Class: AWSCDK::WAFv2::CfnWebACL::ChallengeActionProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::WAFv2::CfnWebACL::ChallengeActionProperty
- Defined in:
- wa_fv2/cfn_web_acl.rb
Overview
Specifies that AWS WAF should run a Challenge check against the request to verify that the request is coming from a legitimate client session: - If the request includes a valid, unexpired challenge token, AWS WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to proceed to the next rule, similar to a CountAction .
- If the request doesn't include a valid, unexpired challenge token, AWS WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination.
AWS WAF then generates a challenge response that it sends back to the client, which includes the following:
- The header
x-amzn-waf-actionwith a value ofchallenge. - The HTTP status code
202 Request Accepted. - If the request contains an
Acceptheader with a value oftext/html, the response includes a JavaScript page interstitial with a challenge script.
Challenges run silent browser interrogations in the background, and don't generally affect the end user experience.
A challenge enforces token acquisition using an interstitial JavaScript challenge that inspects the client session for legitimate behavior. The challenge blocks bots or at least increases the cost of operating sophisticated bots.
After the client session successfully responds to the challenge, it receives a new token from AWS WAF , which the challenge script uses to resubmit the original request.
You can configure the expiration time in the ChallengeConfig ImmunityTimeProperty setting at the rule and web ACL level. The rule setting overrides the web ACL setting.
This action option is available for rules. It isn't available for web ACL default actions.
Instance Attribute Summary collapse
-
#custom_request_handling ⇒ AWSCDK::IResolvable, ...
readonly
Defines custom handling for the web request, used when the challenge inspection determines that the request's token is valid and unexpired.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(custom_request_handling: nil) ⇒ ChallengeActionProperty
constructor
A new instance of ChallengeActionProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(custom_request_handling: nil) ⇒ ChallengeActionProperty
Returns a new instance of ChallengeActionProperty.
1603 1604 1605 1606 |
# File 'wa_fv2/cfn_web_acl.rb', line 1603 def initialize(custom_request_handling: nil) @custom_request_handling = custom_request_handling.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::CustomRequestHandlingProperty.new(**custom_request_handling.transform_keys(&:to_sym)) : custom_request_handling Jsii::Type.check_type(@custom_request_handling, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuQ3VzdG9tUmVxdWVzdEhhbmRsaW5nUHJvcGVydHkifV19fQ==")), "customRequestHandling") unless @custom_request_handling.nil? end |
Instance Attribute Details
#custom_request_handling ⇒ AWSCDK::IResolvable, ... (readonly)
Defines custom handling for the web request, used when the challenge inspection determines that the request's token is valid and unexpired.
For information about customizing web requests and responses, see Customizing web requests and responses in AWS WAF in the AWS WAF developer guide .
1614 1615 1616 |
# File 'wa_fv2/cfn_web_acl.rb', line 1614 def custom_request_handling @custom_request_handling end |
Class Method Details
.jsii_properties ⇒ Object
1616 1617 1618 1619 1620 |
# File 'wa_fv2/cfn_web_acl.rb', line 1616 def self.jsii_properties { :custom_request_handling => "customRequestHandling", } end |
Instance Method Details
#to_jsii ⇒ Object
1622 1623 1624 1625 1626 1627 1628 |
# File 'wa_fv2/cfn_web_acl.rb', line 1622 def to_jsii result = {} result.merge!({ "customRequestHandling" => @custom_request_handling, }) result.compact end |