body. You must specify exactly one setting: either all or included_paths. See JsonMatchPattern for details.
matchScope String: The parts of the JSON to match against using the match_pattern. Valid values are ALL, KEY and VALUE.
invalidFallbackBehavior String: What to do when JSON parsing fails. Defaults to evaluating up to the first parsing failure. Valid values are EVALUATE_AS_STRING, MATCH and NO_MATCH.
oversizeHandling String: What to do if the body is larger than can be inspected. Valid values are CONTINUE (default), MATCH and NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths List<string>

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
IncludedPaths []string

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
includedPaths string[]

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPatternAll: An empty configuration block that is used for inspecting all headers.
included_paths Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
includedPaths List<String>

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeaderArgs

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name str: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgumentArgs

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

Name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

name string: Name of the query header to inspect. This setting must be provided as lower case characters.

name str: Name of the query header to inspect. This setting must be provided as lower case characters.

name String: Name of the query header to inspect. This setting must be provided as lower case characters.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformationArgs

Priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

Priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
Type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Integer: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority number: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type string: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority int: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type str: Transformation to apply, please refer to the Text Transformation documentation for more details.

priority Number: Relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.
type String: Transformation to apply, please refer to the Text Transformation documentation for more details.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementArgs

TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. At least one transformation is required. See text_transformation below for details.
fieldToMatch Property Map: Part of a web request that you want AWS WAF to inspect. See field_to_match below for details.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchArgs

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader: Inspect the request headers. See headers below for details.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader>: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder[]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader[]: Inspect the request headers. See headers below for details.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies: Inspect the cookies in the web request. See cookies below for details.
header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader]: Inspect the request headers. See headers below for details.
ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa4Fingerprint: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See json_body for details.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader: Inspect a single header. See single_header below for details.
single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See single_query_argument below for details.
uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body, which immediately follows the request headers. See body below for details.
cookies Property Map: Inspect the cookies in the web request. See cookies below for details.
headerOrders List<Property Map>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request that AWS WAF receives for inspection. See header_order below for details.
headers List<Property Map>: Inspect the request headers. See headers below for details.
ja3Fingerprint Property Map: Inspect the JA3 fingerprint. See ja3_fingerprint below for details.
ja4Fingerprint Property Map: Inspect the JA3 fingerprint. See ja4_fingerprint below for details.
jsonBody Property Map: Inspect the request body as JSON. See json_body for details.
method Property Map: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
queryString Property Map: Inspect the query string. This is the part of a URL that appears after a ? character, if any.
singleHeader Property Map: Inspect a single header. See single_header below for details.
singleQueryArgument Property Map: Inspect a single query argument. See single_query_argument below for details.
uriPath Property Map: Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBodyArgs

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookies
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesArgs

MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
MatchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
OversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern[]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope string: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling string: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern]: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
match_scope str: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversize_handling str: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

matchPatterns List<Property Map>: The filter to use to identify the subset of cookies to inspect in a web request. You must specify exactly one setting: either all, included_cookies or excluded_cookies. More details: CookieMatchPattern
matchScope String: The parts of the cookies to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values: ALL, KEY, VALUE
oversizeHandling String: What AWS WAF should do if the cookies of the request are larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to AWS WAF. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies List<string>
IncludedCookies List<string>

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedCookies []string
IncludedCookies []string

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedCookies string[]
includedCookies string[]

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchCookiesMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_cookies Sequence[str]
included_cookies Sequence[str]

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedCookies List<String>
includedCookies List<String>

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeader
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderArgs

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
MatchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope string: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
match_scope str: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

matchPattern Property Map: The filter to use to identify the subset of headers to inspect in a web request. The match_pattern block supports only one of the following arguments:
matchScope String: The parts of the headers to inspect with the rule inspection criteria. If you specify All, AWS WAF inspects both keys and values. Valid values include the following: ALL, Key, Value.
oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPattern
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders List<string>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders List<string>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
ExcludedHeaders []string: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
IncludedHeaders []string: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excludedHeaders string[]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders string[]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderMatchPatternAll: An empty configuration block that is used for inspecting all headers.
excluded_headers Sequence[str]: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
included_headers Sequence[str]: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

all Property Map: An empty configuration block that is used for inspecting all headers.
excludedHeaders List<String>: An array of strings that will be used for inspecting headers that do not have a key that matches one of the provided values.
includedHeaders List<String>: An array of strings that will be used for inspecting headers that have a key that matches one of the provided values.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrder
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

OversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling string: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversize_handling str: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

oversizeHandling String: Oversize handling tells AWS WAF what to do with a web request when the request component that the rule inspects is over the limits. Valid values include the following: CONTINUE, MATCH, NO_MATCH. See the AWS documentation for more information.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3Fingerprint
, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

FallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior string: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallback_behavior str: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

fallbackBehavior String: Match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. Valid values include: MATCH or NO_MATCH.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.77.0 published on Wednesday, Apr 9, 2025 by Pulumi

pulumi/pulumi-aws

aws.wafv2.WebAcl

On this page

On this page

Create WebAcl Resource

Constructor syntax

Parameters

WebAcl Resource Properties

Inputs

Outputs

Look up Existing WebAcl Resource

Supporting Types

WebAclAssociationConfig, WebAclAssociationConfigArgs

WebAclAssociationConfigRequestBody, WebAclAssociationConfigRequestBodyArgs

WebAclAssociationConfigRequestBodyApiGateway, WebAclAssociationConfigRequestBodyApiGatewayArgs

WebAclAssociationConfigRequestBodyAppRunnerService, WebAclAssociationConfigRequestBodyAppRunnerServiceArgs

WebAclAssociationConfigRequestBodyCloudfront, WebAclAssociationConfigRequestBodyCloudfrontArgs

WebAclAssociationConfigRequestBodyCognitoUserPool, WebAclAssociationConfigRequestBodyCognitoUserPoolArgs

WebAclAssociationConfigRequestBodyVerifiedAccessInstance, WebAclAssociationConfigRequestBodyVerifiedAccessInstanceArgs

WebAclCaptchaConfig, WebAclCaptchaConfigArgs

WebAclCaptchaConfigImmunityTimeProperty, WebAclCaptchaConfigImmunityTimePropertyArgs

WebAclChallengeConfig, WebAclChallengeConfigArgs

WebAclChallengeConfigImmunityTimeProperty, WebAclChallengeConfigImmunityTimePropertyArgs

WebAclCustomResponseBody, WebAclCustomResponseBodyArgs

WebAclDefaultAction, WebAclDefaultActionArgs

WebAclDefaultActionAllow, WebAclDefaultActionAllowArgs

WebAclDefaultActionAllowCustomRequestHandling, WebAclDefaultActionAllowCustomRequestHandlingArgs

WebAclDefaultActionAllowCustomRequestHandlingInsertHeader, WebAclDefaultActionAllowCustomRequestHandlingInsertHeaderArgs

WebAclDefaultActionBlock, WebAclDefaultActionBlockArgs

WebAclDefaultActionBlockCustomResponse, WebAclDefaultActionBlockCustomResponseArgs

WebAclDefaultActionBlockCustomResponseResponseHeader, WebAclDefaultActionBlockCustomResponseResponseHeaderArgs

WebAclRule, WebAclRuleArgs

WebAclRuleAction, WebAclRuleActionArgs

WebAclRuleActionAllow, WebAclRuleActionAllowArgs

WebAclRuleActionAllowCustomRequestHandling, WebAclRuleActionAllowCustomRequestHandlingArgs

WebAclRuleActionAllowCustomRequestHandlingInsertHeader, WebAclRuleActionAllowCustomRequestHandlingInsertHeaderArgs

WebAclRuleActionBlock, WebAclRuleActionBlockArgs

WebAclRuleActionBlockCustomResponse, WebAclRuleActionBlockCustomResponseArgs

WebAclRuleActionBlockCustomResponseResponseHeader, WebAclRuleActionBlockCustomResponseResponseHeaderArgs

WebAclRuleActionCaptcha, WebAclRuleActionCaptchaArgs

WebAclRuleActionCaptchaCustomRequestHandling, WebAclRuleActionCaptchaCustomRequestHandlingArgs

WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader, WebAclRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs

WebAclRuleActionChallenge, WebAclRuleActionChallengeArgs

WebAclRuleActionChallengeCustomRequestHandling, WebAclRuleActionChallengeCustomRequestHandlingArgs

WebAclRuleActionChallengeCustomRequestHandlingInsertHeader, WebAclRuleActionChallengeCustomRequestHandlingInsertHeaderArgs

WebAclRuleActionCount, WebAclRuleActionCountArgs

WebAclRuleActionCountCustomRequestHandling, WebAclRuleActionCountCustomRequestHandlingArgs

WebAclRuleActionCountCustomRequestHandlingInsertHeader, WebAclRuleActionCountCustomRequestHandlingInsertHeaderArgs

WebAclRuleCaptchaConfig, WebAclRuleCaptchaConfigArgs

WebAclRuleCaptchaConfigImmunityTimeProperty, WebAclRuleCaptchaConfigImmunityTimePropertyArgs

WebAclRuleChallengeConfig, WebAclRuleChallengeConfigArgs

WebAclRuleChallengeConfigImmunityTimeProperty, WebAclRuleChallengeConfigImmunityTimePropertyArgs

WebAclRuleOverrideAction, WebAclRuleOverrideActionArgs

WebAclRuleRuleLabel, WebAclRuleRuleLabelArgs

WebAclRuleStatement, WebAclRuleStatementArgs

WebAclRuleStatementAndStatement, WebAclRuleStatementAndStatementArgs

WebAclRuleStatementByteMatchStatement, WebAclRuleStatementByteMatchStatementArgs

WebAclRuleStatementByteMatchStatementFieldToMatch, WebAclRuleStatementByteMatchStatementFieldToMatchArgs

WebAclRuleStatementByteMatchStatementFieldToMatchBody, WebAclRuleStatementByteMatchStatementFieldToMatchBodyArgs

WebAclRuleStatementByteMatchStatementFieldToMatchCookies, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesArgs

WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

WebAclRuleStatementByteMatchStatementFieldToMatchHeader, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderArgs

WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrderArgs

WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementByteMatchStatementFieldToMatchJa4FingerprintArgs

WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyArgs

WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeaderArgs

WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

WebAclRuleStatementByteMatchStatementTextTransformation, WebAclRuleStatementByteMatchStatementTextTransformationArgs

WebAclRuleStatementGeoMatchStatement, WebAclRuleStatementGeoMatchStatementArgs

WebAclRuleStatementGeoMatchStatementForwardedIpConfig, WebAclRuleStatementGeoMatchStatementForwardedIpConfigArgs

WebAclRuleStatementIpSetReferenceStatement, WebAclRuleStatementIpSetReferenceStatementArgs

WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig, WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

WebAclRuleStatementLabelMatchStatement, WebAclRuleStatementLabelMatchStatementArgs

WebAclRuleStatementManagedRuleGroupStatement, WebAclRuleStatementManagedRuleGroupStatementArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs

WebAclAssociationConfig
, WebAclAssociationConfigArgs

WebAclAssociationConfigRequestBody
, WebAclAssociationConfigRequestBodyArgs

WebAclAssociationConfigRequestBodyApiGateway
, WebAclAssociationConfigRequestBodyApiGatewayArgs

WebAclAssociationConfigRequestBodyAppRunnerService
, WebAclAssociationConfigRequestBodyAppRunnerServiceArgs

WebAclAssociationConfigRequestBodyCloudfront
, WebAclAssociationConfigRequestBodyCloudfrontArgs

WebAclAssociationConfigRequestBodyCognitoUserPool
, WebAclAssociationConfigRequestBodyCognitoUserPoolArgs

WebAclAssociationConfigRequestBodyVerifiedAccessInstance
, WebAclAssociationConfigRequestBodyVerifiedAccessInstanceArgs

WebAclCaptchaConfig
, WebAclCaptchaConfigArgs

WebAclCaptchaConfigImmunityTimeProperty
, WebAclCaptchaConfigImmunityTimePropertyArgs

WebAclChallengeConfig
, WebAclChallengeConfigArgs

WebAclChallengeConfigImmunityTimeProperty
, WebAclChallengeConfigImmunityTimePropertyArgs

WebAclCustomResponseBody
, WebAclCustomResponseBodyArgs

WebAclDefaultAction
, WebAclDefaultActionArgs

WebAclDefaultActionAllow
, WebAclDefaultActionAllowArgs

WebAclDefaultActionAllowCustomRequestHandling
, WebAclDefaultActionAllowCustomRequestHandlingArgs

WebAclDefaultActionAllowCustomRequestHandlingInsertHeader
, WebAclDefaultActionAllowCustomRequestHandlingInsertHeaderArgs

WebAclDefaultActionBlock
, WebAclDefaultActionBlockArgs

WebAclDefaultActionBlockCustomResponse
, WebAclDefaultActionBlockCustomResponseArgs

WebAclDefaultActionBlockCustomResponseResponseHeader
, WebAclDefaultActionBlockCustomResponseResponseHeaderArgs

WebAclRule
, WebAclRuleArgs

WebAclRuleAction
, WebAclRuleActionArgs

WebAclRuleActionAllow
, WebAclRuleActionAllowArgs

WebAclRuleActionAllowCustomRequestHandling
, WebAclRuleActionAllowCustomRequestHandlingArgs

WebAclRuleActionAllowCustomRequestHandlingInsertHeader
, WebAclRuleActionAllowCustomRequestHandlingInsertHeaderArgs

WebAclRuleActionBlock
, WebAclRuleActionBlockArgs

WebAclRuleActionBlockCustomResponse
, WebAclRuleActionBlockCustomResponseArgs

WebAclRuleActionBlockCustomResponseResponseHeader
, WebAclRuleActionBlockCustomResponseResponseHeaderArgs

WebAclRuleActionCaptcha
, WebAclRuleActionCaptchaArgs

WebAclRuleActionCaptchaCustomRequestHandling
, WebAclRuleActionCaptchaCustomRequestHandlingArgs

WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader
, WebAclRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs

WebAclRuleActionChallenge
, WebAclRuleActionChallengeArgs

WebAclRuleActionChallengeCustomRequestHandling
, WebAclRuleActionChallengeCustomRequestHandlingArgs

WebAclRuleActionChallengeCustomRequestHandlingInsertHeader
, WebAclRuleActionChallengeCustomRequestHandlingInsertHeaderArgs

WebAclRuleActionCount
, WebAclRuleActionCountArgs

WebAclRuleActionCountCustomRequestHandling
, WebAclRuleActionCountCustomRequestHandlingArgs

WebAclRuleActionCountCustomRequestHandlingInsertHeader
, WebAclRuleActionCountCustomRequestHandlingInsertHeaderArgs

WebAclRuleCaptchaConfig
, WebAclRuleCaptchaConfigArgs

WebAclRuleCaptchaConfigImmunityTimeProperty
, WebAclRuleCaptchaConfigImmunityTimePropertyArgs

WebAclRuleChallengeConfig
, WebAclRuleChallengeConfigArgs

WebAclRuleChallengeConfigImmunityTimeProperty
, WebAclRuleChallengeConfigImmunityTimePropertyArgs

WebAclRuleOverrideAction
, WebAclRuleOverrideActionArgs

WebAclRuleRuleLabel
, WebAclRuleRuleLabelArgs

WebAclRuleStatement
, WebAclRuleStatementArgs

WebAclRuleStatementAndStatement
, WebAclRuleStatementAndStatementArgs

WebAclRuleStatementByteMatchStatement
, WebAclRuleStatementByteMatchStatementArgs

WebAclRuleStatementByteMatchStatementFieldToMatch
, WebAclRuleStatementByteMatchStatementFieldToMatchArgs

WebAclRuleStatementByteMatchStatementFieldToMatchBody
, WebAclRuleStatementByteMatchStatementFieldToMatchBodyArgs

WebAclRuleStatementByteMatchStatementFieldToMatchCookies
, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesArgs

WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern
, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

WebAclRuleStatementByteMatchStatementFieldToMatchHeader
, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderArgs

WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern
, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder
, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrderArgs

WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint
, WebAclRuleStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint
, WebAclRuleStatementByteMatchStatementFieldToMatchJa4FingerprintArgs

WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody
, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyArgs

WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern
, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader
, WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeaderArgs

WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument
, WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

WebAclRuleStatementByteMatchStatementTextTransformation
, WebAclRuleStatementByteMatchStatementTextTransformationArgs

WebAclRuleStatementGeoMatchStatement
, WebAclRuleStatementGeoMatchStatementArgs

WebAclRuleStatementGeoMatchStatementForwardedIpConfig
, WebAclRuleStatementGeoMatchStatementForwardedIpConfigArgs

WebAclRuleStatementIpSetReferenceStatement
, WebAclRuleStatementIpSetReferenceStatementArgs

WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig
, WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

WebAclRuleStatementLabelMatchStatement
, WebAclRuleStatementLabelMatchStatementArgs

WebAclRuleStatementManagedRuleGroupStatement
, WebAclRuleStatementManagedRuleGroupStatementArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContainsArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeaderArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJsonArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCodeArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection
, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs