Class: AWSCDK::WAFv2::CfnWebACL::GeoMatchStatementProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::WAFv2::CfnWebACL::GeoMatchStatementProperty
- Defined in:
- wa_fv2/cfn_web_acl.rb
Overview
A rule statement that labels web requests by country and region and that matches against web requests based on country code.
A geo match rule labels every request that it inspects regardless of whether it finds a match.
- To manage requests only by country, you can use this statement by itself and specify the countries that you want to match against in the
CountryCodesarray. - Otherwise, configure your geo match rule with Count action so that it only labels requests. Then, add one or more label match rules to run after the geo match rule and configure them to match against the geographic labels and handle the requests as needed.
AWS WAF labels requests using the alpha-2 country and region codes from the International Organization for Standardization (ISO) 3166 standard. AWS WAF determines the codes using either the IP address in the web request origin or, if you specify it, the address in the geo match ForwardedIPConfig .
If you use the web request origin, the label formats are awswaf:clientip:geo:region:<ISO country code>-<ISO region code> and awswaf:clientip:geo:country:<ISO country code> .
If you use a forwarded IP address, the label formats are awswaf:forwardedip:geo:region:<ISO country code>-<ISO region code> and awswaf:forwardedip:geo:country:<ISO country code> .
For additional details, see Geographic match rule statement in the AWS WAF Developer Guide .
Instance Attribute Summary collapse
-
#country_codes ⇒ Array<String>?
readonly
An array of two-character country codes that you want to match against, for example,
[ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166 international standard. -
#forwarded_ip_config ⇒ AWSCDK::IResolvable, ...
readonly
The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(country_codes: nil, forwarded_ip_config: nil) ⇒ GeoMatchStatementProperty
constructor
A new instance of GeoMatchStatementProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(country_codes: nil, forwarded_ip_config: nil) ⇒ GeoMatchStatementProperty
Returns a new instance of GeoMatchStatementProperty.
2781 2782 2783 2784 2785 2786 |
# File 'wa_fv2/cfn_web_acl.rb', line 2781 def initialize(country_codes: nil, forwarded_ip_config: nil) @country_codes = country_codes Jsii::Type.check_type(@country_codes, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "countryCodes") unless @country_codes.nil? @forwarded_ip_config = forwarded_ip_config.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::ForwardedIPConfigurationProperty.new(**forwarded_ip_config.transform_keys(&:to_sym)) : forwarded_ip_config Jsii::Type.check_type(@forwarded_ip_config, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuRm9yd2FyZGVkSVBDb25maWd1cmF0aW9uUHJvcGVydHkifV19fQ==")), "forwardedIpConfig") unless @forwarded_ip_config.nil? end |
Instance Attribute Details
#country_codes ⇒ Array<String>? (readonly)
An array of two-character country codes that you want to match against, for example, [ "US", "CN" ] , from the alpha-2 country ISO codes of the ISO 3166 international standard.
When you use a geo match statement just for the region and country labels that it adds to requests, you still have to supply a country code for the rule to evaluate. In this case, you configure the rule to only count matching requests, but it will still generate logging and count metrics for any matches. You can reduce the logging and metrics that the rule produces by specifying a country that's unlikely to be a source of traffic to your site.
2794 2795 2796 |
# File 'wa_fv2/cfn_web_acl.rb', line 2794 def country_codes @country_codes end |
#forwarded_ip_config ⇒ AWSCDK::IResolvable, ... (readonly)
The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin.
Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.
If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.
2803 2804 2805 |
# File 'wa_fv2/cfn_web_acl.rb', line 2803 def forwarded_ip_config @forwarded_ip_config end |
Class Method Details
.jsii_properties ⇒ Object
2805 2806 2807 2808 2809 2810 |
# File 'wa_fv2/cfn_web_acl.rb', line 2805 def self.jsii_properties { :country_codes => "countryCodes", :forwarded_ip_config => "forwardedIpConfig", } end |
Instance Method Details
#to_jsii ⇒ Object
2812 2813 2814 2815 2816 2817 2818 2819 |
# File 'wa_fv2/cfn_web_acl.rb', line 2812 def to_jsii result = {} result.merge!({ "countryCodes" => @country_codes, "forwardedIpConfig" => @forwarded_ip_config, }) result.compact end |