Class: AWSCDK::WAFv2::CfnWebACL::AWSManagedRulesACFPRuleSetProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
wa_fv2/cfn_web_acl.rb

Overview

Details for your use of the account creation fraud prevention managed rule group, AWSManagedRulesACFPRuleSet .

This configuration is used in ManagedRuleGroupConfig .

For additional information about this and the other intelligent threat mitigation rule groups, see Intelligent threat mitigation in AWS WAF and AWS Managed Rules rule groups list in the AWS WAF Developer Guide .

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(creation_path:, registration_page_path:, request_inspection:, enable_regex_in_path: nil, response_inspection: nil) ⇒ AWSManagedRulesACFPRuleSetProperty

Returns a new instance of AWSManagedRulesACFPRuleSetProperty.

Parameters:

  • creation_path (String)

    The path of the account creation endpoint for your application.

  • registration_page_path (String)

    The path of the account registration endpoint for your application.

  • request_inspection (AWSCDK::IResolvable, AWSCDK::WAFv2::CfnWebACL::RequestInspectionACFPProperty)

    The criteria for inspecting account creation requests, used by the ACFP rule group to validate and track account creation attempts.

  • enable_regex_in_path (Boolean, AWSCDK::IResolvable, nil) (defaults to: nil)

    Allow the use of regular expressions in the registration page path and the account creation path.

  • response_inspection (AWSCDK::IResolvable, AWSCDK::WAFv2::CfnWebACL::ResponseInspectionProperty, nil) (defaults to: nil)

    The criteria for inspecting responses to account creation requests, used by the ACFP rule group to track account creation success rates.



781
782
783
784
785
786
787
788
789
790
791
792
# File 'wa_fv2/cfn_web_acl.rb', line 781

def initialize(creation_path:, registration_page_path:, request_inspection:, enable_regex_in_path: nil, response_inspection: nil)
  @creation_path = creation_path
  Jsii::Type.check_type(@creation_path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "creationPath")
  @registration_page_path = registration_page_path
  Jsii::Type.check_type(@registration_page_path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "registrationPagePath")
  @request_inspection = request_inspection.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::RequestInspectionACFPProperty.new(**request_inspection.transform_keys(&:to_sym)) : request_inspection
  Jsii::Type.check_type(@request_inspection, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuUmVxdWVzdEluc3BlY3Rpb25BQ0ZQUHJvcGVydHkifV19fQ==")), "requestInspection")
  @enable_regex_in_path = enable_regex_in_path
  Jsii::Type.check_type(@enable_regex_in_path, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "enableRegexInPath") unless @enable_regex_in_path.nil?
  @response_inspection = response_inspection.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::ResponseInspectionProperty.new(**response_inspection.transform_keys(&:to_sym)) : response_inspection
  Jsii::Type.check_type(@response_inspection, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuUmVzcG9uc2VJbnNwZWN0aW9uUHJvcGVydHkifV19fQ==")), "responseInspection") unless @response_inspection.nil?
end

Instance Attribute Details

#creation_pathString (readonly)

The path of the account creation endpoint for your application.

This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.

For example, for the URL https://example.com/web/newaccount , you would provide the path /web/newaccount . Account creation page paths that start with the path that you provide are considered a match. For example /web/newaccount matches the account creation paths /web/newaccount , /web/newaccount/ , /web/newaccountPage , and /web/newaccount/thisPage , but doesn't match the path /home/web/newaccount or /website/newaccount .



802
803
804
# File 'wa_fv2/cfn_web_acl.rb', line 802

def creation_path
  @creation_path
end

#enable_regex_in_pathBoolean, ... (readonly)

Allow the use of regular expressions in the registration page path and the account creation path.



823
824
825
# File 'wa_fv2/cfn_web_acl.rb', line 823

def enable_regex_in_path
  @enable_regex_in_path
end

#registration_page_pathString (readonly)

The path of the account registration endpoint for your application.

This is the page on your website that presents the registration form to new users.

This page must accept GET text/html requests.

For example, for the URL https://example.com/web/registration , you would provide the path /web/registration . Registration page paths that start with the path that you provide are considered a match. For example /web/registration matches the registration paths /web/registration , /web/registration/ , /web/registrationPage , and /web/registration/thisPage , but doesn't match the path /home/web/registration or /website/registration .



813
814
815
# File 'wa_fv2/cfn_web_acl.rb', line 813

def registration_page_path
  @registration_page_path
end

#request_inspectionAWSCDK::IResolvable, AWSCDK::WAFv2::CfnWebACL::RequestInspectionACFPProperty (readonly)

The criteria for inspecting account creation requests, used by the ACFP rule group to validate and track account creation attempts.



818
819
820
# File 'wa_fv2/cfn_web_acl.rb', line 818

def request_inspection
  @request_inspection
end

#response_inspectionAWSCDK::IResolvable, ... (readonly)

The criteria for inspecting responses to account creation requests, used by the ACFP rule group to track account creation success rates.

Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.

The ACFP rule group evaluates the responses that your protected resources send back to client account creation attempts, keeping count of successful and failed attempts from each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that have had too many successful account creation attempts in a short amount of time.



832
833
834
# File 'wa_fv2/cfn_web_acl.rb', line 832

def response_inspection
  @response_inspection
end

Class Method Details

.jsii_propertiesObject



834
835
836
837
838
839
840
841
842
# File 'wa_fv2/cfn_web_acl.rb', line 834

def self.jsii_properties
  {
    :creation_path => "creationPath",
    :registration_page_path => "registrationPagePath",
    :request_inspection => "requestInspection",
    :enable_regex_in_path => "enableRegexInPath",
    :response_inspection => "responseInspection",
  }
end

Instance Method Details

#to_jsiiObject



844
845
846
847
848
849
850
851
852
853
854
# File 'wa_fv2/cfn_web_acl.rb', line 844

def to_jsii
  result = {}
  result.merge!({
    "creationPath" => @creation_path,
    "registrationPagePath" => @registration_page_path,
    "requestInspection" => @request_inspection,
    "enableRegexInPath" => @enable_regex_in_path,
    "responseInspection" => @response_inspection,
  })
  result.compact
end