Class: AWSCDK::WAFv2::CfnWebACL::JsonBodyProperty
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::WAFv2::CfnWebACL::JsonBodyProperty
- Defined in:
- wa_fv2/cfn_web_acl.rb
Overview
Inspect the body of the web request as JSON. The body immediately follows the request headers.
This is used to indicate the web request component to inspect, in the FieldToMatch specification.
Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. AWS WAF inspects only the parts of the JSON that result from the matches that you indicate.
Example JSON: "JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }
For additional information about this request component option, see JSON body in the AWS WAF Developer Guide .
Instance Attribute Summary collapse
-
#invalid_fallback_behavior ⇒ String?
readonly
What AWS WAF should do if it fails to completely parse the JSON body.
-
#match_pattern ⇒ AWSCDK::IResolvable, AWSCDK::WAFv2::CfnWebACL::JsonMatchPatternProperty
readonly
The patterns to look for in the JSON body.
-
#match_scope ⇒ String
readonly
The parts of the JSON to match against using the
MatchPattern. -
#oversize_handling ⇒ String?
readonly
What AWS WAF should do if the body is larger than AWS WAF can inspect.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(match_pattern:, match_scope:, invalid_fallback_behavior: nil, oversize_handling: nil) ⇒ JsonBodyProperty
constructor
A new instance of JsonBodyProperty.
- #to_jsii ⇒ Object
Constructor Details
#initialize(match_pattern:, match_scope:, invalid_fallback_behavior: nil, oversize_handling: nil) ⇒ JsonBodyProperty
Returns a new instance of JsonBodyProperty.
3267 3268 3269 3270 3271 3272 3273 3274 3275 3276 |
# File 'wa_fv2/cfn_web_acl.rb', line 3267 def initialize(match_pattern:, match_scope:, invalid_fallback_behavior: nil, oversize_handling: nil) @match_pattern = match_pattern.is_a?(Hash) ? ::AWSCDK::WAFv2::CfnWebACL::JsonMatchPatternProperty.new(**match_pattern.transform_keys(&:to_sym)) : match_pattern Jsii::Type.check_type(@match_pattern, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c193YWZ2Mi5DZm5XZWJBQ0wuSnNvbk1hdGNoUGF0dGVyblByb3BlcnR5In1dfX0=")), "matchPattern") @match_scope = match_scope Jsii::Type.check_type(@match_scope, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "matchScope") @invalid_fallback_behavior = invalid_fallback_behavior Jsii::Type.check_type(@invalid_fallback_behavior, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "invalidFallbackBehavior") unless @invalid_fallback_behavior.nil? @oversize_handling = oversize_handling Jsii::Type.check_type(@oversize_handling, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "oversizeHandling") unless @oversize_handling.nil? end |
Instance Attribute Details
#invalid_fallback_behavior ⇒ String? (readonly)
What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:.
EVALUATE_AS_STRING- Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string.MATCH- Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.NO_MATCH- Treat the web request as not matching the rule statement.
If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters.
AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see JSON body in the AWS WAF Developer Guide .
3306 3307 3308 |
# File 'wa_fv2/cfn_web_acl.rb', line 3306 def invalid_fallback_behavior @invalid_fallback_behavior end |
#match_pattern ⇒ AWSCDK::IResolvable, AWSCDK::WAFv2::CfnWebACL::JsonMatchPatternProperty (readonly)
The patterns to look for in the JSON body.
AWS WAF inspects the results of these pattern matches against the rule inspection criteria.
3284 3285 3286 |
# File 'wa_fv2/cfn_web_acl.rb', line 3284 def match_pattern @match_pattern end |
#match_scope ⇒ String (readonly)
The parts of the JSON to match against using the MatchPattern .
If you specify ALL , AWS WAF matches against keys and values.
All does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical AND statement to combine two match rules, one that inspects the keys and another that inspects the values.
3293 3294 3295 |
# File 'wa_fv2/cfn_web_acl.rb', line 3293 def match_scope @match_scope end |
#oversize_handling ⇒ String? (readonly)
What AWS WAF should do if the body is larger than AWS WAF can inspect.
AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection.
- For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
- For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL
AssociationConfig, for additional processing fees. - For AWS Amplify , use the CloudFront limit.
The options for oversize handling are the following:
CONTINUE- Inspect the available body contents normally, according to the rule inspection criteria.MATCH- Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.NO_MATCH- Treat the web request as not matching the rule statement.
You can combine the MATCH or NO_MATCH settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.
Default: CONTINUE
3327 3328 3329 |
# File 'wa_fv2/cfn_web_acl.rb', line 3327 def oversize_handling @oversize_handling end |
Class Method Details
.jsii_properties ⇒ Object
3329 3330 3331 3332 3333 3334 3335 3336 |
# File 'wa_fv2/cfn_web_acl.rb', line 3329 def self.jsii_properties { :match_pattern => "matchPattern", :match_scope => "matchScope", :invalid_fallback_behavior => "invalidFallbackBehavior", :oversize_handling => "oversizeHandling", } end |
Instance Method Details
#to_jsii ⇒ Object
3338 3339 3340 3341 3342 3343 3344 3345 3346 3347 |
# File 'wa_fv2/cfn_web_acl.rb', line 3338 def to_jsii result = {} result.merge!({ "matchPattern" => @match_pattern, "matchScope" => @match_scope, "invalidFallbackBehavior" => @invalid_fallback_behavior, "oversizeHandling" => @oversize_handling, }) result.compact end |