Class: AWSCDK::WAFv2::CfnWebACL::AWSManagedRulesATPRuleSetProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
wa_fv2/cfn_web_acl.rb

Overview

Details for your use of the account takeover prevention managed rule group, AWSManagedRulesATPRuleSet .

This configuration is used in ManagedRuleGroupConfig .

For additional information about this and the other intelligent threat mitigation rule groups, see Intelligent threat mitigation in AWS WAF and AWS Managed Rules rule groups list in the AWS WAF Developer Guide .

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(login_path:, enable_regex_in_path: nil, request_inspection: nil, response_inspection: nil) ⇒ AWSManagedRulesATPRuleSetProperty

Returns a new instance of AWSManagedRulesATPRuleSetProperty.

Parameters:



871
872
873
874
875
876
877
878
879
880
# File 'wa_fv2/cfn_web_acl.rb', line 871

def initialize(login_path:, enable_regex_in_path: nil, request_inspection: nil, response_inspection: nil)
  @login_path = 
  Jsii::Type.check_type(@login_path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "loginPath")
  @enable_regex_in_path = enable_regex_in_path
  Jsii::Type.check_type(@enable_regex_in_path, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3sicHJpbWl0aXZlIjoiYm9vbGVhbiJ9LHsiZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifV19fQ==")), "enableRegexInPath") unless @enable_regex_in_path.nil?
  @request_inspection = request_inspection.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::RequestInspectionProperty.new(**request_inspection.transform_keys(&:to_sym)) : request_inspection
  Jsii::Type.check_type(@request_inspection, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuUmVxdWVzdEluc3BlY3Rpb25Qcm9wZXJ0eSJ9XX19")), "requestInspection") unless @request_inspection.nil?
  @response_inspection = response_inspection.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::ResponseInspectionProperty.new(**response_inspection.transform_keys(&:to_sym)) : response_inspection
  Jsii::Type.check_type(@response_inspection, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuUmVzcG9uc2VJbnNwZWN0aW9uUHJvcGVydHkifV19fQ==")), "responseInspection") unless @response_inspection.nil?
end

Instance Attribute Details

#enable_regex_in_pathBoolean, ... (readonly)

Allow the use of regular expressions in the login page path.



895
896
897
# File 'wa_fv2/cfn_web_acl.rb', line 895

def enable_regex_in_path
  @enable_regex_in_path
end

#login_pathString (readonly)

The path of the login endpoint for your application.

For example, for the URL https://example.com/web/login , you would provide the path /web/login . Login paths that start with the path that you provide are considered a match. For example /web/login matches the login paths /web/login , /web/login/ , /web/loginPage , and /web/login/thisPage , but doesn't match the login path /home/web/login or /website/login .

The rule group inspects only HTTP POST requests to your specified login endpoint.



890
891
892
# File 'wa_fv2/cfn_web_acl.rb', line 890

def 
  @login_path
end

#request_inspectionAWSCDK::IResolvable, ... (readonly)

The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.



900
901
902
# File 'wa_fv2/cfn_web_acl.rb', line 900

def request_inspection
  @request_inspection
end

#response_inspectionAWSCDK::IResolvable, ... (readonly)

The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.

Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.

The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts for each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that have had too many failed login attempts in a short amount of time.



909
910
911
# File 'wa_fv2/cfn_web_acl.rb', line 909

def response_inspection
  @response_inspection
end

Class Method Details

.jsii_propertiesObject



911
912
913
914
915
916
917
918
# File 'wa_fv2/cfn_web_acl.rb', line 911

def self.jsii_properties
  {
    :login_path => "loginPath",
    :enable_regex_in_path => "enableRegexInPath",
    :request_inspection => "requestInspection",
    :response_inspection => "responseInspection",
  }
end

Instance Method Details

#to_jsiiObject



920
921
922
923
924
925
926
927
928
929
# File 'wa_fv2/cfn_web_acl.rb', line 920

def to_jsii
  result = {}
  result.merge!({
    "loginPath" => @login_path,
    "enableRegexInPath" => @enable_regex_in_path,
    "requestInspection" => @request_inspection,
    "responseInspection" => @response_inspection,
  })
  result.compact
end