Class: AWSCDK::WAFv2::CfnRuleGroup::FieldToMatchProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::WAFv2::CfnRuleGroup::FieldToMatchProperty
- Defined in:
- wa_fv2/cfn_rule_group.rb
Overview
Specifies a web request component to be used in a rule match statement or in a logging configuration.
- In a rule statement, this is the part of the web request that you want AWS WAF to inspect. Include the single
FieldToMatchtype that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component inFieldToMatchfor each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.
Example JSON for a QueryString field to match:
"FieldToMatch": { "QueryString": {} }
Example JSON for a Method field to match specification:
"FieldToMatch": { "Method": { "Name": "DELETE" } }
- In a logging configuration, this is used in the
RedactedFieldsproperty to specify a field to redact from the logging records. For this use case, note the following: - Even though all
FieldToMatchsettings are available, the only valid settings for field redaction areUriPath,QueryString,SingleHeader, andMethod. - In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.
- If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.
Instance Attribute Summary collapse
-
#all_query_arguments ⇒ Object?
readonly
Inspect all query arguments.
-
#body ⇒ AWSCDK::IResolvable, ...
readonly
Inspect the request body as plain text.
-
#cookies ⇒ AWSCDK::IResolvable, ...
readonly
Inspect the request cookies.
-
#header_order ⇒ AWSCDK::IResolvable, ...
readonly
The string containing the list of a web request's header names, ordered as they appear in the web request, separated by colons.
-
#headers ⇒ AWSCDK::IResolvable, ...
readonly
Inspect the request headers.
-
#ja3_fingerprint ⇒ AWSCDK::IResolvable, ...
readonly
Available for use with Amazon CloudFront distributions and Application Load Balancers.
-
#ja4_fingerprint ⇒ AWSCDK::IResolvable, ...
readonly
Available for use with Amazon CloudFront distributions and Application Load Balancers.
-
#json_body ⇒ AWSCDK::IResolvable, ...
readonly
Inspect the request body as JSON.
-
#method ⇒ Object?
readonly
Inspect the HTTP method.
-
#query_string ⇒ Object?
readonly
Inspect the query string.
-
#single_header ⇒ Object?
readonly
Inspect a single header.
-
#single_query_argument ⇒ Object?
readonly
Inspect a single query argument.
-
#uri_fragment ⇒ AWSCDK::IResolvable, ...
readonly
Inspect fragments of the request URI.
-
#uri_path ⇒ Object?
readonly
Inspect the request URI path.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(all_query_arguments: nil, body: nil, cookies: nil, header_order: nil, headers: nil, ja3_fingerprint: nil, ja4_fingerprint: nil, json_body: nil, method: nil, query_string: nil, single_header: nil, single_query_argument: nil, uri_fragment: nil, uri_path: nil) ⇒ FieldToMatchProperty
constructor
A new instance of FieldToMatchProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(all_query_arguments: nil, body: nil, cookies: nil, header_order: nil, headers: nil, ja3_fingerprint: nil, ja4_fingerprint: nil, json_body: nil, method: nil, query_string: nil, single_header: nil, single_query_argument: nil, uri_fragment: nil, uri_path: nil) ⇒ FieldToMatchProperty
Returns a new instance of FieldToMatchProperty.
1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567 1568 1569 1570 1571 1572 1573 1574 1575 1576 1577 1578 1579 1580 1581 1582 1583 1584 1585 |
# File 'wa_fv2/cfn_rule_group.rb', line 1556 def initialize(all_query_arguments: nil, body: nil, cookies: nil, header_order: nil, headers: nil, ja3_fingerprint: nil, ja4_fingerprint: nil, json_body: nil, method: nil, query_string: nil, single_header: nil, single_query_argument: nil, uri_fragment: nil, uri_path: nil) @all_query_arguments = all_query_arguments Jsii::Type.check_type(@all_query_arguments, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "allQueryArguments") unless @all_query_arguments.nil? @body = body.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::BodyProperty.new(**body.transform_keys(&:to_sym)) : body Jsii::Type.check_type(@body, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuQm9keVByb3BlcnR5In1dfX0=")), "body") unless @body.nil? @cookies = .is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::CookiesProperty.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(@cookies, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuQ29va2llc1Byb3BlcnR5In1dfX0=")), "cookies") unless @cookies.nil? @header_order = header_order.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::HeaderOrderProperty.new(**header_order.transform_keys(&:to_sym)) : header_order Jsii::Type.check_type(@header_order, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuSGVhZGVyT3JkZXJQcm9wZXJ0eSJ9XX19")), "headerOrder") unless @header_order.nil? @headers = headers.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::HeadersProperty.new(**headers.transform_keys(&:to_sym)) : headers Jsii::Type.check_type(@headers, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuSGVhZGVyc1Byb3BlcnR5In1dfX0=")), "headers") unless @headers.nil? @ja3_fingerprint = ja3_fingerprint.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::JA3FingerprintProperty.new(**ja3_fingerprint.transform_keys(&:to_sym)) : ja3_fingerprint Jsii::Type.check_type(@ja3_fingerprint, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuSkEzRmluZ2VycHJpbnRQcm9wZXJ0eSJ9XX19")), "ja3Fingerprint") unless @ja3_fingerprint.nil? @ja4_fingerprint = ja4_fingerprint.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::JA4FingerprintProperty.new(**ja4_fingerprint.transform_keys(&:to_sym)) : ja4_fingerprint Jsii::Type.check_type(@ja4_fingerprint, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuSkE0RmluZ2VycHJpbnRQcm9wZXJ0eSJ9XX19")), "ja4Fingerprint") unless @ja4_fingerprint.nil? @json_body = json_body.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::JsonBodyProperty.new(**json_body.transform_keys(&:to_sym)) : json_body Jsii::Type.check_type(@json_body, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuSnNvbkJvZHlQcm9wZXJ0eSJ9XX19")), "jsonBody") unless @json_body.nil? @method = method Jsii::Type.check_type(@method, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "method") unless @method.nil? @query_string = query_string Jsii::Type.check_type(@query_string, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "queryString") unless @query_string.nil? @single_header = single_header Jsii::Type.check_type(@single_header, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "singleHeader") unless @single_header.nil? @single_query_argument = single_query_argument Jsii::Type.check_type(@single_query_argument, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "singleQueryArgument") unless @single_query_argument.nil? @uri_fragment = uri_fragment.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnRuleGroup::URIFragmentProperty.new(**uri_fragment.transform_keys(&:to_sym)) : uri_fragment Jsii::Type.check_type(@uri_fragment, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5SdWxlR3JvdXAuVXJpRnJhZ21lbnRQcm9wZXJ0eSJ9XX19")), "uriFragment") unless @uri_fragment.nil? @uri_path = uri_path Jsii::Type.check_type(@uri_path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "uriPath") unless @uri_path.nil? end |
Instance Attribute Details
#all_query_arguments ⇒ Object? (readonly)
Inspect all query arguments.
1591 1592 1593 |
# File 'wa_fv2/cfn_rule_group.rb', line 1591 def all_query_arguments @all_query_arguments end |
#body ⇒ AWSCDK::IResolvable, ... (readonly)
Inspect the request body as plain text.
The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection.
- For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
- For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL
AssociationConfig, for additional processing fees. - For AWS Amplify , use the CloudFront limit.
For information about how to handle oversized request bodies, see the Body object configuration.
1606 1607 1608 |
# File 'wa_fv2/cfn_rule_group.rb', line 1606 def body @body end |
#cookies ⇒ AWSCDK::IResolvable, ... (readonly)
Inspect the request cookies.
You must configure scope and pattern matching filters in the Cookies object, to define the set of cookies and the parts of the cookies that AWS WAF inspects.
Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the Cookies object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
1615 1616 1617 |
# File 'wa_fv2/cfn_rule_group.rb', line 1615 def @cookies end |
#header_order ⇒ AWSCDK::IResolvable, ... (readonly)
The string containing the list of a web request's header names, ordered as they appear in the web request, separated by colons.
1620 1621 1622 |
# File 'wa_fv2/cfn_rule_group.rb', line 1620 def header_order @header_order end |
#headers ⇒ AWSCDK::IResolvable, ... (readonly)
Inspect the request headers.
You must configure scope and pattern matching filters in the Headers object, to define the set of headers to and the parts of the headers that AWS WAF inspects.
Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the Headers object. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
1629 1630 1631 |
# File 'wa_fv2/cfn_rule_group.rb', line 1629 def headers @headers end |
#ja3_fingerprint ⇒ AWSCDK::IResolvable, ... (readonly)
Available for use with Amazon CloudFront distributions and Application Load Balancers.
Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
You can use this choice only with a string match
ByteMatchStatementwith thePositionalConstraintset toEXACTLY.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the AWS WAF Developer Guide .
Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
1642 1643 1644 |
# File 'wa_fv2/cfn_rule_group.rb', line 1642 def ja3_fingerprint @ja3_fingerprint end |
#ja4_fingerprint ⇒ AWSCDK::IResolvable, ... (readonly)
Available for use with Amazon CloudFront distributions and Application Load Balancers.
Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
You can use this choice only with a string match
ByteMatchStatementwith thePositionalConstraintset toEXACTLY.
You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the AWS WAF Developer Guide .
Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
1655 1656 1657 |
# File 'wa_fv2/cfn_rule_group.rb', line 1655 def ja4_fingerprint @ja4_fingerprint end |
#json_body ⇒ AWSCDK::IResolvable, ... (readonly)
Inspect the request body as JSON.
The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection.
- For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
- For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL
AssociationConfig, for additional processing fees. - For AWS Amplify , use the CloudFront limit.
For information about how to handle oversized request bodies, see the JsonBody object configuration.
1670 1671 1672 |
# File 'wa_fv2/cfn_rule_group.rb', line 1670 def json_body @json_body end |
#method ⇒ Object? (readonly)
Inspect the HTTP method.
The method indicates the type of operation that the request is asking the origin to perform.
1677 1678 1679 |
# File 'wa_fv2/cfn_rule_group.rb', line 1677 def method @method end |
#query_string ⇒ Object? (readonly)
Inspect the query string.
This is the part of a URL that appears after a ? character, if any.
1684 1685 1686 |
# File 'wa_fv2/cfn_rule_group.rb', line 1684 def query_string @query_string end |
#single_header ⇒ Object? (readonly)
Inspect a single header.
Provide the name of the header to inspect, for example, User-Agent or Referer . This setting isn't case sensitive.
Example JSON: "SingleHeader": { "Name": "haystack" }
Alternately, you can filter and inspect all headers with the Headers FieldToMatch setting.
1695 1696 1697 |
# File 'wa_fv2/cfn_rule_group.rb', line 1695 def single_header @single_header end |
#single_query_argument ⇒ Object? (readonly)
Inspect a single query argument.
Provide the name of the query argument to inspect, such as UserName or SalesRegion . The name can be up to 30 characters long and isn't case sensitive.
Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
1704 1705 1706 |
# File 'wa_fv2/cfn_rule_group.rb', line 1704 def single_query_argument @single_query_argument end |
#uri_fragment ⇒ AWSCDK::IResolvable, ... (readonly)
Inspect fragments of the request URI.
You must configure scope and pattern matching filters in the UriFragment object, to define the fragment of a URI that AWS WAF inspects.
Only the first 8 KB (8192 bytes) of a request's URI fragments and only the first 200 URI fragments are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize URI fragment content in the UriFragment object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
1713 1714 1715 |
# File 'wa_fv2/cfn_rule_group.rb', line 1713 def uri_fragment @uri_fragment end |
#uri_path ⇒ Object? (readonly)
Inspect the request URI path.
This is the part of the web request that identifies a resource, for example, /images/daily-ad.jpg .
1720 1721 1722 |
# File 'wa_fv2/cfn_rule_group.rb', line 1720 def uri_path @uri_path end |
Class Method Details
.jsii_properties ⇒ Object
1722 1723 1724 1725 1726 1727 1728 1729 1730 1731 1732 1733 1734 1735 1736 1737 1738 1739 |
# File 'wa_fv2/cfn_rule_group.rb', line 1722 def self.jsii_properties { :all_query_arguments => "allQueryArguments", :body => "body", :cookies => "cookies", :header_order => "headerOrder", :headers => "headers", :ja3_fingerprint => "ja3Fingerprint", :ja4_fingerprint => "ja4Fingerprint", :json_body => "jsonBody", :method => "method", :query_string => "queryString", :single_header => "singleHeader", :single_query_argument => "singleQueryArgument", :uri_fragment => "uriFragment", :uri_path => "uriPath", } end |
Instance Method Details
#to_jsii ⇒ Object
1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 |
# File 'wa_fv2/cfn_rule_group.rb', line 1741 def to_jsii result = {} result.merge!({ "allQueryArguments" => @all_query_arguments, "body" => @body, "cookies" => @cookies, "headerOrder" => @header_order, "headers" => @headers, "ja3Fingerprint" => @ja3_fingerprint, "ja4Fingerprint" => @ja4_fingerprint, "jsonBody" => @json_body, "method" => @method, "queryString" => @query_string, "singleHeader" => @single_header, "singleQueryArgument" => @single_query_argument, "uriFragment" => @uri_fragment, "uriPath" => @uri_path, }) result.compact end |