Class: AWSCDK::WAFv2::CfnWebACL::FieldToMatchProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
wa_fv2/cfn_web_acl.rb

Overview

Specifies a web request component to be used in a rule match statement or in a logging configuration.

  • In a rule statement, this is the part of the web request that you want AWS WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.

Example JSON for a QueryString field to match:

"FieldToMatch": { "QueryString": {} }

Example JSON for a Method field to match specification:

"FieldToMatch": { "Method": { "Name": "DELETE" } }

  • In a logging configuration, this is used in the RedactedFields property to specify a field to redact from the logging records. For this use case, note the following:
  • Even though all FieldToMatch settings are available, the only valid settings for field redaction are UriPath , QueryString , SingleHeader , and Method .
  • In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.
  • If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(all_query_arguments: nil, body: nil, cookies: nil, header_order: nil, headers: nil, ja3_fingerprint: nil, ja4_fingerprint: nil, json_body: nil, method: nil, query_string: nil, single_header: nil, single_query_argument: nil, uri_fragment: nil, uri_path: nil) ⇒ FieldToMatchProperty

Returns a new instance of FieldToMatchProperty.

Parameters:



2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
# File 'wa_fv2/cfn_web_acl.rb', line 2444

def initialize(all_query_arguments: nil, body: nil, cookies: nil, header_order: nil, headers: nil, ja3_fingerprint: nil, ja4_fingerprint: nil, json_body: nil, method: nil, query_string: nil, single_header: nil, single_query_argument: nil, uri_fragment: nil, uri_path: nil)
  @all_query_arguments = all_query_arguments
  Jsii::Type.check_type(@all_query_arguments, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "allQueryArguments") unless @all_query_arguments.nil?
  @body = body.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::BodyProperty.new(**body.transform_keys(&:to_sym)) : body
  Jsii::Type.check_type(@body, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuQm9keVByb3BlcnR5In1dfX0=")), "body") unless @body.nil?
  @cookies = cookies.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::CookiesProperty.new(**cookies.transform_keys(&:to_sym)) : cookies
  Jsii::Type.check_type(@cookies, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuQ29va2llc1Byb3BlcnR5In1dfX0=")), "cookies") unless @cookies.nil?
  @header_order = header_order.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::HeaderOrderProperty.new(**header_order.transform_keys(&:to_sym)) : header_order
  Jsii::Type.check_type(@header_order, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuSGVhZGVyT3JkZXJQcm9wZXJ0eSJ9XX19")), "headerOrder") unless @header_order.nil?
  @headers = headers.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::HeadersProperty.new(**headers.transform_keys(&:to_sym)) : headers
  Jsii::Type.check_type(@headers, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuSGVhZGVyc1Byb3BlcnR5In1dfX0=")), "headers") unless @headers.nil?
  @ja3_fingerprint = ja3_fingerprint.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::JA3FingerprintProperty.new(**ja3_fingerprint.transform_keys(&:to_sym)) : ja3_fingerprint
  Jsii::Type.check_type(@ja3_fingerprint, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuSkEzRmluZ2VycHJpbnRQcm9wZXJ0eSJ9XX19")), "ja3Fingerprint") unless @ja3_fingerprint.nil?
  @ja4_fingerprint = ja4_fingerprint.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::JA4FingerprintProperty.new(**ja4_fingerprint.transform_keys(&:to_sym)) : ja4_fingerprint
  Jsii::Type.check_type(@ja4_fingerprint, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuSkE0RmluZ2VycHJpbnRQcm9wZXJ0eSJ9XX19")), "ja4Fingerprint") unless @ja4_fingerprint.nil?
  @json_body = json_body.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::JsonBodyProperty.new(**json_body.transform_keys(&:to_sym)) : json_body
  Jsii::Type.check_type(@json_body, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuSnNvbkJvZHlQcm9wZXJ0eSJ9XX19")), "jsonBody") unless @json_body.nil?
  @method = method
  Jsii::Type.check_type(@method, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "method") unless @method.nil?
  @query_string = query_string
  Jsii::Type.check_type(@query_string, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "queryString") unless @query_string.nil?
  @single_header = single_header
  Jsii::Type.check_type(@single_header, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "singleHeader") unless @single_header.nil?
  @single_query_argument = single_query_argument
  Jsii::Type.check_type(@single_query_argument, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "singleQueryArgument") unless @single_query_argument.nil?
  @uri_fragment = uri_fragment.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::URIFragmentProperty.new(**uri_fragment.transform_keys(&:to_sym)) : uri_fragment
  Jsii::Type.check_type(@uri_fragment, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuVXJpRnJhZ21lbnRQcm9wZXJ0eSJ9XX19")), "uriFragment") unless @uri_fragment.nil?
  @uri_path = uri_path
  Jsii::Type.check_type(@uri_path, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJhbnkifQ==")), "uriPath") unless @uri_path.nil?
end

Instance Attribute Details

#all_query_argumentsObject? (readonly)

Inspect all query arguments.



2479
2480
2481
# File 'wa_fv2/cfn_web_acl.rb', line 2479

def all_query_arguments
  @all_query_arguments
end

#bodyAWSCDK::IResolvable, ... (readonly)

Inspect the request body as plain text.

The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.

AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection.

  • For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
  • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig , for additional processing fees.
  • For AWS Amplify , use the CloudFront limit.

For information about how to handle oversized request bodies, see the Body object configuration.



2494
2495
2496
# File 'wa_fv2/cfn_web_acl.rb', line 2494

def body
  @body
end

#cookiesAWSCDK::IResolvable, ... (readonly)

Inspect the request cookies.

You must configure scope and pattern matching filters in the Cookies object, to define the set of cookies and the parts of the cookies that AWS WAF inspects.

Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the Cookies object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.



2503
2504
2505
# File 'wa_fv2/cfn_web_acl.rb', line 2503

def cookies
  @cookies
end

#header_orderAWSCDK::IResolvable, ... (readonly)

The string containing the list of a web request's header names, ordered as they appear in the web request, separated by colons.



2508
2509
2510
# File 'wa_fv2/cfn_web_acl.rb', line 2508

def header_order
  @header_order
end

#headersAWSCDK::IResolvable, ... (readonly)

Inspect the request headers.

You must configure scope and pattern matching filters in the Headers object, to define the set of headers to and the parts of the headers that AWS WAF inspects.

Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the Headers object. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.



2517
2518
2519
# File 'wa_fv2/cfn_web_acl.rb', line 2517

def headers
  @headers
end

#ja3_fingerprintAWSCDK::IResolvable, ... (readonly)

Available for use with Amazon CloudFront distributions and Application Load Balancers.

Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.

You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY .

You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the AWS WAF Developer Guide .

Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.



2530
2531
2532
# File 'wa_fv2/cfn_web_acl.rb', line 2530

def ja3_fingerprint
  @ja3_fingerprint
end

#ja4_fingerprintAWSCDK::IResolvable, ... (readonly)

Available for use with Amazon CloudFront distributions and Application Load Balancers.

Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.

You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY .

You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the AWS WAF Developer Guide .

Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.



2543
2544
2545
# File 'wa_fv2/cfn_web_acl.rb', line 2543

def ja4_fingerprint
  @ja4_fingerprint
end

#json_bodyAWSCDK::IResolvable, ... (readonly)

Inspect the request body as JSON.

The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.

AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection.

  • For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
  • For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig , for additional processing fees.
  • For AWS Amplify , use the CloudFront limit.

For information about how to handle oversized request bodies, see the JsonBody object configuration.



2558
2559
2560
# File 'wa_fv2/cfn_web_acl.rb', line 2558

def json_body
  @json_body
end

#methodObject? (readonly)

Inspect the HTTP method.

The method indicates the type of operation that the request is asking the origin to perform.



2565
2566
2567
# File 'wa_fv2/cfn_web_acl.rb', line 2565

def method
  @method
end

#query_stringObject? (readonly)

Inspect the query string.

This is the part of a URL that appears after a ? character, if any.



2572
2573
2574
# File 'wa_fv2/cfn_web_acl.rb', line 2572

def query_string
  @query_string
end

#single_headerObject? (readonly)

Inspect a single header.

Provide the name of the header to inspect, for example, User-Agent or Referer . This setting isn't case sensitive.

Example JSON: "SingleHeader": { "Name": "haystack" }

Alternately, you can filter and inspect all headers with the Headers FieldToMatch setting.



2583
2584
2585
# File 'wa_fv2/cfn_web_acl.rb', line 2583

def single_header
  @single_header
end

#single_query_argumentObject? (readonly)

Inspect a single query argument.

Provide the name of the query argument to inspect, such as UserName or SalesRegion . The name can be up to 30 characters long and isn't case sensitive.

Example JSON: "SingleQueryArgument": { "Name": "myArgument" }



2592
2593
2594
# File 'wa_fv2/cfn_web_acl.rb', line 2592

def single_query_argument
  @single_query_argument
end

#uri_fragmentAWSCDK::IResolvable, ... (readonly)

Inspect fragments of the request URI.

You must configure scope and pattern matching filters in the UriFragment object, to define the fragment of a URI that AWS WAF inspects.

Only the first 8 KB (8192 bytes) of a request's URI fragments and only the first 200 URI fragments are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize URI fragment content in the UriFragment object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.



2601
2602
2603
# File 'wa_fv2/cfn_web_acl.rb', line 2601

def uri_fragment
  @uri_fragment
end

#uri_pathObject? (readonly)

Inspect the request URI path.

This is the part of the web request that identifies a resource, for example, /images/daily-ad.jpg .



2608
2609
2610
# File 'wa_fv2/cfn_web_acl.rb', line 2608

def uri_path
  @uri_path
end

Class Method Details

.jsii_propertiesObject



2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
# File 'wa_fv2/cfn_web_acl.rb', line 2610

def self.jsii_properties
  {
    :all_query_arguments => "allQueryArguments",
    :body => "body",
    :cookies => "cookies",
    :header_order => "headerOrder",
    :headers => "headers",
    :ja3_fingerprint => "ja3Fingerprint",
    :ja4_fingerprint => "ja4Fingerprint",
    :json_body => "jsonBody",
    :method => "method",
    :query_string => "queryString",
    :single_header => "singleHeader",
    :single_query_argument => "singleQueryArgument",
    :uri_fragment => "uriFragment",
    :uri_path => "uriPath",
  }
end

Instance Method Details

#to_jsiiObject



2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
# File 'wa_fv2/cfn_web_acl.rb', line 2629

def to_jsii
  result = {}
  result.merge!({
    "allQueryArguments" => @all_query_arguments,
    "body" => @body,
    "cookies" => @cookies,
    "headerOrder" => @header_order,
    "headers" => @headers,
    "ja3Fingerprint" => @ja3_fingerprint,
    "ja4Fingerprint" => @ja4_fingerprint,
    "jsonBody" => @json_body,
    "method" => @method,
    "queryString" => @query_string,
    "singleHeader" => @single_header,
    "singleQueryArgument" => @single_query_argument,
    "uriFragment" => @uri_fragment,
    "uriPath" => @uri_path,
  })
  result.compact
end