Class: AWSCDK::WAFv2::CfnWebACL::AWSManagedRulesATPRuleSetProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::WAFv2::CfnWebACL::AWSManagedRulesATPRuleSetProperty
- Defined in:
- wa_fv2/cfn_web_acl.rb
Overview
Details for your use of the account takeover prevention managed rule group, AWSManagedRulesATPRuleSet .
This configuration is used in ManagedRuleGroupConfig .
For additional information about this and the other intelligent threat mitigation rule groups, see Intelligent threat mitigation in AWS WAF and AWS Managed Rules rule groups list in the AWS WAF Developer Guide .
Instance Attribute Summary collapse
-
#enable_regex_in_path ⇒ Boolean, ...
readonly
Allow the use of regular expressions in the login page path.
-
#login_path ⇒ String
readonly
The path of the login endpoint for your application.
-
#request_inspection ⇒ AWSCDK::IResolvable, ...
readonly
The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.
-
#response_inspection ⇒ AWSCDK::IResolvable, ...
readonly
The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(login_path:, enable_regex_in_path: nil, request_inspection: nil, response_inspection: nil) ⇒ AWSManagedRulesATPRuleSetProperty
constructor
A new instance of AWSManagedRulesATPRuleSetProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(login_path:, enable_regex_in_path: nil, request_inspection: nil, response_inspection: nil) ⇒ AWSManagedRulesATPRuleSetProperty
Returns a new instance of AWSManagedRulesATPRuleSetProperty.
871 872 873 874 875 876 877 878 879 880 |
# File 'wa_fv2/cfn_web_acl.rb', line 871 def initialize(login_path:, enable_regex_in_path: nil, request_inspection: nil, response_inspection: nil) @login_path = login_path Jsii::Type.check_type(@login_path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "loginPath") @enable_regex_in_path = enable_regex_in_path Jsii::Type.check_type(@enable_regex_in_path, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "enableRegexInPath") unless @enable_regex_in_path.nil? @request_inspection = request_inspection.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::RequestInspectionProperty.new(**request_inspection.transform_keys(&:to_sym)) : request_inspection Jsii::Type.check_type(@request_inspection, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuUmVxdWVzdEluc3BlY3Rpb25Qcm9wZXJ0eSJ9XX19")), "requestInspection") unless @request_inspection.nil? @response_inspection = response_inspection.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::ResponseInspectionProperty.new(**response_inspection.transform_keys(&:to_sym)) : response_inspection Jsii::Type.check_type(@response_inspection, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuUmVzcG9uc2VJbnNwZWN0aW9uUHJvcGVydHkifV19fQ==")), "responseInspection") unless @response_inspection.nil? end |
Instance Attribute Details
#enable_regex_in_path ⇒ Boolean, ... (readonly)
Allow the use of regular expressions in the login page path.
895 896 897 |
# File 'wa_fv2/cfn_web_acl.rb', line 895 def enable_regex_in_path @enable_regex_in_path end |
#login_path ⇒ String (readonly)
The path of the login endpoint for your application.
For example, for the URL https://example.com/web/login , you would provide the path /web/login . Login paths that start with the path that you provide are considered a match. For example /web/login matches the login paths /web/login , /web/login/ , /web/loginPage , and /web/login/thisPage , but doesn't match the login path /home/web/login or /website/login .
The rule group inspects only HTTP POST requests to your specified login endpoint.
890 891 892 |
# File 'wa_fv2/cfn_web_acl.rb', line 890 def login_path @login_path end |
#request_inspection ⇒ AWSCDK::IResolvable, ... (readonly)
The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.
900 901 902 |
# File 'wa_fv2/cfn_web_acl.rb', line 900 def request_inspection @request_inspection end |
#response_inspection ⇒ AWSCDK::IResolvable, ... (readonly)
The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts for each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that have had too many failed login attempts in a short amount of time.
909 910 911 |
# File 'wa_fv2/cfn_web_acl.rb', line 909 def response_inspection @response_inspection end |
Class Method Details
.jsii_properties ⇒ Object
911 912 913 914 915 916 917 918 |
# File 'wa_fv2/cfn_web_acl.rb', line 911 def self.jsii_properties { :login_path => "loginPath", :enable_regex_in_path => "enableRegexInPath", :request_inspection => "requestInspection", :response_inspection => "responseInspection", } end |
Instance Method Details
#to_jsii ⇒ Object
920 921 922 923 924 925 926 927 928 929 |
# File 'wa_fv2/cfn_web_acl.rb', line 920 def to_jsii result = {} result.merge!({ "loginPath" => @login_path, "enableRegexInPath" => @enable_regex_in_path, "requestInspection" => @request_inspection, "responseInspection" => @response_inspection, }) result.compact end |