v1alpha1

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 31, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

+k8s:deepcopy-gen=package Package v1alpha1 is the v1alpha1 version of the wafv2.services.k8s.aws API. +groupName=wafv2.services.k8s.aws

Index

Constants

This section is empty.

Variables

View Source 
var (
	// GroupVersion is the API Group Version used to register the objects
	GroupVersion = schema.GroupVersion{Group: "wafv2.services.k8s.aws", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type APIKeySummary added in v0.0.3 

type APIKeySummary struct {
	TokenDomains []*string `json:"tokenDomains,omitempty"`
}

Information for a single API key.

API keys are required for the integration of the CAPTCHA API in your JavaScript client applications. The API lets you customize the placement and characteristics of the CAPTCHA puzzle for your end users. For more information about the CAPTCHA JavaScript integration, see WAF client application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html) in the WAF Developer Guide.

func (*APIKeySummary) DeepCopy added in v0.0.3 

func (in *APIKeySummary) DeepCopy() *APIKeySummary

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new APIKeySummary.

func (*APIKeySummary) DeepCopyInto added in v0.0.3 

func (in *APIKeySummary) DeepCopyInto(out *APIKeySummary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSManagedRulesACFPRuleSet added in v0.0.2 

type AWSManagedRulesACFPRuleSet struct {
	CreationPath         *string `json:"creationPath,omitempty"`
	EnableRegexInPath    *bool   `json:"enableRegexInPath,omitempty"`
	RegistrationPagePath *string `json:"registrationPagePath,omitempty"`
	// The criteria for inspecting account creation requests, used by the ACFP rule
	// group to validate and track account creation attempts.
	//
	// This is part of the AWSManagedRulesACFPRuleSet configuration in ManagedRuleGroupConfig.
	//
	// In these settings, you specify how your application accepts account creation
	// attempts by providing the request payload type and the names of the fields
	// within the request body where the username, password, email, and primary
	// address and phone number fields are provided.
	RequestInspection *RequestInspectionACFP `json:"requestInspection,omitempty"`
	// The criteria for inspecting responses to login requests and account creation
	// requests, used by the ATP and ACFP rule groups to track login and account
	// creation success and failure rates.
	//
	// Response inspection is available only in web ACLs that protect Amazon CloudFront
	// distributions.
	//
	// The rule groups evaluates the responses that your protected resources send
	// back to client login and account creation attempts, keeping count of successful
	// and failed attempts from each IP address and client session. Using this information,
	// the rule group labels and mitigates requests from client sessions and IP
	// addresses with too much suspicious activity in a short amount of time.
	//
	// This is part of the AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet
	// configurations in ManagedRuleGroupConfig.
	//
	// Enable response inspection by configuring exactly one component of the response
	// to inspect, for example, Header or StatusCode. You can't configure more than
	// one component for inspection. If you don't configure any of the response
	// inspection options, response inspection is disabled.
	ResponseInspection *ResponseInspection `json:"responseInspection,omitempty"`
}

Details for your use of the account creation fraud prevention managed rule group, AWSManagedRulesACFPRuleSet. This configuration is used in ManagedRuleGroupConfig.

func (*AWSManagedRulesACFPRuleSet) DeepCopy added in v0.0.2 

func (in *AWSManagedRulesACFPRuleSet) DeepCopy() *AWSManagedRulesACFPRuleSet

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedRulesACFPRuleSet.

func (*AWSManagedRulesACFPRuleSet) DeepCopyInto added in v0.0.2 

func (in *AWSManagedRulesACFPRuleSet) DeepCopyInto(out *AWSManagedRulesACFPRuleSet)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSManagedRulesATPRuleSet added in v0.0.2 

type AWSManagedRulesATPRuleSet struct {
	EnableRegexInPath *bool   `json:"enableRegexInPath,omitempty"`
	LoginPath         *string `json:"loginPath,omitempty"`
	// The criteria for inspecting login requests, used by the ATP rule group to
	// validate credentials usage.
	//
	// This is part of the AWSManagedRulesATPRuleSet configuration in ManagedRuleGroupConfig.
	//
	// In these settings, you specify how your application accepts login attempts
	// by providing the request payload type and the names of the fields within
	// the request body where the username and password are provided.
	RequestInspection *RequestInspection `json:"requestInspection,omitempty"`
	// The criteria for inspecting responses to login requests and account creation
	// requests, used by the ATP and ACFP rule groups to track login and account
	// creation success and failure rates.
	//
	// Response inspection is available only in web ACLs that protect Amazon CloudFront
	// distributions.
	//
	// The rule groups evaluates the responses that your protected resources send
	// back to client login and account creation attempts, keeping count of successful
	// and failed attempts from each IP address and client session. Using this information,
	// the rule group labels and mitigates requests from client sessions and IP
	// addresses with too much suspicious activity in a short amount of time.
	//
	// This is part of the AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet
	// configurations in ManagedRuleGroupConfig.
	//
	// Enable response inspection by configuring exactly one component of the response
	// to inspect, for example, Header or StatusCode. You can't configure more than
	// one component for inspection. If you don't configure any of the response
	// inspection options, response inspection is disabled.
	ResponseInspection *ResponseInspection `json:"responseInspection,omitempty"`
}

Details for your use of the account takeover prevention managed rule group, AWSManagedRulesATPRuleSet. This configuration is used in ManagedRuleGroupConfig.

func (*AWSManagedRulesATPRuleSet) DeepCopy added in v0.0.2 

func (in *AWSManagedRulesATPRuleSet) DeepCopy() *AWSManagedRulesATPRuleSet

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedRulesATPRuleSet.

func (*AWSManagedRulesATPRuleSet) DeepCopyInto added in v0.0.2 

func (in *AWSManagedRulesATPRuleSet) DeepCopyInto(out *AWSManagedRulesATPRuleSet)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSManagedRulesBotControlRuleSet added in v0.0.2 

type AWSManagedRulesBotControlRuleSet struct {
	EnableMachineLearning *bool   `json:"enableMachineLearning,omitempty"`
	InspectionLevel       *string `json:"inspectionLevel,omitempty"`
}

Details for your use of the Bot Control managed rule group, AWSManagedRulesBotControlRuleSet. This configuration is used in ManagedRuleGroupConfig.

func (*AWSManagedRulesBotControlRuleSet) DeepCopy added in v0.0.2 

func (in *AWSManagedRulesBotControlRuleSet) DeepCopy() *AWSManagedRulesBotControlRuleSet

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedRulesBotControlRuleSet.

func (*AWSManagedRulesBotControlRuleSet) DeepCopyInto added in v0.0.2 

func (in *AWSManagedRulesBotControlRuleSet) DeepCopyInto(out *AWSManagedRulesBotControlRuleSet)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ActionValue 

type ActionValue string
const (
	ActionValue_ALLOW             ActionValue = "ALLOW"
	ActionValue_BLOCK             ActionValue = "BLOCK"
	ActionValue_COUNT             ActionValue = "COUNT"
	ActionValue_CAPTCHA           ActionValue = "CAPTCHA"
	ActionValue_CHALLENGE         ActionValue = "CHALLENGE"
	ActionValue_EXCLUDED_AS_COUNT ActionValue = "EXCLUDED_AS_COUNT"
)

type AddressField added in v0.0.2 

type AddressField struct {
	Identifier *string `json:"identifier,omitempty"`
}

The name of a field in the request payload that contains part or all of your customer's primary physical address.

This data type is used in the RequestInspectionACFP data type.

func (*AddressField) DeepCopy added in v0.0.2 

func (in *AddressField) DeepCopy() *AddressField

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddressField.

func (*AddressField) DeepCopyInto added in v0.0.2 

func (in *AddressField) DeepCopyInto(out *AddressField)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AllowAction added in v0.0.2 

type AllowAction struct {
	// Custom request handling behavior that inserts custom headers into a web request.
	// You can add custom request handling for WAF to use when the rule action doesn't
	// block the request. For example, CaptchaAction for requests with valid t okens,
	// and AllowAction.
	//
	// For information about customizing web requests and responses, see Customizing
	// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide.
	CustomRequestHandling *CustomRequestHandling `json:"customRequestHandling,omitempty"`
}

Specifies that WAF should allow the request and optionally defines additional custom handling for the request.

This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.

func (*AllowAction) DeepCopy added in v0.0.2 

func (in *AllowAction) DeepCopy() *AllowAction

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AllowAction.

func (*AllowAction) DeepCopyInto added in v0.0.2 

func (in *AllowAction) DeepCopyInto(out *AllowAction)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AssociatedResourceType 

type AssociatedResourceType string
const (
	AssociatedResourceType_CLOUDFRONT               AssociatedResourceType = "CLOUDFRONT"
	AssociatedResourceType_API_GATEWAY              AssociatedResourceType = "API_GATEWAY"
	AssociatedResourceType_COGNITO_USER_POOL        AssociatedResourceType = "COGNITO_USER_POOL"
	AssociatedResourceType_APP_RUNNER_SERVICE       AssociatedResourceType = "APP_RUNNER_SERVICE"
	AssociatedResourceType_VERIFIED_ACCESS_INSTANCE AssociatedResourceType = "VERIFIED_ACCESS_INSTANCE"
)

type AssociationConfig added in v0.0.3 

type AssociationConfig struct {
	RequestBody map[string]*RequestBodyAssociatedResourceTypeConfig `json:"requestBody,omitempty"`
}

Specifies custom configurations for the associations between the web ACL and protected resources.

Use this to customize the maximum size of the request body that your protected resources forward to WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes).

You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing (http://aws.amazon.com/waf/pricing/).

For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

func (*AssociationConfig) DeepCopy added in v0.0.3 

func (in *AssociationConfig) DeepCopy() *AssociationConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AssociationConfig.

func (*AssociationConfig) DeepCopyInto added in v0.0.3 

func (in *AssociationConfig) DeepCopyInto(out *AssociationConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BlockAction added in v0.0.2 

type BlockAction struct {
	// A custom response to send to the client. You can define a custom response
	// for rule actions and default web ACL actions that are set to BlockAction.
	//
	// For information about customizing web requests and responses, see Customizing
	// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide.
	CustomResponse *CustomResponse `json:"customResponse,omitempty"`
}

Specifies that WAF should block the request and optionally defines additional custom handling for the response to the web request.

This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.

func (*BlockAction) DeepCopy added in v0.0.2 

func (in *BlockAction) DeepCopy() *BlockAction

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BlockAction.

func (*BlockAction) DeepCopyInto added in v0.0.2 

func (in *BlockAction) DeepCopyInto(out *BlockAction)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Body added in v0.0.2 

type Body struct {
	OversizeHandling *string `json:"oversizeHandling,omitempty"`
}

Inspect the body of the web request. The body immediately follows the request headers.

This is used to indicate the web request component to inspect, in the FieldToMatch specification.

func (*Body) DeepCopy added in v0.0.2 

func (in *Body) DeepCopy() *Body

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Body.

func (*Body) DeepCopyInto added in v0.0.2 

func (in *Body) DeepCopyInto(out *Body)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BodyParsingFallbackBehavior 

type BodyParsingFallbackBehavior string
const (
	BodyParsingFallbackBehavior_MATCH              BodyParsingFallbackBehavior = "MATCH"
	BodyParsingFallbackBehavior_NO_MATCH           BodyParsingFallbackBehavior = "NO_MATCH"
	BodyParsingFallbackBehavior_EVALUATE_AS_STRING BodyParsingFallbackBehavior = "EVALUATE_AS_STRING"
)

type ByteMatchStatement added in v0.0.2 

type ByteMatchStatement struct {
	// Specifies a web request component to be used in a rule match statement or
	// in a logging configuration.
	//
	//    * In a rule statement, this is the part of the web request that you want
	//    WAF to inspect. Include the single FieldToMatch type that you want to
	//    inspect, with additional specifications as needed, according to the type.
	//    You specify a single request component in FieldToMatch for each rule statement
	//    that requires it. To inspect more than one component of the web request,
	//    create a separate rule statement for each component. Example JSON for
	//    a QueryString field to match: "FieldToMatch": { "QueryString": {} } Example
	//    JSON for a Method field to match specification: "FieldToMatch": { "Method":
	//    { "Name": "DELETE" } }
	//
	//    * In a logging configuration, this is used in the RedactedFields property
	//    to specify a field to redact from the logging records. For this use case,
	//    note the following: Even though all FieldToMatch settings are available,
	//    the only valid settings for field redaction are UriPath, QueryString,
	//    SingleHeader, and Method. In this documentation, the descriptions of the
	//    individual fields talk about specifying the web request component to inspect,
	//    but for field redaction, you are specifying the component type to redact
	//    from the logs.
	FieldToMatch         *FieldToMatch         `json:"fieldToMatch,omitempty"`
	PositionalConstraint *string               `json:"positionalConstraint,omitempty"`
	SearchString         []byte                `json:"searchString,omitempty"`
	TextTransformations  []*TextTransformation `json:"textTransformations,omitempty"`
}

A rule statement that defines a string match search for WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the WAF console and the developer guide, this is called a string match statement.

func (*ByteMatchStatement) DeepCopy added in v0.0.2 

func (in *ByteMatchStatement) DeepCopy() *ByteMatchStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ByteMatchStatement.

func (*ByteMatchStatement) DeepCopyInto added in v0.0.2 

func (in *ByteMatchStatement) DeepCopyInto(out *ByteMatchStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CaptchaAction added in v0.0.2 

type CaptchaAction struct {
	// Custom request handling behavior that inserts custom headers into a web request.
	// You can add custom request handling for WAF to use when the rule action doesn't
	// block the request. For example, CaptchaAction for requests with valid t okens,
	// and AllowAction.
	//
	// For information about customizing web requests and responses, see Customizing
	// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide.
	CustomRequestHandling *CustomRequestHandling `json:"customRequestHandling,omitempty"`
}

Specifies that WAF should run a CAPTCHA check against the request:

  • If the request includes a valid, unexpired CAPTCHA token, WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to proceed to the next rule, similar to a CountAction.

  • If the request doesn't include a valid, unexpired token, WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination. WAF generates a response that it sends back to the client, which includes the following: The header x-amzn-waf-action with a value of captcha. The HTTP status code 405 Method Not Allowed. If the request contains an Accept header with a value of text/html, the response includes a CAPTCHA JavaScript page interstitial.

You can configure the expiration time in the CaptchaConfig ImmunityTimeProperty setting at the rule and web ACL level. The rule setting overrides the web ACL setting.

This action option is available for rules. It isn't available for web ACL default actions.

func (*CaptchaAction) DeepCopy added in v0.0.2 

func (in *CaptchaAction) DeepCopy() *CaptchaAction

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CaptchaAction.

func (*CaptchaAction) DeepCopyInto added in v0.0.2 

func (in *CaptchaAction) DeepCopyInto(out *CaptchaAction)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CaptchaConfig added in v0.0.2 

type CaptchaConfig struct {
	// Used for CAPTCHA and challenge token settings. Determines how long a CAPTCHA
	// or challenge timestamp remains valid after WAF updates it for a successful
	// CAPTCHA or challenge response.
	ImmunityTimeProperty *ImmunityTimeProperty `json:"immunityTimeProperty,omitempty"`
}

Specifies how WAF should handle CAPTCHA evaluations. This is available at the web ACL level and in each rule.

func (*CaptchaConfig) DeepCopy added in v0.0.2 

func (in *CaptchaConfig) DeepCopy() *CaptchaConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CaptchaConfig.

func (*CaptchaConfig) DeepCopyInto added in v0.0.2 

func (in *CaptchaConfig) DeepCopyInto(out *CaptchaConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ChallengeAction added in v0.0.2 

type ChallengeAction struct {
	// Custom request handling behavior that inserts custom headers into a web request.
	// You can add custom request handling for WAF to use when the rule action doesn't
	// block the request. For example, CaptchaAction for requests with valid t okens,
	// and AllowAction.
	//
	// For information about customizing web requests and responses, see Customizing
	// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide.
	CustomRequestHandling *CustomRequestHandling `json:"customRequestHandling,omitempty"`
}

Specifies that WAF should run a Challenge check against the request to verify that the request is coming from a legitimate client session:

  • If the request includes a valid, unexpired challenge token, WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to proceed to the next rule, similar to a CountAction.

  • If the request doesn't include a valid, unexpired challenge token, WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination. WAF then generates a challenge response that it sends back to the client, which includes the following: The header x-amzn-waf-action with a value of challenge. The HTTP status code 202 Request Accepted. If the request contains an Accept header with a value of text/html, the response includes a JavaScript page interstitial with a challenge script. Challenges run silent browser interrogations in the background, and don't generally affect the end user experience. A challenge enforces token acquisition using an interstitial JavaScript challenge that inspects the client session for legitimate behavior. The challenge blocks bots or at least increases the cost of operating sophisticated bots. After the client session successfully responds to the challenge, it receives a new token from WAF, which the challenge script uses to resubmit the original request.

You can configure the expiration time in the ChallengeConfig ImmunityTimeProperty setting at the rule and web ACL level. The rule setting overrides the web ACL setting.

This action option is available for rules. It isn't available for web ACL default actions.

func (*ChallengeAction) DeepCopy added in v0.0.2 

func (in *ChallengeAction) DeepCopy() *ChallengeAction

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeAction.

func (*ChallengeAction) DeepCopyInto added in v0.0.2 

func (in *ChallengeAction) DeepCopyInto(out *ChallengeAction)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ChallengeConfig added in v0.0.2 

type ChallengeConfig struct {
	// Used for CAPTCHA and challenge token settings. Determines how long a CAPTCHA
	// or challenge timestamp remains valid after WAF updates it for a successful
	// CAPTCHA or challenge response.
	ImmunityTimeProperty *ImmunityTimeProperty `json:"immunityTimeProperty,omitempty"`
}

Specifies how WAF should handle Challenge evaluations. This is available at the web ACL level and in each rule.

func (*ChallengeConfig) DeepCopy added in v0.0.2 

func (in *ChallengeConfig) DeepCopy() *ChallengeConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ChallengeConfig.

func (*ChallengeConfig) DeepCopyInto added in v0.0.2 

func (in *ChallengeConfig) DeepCopyInto(out *ChallengeConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ComparisonOperator 

type ComparisonOperator string
const (
	ComparisonOperator_EQ ComparisonOperator = "EQ"
	ComparisonOperator_NE ComparisonOperator = "NE"
	ComparisonOperator_LE ComparisonOperator = "LE"
	ComparisonOperator_LT ComparisonOperator = "LT"
	ComparisonOperator_GE ComparisonOperator = "GE"
	ComparisonOperator_GT ComparisonOperator = "GT"
)

type CookieMatchPattern added in v0.0.2 

type CookieMatchPattern struct {
	// Inspect all of the elements that WAF has parsed and extracted from the web
	// request component that you've identified in your FieldToMatch specifications.
	//
	// This is used in the FieldToMatch specification for some web request component
	// types.
	//
	// JSON specification: "All": {}
	All             map[string]*string `json:"all,omitempty"`
	ExcludedCookies []*string          `json:"excludedCookies,omitempty"`
	IncludedCookies []*string          `json:"includedCookies,omitempty"`
}

The filter to use to identify the subset of cookies to inspect in a web request.

You must specify exactly one setting: either All, IncludedCookies, or ExcludedCookies.

Example JSON: "MatchPattern": { "IncludedCookies": [ "session-id-time", "session-id" ] }

func (*CookieMatchPattern) DeepCopy added in v0.0.2 

func (in *CookieMatchPattern) DeepCopy() *CookieMatchPattern

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CookieMatchPattern.

func (*CookieMatchPattern) DeepCopyInto added in v0.0.2 

func (in *CookieMatchPattern) DeepCopyInto(out *CookieMatchPattern)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Cookies added in v0.0.2 

type Cookies struct {
	// The filter to use to identify the subset of cookies to inspect in a web request.
	//
	// You must specify exactly one setting: either All, IncludedCookies, or ExcludedCookies.
	//
	// Example JSON: "MatchPattern": { "IncludedCookies": [ "session-id-time", "session-id"
	// ] }
	MatchPattern     *CookieMatchPattern `json:"matchPattern,omitempty"`
	MatchScope       *string             `json:"matchScope,omitempty"`
	OversizeHandling *string             `json:"oversizeHandling,omitempty"`
}

Inspect the cookies in the web request. You can specify the parts of the cookies to inspect and you can narrow the set of cookies to inspect by including or excluding specific keys.

This is used to indicate the web request component to inspect, in the FieldToMatch specification.

Example JSON: "Cookies": { "MatchPattern": { "All": {} }, "MatchScope": "KEY", "OversizeHandling": "MATCH" }

func (*Cookies) DeepCopy added in v0.0.2 

func (in *Cookies) DeepCopy() *Cookies

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Cookies.

func (*Cookies) DeepCopyInto added in v0.0.2 

func (in *Cookies) DeepCopyInto(out *Cookies)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CountAction added in v0.0.2 

type CountAction struct {
	// Custom request handling behavior that inserts custom headers into a web request.
	// You can add custom request handling for WAF to use when the rule action doesn't
	// block the request. For example, CaptchaAction for requests with valid t okens,
	// and AllowAction.
	//
	// For information about customizing web requests and responses, see Customizing
	// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide.
	CustomRequestHandling *CustomRequestHandling `json:"customRequestHandling,omitempty"`
}

Specifies that WAF should count the request. Optionally defines additional custom handling for the request.

This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.

func (*CountAction) DeepCopy added in v0.0.2 

func (in *CountAction) DeepCopy() *CountAction

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CountAction.

func (*CountAction) DeepCopyInto added in v0.0.2 

func (in *CountAction) DeepCopyInto(out *CountAction)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CountryCode 

type CountryCode string
const (
	CountryCode_AF CountryCode = "AF"
	CountryCode_AX CountryCode = "AX"
	CountryCode_AL CountryCode = "AL"
	CountryCode_DZ CountryCode = "DZ"
	CountryCode_AS CountryCode = "AS"
	CountryCode_AD CountryCode = "AD"
	CountryCode_AO CountryCode = "AO"
	CountryCode_AI CountryCode = "AI"
	CountryCode_AQ CountryCode = "AQ"
	CountryCode_AG CountryCode = "AG"
	CountryCode_AR CountryCode = "AR"
	CountryCode_AM CountryCode = "AM"
	CountryCode_AW CountryCode = "AW"
	CountryCode_AU CountryCode = "AU"
	CountryCode_AT CountryCode = "AT"
	CountryCode_AZ CountryCode = "AZ"
	CountryCode_BS CountryCode = "BS"
	CountryCode_BH CountryCode = "BH"
	CountryCode_BD CountryCode = "BD"
	CountryCode_BB CountryCode = "BB"
	CountryCode_BY CountryCode = "BY"
	CountryCode_BE CountryCode = "BE"
	CountryCode_BZ CountryCode = "BZ"
	CountryCode_BJ CountryCode = "BJ"
	CountryCode_BM CountryCode = "BM"
	CountryCode_BT CountryCode = "BT"
	CountryCode_BO CountryCode = "BO"
	CountryCode_BQ CountryCode = "BQ"
	CountryCode_BA CountryCode = "BA"
	CountryCode_BW CountryCode = "BW"
	CountryCode_BV CountryCode = "BV"
	CountryCode_BR CountryCode = "BR"
	CountryCode_IO CountryCode = "IO"
	CountryCode_BN CountryCode = "BN"
	CountryCode_BG CountryCode = "BG"
	CountryCode_BF CountryCode = "BF"
	CountryCode_BI CountryCode = "BI"
	CountryCode_KH CountryCode = "KH"
	CountryCode_CM CountryCode = "CM"
	CountryCode_CA CountryCode = "CA"
	CountryCode_CV CountryCode = "CV"
	CountryCode_KY CountryCode = "KY"
	CountryCode_CF CountryCode = "CF"
	CountryCode_TD CountryCode = "TD"
	CountryCode_CL CountryCode = "CL"
	CountryCode_CN CountryCode = "CN"
	CountryCode_CX CountryCode = "CX"
	CountryCode_CC CountryCode = "CC"
	CountryCode_CO CountryCode = "CO"
	CountryCode_KM CountryCode = "KM"
	CountryCode_CG CountryCode = "CG"
	CountryCode_CD CountryCode = "CD"
	CountryCode_CK CountryCode = "CK"
	CountryCode_CR CountryCode = "CR"
	CountryCode_CI CountryCode = "CI"
	CountryCode_HR CountryCode = "HR"
	CountryCode_CU CountryCode = "CU"
	CountryCode_CW CountryCode = "CW"
	CountryCode_CY CountryCode = "CY"
	CountryCode_CZ CountryCode = "CZ"
	CountryCode_DK CountryCode = "DK"
	CountryCode_DJ CountryCode = "DJ"
	CountryCode_DM CountryCode = "DM"
	CountryCode_DO CountryCode = "DO"
	CountryCode_EC CountryCode = "EC"
	CountryCode_EG CountryCode = "EG"
	CountryCode_SV CountryCode = "SV"
	CountryCode_GQ CountryCode = "GQ"
	CountryCode_ER CountryCode = "ER"
	CountryCode_EE CountryCode = "EE"
	CountryCode_ET CountryCode = "ET"
	CountryCode_FK CountryCode = "FK"
	CountryCode_FO CountryCode = "FO"
	CountryCode_FJ CountryCode = "FJ"
	CountryCode_FI CountryCode = "FI"
	CountryCode_FR CountryCode = "FR"
	CountryCode_GF CountryCode = "GF"
	CountryCode_PF CountryCode = "PF"
	CountryCode_TF CountryCode = "TF"
	CountryCode_GA CountryCode = "GA"
	CountryCode_GM CountryCode = "GM"
	CountryCode_GE CountryCode = "GE"
	CountryCode_DE CountryCode = "DE"
	CountryCode_GH CountryCode = "GH"
	CountryCode_GI CountryCode = "GI"
	CountryCode_GR CountryCode = "GR"
	CountryCode_GL CountryCode = "GL"
	CountryCode_GD CountryCode = "GD"
	CountryCode_GP CountryCode = "GP"
	CountryCode_GU CountryCode = "GU"
	CountryCode_GT CountryCode = "GT"
	CountryCode_GG CountryCode = "GG"
	CountryCode_GN CountryCode = "GN"
	CountryCode_GW CountryCode = "GW"
	CountryCode_GY CountryCode = "GY"
	CountryCode_HT CountryCode = "HT"
	CountryCode_HM CountryCode = "HM"
	CountryCode_VA CountryCode = "VA"
	CountryCode_HN CountryCode = "HN"
	CountryCode_HK CountryCode = "HK"
	CountryCode_HU CountryCode = "HU"
	CountryCode_IS CountryCode = "IS"
	CountryCode_IN CountryCode = "IN"
	CountryCode_ID CountryCode = "ID"
	CountryCode_IR CountryCode = "IR"
	CountryCode_IQ CountryCode = "IQ"
	CountryCode_IE CountryCode = "IE"
	CountryCode_IM CountryCode = "IM"
	CountryCode_IL CountryCode = "IL"
	CountryCode_IT CountryCode = "IT"
	CountryCode_JM CountryCode = "JM"
	CountryCode_JP CountryCode = "JP"
	CountryCode_JE CountryCode = "JE"
	CountryCode_JO CountryCode = "JO"
	CountryCode_KZ CountryCode = "KZ"
	CountryCode_KE CountryCode = "KE"
	CountryCode_KI CountryCode = "KI"
	CountryCode_KP CountryCode = "KP"
	CountryCode_KR CountryCode = "KR"
	CountryCode_KW CountryCode = "KW"
	CountryCode_KG CountryCode = "KG"
	CountryCode_LA CountryCode = "LA"
	CountryCode_LV CountryCode = "LV"
	CountryCode_LB CountryCode = "LB"
	CountryCode_LS CountryCode = "LS"
	CountryCode_LR CountryCode = "LR"
	CountryCode_LY CountryCode = "LY"
	CountryCode_LI CountryCode = "LI"
	CountryCode_LT CountryCode = "LT"
	CountryCode_LU CountryCode = "LU"
	CountryCode_MO CountryCode = "MO"
	CountryCode_MK CountryCode = "MK"
	CountryCode_MG CountryCode = "MG"
	CountryCode_MW CountryCode = "MW"
	CountryCode_MY CountryCode = "MY"
	CountryCode_MV CountryCode = "MV"
	CountryCode_ML CountryCode = "ML"
	CountryCode_MT CountryCode = "MT"
	CountryCode_MH CountryCode = "MH"
	CountryCode_MQ CountryCode = "MQ"
	CountryCode_MR CountryCode = "MR"
	CountryCode_MU CountryCode = "MU"
	CountryCode_YT CountryCode = "YT"
	CountryCode_MX CountryCode = "MX"
	CountryCode_FM CountryCode = "FM"
	CountryCode_MD CountryCode = "MD"
	CountryCode_MC CountryCode = "MC"
	CountryCode_MN CountryCode = "MN"
	CountryCode_ME CountryCode = "ME"
	CountryCode_MS CountryCode = "MS"
	CountryCode_MA CountryCode = "MA"
	CountryCode_MZ CountryCode = "MZ"
	CountryCode_MM CountryCode = "MM"
	CountryCode_NA CountryCode = "NA"
	CountryCode_NR CountryCode = "NR"
	CountryCode_NP CountryCode = "NP"
	CountryCode_NL CountryCode = "NL"
	CountryCode_NC CountryCode = "NC"
	CountryCode_NZ CountryCode = "NZ"
	CountryCode_NI CountryCode = "NI"
	CountryCode_NE CountryCode = "NE"
	CountryCode_NG CountryCode = "NG"
	CountryCode_NU CountryCode = "NU"
	CountryCode_NF CountryCode = "NF"
	CountryCode_MP CountryCode = "MP"
	CountryCode_NO CountryCode = "NO"
	CountryCode_OM CountryCode = "OM"
	CountryCode_PK CountryCode = "PK"
	CountryCode_PW CountryCode = "PW"
	CountryCode_PS CountryCode = "PS"
	CountryCode_PA CountryCode = "PA"
	CountryCode_PG CountryCode = "PG"
	CountryCode_PY CountryCode = "PY"
	CountryCode_PE CountryCode = "PE"
	CountryCode_PH CountryCode = "PH"
	CountryCode_PN CountryCode = "PN"
	CountryCode_PL CountryCode = "PL"
	CountryCode_PT CountryCode = "PT"
	CountryCode_PR CountryCode = "PR"
	CountryCode_QA CountryCode = "QA"
	CountryCode_RE CountryCode = "RE"
	CountryCode_RO CountryCode = "RO"
	CountryCode_RU CountryCode = "RU"
	CountryCode_RW CountryCode = "RW"
	CountryCode_BL CountryCode = "BL"
	CountryCode_SH CountryCode = "SH"
	CountryCode_KN CountryCode = "KN"
	CountryCode_LC CountryCode = "LC"
	CountryCode_MF CountryCode = "MF"
	CountryCode_PM CountryCode = "PM"
	CountryCode_VC CountryCode = "VC"
	CountryCode_WS CountryCode = "WS"
	CountryCode_SM CountryCode = "SM"
	CountryCode_ST CountryCode = "ST"
	CountryCode_SA CountryCode = "SA"
	CountryCode_SN CountryCode = "SN"
	CountryCode_RS CountryCode = "RS"
	CountryCode_SC CountryCode = "SC"
	CountryCode_SL CountryCode = "SL"
	CountryCode_SG CountryCode = "SG"
	CountryCode_SX CountryCode = "SX"
	CountryCode_SK CountryCode = "SK"
	CountryCode_SI CountryCode = "SI"
	CountryCode_SB CountryCode = "SB"
	CountryCode_SO CountryCode = "SO"
	CountryCode_ZA CountryCode = "ZA"
	CountryCode_GS CountryCode = "GS"
	CountryCode_SS CountryCode = "SS"
	CountryCode_ES CountryCode = "ES"
	CountryCode_LK CountryCode = "LK"
	CountryCode_SD CountryCode = "SD"
	CountryCode_SR CountryCode = "SR"
	CountryCode_SJ CountryCode = "SJ"
	CountryCode_SZ CountryCode = "SZ"
	CountryCode_SE CountryCode = "SE"
	CountryCode_CH CountryCode = "CH"
	CountryCode_SY CountryCode = "SY"
	CountryCode_TW CountryCode = "TW"
	CountryCode_TJ CountryCode = "TJ"
	CountryCode_TZ CountryCode = "TZ"
	CountryCode_TH CountryCode = "TH"
	CountryCode_TL CountryCode = "TL"
	CountryCode_TG CountryCode = "TG"
	CountryCode_TK CountryCode = "TK"
	CountryCode_TO CountryCode = "TO"
	CountryCode_TT CountryCode = "TT"
	CountryCode_TN CountryCode = "TN"
	CountryCode_TR CountryCode = "TR"
	CountryCode_TM CountryCode = "TM"
	CountryCode_TC CountryCode = "TC"
	CountryCode_TV CountryCode = "TV"
	CountryCode_UG CountryCode = "UG"
	CountryCode_UA CountryCode = "UA"
	CountryCode_AE CountryCode = "AE"
	CountryCode_GB CountryCode = "GB"
	CountryCode_US CountryCode = "US"
	CountryCode_UM CountryCode = "UM"
	CountryCode_UY CountryCode = "UY"
	CountryCode_UZ CountryCode = "UZ"
	CountryCode_VU CountryCode = "VU"
	CountryCode_VE CountryCode = "VE"
	CountryCode_VN CountryCode = "VN"
	CountryCode_VG CountryCode = "VG"
	CountryCode_VI CountryCode = "VI"
	CountryCode_WF CountryCode = "WF"
	CountryCode_EH CountryCode = "EH"
	CountryCode_YE CountryCode = "YE"
	CountryCode_ZM CountryCode = "ZM"
	CountryCode_ZW CountryCode = "ZW"
	CountryCode_XK CountryCode = "XK"
)

type CustomHTTPHeader added in v0.0.2 

type CustomHTTPHeader struct {
	Name  *string `json:"name,omitempty"`
	Value *string `json:"value,omitempty"`
}

A custom header for custom request and response handling. This is used in CustomResponse and CustomRequestHandling.

func (*CustomHTTPHeader) DeepCopy added in v0.0.2 

func (in *CustomHTTPHeader) DeepCopy() *CustomHTTPHeader

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomHTTPHeader.

func (*CustomHTTPHeader) DeepCopyInto added in v0.0.2 

func (in *CustomHTTPHeader) DeepCopyInto(out *CustomHTTPHeader)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CustomRequestHandling added in v0.0.2 

type CustomRequestHandling struct {
	InsertHeaders []*CustomHTTPHeader `json:"insertHeaders,omitempty"`
}

Custom request handling behavior that inserts custom headers into a web request. You can add custom request handling for WAF to use when the rule action doesn't block the request. For example, CaptchaAction for requests with valid t okens, and AllowAction.

For information about customizing web requests and responses, see Customizing web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the WAF Developer Guide.

func (*CustomRequestHandling) DeepCopy added in v0.0.2 

func (in *CustomRequestHandling) DeepCopy() *CustomRequestHandling

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomRequestHandling.

func (*CustomRequestHandling) DeepCopyInto added in v0.0.2 

func (in *CustomRequestHandling) DeepCopyInto(out *CustomRequestHandling)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CustomResponse 

type CustomResponse struct {
	CustomResponseBodyKey *string             `json:"customResponseBodyKey,omitempty"`
	ResponseCode          *int64              `json:"responseCode,omitempty"`
	ResponseHeaders       []*CustomHTTPHeader `json:"responseHeaders,omitempty"`
}

A custom response to send to the client. You can define a custom response for rule actions and default web ACL actions that are set to BlockAction.

For information about customizing web requests and responses, see Customizing web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the WAF Developer Guide.

func (*CustomResponse) DeepCopy 

func (in *CustomResponse) DeepCopy() *CustomResponse

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomResponse.

func (*CustomResponse) DeepCopyInto 

func (in *CustomResponse) DeepCopyInto(out *CustomResponse)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type CustomResponseBody added in v0.0.2 

type CustomResponseBody struct {
	Content     *string `json:"content,omitempty"`
	ContentType *string `json:"contentType,omitempty"`
}

The response body to use in a custom response to a web request. This is referenced by key from CustomResponse CustomResponseBodyKey.

func (*CustomResponseBody) DeepCopy added in v0.0.2 

func (in *CustomResponseBody) DeepCopy() *CustomResponseBody

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CustomResponseBody.

func (*CustomResponseBody) DeepCopyInto added in v0.0.2 

func (in *CustomResponseBody) DeepCopyInto(out *CustomResponseBody)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DefaultAction added in v0.0.2 

type DefaultAction struct {
	// Specifies that WAF should allow the request and optionally defines additional
	// custom handling for the request.
	//
	// This is used in the context of other settings, for example to specify values
	// for RuleAction and web ACL DefaultAction.
	Allow *AllowAction `json:"allow,omitempty"`
	// Specifies that WAF should block the request and optionally defines additional
	// custom handling for the response to the web request.
	//
	// This is used in the context of other settings, for example to specify values
	// for RuleAction and web ACL DefaultAction.
	Block *BlockAction `json:"block,omitempty"`
}

In a WebACL, this is the action that you want WAF to perform when a web request doesn't match any of the rules in the WebACL. The default action must be a terminating action.

func (*DefaultAction) DeepCopy added in v0.0.2 

func (in *DefaultAction) DeepCopy() *DefaultAction

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultAction.

func (*DefaultAction) DeepCopyInto added in v0.0.2 

func (in *DefaultAction) DeepCopyInto(out *DefaultAction)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EmailField added in v0.0.2 

type EmailField struct {
	Identifier *string `json:"identifier,omitempty"`
}

The name of the field in the request payload that contains your customer's email.

This data type is used in the RequestInspectionACFP data type.

func (*EmailField) DeepCopy added in v0.0.2 

func (in *EmailField) DeepCopy() *EmailField

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EmailField.

func (*EmailField) DeepCopyInto added in v0.0.2 

func (in *EmailField) DeepCopyInto(out *EmailField)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ExcludedRule 

type ExcludedRule struct {
	Name *string `json:"name,omitempty"`
}

Specifies a single rule in a rule group whose action you want to override to Count.

Instead of this option, use RuleActionOverrides. It accepts any valid action setting, including Count.

func (*ExcludedRule) DeepCopy 

func (in *ExcludedRule) DeepCopy() *ExcludedRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExcludedRule.

func (*ExcludedRule) DeepCopyInto 

func (in *ExcludedRule) DeepCopyInto(out *ExcludedRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FailureReason 

type FailureReason string
const (
	FailureReason_TOKEN_MISSING         FailureReason = "TOKEN_MISSING"
	FailureReason_TOKEN_EXPIRED         FailureReason = "TOKEN_EXPIRED"
	FailureReason_TOKEN_INVALID         FailureReason = "TOKEN_INVALID"
	FailureReason_TOKEN_DOMAIN_MISMATCH FailureReason = "TOKEN_DOMAIN_MISMATCH"
)

type FallbackBehavior 

type FallbackBehavior string
const (
	FallbackBehavior_MATCH    FallbackBehavior = "MATCH"
	FallbackBehavior_NO_MATCH FallbackBehavior = "NO_MATCH"
)

type FieldToMatch added in v0.0.2 

type FieldToMatch struct {
	// Inspect all query arguments of the web request.
	//
	// This is used in the FieldToMatch specification for some web request component
	// types.
	//
	// JSON specification: "AllQueryArguments": {}
	AllQueryArguments map[string]*string `json:"allQueryArguments,omitempty"`
	// Inspect the body of the web request. The body immediately follows the request
	// headers.
	//
	// This is used to indicate the web request component to inspect, in the FieldToMatch
	// specification.
	Body *Body `json:"body,omitempty"`
	// Inspect the cookies in the web request. You can specify the parts of the
	// cookies to inspect and you can narrow the set of cookies to inspect by including
	// or excluding specific keys.
	//
	// This is used to indicate the web request component to inspect, in the FieldToMatch
	// specification.
	//
	// Example JSON: "Cookies": { "MatchPattern": { "All": {} }, "MatchScope": "KEY",
	// "OversizeHandling": "MATCH" }
	Cookies *Cookies `json:"cookies,omitempty"`
	// Inspect a string containing the list of the request's header names, ordered
	// as they appear in the web request that WAF receives for inspection. WAF generates
	// the string and then uses that as the field to match component in its inspection.
	// WAF separates the header names in the string using colons and no added spaces,
	// for example host:user-agent:accept:authorization:referer.
	HeaderOrder *HeaderOrder `json:"headerOrder,omitempty"`
	// Inspect all headers in the web request. You can specify the parts of the
	// headers to inspect and you can narrow the set of headers to inspect by including
	// or excluding specific keys.
	//
	// This is used to indicate the web request component to inspect, in the FieldToMatch
	// specification.
	//
	// If you want to inspect just the value of a single header, use the SingleHeader
	// FieldToMatch setting instead.
	//
	// Example JSON: "Headers": { "MatchPattern": { "All": {} }, "MatchScope": "KEY",
	// "OversizeHandling": "MATCH" }
	Headers *Headers `json:"headers,omitempty"`
	// Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character
	// hash derived from the TLS Client Hello of an incoming request. This fingerprint
	// serves as a unique identifier for the client's TLS configuration. WAF calculates
	// and logs this fingerprint for each request that has enough TLS Client Hello
	// information for the calculation. Almost all web requests include this information.
	//
	// You can use this choice only with a string match ByteMatchStatement with
	// the PositionalConstraint set to EXACTLY.
	//
	// You can obtain the JA3 fingerprint for client requests from the web ACL logs.
	// If WAF is able to calculate the fingerprint, it includes it in the logs.
	// For information about the logging fields, see Log fields (https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html)
	// in the WAF Developer Guide.
	//
	// Provide the JA3 fingerprint string from the logs in your string match statement
	// specification, to match with any future requests that have the same TLS configuration.
	JA3Fingerprint *JA3Fingerprint `json:"ja3Fingerprint,omitempty"`
	// Inspect the body of the web request as JSON. The body immediately follows
	// the request headers.
	//
	// This is used to indicate the web request component to inspect, in the FieldToMatch
	// specification.
	//
	// Use the specifications in this object to indicate which parts of the JSON
	// body to inspect using the rule's inspection criteria. WAF inspects only the
	// parts of the JSON that result from the matches that you indicate.
	//
	// Example JSON: "JsonBody": { "MatchPattern": { "All": {} }, "MatchScope":
	// "ALL" }
	JSONBody *JSONBody `json:"jsonBody,omitempty"`
	// Inspect the HTTP method of the web request. The method indicates the type
	// of operation that the request is asking the origin to perform.
	//
	// This is used in the FieldToMatch specification for some web request component
	// types.
	//
	// JSON specification: "Method": {}
	Method map[string]*string `json:"method,omitempty"`
	// Inspect the query string of the web request. This is the part of a URL that
	// appears after a ? character, if any.
	//
	// This is used in the FieldToMatch specification for some web request component
	// types.
	//
	// JSON specification: "QueryString": {}
	QueryString map[string]*string `json:"queryString,omitempty"`
	// Inspect one of the headers in the web request, identified by name, for example,
	// User-Agent or Referer. The name isn't case sensitive.
	//
	// You can filter and inspect all headers with the FieldToMatch setting Headers.
	//
	// This is used to indicate the web request component to inspect, in the FieldToMatch
	// specification.
	//
	// Example JSON: "SingleHeader": { "Name": "haystack" }
	SingleHeader *SingleHeader `json:"singleHeader,omitempty"`
	// Inspect one query argument in the web request, identified by name, for example
	// UserName or SalesRegion. The name isn't case sensitive.
	//
	// This is used to indicate the web request component to inspect, in the FieldToMatch
	// specification.
	//
	// Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
	SingleQueryArgument *SingleQueryArgument `json:"singleQueryArgument,omitempty"`
	// Inspect the path component of the URI of the web request. This is the part
	// of the web request that identifies a resource. For example, /images/daily-ad.jpg.
	//
	// This is used in the FieldToMatch specification for some web request component
	// types.
	//
	// JSON specification: "UriPath": {}
	URIPath map[string]*string `json:"uriPath,omitempty"`
}

Specifies a web request component to be used in a rule match statement or in a logging configuration.

  • In a rule statement, this is the part of the web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component. Example JSON for a QueryString field to match: "FieldToMatch": { "QueryString": {} } Example JSON for a Method field to match specification: "FieldToMatch": { "Method": { "Name": "DELETE" } }

  • In a logging configuration, this is used in the RedactedFields property to specify a field to redact from the logging records. For this use case, note the following: Even though all FieldToMatch settings are available, the only valid settings for field redaction are UriPath, QueryString, SingleHeader, and Method. In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.

func (*FieldToMatch) DeepCopy added in v0.0.2 

func (in *FieldToMatch) DeepCopy() *FieldToMatch

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FieldToMatch.

func (*FieldToMatch) DeepCopyInto added in v0.0.2 

func (in *FieldToMatch) DeepCopyInto(out *FieldToMatch)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FilterBehavior 

type FilterBehavior string
const (
	FilterBehavior_KEEP FilterBehavior = "KEEP"
	FilterBehavior_DROP FilterBehavior = "DROP"
)

type FilterRequirement 

type FilterRequirement string
const (
	FilterRequirement_MEETS_ALL FilterRequirement = "MEETS_ALL"
	FilterRequirement_MEETS_ANY FilterRequirement = "MEETS_ANY"
)

type FirewallManagerRuleGroup 

type FirewallManagerRuleGroup struct {
	// The processing guidance for an Firewall Manager rule. This is like a regular
	// rule Statement, but it can only contain a single rule group reference.
	FirewallManagerStatement *FirewallManagerStatement `json:"firewallManagerStatement,omitempty"`
	Name                     *string                   `json:"name,omitempty"`
	// The action to use in the place of the action that results from the rule group
	// evaluation. Set the override action to none to leave the result of the rule
	// group alone. Set it to count to override the result to count only.
	//
	// You can only use this for rule statements that reference a rule group, like
	// RuleGroupReferenceStatement and ManagedRuleGroupStatement.
	//
	// This option is usually set to none. It does not affect how the rules in the
	// rule group are evaluated. If you want the rules in the rule group to only
	// count matches, do not use this and instead use the rule action override option,
	// with Count action, in your rule group reference statement settings.
	OverrideAction *OverrideAction `json:"overrideAction,omitempty"`
	Priority       *int64          `json:"priority,omitempty"`
	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	VisibilityConfig *VisibilityConfig `json:"visibilityConfig,omitempty"`
}

A rule group that's defined for an Firewall Manager WAF policy.

func (*FirewallManagerRuleGroup) DeepCopy 

func (in *FirewallManagerRuleGroup) DeepCopy() *FirewallManagerRuleGroup

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FirewallManagerRuleGroup.

func (*FirewallManagerRuleGroup) DeepCopyInto 

func (in *FirewallManagerRuleGroup) DeepCopyInto(out *FirewallManagerRuleGroup)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type FirewallManagerStatement added in v0.0.2 

type FirewallManagerStatement struct {
	// A rule statement used to run the rules that are defined in a managed rule
	// group. To use this, provide the vendor name and the name of the rule group
	// in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
	//
	// You cannot nest a ManagedRuleGroupStatement, for example for use inside a
	// NotStatement or OrStatement. You cannot use a managed rule group inside another
	// rule group. You can only reference a managed rule group as a top-level statement
	// within a rule that you define in a web ACL.
	//
	// You are charged additional fees when you use the WAF Bot Control managed
	// rule group AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account
	// takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet, or
	// the WAF Fraud Control account creation fraud prevention (ACFP) managed rule
	// group AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing (http://aws.amazon.com/waf/pricing/).
	ManagedRuleGroupStatement *ManagedRuleGroupStatement `json:"managedRuleGroupStatement,omitempty"`
	// A rule statement used to run the rules that are defined in a RuleGroup. To
	// use this, create a rule group with your rules, then provide the ARN of the
	// rule group in this statement.
	//
	// You cannot nest a RuleGroupReferenceStatement, for example for use inside
	// a NotStatement or OrStatement. You cannot use a rule group reference statement
	// inside another rule group. You can only reference a rule group as a top-level
	// statement within a rule that you define in a web ACL.
	RuleGroupReferenceStatement *RuleGroupReferenceStatement `json:"ruleGroupReferenceStatement,omitempty"`
}

The processing guidance for an Firewall Manager rule. This is like a regular rule Statement, but it can only contain a single rule group reference.

func (*FirewallManagerStatement) DeepCopy added in v0.0.2 

func (in *FirewallManagerStatement) DeepCopy() *FirewallManagerStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FirewallManagerStatement.

func (*FirewallManagerStatement) DeepCopyInto added in v0.0.2 

func (in *FirewallManagerStatement) DeepCopyInto(out *FirewallManagerStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ForwardedIPConfig added in v0.0.2 

type ForwardedIPConfig struct {
	FallbackBehavior *string `json:"fallbackBehavior,omitempty"`
	HeaderName       *string `json:"headerName,omitempty"`
}

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

This configuration is used for GeoMatchStatement and RateBasedStatement. For IPSetReferenceStatement, use IPSetForwardedIPConfig instead.

WAF only evaluates the first IP address found in the specified HTTP header.

func (*ForwardedIPConfig) DeepCopy added in v0.0.2 

func (in *ForwardedIPConfig) DeepCopy() *ForwardedIPConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ForwardedIPConfig.

func (*ForwardedIPConfig) DeepCopyInto added in v0.0.2 

func (in *ForwardedIPConfig) DeepCopyInto(out *ForwardedIPConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ForwardedIPPosition 

type ForwardedIPPosition string
const (
	ForwardedIPPosition_FIRST ForwardedIPPosition = "FIRST"
	ForwardedIPPosition_LAST  ForwardedIPPosition = "LAST"
	ForwardedIPPosition_ANY   ForwardedIPPosition = "ANY"
)

type GeoMatchStatement added in v0.0.2 

type GeoMatchStatement struct {
	CountryCodes []*string `json:"countryCodes,omitempty"`
	// The configuration for inspecting IP addresses in an HTTP header that you
	// specify, instead of using the IP address that's reported by the web request
	// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
	// any header name.
	//
	// If the specified header isn't present in the request, WAF doesn't apply the
	// rule to the web request at all.
	//
	// This configuration is used for GeoMatchStatement and RateBasedStatement.
	// For IPSetReferenceStatement, use IPSetForwardedIPConfig instead.
	//
	// WAF only evaluates the first IP address found in the specified HTTP header.
	ForwardedIPConfig *ForwardedIPConfig `json:"forwardedIPConfig,omitempty"`
}

A rule statement that labels web requests by country and region and that matches against web requests based on country code. A geo match rule labels every request that it inspects regardless of whether it finds a match.

  • To manage requests only by country, you can use this statement by itself and specify the countries that you want to match against in the CountryCodes array.

  • Otherwise, configure your geo match rule with Count action so that it only labels requests. Then, add one or more label match rules to run after the geo match rule and configure them to match against the geographic labels and handle the requests as needed.

WAF labels requests using the alpha-2 country and region codes from the International Organization for Standardization (ISO) 3166 standard. WAF determines the codes using either the IP address in the web request origin or, if you specify it, the address in the geo match ForwardedIPConfig.

If you use the web request origin, the label formats are awswaf:clientip:geo:region:<ISO country code>-<ISO region code> and awswaf:clientip:geo:country:<ISO country code>.

If you use a forwarded IP address, the label formats are awswaf:forwardedip:geo:region:<ISO country code>-<ISO region code> and awswaf:forwardedip:geo:country:<ISO country code>.

For additional details, see Geographic match rule statement (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html) in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).

func (*GeoMatchStatement) DeepCopy added in v0.0.2 

func (in *GeoMatchStatement) DeepCopy() *GeoMatchStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GeoMatchStatement.

func (*GeoMatchStatement) DeepCopyInto added in v0.0.2 

func (in *GeoMatchStatement) DeepCopyInto(out *GeoMatchStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HeaderMatchPattern added in v0.0.2 

type HeaderMatchPattern struct {
	// Inspect all of the elements that WAF has parsed and extracted from the web
	// request component that you've identified in your FieldToMatch specifications.
	//
	// This is used in the FieldToMatch specification for some web request component
	// types.
	//
	// JSON specification: "All": {}
	All             map[string]*string `json:"all,omitempty"`
	ExcludedHeaders []*string          `json:"excludedHeaders,omitempty"`
	IncludedHeaders []*string          `json:"includedHeaders,omitempty"`
}

The filter to use to identify the subset of headers to inspect in a web request.

You must specify exactly one setting: either All, IncludedHeaders, or ExcludedHeaders.

Example JSON: "MatchPattern": { "ExcludedHeaders": [ "KeyToExclude1", "KeyToExclude2" ] }

func (*HeaderMatchPattern) DeepCopy added in v0.0.2 

func (in *HeaderMatchPattern) DeepCopy() *HeaderMatchPattern

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderMatchPattern.

func (*HeaderMatchPattern) DeepCopyInto added in v0.0.2 

func (in *HeaderMatchPattern) DeepCopyInto(out *HeaderMatchPattern)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type HeaderOrder added in v0.0.2 

type HeaderOrder struct {
	OversizeHandling *string `json:"oversizeHandling,omitempty"`
}

Inspect a string containing the list of the request's header names, ordered as they appear in the web request that WAF receives for inspection. WAF generates the string and then uses that as the field to match component in its inspection. WAF separates the header names in the string using colons and no added spaces, for example host:user-agent:accept:authorization:referer.

func (*HeaderOrder) DeepCopy added in v0.0.2 

func (in *HeaderOrder) DeepCopy() *HeaderOrder

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HeaderOrder.

func (*HeaderOrder) DeepCopyInto added in v0.0.2 

func (in *HeaderOrder) DeepCopyInto(out *HeaderOrder)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Headers added in v0.0.2 

type Headers struct {
	// The filter to use to identify the subset of headers to inspect in a web request.
	//
	// You must specify exactly one setting: either All, IncludedHeaders, or ExcludedHeaders.
	//
	// Example JSON: "MatchPattern": { "ExcludedHeaders": [ "KeyToExclude1", "KeyToExclude2"
	// ] }
	MatchPattern     *HeaderMatchPattern `json:"matchPattern,omitempty"`
	MatchScope       *string             `json:"matchScope,omitempty"`
	OversizeHandling *string             `json:"oversizeHandling,omitempty"`
}

Inspect all headers in the web request. You can specify the parts of the headers to inspect and you can narrow the set of headers to inspect by including or excluding specific keys.

This is used to indicate the web request component to inspect, in the FieldToMatch specification.

If you want to inspect just the value of a single header, use the SingleHeader FieldToMatch setting instead.

Example JSON: "Headers": { "MatchPattern": { "All": {} }, "MatchScope": "KEY", "OversizeHandling": "MATCH" }

func (*Headers) DeepCopy added in v0.0.2 

func (in *Headers) DeepCopy() *Headers

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Headers.

func (*Headers) DeepCopyInto added in v0.0.2 

func (in *Headers) DeepCopyInto(out *Headers)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IPAddressVersion 

type IPAddressVersion string
const (
	IPAddressVersion_IPV4 IPAddressVersion = "IPV4"
	IPAddressVersion_IPV6 IPAddressVersion = "IPV6"
)

type IPSet 

type IPSet struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              IPSetSpec   `json:"spec,omitempty"`
	Status            IPSetStatus `json:"status,omitempty"`
}

IPSet is the Schema for the IPSets API +kubebuilder:object:root=true +kubebuilder:subresource:status

func (*IPSet) DeepCopy 

func (in *IPSet) DeepCopy() *IPSet

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPSet.

func (*IPSet) DeepCopyInto 

func (in *IPSet) DeepCopyInto(out *IPSet)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*IPSet) DeepCopyObject 

func (in *IPSet) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type IPSetForwardedIPConfig added in v0.0.2 

type IPSetForwardedIPConfig struct {
	FallbackBehavior *string `json:"fallbackBehavior,omitempty"`
	HeaderName       *string `json:"headerName,omitempty"`
	Position         *string `json:"position,omitempty"`
}

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

This configuration is used only for IPSetReferenceStatement. For GeoMatchStatement and RateBasedStatement, use ForwardedIPConfig instead.

func (*IPSetForwardedIPConfig) DeepCopy added in v0.0.2 

func (in *IPSetForwardedIPConfig) DeepCopy() *IPSetForwardedIPConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPSetForwardedIPConfig.

func (*IPSetForwardedIPConfig) DeepCopyInto added in v0.0.2 

func (in *IPSetForwardedIPConfig) DeepCopyInto(out *IPSetForwardedIPConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IPSetList 

type IPSetList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []IPSet `json:"items"`
}

IPSetList contains a list of IPSet +kubebuilder:object:root=true

func (*IPSetList) DeepCopy 

func (in *IPSetList) DeepCopy() *IPSetList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPSetList.

func (*IPSetList) DeepCopyInto 

func (in *IPSetList) DeepCopyInto(out *IPSetList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*IPSetList) DeepCopyObject 

func (in *IPSetList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type IPSetReferenceStatement 

type IPSetReferenceStatement struct {
	ARN *string `json:"arn,omitempty"`
	// The configuration for inspecting IP addresses in an HTTP header that you
	// specify, instead of using the IP address that's reported by the web request
	// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
	// any header name.
	//
	// If the specified header isn't present in the request, WAF doesn't apply the
	// rule to the web request at all.
	//
	// This configuration is used only for IPSetReferenceStatement. For GeoMatchStatement
	// and RateBasedStatement, use ForwardedIPConfig instead.
	IPSetForwardedIPConfig *IPSetForwardedIPConfig `json:"ipSetForwardedIPConfig,omitempty"`
}

A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an IPSet that specifies the addresses you want to detect, then use the ARN of that set in this statement. To create an IP set, see CreateIPSet.

Each IP set rule statement references an IP set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

func (*IPSetReferenceStatement) DeepCopy 

func (in *IPSetReferenceStatement) DeepCopy() *IPSetReferenceStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPSetReferenceStatement.

func (*IPSetReferenceStatement) DeepCopyInto 

func (in *IPSetReferenceStatement) DeepCopyInto(out *IPSetReferenceStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IPSetSpec 

type IPSetSpec struct {

	// Contains an array of strings that specifies zero or more IP addresses or
	// blocks of IP addresses that you want WAF to inspect for in incoming requests.
	// All addresses must be specified using Classless Inter-Domain Routing (CIDR)
	// notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0.
	//
	// Example address strings:
	//
	//   - For requests that originated from the IP address 192.0.2.44, specify
	//     192.0.2.44/32.
	//
	//   - For requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255,
	//     specify 192.0.2.0/24.
	//
	//   - For requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111,
	//     specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
	//
	//   - For requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000
	//     to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
	//
	// For more information about CIDR notation, see the Wikipedia entry Classless
	// Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
	//
	// Example JSON Addresses specifications:
	//
	//   - Empty array: "Addresses": []
	//
	//   - Array with one address: "Addresses": ["192.0.2.44/32"]
	//
	//   - Array with three addresses: "Addresses": ["192.0.2.44/32", "192.0.2.0/24",
	//     "192.0.0.0/16"]
	//
	//   - INVALID specification: "Addresses": [""] INVALID
	//
	// +kubebuilder:validation:Required
	Addresses []*string `json:"addresses"`
	// A description of the IP set that helps with identification.
	Description *string `json:"description,omitempty"`
	// The version of the IP addresses, either IPV4 or IPV6.
	// +kubebuilder:validation:Required
	IPAddressVersion *string `json:"ipAddressVersion"`
	// The name of the IP set. You cannot change the name of an IPSet after you
	// create it.
	// +kubebuilder:validation:Required
	Name *string `json:"name"`
	// Specifies whether this is for an Amazon CloudFront distribution or for a
	// regional application. A regional application can be an Application Load Balancer
	// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
	// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
	// Access instance.
	//
	// To work with CloudFront, you must also specify the Region US East (N. Virginia)
	// as follows:
	//
	//   - CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
	//     --region=us-east-1.
	//
	//   - API and SDKs - For all calls, use the Region endpoint us-east-1.
	//
	// +kubebuilder:validation:Required
	Scope *string `json:"scope"`
	// An array of key:value pairs to associate with the resource.
	Tags []*Tag `json:"tags,omitempty"`
}

IPSetSpec defines the desired state of IPSet.

Contains zero or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0. For information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).

WAF assigns an ARN to each IPSet that you create. To use an IP set in a rule, you provide the ARN to the Rule statement IPSetReferenceStatement.

func (*IPSetSpec) DeepCopy 

func (in *IPSetSpec) DeepCopy() *IPSetSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPSetSpec.

func (*IPSetSpec) DeepCopyInto 

func (in *IPSetSpec) DeepCopyInto(out *IPSetSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IPSetStatus 

type IPSetStatus struct {
	// All CRs managed by ACK have a common `Status.ACKResourceMetadata` member
	// that is used to contain resource sync state, account ownership,
	// constructed ARN for the resource
	// +kubebuilder:validation:Optional
	ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"`
	// All CRS managed by ACK have a common `Status.Conditions` member that
	// contains a collection of `ackv1alpha1.Condition` objects that describe
	// the various terminal states of the CR and its backend AWS service API
	// resource
	// +kubebuilder:validation:Optional
	Conditions []*ackv1alpha1.Condition `json:"conditions"`
	// A unique identifier for the set. This ID is returned in the responses to
	// create and list commands. You provide it to operations like update and delete.
	// +kubebuilder:validation:Optional
	ID *string `json:"id,omitempty"`
	// A token used for optimistic locking. WAF returns a token to your get and
	// list requests, to mark the state of the entity at the time of the request.
	// To make changes to the entity associated with the token, you provide the
	// token to operations like update and delete. WAF uses the token to ensure
	// that no changes have been made to the entity since you last retrieved it.
	// If a change has been made, the update fails with a WAFOptimisticLockException.
	// If this happens, perform another get, and use the new token returned by that
	// operation.
	// +kubebuilder:validation:Optional
	LockToken *string `json:"lockToken,omitempty"`
}

IPSetStatus defines the observed state of IPSet

func (*IPSetStatus) DeepCopy 

func (in *IPSetStatus) DeepCopy() *IPSetStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPSetStatus.

func (*IPSetStatus) DeepCopyInto 

func (in *IPSetStatus) DeepCopyInto(out *IPSetStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IPSetSummary 

type IPSetSummary struct {
	ARN         *string `json:"arn,omitempty"`
	Description *string `json:"description,omitempty"`
	ID          *string `json:"id,omitempty"`
	LockToken   *string `json:"lockToken,omitempty"`
	Name        *string `json:"name,omitempty"`
}

High-level information about an IPSet, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage an IPSet, and the ARN, that you provide to the IPSetReferenceStatement to use the address set in a Rule.

func (*IPSetSummary) DeepCopy 

func (in *IPSetSummary) DeepCopy() *IPSetSummary

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPSetSummary.

func (*IPSetSummary) DeepCopyInto 

func (in *IPSetSummary) DeepCopyInto(out *IPSetSummary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type IPSet_SDK 

type IPSet_SDK struct {
	ARN              *string   `json:"arn,omitempty"`
	Addresses        []*string `json:"addresses,omitempty"`
	Description      *string   `json:"description,omitempty"`
	IPAddressVersion *string   `json:"ipAddressVersion,omitempty"`
	ID               *string   `json:"id,omitempty"`
	Name             *string   `json:"name,omitempty"`
}

Contains zero or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0. For information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).

WAF assigns an ARN to each IPSet that you create. To use an IP set in a rule, you provide the ARN to the Rule statement IPSetReferenceStatement.

func (*IPSet_SDK) DeepCopy 

func (in *IPSet_SDK) DeepCopy() *IPSet_SDK

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPSet_SDK.

func (*IPSet_SDK) DeepCopyInto 

func (in *IPSet_SDK) DeepCopyInto(out *IPSet_SDK)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ImmunityTimeProperty added in v0.0.2 

type ImmunityTimeProperty struct {
	ImmunityTime *int64 `json:"immunityTime,omitempty"`
}

Used for CAPTCHA and challenge token settings. Determines how long a CAPTCHA or challenge timestamp remains valid after WAF updates it for a successful CAPTCHA or challenge response.

func (*ImmunityTimeProperty) DeepCopy added in v0.0.2 

func (in *ImmunityTimeProperty) DeepCopy() *ImmunityTimeProperty

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ImmunityTimeProperty.

func (*ImmunityTimeProperty) DeepCopyInto added in v0.0.2 

func (in *ImmunityTimeProperty) DeepCopyInto(out *ImmunityTimeProperty)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type InspectionLevel 

type InspectionLevel string
const (
	InspectionLevel_COMMON   InspectionLevel = "COMMON"
	InspectionLevel_TARGETED InspectionLevel = "TARGETED"
)

type JA3Fingerprint added in v0.0.2 

type JA3Fingerprint struct {
	FallbackBehavior *string `json:"fallbackBehavior,omitempty"`
}

Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.

You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.

You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields (https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html) in the WAF Developer Guide.

Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.

func (*JA3Fingerprint) DeepCopy added in v0.0.2 

func (in *JA3Fingerprint) DeepCopy() *JA3Fingerprint

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JA3Fingerprint.

func (*JA3Fingerprint) DeepCopyInto added in v0.0.2 

func (in *JA3Fingerprint) DeepCopyInto(out *JA3Fingerprint)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JSONBody added in v0.0.2 

type JSONBody struct {
	InvalidFallbackBehavior *string `json:"invalidFallbackBehavior,omitempty"`
	// The patterns to look for in the JSON body. WAF inspects the results of these
	// pattern matches against the rule inspection criteria. This is used with the
	// FieldToMatch option JsonBody.
	MatchPattern     *JSONMatchPattern `json:"matchPattern,omitempty"`
	MatchScope       *string           `json:"matchScope,omitempty"`
	OversizeHandling *string           `json:"oversizeHandling,omitempty"`
}

Inspect the body of the web request as JSON. The body immediately follows the request headers.

This is used to indicate the web request component to inspect, in the FieldToMatch specification.

Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. WAF inspects only the parts of the JSON that result from the matches that you indicate.

Example JSON: "JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }

func (*JSONBody) DeepCopy added in v0.0.2 

func (in *JSONBody) DeepCopy() *JSONBody

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JSONBody.

func (*JSONBody) DeepCopyInto added in v0.0.2 

func (in *JSONBody) DeepCopyInto(out *JSONBody)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JSONMatchPattern added in v0.0.2 

type JSONMatchPattern struct {
	// Inspect all of the elements that WAF has parsed and extracted from the web
	// request component that you've identified in your FieldToMatch specifications.
	//
	// This is used in the FieldToMatch specification for some web request component
	// types.
	//
	// JSON specification: "All": {}
	All           map[string]*string `json:"all,omitempty"`
	IncludedPaths []*string          `json:"includedPaths,omitempty"`
}

The patterns to look for in the JSON body. WAF inspects the results of these pattern matches against the rule inspection criteria. This is used with the FieldToMatch option JsonBody.

func (*JSONMatchPattern) DeepCopy added in v0.0.2 

func (in *JSONMatchPattern) DeepCopy() *JSONMatchPattern

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JSONMatchPattern.

func (*JSONMatchPattern) DeepCopyInto added in v0.0.2 

func (in *JSONMatchPattern) DeepCopyInto(out *JSONMatchPattern)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type JSONMatchScope 

type JSONMatchScope string
const (
	JSONMatchScope_ALL   JSONMatchScope = "ALL"
	JSONMatchScope_KEY   JSONMatchScope = "KEY"
	JSONMatchScope_VALUE JSONMatchScope = "VALUE"
)

type Label added in v0.0.2 

type Label struct {
	Name *string `json:"name,omitempty"`
}

A single label container. This is used as an element of a label array in multiple contexts, for example, in RuleLabels inside a Rule and in Labels inside a SampledHTTPRequest.

func (*Label) DeepCopy added in v0.0.2 

func (in *Label) DeepCopy() *Label

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Label.

func (*Label) DeepCopyInto added in v0.0.2 

func (in *Label) DeepCopyInto(out *Label)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LabelMatchScope 

type LabelMatchScope string
const (
	LabelMatchScope_LABEL     LabelMatchScope = "LABEL"
	LabelMatchScope_NAMESPACE LabelMatchScope = "NAMESPACE"
)

type LabelMatchStatement added in v0.0.2 

type LabelMatchStatement struct {
	Key   *string `json:"key,omitempty"`
	Scope *string `json:"scope,omitempty"`
}

A rule statement to match against labels that have been added to the web request by rules that have already run in the web ACL.

The label match statement provides the label or namespace string to search for. The label string can represent a part or all of the fully qualified label name that had been added to the web request. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. If you do not provide the fully qualified name in your label match string, WAF performs the search for labels that were added in the same context as the label match statement.

func (*LabelMatchStatement) DeepCopy added in v0.0.2 

func (in *LabelMatchStatement) DeepCopy() *LabelMatchStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LabelMatchStatement.

func (*LabelMatchStatement) DeepCopyInto added in v0.0.2 

func (in *LabelMatchStatement) DeepCopyInto(out *LabelMatchStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LabelNameCondition added in v0.0.2 

type LabelNameCondition struct {
	LabelName *string `json:"labelName,omitempty"`
}

A single label name condition for a Condition in a logging filter.

func (*LabelNameCondition) DeepCopy added in v0.0.2 

func (in *LabelNameCondition) DeepCopy() *LabelNameCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LabelNameCondition.

func (*LabelNameCondition) DeepCopyInto added in v0.0.2 

func (in *LabelNameCondition) DeepCopyInto(out *LabelNameCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LabelSummary added in v0.0.2 

type LabelSummary struct {
	Name *string `json:"name,omitempty"`
}

List of labels used by one or more of the rules of a RuleGroup. This summary object is used for the following rule group lists:

  • AvailableLabels - Labels that rules add to matching requests. These labels are defined in the RuleLabels for a Rule.

  • ConsumedLabels - Labels that rules match against. These labels are defined in a LabelMatchStatement specification, in the Statement definition of a rule.

func (*LabelSummary) DeepCopy added in v0.0.2 

func (in *LabelSummary) DeepCopy() *LabelSummary

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LabelSummary.

func (*LabelSummary) DeepCopyInto added in v0.0.2 

func (in *LabelSummary) DeepCopyInto(out *LabelSummary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type LoggingConfiguration 

type LoggingConfiguration struct {
	ManagedByFirewallManager *bool   `json:"managedByFirewallManager,omitempty"`
	ResourceARN              *string `json:"resourceARN,omitempty"`
}

Defines an association between logging destinations and a web ACL resource, for logging from WAF. As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.

You can define one logging destination per web ACL.

You can access information about the traffic that WAF inspects using the following steps:

Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.

The name that you give the destination must start with aws-waf-logs-. Depending on the type of destination, you might need to configure additional settings or permissions.

For configuration requirements and pricing information for each destination type, see Logging web ACL traffic (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the WAF Developer Guide.

Associate your logging destination to your web ACL using a PutLoggingConfiguration request.

When you successfully enable logging using a PutLoggingConfiguration request, WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, WAF creates a resource policy on the log group. For an Amazon S3 bucket, WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked role.

For additional information about web ACL logging, see Logging web ACL traffic information (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the WAF Developer Guide.

func (*LoggingConfiguration) DeepCopy 

func (in *LoggingConfiguration) DeepCopy() *LoggingConfiguration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoggingConfiguration.

func (*LoggingConfiguration) DeepCopyInto 

func (in *LoggingConfiguration) DeepCopyInto(out *LoggingConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagedProductDescriptor 

type ManagedProductDescriptor struct {
	IsAdvancedManagedRuleSet *bool   `json:"isAdvancedManagedRuleSet,omitempty"`
	IsVersioningSupported    *bool   `json:"isVersioningSupported,omitempty"`
	ManagedRuleSetName       *string `json:"managedRuleSetName,omitempty"`
	SNSTopicARN              *string `json:"snsTopicARN,omitempty"`
	VendorName               *string `json:"vendorName,omitempty"`
}

The properties of a managed product, such as an Amazon Web Services Managed Rules rule group or an Amazon Web Services Marketplace managed rule group.

func (*ManagedProductDescriptor) DeepCopy 

func (in *ManagedProductDescriptor) DeepCopy() *ManagedProductDescriptor

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedProductDescriptor.

func (*ManagedProductDescriptor) DeepCopyInto 

func (in *ManagedProductDescriptor) DeepCopyInto(out *ManagedProductDescriptor)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagedRuleGroupConfig added in v0.0.2 

type ManagedRuleGroupConfig struct {
	// Details for your use of the account creation fraud prevention managed rule
	// group, AWSManagedRulesACFPRuleSet. This configuration is used in ManagedRuleGroupConfig.
	AWSManagedRulesACFPRuleSet *AWSManagedRulesACFPRuleSet `json:"awsManagedRulesACFPRuleSet,omitempty"`
	// Details for your use of the account takeover prevention managed rule group,
	// AWSManagedRulesATPRuleSet. This configuration is used in ManagedRuleGroupConfig.
	AWSManagedRulesATPRuleSet *AWSManagedRulesATPRuleSet `json:"awsManagedRulesATPRuleSet,omitempty"`
	// Details for your use of the Bot Control managed rule group, AWSManagedRulesBotControlRuleSet.
	// This configuration is used in ManagedRuleGroupConfig.
	AWSManagedRulesBotControlRuleSet *AWSManagedRulesBotControlRuleSet `json:"awsManagedRulesBotControlRuleSet,omitempty"`
	LoginPath                        *string                           `json:"loginPath,omitempty"`
	// The name of the field in the request payload that contains your customer's
	// password.
	//
	// This data type is used in the RequestInspection and RequestInspectionACFP
	// data types.
	PasswordField *PasswordField `json:"passwordField,omitempty"`
	PayloadType   *string        `json:"payloadType,omitempty"`
	// The name of the field in the request payload that contains your customer's
	// username.
	//
	// This data type is used in the RequestInspection and RequestInspectionACFP
	// data types.
	UsernameField *UsernameField `json:"usernameField,omitempty"`
}

Additional information that's used by a managed rule group. Many managed rule groups don't require this.

The rule groups used for intelligent threat mitigation require additional configuration:

  • Use the AWSManagedRulesACFPRuleSet configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.

  • Use the AWSManagedRulesATPRuleSet configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.

  • Use the AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.

For example specifications, see the examples section of CreateWebACL.

func (*ManagedRuleGroupConfig) DeepCopy added in v0.0.2 

func (in *ManagedRuleGroupConfig) DeepCopy() *ManagedRuleGroupConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedRuleGroupConfig.

func (*ManagedRuleGroupConfig) DeepCopyInto added in v0.0.2 

func (in *ManagedRuleGroupConfig) DeepCopyInto(out *ManagedRuleGroupConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagedRuleGroupStatement 

type ManagedRuleGroupStatement struct {
	ExcludedRules           []*ExcludedRule           `json:"excludedRules,omitempty"`
	ManagedRuleGroupConfigs []*ManagedRuleGroupConfig `json:"managedRuleGroupConfigs,omitempty"`
	Name                    *string                   `json:"name,omitempty"`
	RuleActionOverrides     []*RuleActionOverride     `json:"ruleActionOverrides,omitempty"`
	ScopeDownStatement      *string                   `json:"scopeDownStatement,omitempty"`
	VendorName              *string                   `json:"vendorName,omitempty"`
	Version                 *string                   `json:"version,omitempty"`
}

A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.

You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. You cannot use a managed rule group inside another rule group. You can only reference a managed rule group as a top-level statement within a rule that you define in a web ACL.

You are charged additional fees when you use the WAF Bot Control managed rule group AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet, or the WAF Fraud Control account creation fraud prevention (ACFP) managed rule group AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing (http://aws.amazon.com/waf/pricing/).

func (*ManagedRuleGroupStatement) DeepCopy 

func (in *ManagedRuleGroupStatement) DeepCopy() *ManagedRuleGroupStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedRuleGroupStatement.

func (*ManagedRuleGroupStatement) DeepCopyInto 

func (in *ManagedRuleGroupStatement) DeepCopyInto(out *ManagedRuleGroupStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagedRuleGroupSummary 

type ManagedRuleGroupSummary struct {
	Description         *string `json:"description,omitempty"`
	Name                *string `json:"name,omitempty"`
	VendorName          *string `json:"vendorName,omitempty"`
	VersioningSupported *bool   `json:"versioningSupported,omitempty"`
}

High-level information about a managed rule group, returned by ListAvailableManagedRuleGroups. This provides information like the name and vendor name, that you provide when you add a ManagedRuleGroupStatement to a web ACL. Managed rule groups include Amazon Web Services Managed Rules rule groups and Amazon Web Services Marketplace managed rule groups. To use any Amazon Web Services Marketplace managed rule group, first subscribe to the rule group through Amazon Web Services Marketplace.

func (*ManagedRuleGroupSummary) DeepCopy 

func (in *ManagedRuleGroupSummary) DeepCopy() *ManagedRuleGroupSummary

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedRuleGroupSummary.

func (*ManagedRuleGroupSummary) DeepCopyInto 

func (in *ManagedRuleGroupSummary) DeepCopyInto(out *ManagedRuleGroupSummary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagedRuleGroupVersion added in v0.0.2 

type ManagedRuleGroupVersion struct {
	Name *string `json:"name,omitempty"`
}

Describes a single version of a managed rule group.

func (*ManagedRuleGroupVersion) DeepCopy added in v0.0.2 

func (in *ManagedRuleGroupVersion) DeepCopy() *ManagedRuleGroupVersion

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedRuleGroupVersion.

func (*ManagedRuleGroupVersion) DeepCopyInto added in v0.0.2 

func (in *ManagedRuleGroupVersion) DeepCopyInto(out *ManagedRuleGroupVersion)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagedRuleSet 

type ManagedRuleSet struct {
	ARN                *string `json:"arn,omitempty"`
	Description        *string `json:"description,omitempty"`
	ID                 *string `json:"id,omitempty"`
	LabelNamespace     *string `json:"labelNamespace,omitempty"`
	Name               *string `json:"name,omitempty"`
	RecommendedVersion *string `json:"recommendedVersion,omitempty"`
}

A set of rules that is managed by Amazon Web Services and Amazon Web Services Marketplace sellers to provide versioned managed rule groups for customers of WAF.

This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.

Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.

func (*ManagedRuleSet) DeepCopy 

func (in *ManagedRuleSet) DeepCopy() *ManagedRuleSet

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedRuleSet.

func (*ManagedRuleSet) DeepCopyInto 

func (in *ManagedRuleSet) DeepCopyInto(out *ManagedRuleSet)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagedRuleSetSummary 

type ManagedRuleSetSummary struct {
	ARN            *string `json:"arn,omitempty"`
	Description    *string `json:"description,omitempty"`
	ID             *string `json:"id,omitempty"`
	LabelNamespace *string `json:"labelNamespace,omitempty"`
	LockToken      *string `json:"lockToken,omitempty"`
	Name           *string `json:"name,omitempty"`
}

High-level information for a managed rule set.

This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.

Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.

func (*ManagedRuleSetSummary) DeepCopy 

func (in *ManagedRuleSetSummary) DeepCopy() *ManagedRuleSetSummary

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedRuleSetSummary.

func (*ManagedRuleSetSummary) DeepCopyInto 

func (in *ManagedRuleSetSummary) DeepCopyInto(out *ManagedRuleSetSummary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ManagedRuleSetVersion 

type ManagedRuleSetVersion struct {
	AssociatedRuleGroupARN *string `json:"associatedRuleGroupARN,omitempty"`
	Capacity               *int64  `json:"capacity,omitempty"`
}

Information for a single version of a managed rule set.

This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.

Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.

func (*ManagedRuleSetVersion) DeepCopy 

func (in *ManagedRuleSetVersion) DeepCopy() *ManagedRuleSetVersion

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedRuleSetVersion.

func (*ManagedRuleSetVersion) DeepCopyInto 

func (in *ManagedRuleSetVersion) DeepCopyInto(out *ManagedRuleSetVersion)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type MapMatchScope 

type MapMatchScope string
const (
	MapMatchScope_ALL   MapMatchScope = "ALL"
	MapMatchScope_KEY   MapMatchScope = "KEY"
	MapMatchScope_VALUE MapMatchScope = "VALUE"
)

type MobileSDKRelease 

type MobileSDKRelease struct {
	ReleaseVersion *string `json:"releaseVersion,omitempty"`
	Tags           []*Tag  `json:"tags,omitempty"`
}

Information for a release of the mobile SDK, including release notes and tags.

The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html) in the WAF Developer Guide.

func (*MobileSDKRelease) DeepCopy 

func (in *MobileSDKRelease) DeepCopy() *MobileSDKRelease

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MobileSDKRelease.

func (*MobileSDKRelease) DeepCopyInto 

func (in *MobileSDKRelease) DeepCopyInto(out *MobileSDKRelease)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type NotStatement added in v0.0.2 

type NotStatement struct {
	// The processing guidance for a Rule, used by WAF to determine whether a web
	// request matches the rule.
	//
	// For example specifications, see the examples section of CreateWebACL.
	Statement *Statement `json:"statement,omitempty"`
}

A logical rule statement used to negate the results of another rule statement. You provide one Statement within the NotStatement.

func (*NotStatement) DeepCopy added in v0.0.2 

func (in *NotStatement) DeepCopy() *NotStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NotStatement.

func (*NotStatement) DeepCopyInto added in v0.0.2 

func (in *NotStatement) DeepCopyInto(out *NotStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OverrideAction added in v0.0.2 

type OverrideAction struct {
	// Specifies that WAF should count the request. Optionally defines additional
	// custom handling for the request.
	//
	// This is used in the context of other settings, for example to specify values
	// for RuleAction and web ACL DefaultAction.
	Count *CountAction `json:"count,omitempty"`
	// Specifies that WAF should do nothing. This is used for the OverrideAction
	// setting on a Rule when the rule uses a rule group reference statement.
	//
	// This is used in the context of other settings, for example to specify values
	// for RuleAction and web ACL DefaultAction.
	//
	// JSON specification: "None": {}
	None map[string]*string `json:"none,omitempty"`
}

The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only.

You can only use this for rule statements that reference a rule group, like RuleGroupReferenceStatement and ManagedRuleGroupStatement.

This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead use the rule action override option, with Count action, in your rule group reference statement settings.

func (*OverrideAction) DeepCopy added in v0.0.2 

func (in *OverrideAction) DeepCopy() *OverrideAction

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OverrideAction.

func (*OverrideAction) DeepCopyInto added in v0.0.2 

func (in *OverrideAction) DeepCopyInto(out *OverrideAction)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type OversizeHandling 

type OversizeHandling string
const (
	OversizeHandling_CONTINUE OversizeHandling = "CONTINUE"
	OversizeHandling_MATCH    OversizeHandling = "MATCH"
	OversizeHandling_NO_MATCH OversizeHandling = "NO_MATCH"
)

type ParameterExceptionField 

type ParameterExceptionField string
const (
	ParameterExceptionField_WEB_ACL                           ParameterExceptionField = "WEB_ACL"
	ParameterExceptionField_RULE_GROUP                        ParameterExceptionField = "RULE_GROUP"
	ParameterExceptionField_REGEX_PATTERN_SET                 ParameterExceptionField = "REGEX_PATTERN_SET"
	ParameterExceptionField_IP_SET                            ParameterExceptionField = "IP_SET"
	ParameterExceptionField_MANAGED_RULE_SET                  ParameterExceptionField = "MANAGED_RULE_SET"
	ParameterExceptionField_RULE                              ParameterExceptionField = "RULE"
	ParameterExceptionField_EXCLUDED_RULE                     ParameterExceptionField = "EXCLUDED_RULE"
	ParameterExceptionField_STATEMENT                         ParameterExceptionField = "STATEMENT"
	ParameterExceptionField_BYTE_MATCH_STATEMENT              ParameterExceptionField = "BYTE_MATCH_STATEMENT"
	ParameterExceptionField_SQLI_MATCH_STATEMENT              ParameterExceptionField = "SQLI_MATCH_STATEMENT"
	ParameterExceptionField_XSS_MATCH_STATEMENT               ParameterExceptionField = "XSS_MATCH_STATEMENT"
	ParameterExceptionField_SIZE_CONSTRAINT_STATEMENT         ParameterExceptionField = "SIZE_CONSTRAINT_STATEMENT"
	ParameterExceptionField_GEO_MATCH_STATEMENT               ParameterExceptionField = "GEO_MATCH_STATEMENT"
	ParameterExceptionField_RATE_BASED_STATEMENT              ParameterExceptionField = "RATE_BASED_STATEMENT"
	ParameterExceptionField_RULE_GROUP_REFERENCE_STATEMENT    ParameterExceptionField = "RULE_GROUP_REFERENCE_STATEMENT"
	ParameterExceptionField_REGEX_PATTERN_REFERENCE_STATEMENT ParameterExceptionField = "REGEX_PATTERN_REFERENCE_STATEMENT"
	ParameterExceptionField_IP_SET_REFERENCE_STATEMENT        ParameterExceptionField = "IP_SET_REFERENCE_STATEMENT"
	ParameterExceptionField_MANAGED_RULE_SET_STATEMENT        ParameterExceptionField = "MANAGED_RULE_SET_STATEMENT"
	ParameterExceptionField_LABEL_MATCH_STATEMENT             ParameterExceptionField = "LABEL_MATCH_STATEMENT"
	ParameterExceptionField_AND_STATEMENT                     ParameterExceptionField = "AND_STATEMENT"
	ParameterExceptionField_OR_STATEMENT                      ParameterExceptionField = "OR_STATEMENT"
	ParameterExceptionField_NOT_STATEMENT                     ParameterExceptionField = "NOT_STATEMENT"
	ParameterExceptionField_IP_ADDRESS                        ParameterExceptionField = "IP_ADDRESS"
	ParameterExceptionField_IP_ADDRESS_VERSION                ParameterExceptionField = "IP_ADDRESS_VERSION"
	ParameterExceptionField_FIELD_TO_MATCH                    ParameterExceptionField = "FIELD_TO_MATCH"
	ParameterExceptionField_TEXT_TRANSFORMATION               ParameterExceptionField = "TEXT_TRANSFORMATION"
	ParameterExceptionField_SINGLE_QUERY_ARGUMENT             ParameterExceptionField = "SINGLE_QUERY_ARGUMENT"
	ParameterExceptionField_SINGLE_HEADER                     ParameterExceptionField = "SINGLE_HEADER"
	ParameterExceptionField_DEFAULT_ACTION                    ParameterExceptionField = "DEFAULT_ACTION"
	ParameterExceptionField_RULE_ACTION                       ParameterExceptionField = "RULE_ACTION"
	ParameterExceptionField_ENTITY_LIMIT                      ParameterExceptionField = "ENTITY_LIMIT"
	ParameterExceptionField_OVERRIDE_ACTION                   ParameterExceptionField = "OVERRIDE_ACTION"
	ParameterExceptionField_SCOPE_VALUE                       ParameterExceptionField = "SCOPE_VALUE"
	ParameterExceptionField_RESOURCE_ARN                      ParameterExceptionField = "RESOURCE_ARN"
	ParameterExceptionField_RESOURCE_TYPE                     ParameterExceptionField = "RESOURCE_TYPE"
	ParameterExceptionField_TAGS                              ParameterExceptionField = "TAGS"
	ParameterExceptionField_TAG_KEYS                          ParameterExceptionField = "TAG_KEYS"
	ParameterExceptionField_METRIC_NAME                       ParameterExceptionField = "METRIC_NAME"
	ParameterExceptionField_FIREWALL_MANAGER_STATEMENT        ParameterExceptionField = "FIREWALL_MANAGER_STATEMENT"
	ParameterExceptionField_FALLBACK_BEHAVIOR                 ParameterExceptionField = "FALLBACK_BEHAVIOR"
	ParameterExceptionField_POSITION                          ParameterExceptionField = "POSITION"
	ParameterExceptionField_FORWARDED_IP_CONFIG               ParameterExceptionField = "FORWARDED_IP_CONFIG"
	ParameterExceptionField_IP_SET_FORWARDED_IP_CONFIG        ParameterExceptionField = "IP_SET_FORWARDED_IP_CONFIG"
	ParameterExceptionField_HEADER_NAME                       ParameterExceptionField = "HEADER_NAME"
	ParameterExceptionField_CUSTOM_REQUEST_HANDLING           ParameterExceptionField = "CUSTOM_REQUEST_HANDLING"
	ParameterExceptionField_RESPONSE_CONTENT_TYPE             ParameterExceptionField = "RESPONSE_CONTENT_TYPE"
	ParameterExceptionField_CUSTOM_RESPONSE                   ParameterExceptionField = "CUSTOM_RESPONSE"
	ParameterExceptionField_CUSTOM_RESPONSE_BODY              ParameterExceptionField = "CUSTOM_RESPONSE_BODY"
	ParameterExceptionField_JSON_MATCH_PATTERN                ParameterExceptionField = "JSON_MATCH_PATTERN"
	ParameterExceptionField_JSON_MATCH_SCOPE                  ParameterExceptionField = "JSON_MATCH_SCOPE"
	ParameterExceptionField_BODY_PARSING_FALLBACK_BEHAVIOR    ParameterExceptionField = "BODY_PARSING_FALLBACK_BEHAVIOR"
	ParameterExceptionField_LOGGING_FILTER                    ParameterExceptionField = "LOGGING_FILTER"
	ParameterExceptionField_FILTER_CONDITION                  ParameterExceptionField = "FILTER_CONDITION"
	ParameterExceptionField_EXPIRE_TIMESTAMP                  ParameterExceptionField = "EXPIRE_TIMESTAMP"
	ParameterExceptionField_CHANGE_PROPAGATION_STATUS         ParameterExceptionField = "CHANGE_PROPAGATION_STATUS"
	ParameterExceptionField_ASSOCIABLE_RESOURCE               ParameterExceptionField = "ASSOCIABLE_RESOURCE"
	ParameterExceptionField_LOG_DESTINATION                   ParameterExceptionField = "LOG_DESTINATION"
	ParameterExceptionField_MANAGED_RULE_GROUP_CONFIG         ParameterExceptionField = "MANAGED_RULE_GROUP_CONFIG"
	ParameterExceptionField_PAYLOAD_TYPE                      ParameterExceptionField = "PAYLOAD_TYPE"
	ParameterExceptionField_HEADER_MATCH_PATTERN              ParameterExceptionField = "HEADER_MATCH_PATTERN"
	ParameterExceptionField_COOKIE_MATCH_PATTERN              ParameterExceptionField = "COOKIE_MATCH_PATTERN"
	ParameterExceptionField_MAP_MATCH_SCOPE                   ParameterExceptionField = "MAP_MATCH_SCOPE"
	ParameterExceptionField_OVERSIZE_HANDLING                 ParameterExceptionField = "OVERSIZE_HANDLING"
	ParameterExceptionField_CHALLENGE_CONFIG                  ParameterExceptionField = "CHALLENGE_CONFIG"
	ParameterExceptionField_TOKEN_DOMAIN                      ParameterExceptionField = "TOKEN_DOMAIN"
	ParameterExceptionField_ATP_RULE_SET_RESPONSE_INSPECTION  ParameterExceptionField = "ATP_RULE_SET_RESPONSE_INSPECTION"
	ParameterExceptionField_ASSOCIATED_RESOURCE_TYPE          ParameterExceptionField = "ASSOCIATED_RESOURCE_TYPE"
	ParameterExceptionField_SCOPE_DOWN                        ParameterExceptionField = "SCOPE_DOWN"
	ParameterExceptionField_CUSTOM_KEYS                       ParameterExceptionField = "CUSTOM_KEYS"
	ParameterExceptionField_ACP_RULE_SET_RESPONSE_INSPECTION  ParameterExceptionField = "ACP_RULE_SET_RESPONSE_INSPECTION"
)

type PasswordField added in v0.0.2 

type PasswordField struct {
	Identifier *string `json:"identifier,omitempty"`
}

The name of the field in the request payload that contains your customer's password.

This data type is used in the RequestInspection and RequestInspectionACFP data types.

func (*PasswordField) DeepCopy added in v0.0.2 

func (in *PasswordField) DeepCopy() *PasswordField

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PasswordField.

func (*PasswordField) DeepCopyInto added in v0.0.2 

func (in *PasswordField) DeepCopyInto(out *PasswordField)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PayloadType 

type PayloadType string
const (
	PayloadType_JSON         PayloadType = "JSON"
	PayloadType_FORM_ENCODED PayloadType = "FORM_ENCODED"
)

type PhoneNumberField added in v0.0.2 

type PhoneNumberField struct {
	Identifier *string `json:"identifier,omitempty"`
}

The name of a field in the request payload that contains part or all of your customer's primary phone number.

This data type is used in the RequestInspectionACFP data type.

func (*PhoneNumberField) DeepCopy added in v0.0.2 

func (in *PhoneNumberField) DeepCopy() *PhoneNumberField

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PhoneNumberField.

func (*PhoneNumberField) DeepCopyInto added in v0.0.2 

func (in *PhoneNumberField) DeepCopyInto(out *PhoneNumberField)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Platform 

type Platform string
const (
	Platform_IOS     Platform = "IOS"
	Platform_ANDROID Platform = "ANDROID"
)

type PositionalConstraint 

type PositionalConstraint string
const (
	PositionalConstraint_EXACTLY       PositionalConstraint = "EXACTLY"
	PositionalConstraint_STARTS_WITH   PositionalConstraint = "STARTS_WITH"
	PositionalConstraint_ENDS_WITH     PositionalConstraint = "ENDS_WITH"
	PositionalConstraint_CONTAINS      PositionalConstraint = "CONTAINS"
	PositionalConstraint_CONTAINS_WORD PositionalConstraint = "CONTAINS_WORD"
)

type RateBasedStatement added in v0.0.2 

type RateBasedStatement struct {
	AggregateKeyType    *string                        `json:"aggregateKeyType,omitempty"`
	CustomKeys          []*RateBasedStatementCustomKey `json:"customKeys,omitempty"`
	EvaluationWindowSec *int64                         `json:"evaluationWindowSec,omitempty"`
	// The configuration for inspecting IP addresses in an HTTP header that you
	// specify, instead of using the IP address that's reported by the web request
	// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
	// any header name.
	//
	// If the specified header isn't present in the request, WAF doesn't apply the
	// rule to the web request at all.
	//
	// This configuration is used for GeoMatchStatement and RateBasedStatement.
	// For IPSetReferenceStatement, use IPSetForwardedIPConfig instead.
	//
	// WAF only evaluates the first IP address found in the specified HTTP header.
	ForwardedIPConfig  *ForwardedIPConfig `json:"forwardedIPConfig,omitempty"`
	Limit              *int64             `json:"limit,omitempty"`
	ScopeDownStatement *string            `json:"scopeDownStatement,omitempty"`
}

A rate-based rule counts incoming requests and rate limits requests when they are coming at too fast a rate. The rule categorizes requests according to your aggregation criteria, collects them into aggregation instances, and counts and rate limits the requests for each instance.

If you change any of these settings in a rule that's currently in use, the change resets the rule's rate limiting counts. This can pause the rule's rate limiting activities for up to a minute.

You can specify individual aggregation keys, like IP address or HTTP method. You can also specify aggregation key combinations, like IP address and HTTP method, or HTTP method, query argument, and cookie.

Each unique set of values for the aggregation keys that you specify is a separate aggregation instance, with the value from each key contributing to the aggregation instance definition.

For example, assume the rule evaluates web requests with the following IP address and HTTP method values:

  • IP address 10.1.1.1, HTTP method POST

  • IP address 10.1.1.1, HTTP method GET

  • IP address 127.0.0.0, HTTP method POST

  • IP address 10.1.1.1, HTTP method GET

The rule would create different aggregation instances according to your aggregation criteria, for example:

  • If the aggregation criteria is just the IP address, then each individual address is an aggregation instance, and WAF counts requests separately for each. The aggregation instances and request counts for our example would be the following: IP address 10.1.1.1: count 3 IP address 127.0.0.0: count 1

  • If the aggregation criteria is HTTP method, then each individual HTTP method is an aggregation instance. The aggregation instances and request counts for our example would be the following: HTTP method POST: count 2 HTTP method GET: count 2

  • If the aggregation criteria is IP address and HTTP method, then each IP address and each HTTP method would contribute to the combined aggregation instance. The aggregation instances and request counts for our example would be the following: IP address 10.1.1.1, HTTP method POST: count 1 IP address 10.1.1.1, HTTP method GET: count 2 IP address 127.0.0.0, HTTP method POST: count 1

For any n-tuple of aggregation keys, each unique combination of values for the keys defines a separate aggregation instance, which WAF counts and rate-limits individually.

You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts and rate limits requests that match the nested statement. You can use this nested scope-down statement in conjunction with your aggregation key specifications or you can just count and rate limit all requests that match the scope-down statement, without additional aggregation. When you choose to just manage all requests that match a scope-down statement, the aggregation instance is singular for the rule.

You cannot nest a RateBasedStatement inside another statement, for example inside a NotStatement or OrStatement. You can define a RateBasedStatement inside a web ACL and inside a rule group.

For additional information about the options, see Rate limiting web requests using rate-based rules (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rate-based-rules.html) in the WAF Developer Guide.

If you only aggregate on the individual IP address or forwarded IP address, you can retrieve the list of IP addresses that WAF is currently rate limiting for a rule through the API call GetRateBasedStatementManagedKeys. This option is not available for other aggregation configurations.

WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by WAF.

func (*RateBasedStatement) DeepCopy added in v0.0.2 

func (in *RateBasedStatement) DeepCopy() *RateBasedStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateBasedStatement.

func (*RateBasedStatement) DeepCopyInto added in v0.0.2 

func (in *RateBasedStatement) DeepCopyInto(out *RateBasedStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateBasedStatementAggregateKeyType 

type RateBasedStatementAggregateKeyType string
const (
	RateBasedStatementAggregateKeyType_IP           RateBasedStatementAggregateKeyType = "IP"
	RateBasedStatementAggregateKeyType_FORWARDED_IP RateBasedStatementAggregateKeyType = "FORWARDED_IP"
	RateBasedStatementAggregateKeyType_CUSTOM_KEYS  RateBasedStatementAggregateKeyType = "CUSTOM_KEYS"
	RateBasedStatementAggregateKeyType_CONSTANT     RateBasedStatementAggregateKeyType = "CONSTANT"
)

type RateBasedStatementCustomKey added in v0.0.2 

type RateBasedStatementCustomKey struct {
	// Specifies a cookie as an aggregate key for a rate-based rule. Each distinct
	// value in the cookie contributes to the aggregation instance. If you use a
	// single cookie as your custom key, then each value fully defines an aggregation
	// instance.
	Cookie *RateLimitCookie `json:"cookie,omitempty"`
	// Specifies the first IP address in an HTTP header as an aggregate key for
	// a rate-based rule. Each distinct forwarded IP address contributes to the
	// aggregation instance.
	//
	// This setting is used only in the RateBasedStatementCustomKey specification
	// of a rate-based rule statement. When you specify an IP or forwarded IP in
	// the custom key settings, you must also specify at least one other key to
	// use. You can aggregate on only the forwarded IP address by specifying FORWARDED_IP
	// in your rate-based statement's AggregateKeyType.
	//
	// This data type supports using the forwarded IP address in the web request
	// aggregation for a rate-based rule, in RateBasedStatementCustomKey. The JSON
	// specification for using the forwarded IP address doesn't explicitly use this
	// data type.
	//
	// JSON specification: "ForwardedIP": {}
	//
	// When you use this specification, you must also configure the forwarded IP
	// address in the rate-based statement's ForwardedIPConfig.
	ForwardedIP map[string]*string `json:"forwardedIP,omitempty"`
	// Specifies the request's HTTP method as an aggregate key for a rate-based
	// rule. Each distinct HTTP method contributes to the aggregation instance.
	// If you use just the HTTP method as your custom key, then each method fully
	// defines an aggregation instance.
	//
	// JSON specification: "RateLimitHTTPMethod": {}
	HTTPMethod map[string]*string `json:"httpMethod,omitempty"`
	// Specifies a header as an aggregate key for a rate-based rule. Each distinct
	// value in the header contributes to the aggregation instance. If you use a
	// single header as your custom key, then each value fully defines an aggregation
	// instance.
	Header *RateLimitHeader `json:"header,omitempty"`
	// Specifies the IP address in the web request as an aggregate key for a rate-based
	// rule. Each distinct IP address contributes to the aggregation instance.
	//
	// This setting is used only in the RateBasedStatementCustomKey specification
	// of a rate-based rule statement. To use this in the custom key settings, you
	// must specify at least one other key to use, along with the IP address. To
	// aggregate on only the IP address, in your rate-based statement's AggregateKeyType,
	// specify IP.
	//
	// JSON specification: "RateLimitIP": {}
	IP map[string]*string `json:"iP,omitempty"`
	// Specifies a label namespace to use as an aggregate key for a rate-based rule.
	// Each distinct fully qualified label name that has the specified label namespace
	// contributes to the aggregation instance. If you use just one label namespace
	// as your custom key, then each label name fully defines an aggregation instance.
	//
	// This uses only labels that have been added to the request by rules that are
	// evaluated before this rate-based rule in the web ACL.
	//
	// For information about label namespaces and names, see Label syntax and naming
	// requirements (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-label-requirements.html)
	// in the WAF Developer Guide.
	LabelNamespace *RateLimitLabelNamespace `json:"labelNamespace,omitempty"`
	// Specifies a query argument in the request as an aggregate key for a rate-based
	// rule. Each distinct value for the named query argument contributes to the
	// aggregation instance. If you use a single query argument as your custom key,
	// then each value fully defines an aggregation instance.
	QueryArgument *RateLimitQueryArgument `json:"queryArgument,omitempty"`
	// Specifies the request's query string as an aggregate key for a rate-based
	// rule. Each distinct string contributes to the aggregation instance. If you
	// use just the query string as your custom key, then each string fully defines
	// an aggregation instance.
	QueryString *RateLimitQueryString `json:"queryString,omitempty"`
	// Specifies the request's URI path as an aggregate key for a rate-based rule.
	// Each distinct URI path contributes to the aggregation instance. If you use
	// just the URI path as your custom key, then each URI path fully defines an
	// aggregation instance.
	URIPath *RateLimitURIPath `json:"uriPath,omitempty"`
}

Specifies a single custom aggregate key for a rate-base rule.

Web requests that are missing any of the components specified in the aggregation keys are omitted from the rate-based rule evaluation and handling.

func (*RateBasedStatementCustomKey) DeepCopy added in v0.0.2 

func (in *RateBasedStatementCustomKey) DeepCopy() *RateBasedStatementCustomKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateBasedStatementCustomKey.

func (*RateBasedStatementCustomKey) DeepCopyInto added in v0.0.2 

func (in *RateBasedStatementCustomKey) DeepCopyInto(out *RateBasedStatementCustomKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateBasedStatementManagedKeysIPSet 

type RateBasedStatementManagedKeysIPSet struct {
	Addresses        []*string `json:"addresses,omitempty"`
	IPAddressVersion *string   `json:"ipAddressVersion,omitempty"`
}

The set of IP addresses that are currently blocked for a RateBasedStatement. This is only available for rate-based rules that aggregate on just the IP address, with the AggregateKeyType set to IP or FORWARDED_IP.

A rate-based rule applies its rule action to requests from IP addresses that are in the rule's managed keys list and that match the rule's scope-down statement. When a rule has no scope-down statement, it applies the action to all requests from the IP addresses that are in the list. The rule applies its rule action to rate limit the matching requests. The action is usually Block but it can be any valid rule action except for Allow.

The maximum number of IP addresses that can be rate limited by a single rate-based rule instance is 10,000. If more than 10,000 addresses exceed the rate limit, WAF limits those with the highest rates.

func (*RateBasedStatementManagedKeysIPSet) DeepCopy 

func (in *RateBasedStatementManagedKeysIPSet) DeepCopy() *RateBasedStatementManagedKeysIPSet

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateBasedStatementManagedKeysIPSet.

func (*RateBasedStatementManagedKeysIPSet) DeepCopyInto 

func (in *RateBasedStatementManagedKeysIPSet) DeepCopyInto(out *RateBasedStatementManagedKeysIPSet)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitCookie added in v0.0.2 

type RateLimitCookie struct {
	Name                *string               `json:"name,omitempty"`
	TextTransformations []*TextTransformation `json:"textTransformations,omitempty"`
}

Specifies a cookie as an aggregate key for a rate-based rule. Each distinct value in the cookie contributes to the aggregation instance. If you use a single cookie as your custom key, then each value fully defines an aggregation instance.

func (*RateLimitCookie) DeepCopy added in v0.0.2 

func (in *RateLimitCookie) DeepCopy() *RateLimitCookie

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitCookie.

func (*RateLimitCookie) DeepCopyInto added in v0.0.2 

func (in *RateLimitCookie) DeepCopyInto(out *RateLimitCookie)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitHeader added in v0.0.2 

type RateLimitHeader struct {
	Name                *string               `json:"name,omitempty"`
	TextTransformations []*TextTransformation `json:"textTransformations,omitempty"`
}

Specifies a header as an aggregate key for a rate-based rule. Each distinct value in the header contributes to the aggregation instance. If you use a single header as your custom key, then each value fully defines an aggregation instance.

func (*RateLimitHeader) DeepCopy added in v0.0.2 

func (in *RateLimitHeader) DeepCopy() *RateLimitHeader

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitHeader.

func (*RateLimitHeader) DeepCopyInto added in v0.0.2 

func (in *RateLimitHeader) DeepCopyInto(out *RateLimitHeader)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitLabelNamespace added in v0.0.2 

type RateLimitLabelNamespace struct {
	Namespace *string `json:"namespace,omitempty"`
}

Specifies a label namespace to use as an aggregate key for a rate-based rule. Each distinct fully qualified label name that has the specified label namespace contributes to the aggregation instance. If you use just one label namespace as your custom key, then each label name fully defines an aggregation instance.

This uses only labels that have been added to the request by rules that are evaluated before this rate-based rule in the web ACL.

For information about label namespaces and names, see Label syntax and naming requirements (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-label-requirements.html) in the WAF Developer Guide.

func (*RateLimitLabelNamespace) DeepCopy added in v0.0.2 

func (in *RateLimitLabelNamespace) DeepCopy() *RateLimitLabelNamespace

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitLabelNamespace.

func (*RateLimitLabelNamespace) DeepCopyInto added in v0.0.2 

func (in *RateLimitLabelNamespace) DeepCopyInto(out *RateLimitLabelNamespace)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitQueryArgument added in v0.0.2 

type RateLimitQueryArgument struct {
	Name                *string               `json:"name,omitempty"`
	TextTransformations []*TextTransformation `json:"textTransformations,omitempty"`
}

Specifies a query argument in the request as an aggregate key for a rate-based rule. Each distinct value for the named query argument contributes to the aggregation instance. If you use a single query argument as your custom key, then each value fully defines an aggregation instance.

func (*RateLimitQueryArgument) DeepCopy added in v0.0.2 

func (in *RateLimitQueryArgument) DeepCopy() *RateLimitQueryArgument

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitQueryArgument.

func (*RateLimitQueryArgument) DeepCopyInto added in v0.0.2 

func (in *RateLimitQueryArgument) DeepCopyInto(out *RateLimitQueryArgument)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitQueryString added in v0.0.2 

type RateLimitQueryString struct {
	TextTransformations []*TextTransformation `json:"textTransformations,omitempty"`
}

Specifies the request's query string as an aggregate key for a rate-based rule. Each distinct string contributes to the aggregation instance. If you use just the query string as your custom key, then each string fully defines an aggregation instance.

func (*RateLimitQueryString) DeepCopy added in v0.0.2 

func (in *RateLimitQueryString) DeepCopy() *RateLimitQueryString

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitQueryString.

func (*RateLimitQueryString) DeepCopyInto added in v0.0.2 

func (in *RateLimitQueryString) DeepCopyInto(out *RateLimitQueryString)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RateLimitURIPath added in v0.0.2 

type RateLimitURIPath struct {
	TextTransformations []*TextTransformation `json:"textTransformations,omitempty"`
}

Specifies the request's URI path as an aggregate key for a rate-based rule. Each distinct URI path contributes to the aggregation instance. If you use just the URI path as your custom key, then each URI path fully defines an aggregation instance.

func (*RateLimitURIPath) DeepCopy added in v0.0.2 

func (in *RateLimitURIPath) DeepCopy() *RateLimitURIPath

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RateLimitURIPath.

func (*RateLimitURIPath) DeepCopyInto added in v0.0.2 

func (in *RateLimitURIPath) DeepCopyInto(out *RateLimitURIPath)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Regex added in v0.0.2 

type Regex struct {
	RegexString *string `json:"regexString,omitempty"`
}

A single regular expression. This is used in a RegexPatternSet.

func (*Regex) DeepCopy added in v0.0.2 

func (in *Regex) DeepCopy() *Regex

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Regex.

func (*Regex) DeepCopyInto added in v0.0.2 

func (in *Regex) DeepCopyInto(out *Regex)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RegexMatchStatement added in v0.0.2 

type RegexMatchStatement struct {
	// Specifies a web request component to be used in a rule match statement or
	// in a logging configuration.
	//
	//    * In a rule statement, this is the part of the web request that you want
	//    WAF to inspect. Include the single FieldToMatch type that you want to
	//    inspect, with additional specifications as needed, according to the type.
	//    You specify a single request component in FieldToMatch for each rule statement
	//    that requires it. To inspect more than one component of the web request,
	//    create a separate rule statement for each component. Example JSON for
	//    a QueryString field to match: "FieldToMatch": { "QueryString": {} } Example
	//    JSON for a Method field to match specification: "FieldToMatch": { "Method":
	//    { "Name": "DELETE" } }
	//
	//    * In a logging configuration, this is used in the RedactedFields property
	//    to specify a field to redact from the logging records. For this use case,
	//    note the following: Even though all FieldToMatch settings are available,
	//    the only valid settings for field redaction are UriPath, QueryString,
	//    SingleHeader, and Method. In this documentation, the descriptions of the
	//    individual fields talk about specifying the web request component to inspect,
	//    but for field redaction, you are specifying the component type to redact
	//    from the logs.
	FieldToMatch        *FieldToMatch         `json:"fieldToMatch,omitempty"`
	RegexString         *string               `json:"regexString,omitempty"`
	TextTransformations []*TextTransformation `json:"textTransformations,omitempty"`
}

A rule statement used to search web request components for a match against a single regular expression.

func (*RegexMatchStatement) DeepCopy added in v0.0.2 

func (in *RegexMatchStatement) DeepCopy() *RegexMatchStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegexMatchStatement.

func (*RegexMatchStatement) DeepCopyInto added in v0.0.2 

func (in *RegexMatchStatement) DeepCopyInto(out *RegexMatchStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RegexPatternSet 

type RegexPatternSet struct {
	ARN         *string `json:"arn,omitempty"`
	Description *string `json:"description,omitempty"`
	ID          *string `json:"id,omitempty"`
	Name        *string `json:"name,omitempty"`
}

Contains one or more regular expressions.

WAF assigns an ARN to each RegexPatternSet that you create. To use a set in a rule, you provide the ARN to the Rule statement RegexPatternSetReferenceStatement.

func (*RegexPatternSet) DeepCopy 

func (in *RegexPatternSet) DeepCopy() *RegexPatternSet

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegexPatternSet.

func (*RegexPatternSet) DeepCopyInto 

func (in *RegexPatternSet) DeepCopyInto(out *RegexPatternSet)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RegexPatternSetReferenceStatement 

type RegexPatternSetReferenceStatement struct {
	ARN *string `json:"arn,omitempty"`
	// Specifies a web request component to be used in a rule match statement or
	// in a logging configuration.
	//
	//    * In a rule statement, this is the part of the web request that you want
	//    WAF to inspect. Include the single FieldToMatch type that you want to
	//    inspect, with additional specifications as needed, according to the type.
	//    You specify a single request component in FieldToMatch for each rule statement
	//    that requires it. To inspect more than one component of the web request,
	//    create a separate rule statement for each component. Example JSON for
	//    a QueryString field to match: "FieldToMatch": { "QueryString": {} } Example
	//    JSON for a Method field to match specification: "FieldToMatch": { "Method":
	//    { "Name": "DELETE" } }
	//
	//    * In a logging configuration, this is used in the RedactedFields property
	//    to specify a field to redact from the logging records. For this use case,
	//    note the following: Even though all FieldToMatch settings are available,
	//    the only valid settings for field redaction are UriPath, QueryString,
	//    SingleHeader, and Method. In this documentation, the descriptions of the
	//    individual fields talk about specifying the web request component to inspect,
	//    but for field redaction, you are specifying the component type to redact
	//    from the logs.
	FieldToMatch        *FieldToMatch         `json:"fieldToMatch,omitempty"`
	TextTransformations []*TextTransformation `json:"textTransformations,omitempty"`
}

A rule statement used to search web request components for matches with regular expressions. To use this, create a RegexPatternSet that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set. To create a regex pattern set, see CreateRegexPatternSet.

Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

func (*RegexPatternSetReferenceStatement) DeepCopy 

func (in *RegexPatternSetReferenceStatement) DeepCopy() *RegexPatternSetReferenceStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegexPatternSetReferenceStatement.

func (*RegexPatternSetReferenceStatement) DeepCopyInto 

func (in *RegexPatternSetReferenceStatement) DeepCopyInto(out *RegexPatternSetReferenceStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RegexPatternSetSummary 

type RegexPatternSetSummary struct {
	ARN         *string `json:"arn,omitempty"`
	Description *string `json:"description,omitempty"`
	ID          *string `json:"id,omitempty"`
	LockToken   *string `json:"lockToken,omitempty"`
	Name        *string `json:"name,omitempty"`
}

High-level information about a RegexPatternSet, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a RegexPatternSet, and the ARN, that you provide to the RegexPatternSetReferenceStatement to use the pattern set in a Rule.

func (*RegexPatternSetSummary) DeepCopy 

func (in *RegexPatternSetSummary) DeepCopy() *RegexPatternSetSummary

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegexPatternSetSummary.

func (*RegexPatternSetSummary) DeepCopyInto 

func (in *RegexPatternSetSummary) DeepCopyInto(out *RegexPatternSetSummary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ReleaseSummary added in v0.0.2 

type ReleaseSummary struct {
	ReleaseVersion *string `json:"releaseVersion,omitempty"`
}

High level information for an SDK release.

func (*ReleaseSummary) DeepCopy added in v0.0.2 

func (in *ReleaseSummary) DeepCopy() *ReleaseSummary

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReleaseSummary.

func (*ReleaseSummary) DeepCopyInto added in v0.0.2 

func (in *ReleaseSummary) DeepCopyInto(out *ReleaseSummary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RequestBodyAssociatedResourceTypeConfig added in v0.0.3 

type RequestBodyAssociatedResourceTypeConfig struct {
	DefaultSizeInspectionLimit *string `json:"defaultSizeInspectionLimit,omitempty"`
}

Customizes the maximum size of the request body that your protected CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access resources forward to WAF for inspection. The default size is 16 KB (16,384 bytes). You can change the setting for any of the available resource types.

You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing (http://aws.amazon.com/waf/pricing/).

Example JSON: { "API_GATEWAY": "KB_48", "APP_RUNNER_SERVICE": "KB_32" }

For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).

This is used in the AssociationConfig of the web ACL.

func (*RequestBodyAssociatedResourceTypeConfig) DeepCopy added in v0.0.3 

func (in *RequestBodyAssociatedResourceTypeConfig) DeepCopy() *RequestBodyAssociatedResourceTypeConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestBodyAssociatedResourceTypeConfig.

func (*RequestBodyAssociatedResourceTypeConfig) DeepCopyInto added in v0.0.3 

func (in *RequestBodyAssociatedResourceTypeConfig) DeepCopyInto(out *RequestBodyAssociatedResourceTypeConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RequestInspection added in v0.0.2 

type RequestInspection struct {
	// The name of the field in the request payload that contains your customer's
	// password.
	//
	// This data type is used in the RequestInspection and RequestInspectionACFP
	// data types.
	PasswordField *PasswordField `json:"passwordField,omitempty"`
	PayloadType   *string        `json:"payloadType,omitempty"`
	// The name of the field in the request payload that contains your customer's
	// username.
	//
	// This data type is used in the RequestInspection and RequestInspectionACFP
	// data types.
	UsernameField *UsernameField `json:"usernameField,omitempty"`
}

The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.

This is part of the AWSManagedRulesATPRuleSet configuration in ManagedRuleGroupConfig.

In these settings, you specify how your application accepts login attempts by providing the request payload type and the names of the fields within the request body where the username and password are provided.

func (*RequestInspection) DeepCopy added in v0.0.2 

func (in *RequestInspection) DeepCopy() *RequestInspection

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestInspection.

func (*RequestInspection) DeepCopyInto added in v0.0.2 

func (in *RequestInspection) DeepCopyInto(out *RequestInspection)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RequestInspectionACFP added in v0.0.2 

type RequestInspectionACFP struct {
	AddressFields []*AddressField `json:"addressFields,omitempty"`
	// The name of the field in the request payload that contains your customer's
	// email.
	//
	// This data type is used in the RequestInspectionACFP data type.
	EmailField *EmailField `json:"emailField,omitempty"`
	// The name of the field in the request payload that contains your customer's
	// password.
	//
	// This data type is used in the RequestInspection and RequestInspectionACFP
	// data types.
	PasswordField     *PasswordField      `json:"passwordField,omitempty"`
	PayloadType       *string             `json:"payloadType,omitempty"`
	PhoneNumberFields []*PhoneNumberField `json:"phoneNumberFields,omitempty"`
	// The name of the field in the request payload that contains your customer's
	// username.
	//
	// This data type is used in the RequestInspection and RequestInspectionACFP
	// data types.
	UsernameField *UsernameField `json:"usernameField,omitempty"`
}

The criteria for inspecting account creation requests, used by the ACFP rule group to validate and track account creation attempts.

This is part of the AWSManagedRulesACFPRuleSet configuration in ManagedRuleGroupConfig.

In these settings, you specify how your application accepts account creation attempts by providing the request payload type and the names of the fields within the request body where the username, password, email, and primary address and phone number fields are provided.

func (*RequestInspectionACFP) DeepCopy added in v0.0.2 

func (in *RequestInspectionACFP) DeepCopy() *RequestInspectionACFP

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestInspectionACFP.

func (*RequestInspectionACFP) DeepCopyInto added in v0.0.2 

func (in *RequestInspectionACFP) DeepCopyInto(out *RequestInspectionACFP)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResourceType 

type ResourceType string
const (
	ResourceType_APPLICATION_LOAD_BALANCER ResourceType = "APPLICATION_LOAD_BALANCER"
	ResourceType_API_GATEWAY               ResourceType = "API_GATEWAY"
	ResourceType_APPSYNC                   ResourceType = "APPSYNC"
	ResourceType_COGNITO_USER_POOL         ResourceType = "COGNITO_USER_POOL"
	ResourceType_APP_RUNNER_SERVICE        ResourceType = "APP_RUNNER_SERVICE"
	ResourceType_VERIFIED_ACCESS_INSTANCE  ResourceType = "VERIFIED_ACCESS_INSTANCE"
)

type ResponseContentType 

type ResponseContentType string
const (
	ResponseContentType_TEXT_PLAIN       ResponseContentType = "TEXT_PLAIN"
	ResponseContentType_TEXT_HTML        ResponseContentType = "TEXT_HTML"
	ResponseContentType_APPLICATION_JSON ResponseContentType = "APPLICATION_JSON"
)

type ResponseInspection added in v0.0.2 

type ResponseInspection struct {
	// Configures inspection of the response body. WAF can inspect the first 65,536
	// bytes (64 KB) of the response body. This is part of the ResponseInspection
	// configuration for AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet.
	//
	// Response inspection is available only in web ACLs that protect Amazon CloudFront
	// distributions.
	BodyContains *ResponseInspectionBodyContains `json:"bodyContains,omitempty"`
	// Configures inspection of the response header. This is part of the ResponseInspection
	// configuration for AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet.
	//
	// Response inspection is available only in web ACLs that protect Amazon CloudFront
	// distributions.
	Header *ResponseInspectionHeader `json:"header,omitempty"`
	// Configures inspection of the response JSON. WAF can inspect the first 65,536
	// bytes (64 KB) of the response JSON. This is part of the ResponseInspection
	// configuration for AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet.
	//
	// Response inspection is available only in web ACLs that protect Amazon CloudFront
	// distributions.
	JSON *ResponseInspectionJSON `json:"json,omitempty"`
	// Configures inspection of the response status code. This is part of the ResponseInspection
	// configuration for AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet.
	//
	// Response inspection is available only in web ACLs that protect Amazon CloudFront
	// distributions.
	StatusCode *ResponseInspectionStatusCode `json:"statusCode,omitempty"`
}

The criteria for inspecting responses to login requests and account creation requests, used by the ATP and ACFP rule groups to track login and account creation success and failure rates.

Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.

The rule groups evaluates the responses that your protected resources send back to client login and account creation attempts, keeping count of successful and failed attempts from each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses with too much suspicious activity in a short amount of time.

This is part of the AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet configurations in ManagedRuleGroupConfig.

Enable response inspection by configuring exactly one component of the response to inspect, for example, Header or StatusCode. You can't configure more than one component for inspection. If you don't configure any of the response inspection options, response inspection is disabled.

func (*ResponseInspection) DeepCopy added in v0.0.2 

func (in *ResponseInspection) DeepCopy() *ResponseInspection

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResponseInspection.

func (*ResponseInspection) DeepCopyInto added in v0.0.2 

func (in *ResponseInspection) DeepCopyInto(out *ResponseInspection)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResponseInspectionBodyContains added in v0.0.2 

type ResponseInspectionBodyContains struct {
	FailureStrings []*string `json:"failureStrings,omitempty"`
	SuccessStrings []*string `json:"successStrings,omitempty"`
}

Configures inspection of the response body. WAF can inspect the first 65,536 bytes (64 KB) of the response body. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet.

Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.

func (*ResponseInspectionBodyContains) DeepCopy added in v0.0.2 

func (in *ResponseInspectionBodyContains) DeepCopy() *ResponseInspectionBodyContains

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResponseInspectionBodyContains.

func (*ResponseInspectionBodyContains) DeepCopyInto added in v0.0.2 

func (in *ResponseInspectionBodyContains) DeepCopyInto(out *ResponseInspectionBodyContains)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResponseInspectionHeader added in v0.0.2 

type ResponseInspectionHeader struct {
	FailureValues []*string `json:"failureValues,omitempty"`
	Name          *string   `json:"name,omitempty"`
	SuccessValues []*string `json:"successValues,omitempty"`
}

Configures inspection of the response header. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet.

Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.

func (*ResponseInspectionHeader) DeepCopy added in v0.0.2 

func (in *ResponseInspectionHeader) DeepCopy() *ResponseInspectionHeader

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResponseInspectionHeader.

func (*ResponseInspectionHeader) DeepCopyInto added in v0.0.2 

func (in *ResponseInspectionHeader) DeepCopyInto(out *ResponseInspectionHeader)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResponseInspectionJSON added in v0.0.2 

type ResponseInspectionJSON struct {
	FailureValues []*string `json:"failureValues,omitempty"`
	Identifier    *string   `json:"identifier,omitempty"`
	SuccessValues []*string `json:"successValues,omitempty"`
}

Configures inspection of the response JSON. WAF can inspect the first 65,536 bytes (64 KB) of the response JSON. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet.

Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.

func (*ResponseInspectionJSON) DeepCopy added in v0.0.2 

func (in *ResponseInspectionJSON) DeepCopy() *ResponseInspectionJSON

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResponseInspectionJSON.

func (*ResponseInspectionJSON) DeepCopyInto added in v0.0.2 

func (in *ResponseInspectionJSON) DeepCopyInto(out *ResponseInspectionJSON)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ResponseInspectionStatusCode added in v0.0.2 

type ResponseInspectionStatusCode struct {
	FailureCodes []*int64 `json:"failureCodes,omitempty"`
	SuccessCodes []*int64 `json:"successCodes,omitempty"`
}

Configures inspection of the response status code. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet and AWSManagedRulesACFPRuleSet.

Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.

func (*ResponseInspectionStatusCode) DeepCopy added in v0.0.2 

func (in *ResponseInspectionStatusCode) DeepCopy() *ResponseInspectionStatusCode

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ResponseInspectionStatusCode.

func (*ResponseInspectionStatusCode) DeepCopyInto added in v0.0.2 

func (in *ResponseInspectionStatusCode) DeepCopyInto(out *ResponseInspectionStatusCode)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Rule 

type Rule struct {
	// The action that WAF should take on a web request when it matches a rule's
	// statement. Settings at the web ACL level can override the rule action setting.
	Action *RuleAction `json:"action,omitempty"`
	// Specifies how WAF should handle CAPTCHA evaluations. This is available at
	// the web ACL level and in each rule.
	CaptchaConfig *CaptchaConfig `json:"captchaConfig,omitempty"`
	// Specifies how WAF should handle Challenge evaluations. This is available
	// at the web ACL level and in each rule.
	ChallengeConfig *ChallengeConfig `json:"challengeConfig,omitempty"`
	Name            *string          `json:"name,omitempty"`
	// The action to use in the place of the action that results from the rule group
	// evaluation. Set the override action to none to leave the result of the rule
	// group alone. Set it to count to override the result to count only.
	//
	// You can only use this for rule statements that reference a rule group, like
	// RuleGroupReferenceStatement and ManagedRuleGroupStatement.
	//
	// This option is usually set to none. It does not affect how the rules in the
	// rule group are evaluated. If you want the rules in the rule group to only
	// count matches, do not use this and instead use the rule action override option,
	// with Count action, in your rule group reference statement settings.
	OverrideAction *OverrideAction `json:"overrideAction,omitempty"`
	Priority       *int64          `json:"priority,omitempty"`
	RuleLabels     []*Label        `json:"ruleLabels,omitempty"`
	// The processing guidance for a Rule, used by WAF to determine whether a web
	// request matches the rule.
	//
	// For example specifications, see the examples section of CreateWebACL.
	Statement *Statement `json:"statement,omitempty"`
	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	VisibilityConfig *VisibilityConfig `json:"visibilityConfig,omitempty"`
}

A single rule, which you can use in a WebACL or RuleGroup to identify web requests that you want to manage in some way. Each rule includes one top-level Statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.

func (*Rule) DeepCopy 

func (in *Rule) DeepCopy() *Rule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Rule.

func (*Rule) DeepCopyInto 

func (in *Rule) DeepCopyInto(out *Rule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleAction added in v0.0.2 

type RuleAction struct {
	// Specifies that WAF should allow the request and optionally defines additional
	// custom handling for the request.
	//
	// This is used in the context of other settings, for example to specify values
	// for RuleAction and web ACL DefaultAction.
	Allow *AllowAction `json:"allow,omitempty"`
	// Specifies that WAF should block the request and optionally defines additional
	// custom handling for the response to the web request.
	//
	// This is used in the context of other settings, for example to specify values
	// for RuleAction and web ACL DefaultAction.
	Block *BlockAction `json:"block,omitempty"`
	// Specifies that WAF should run a CAPTCHA check against the request:
	//
	//    * If the request includes a valid, unexpired CAPTCHA token, WAF applies
	//    any custom request handling and labels that you've configured and then
	//    allows the web request inspection to proceed to the next rule, similar
	//    to a CountAction.
	//
	//    * If the request doesn't include a valid, unexpired token, WAF discontinues
	//    the web ACL evaluation of the request and blocks it from going to its
	//    intended destination. WAF generates a response that it sends back to the
	//    client, which includes the following: The header x-amzn-waf-action with
	//    a value of captcha. The HTTP status code 405 Method Not Allowed. If the
	//    request contains an Accept header with a value of text/html, the response
	//    includes a CAPTCHA JavaScript page interstitial.
	//
	// You can configure the expiration time in the CaptchaConfig ImmunityTimeProperty
	// setting at the rule and web ACL level. The rule setting overrides the web
	// ACL setting.
	//
	// This action option is available for rules. It isn't available for web ACL
	// default actions.
	Captcha *CaptchaAction `json:"captcha,omitempty"`
	// Specifies that WAF should run a Challenge check against the request to verify
	// that the request is coming from a legitimate client session:
	//
	//    * If the request includes a valid, unexpired challenge token, WAF applies
	//    any custom request handling and labels that you've configured and then
	//    allows the web request inspection to proceed to the next rule, similar
	//    to a CountAction.
	//
	//    * If the request doesn't include a valid, unexpired challenge token, WAF
	//    discontinues the web ACL evaluation of the request and blocks it from
	//    going to its intended destination. WAF then generates a challenge response
	//    that it sends back to the client, which includes the following: The header
	//    x-amzn-waf-action with a value of challenge. The HTTP status code 202
	//    Request Accepted. If the request contains an Accept header with a value
	//    of text/html, the response includes a JavaScript page interstitial with
	//    a challenge script. Challenges run silent browser interrogations in the
	//    background, and don't generally affect the end user experience. A challenge
	//    enforces token acquisition using an interstitial JavaScript challenge
	//    that inspects the client session for legitimate behavior. The challenge
	//    blocks bots or at least increases the cost of operating sophisticated
	//    bots. After the client session successfully responds to the challenge,
	//    it receives a new token from WAF, which the challenge script uses to resubmit
	//    the original request.
	//
	// You can configure the expiration time in the ChallengeConfig ImmunityTimeProperty
	// setting at the rule and web ACL level. The rule setting overrides the web
	// ACL setting.
	//
	// This action option is available for rules. It isn't available for web ACL
	// default actions.
	Challenge *ChallengeAction `json:"challenge,omitempty"`
	// Specifies that WAF should count the request. Optionally defines additional
	// custom handling for the request.
	//
	// This is used in the context of other settings, for example to specify values
	// for RuleAction and web ACL DefaultAction.
	Count *CountAction `json:"count,omitempty"`
}

The action that WAF should take on a web request when it matches a rule's statement. Settings at the web ACL level can override the rule action setting.

func (*RuleAction) DeepCopy added in v0.0.2 

func (in *RuleAction) DeepCopy() *RuleAction

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleAction.

func (*RuleAction) DeepCopyInto added in v0.0.2 

func (in *RuleAction) DeepCopyInto(out *RuleAction)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleActionOverride 

type RuleActionOverride struct {
	// The action that WAF should take on a web request when it matches a rule's
	// statement. Settings at the web ACL level can override the rule action setting.
	ActionToUse *RuleAction `json:"actionToUse,omitempty"`
	Name        *string     `json:"name,omitempty"`
}

Action setting to use in the place of a rule action that is configured inside the rule group. You specify one override for each rule whose action you want to change.

You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.

func (*RuleActionOverride) DeepCopy 

func (in *RuleActionOverride) DeepCopy() *RuleActionOverride

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleActionOverride.

func (*RuleActionOverride) DeepCopyInto 

func (in *RuleActionOverride) DeepCopyInto(out *RuleActionOverride)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleGroup 

type RuleGroup struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              RuleGroupSpec   `json:"spec,omitempty"`
	Status            RuleGroupStatus `json:"status,omitempty"`
}

RuleGroup is the Schema for the RuleGroups API +kubebuilder:object:root=true +kubebuilder:subresource:status

func (*RuleGroup) DeepCopy 

func (in *RuleGroup) DeepCopy() *RuleGroup

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleGroup.

func (*RuleGroup) DeepCopyInto 

func (in *RuleGroup) DeepCopyInto(out *RuleGroup)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RuleGroup) DeepCopyObject added in v0.0.2 

func (in *RuleGroup) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RuleGroupList added in v0.0.2 

type RuleGroupList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []RuleGroup `json:"items"`
}

RuleGroupList contains a list of RuleGroup +kubebuilder:object:root=true

func (*RuleGroupList) DeepCopy added in v0.0.2 

func (in *RuleGroupList) DeepCopy() *RuleGroupList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleGroupList.

func (*RuleGroupList) DeepCopyInto added in v0.0.2 

func (in *RuleGroupList) DeepCopyInto(out *RuleGroupList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*RuleGroupList) DeepCopyObject added in v0.0.2 

func (in *RuleGroupList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type RuleGroupReferenceStatement 

type RuleGroupReferenceStatement struct {
	ARN                 *string               `json:"arn,omitempty"`
	ExcludedRules       []*ExcludedRule       `json:"excludedRules,omitempty"`
	RuleActionOverrides []*RuleActionOverride `json:"ruleActionOverrides,omitempty"`
}

A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.

You cannot nest a RuleGroupReferenceStatement, for example for use inside a NotStatement or OrStatement. You cannot use a rule group reference statement inside another rule group. You can only reference a rule group as a top-level statement within a rule that you define in a web ACL.

func (*RuleGroupReferenceStatement) DeepCopy 

func (in *RuleGroupReferenceStatement) DeepCopy() *RuleGroupReferenceStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleGroupReferenceStatement.

func (*RuleGroupReferenceStatement) DeepCopyInto 

func (in *RuleGroupReferenceStatement) DeepCopyInto(out *RuleGroupReferenceStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleGroupSpec added in v0.0.2 

type RuleGroupSpec struct {

	// The web ACL capacity units (WCUs) required for this rule group.
	//
	// When you create your own rule group, you define this, and you cannot change
	// it after creation. When you add or modify the rules in a rule group, WAF
	// enforces this limit. You can check the capacity for a set of rules using
	// CheckCapacity.
	//
	// WAF uses WCUs to calculate and control the operating resources that are used
	// to run your rules, rule groups, and web ACLs. WAF calculates capacity differently
	// for each rule type, to reflect the relative cost of each rule. Simple rules
	// that cost little to run use fewer WCUs than more complex rules that use more
	// processing power. Rule group capacity is fixed at creation, which helps users
	// plan their web ACL WCU usage when they use a rule group. For more information,
	// see WAF web ACL capacity units (WCU) (https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html)
	// in the WAF Developer Guide.
	// +kubebuilder:validation:Required
	Capacity *int64 `json:"capacity"`
	// A map of custom response keys and content bodies. When you create a rule
	// with a block action, you can send a custom response to the web request. You
	// define these for the rule group, and then use them in the rules that you
	// define in the rule group.
	//
	// For information about customizing web requests and responses, see Customizing
	// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide.
	//
	// For information about the limits on count and size for custom request and
	// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
	// in the WAF Developer Guide.
	CustomResponseBodies map[string]*CustomResponseBody `json:"customResponseBodies,omitempty"`
	// A description of the rule group that helps with identification.
	Description *string `json:"description,omitempty"`
	// The name of the rule group. You cannot change the name of a rule group after
	// you create it.
	// +kubebuilder:validation:Required
	Name *string `json:"name"`
	// The Rule statements used to identify the web requests that you want to manage.
	// Each rule includes one top-level statement that WAF uses to identify matching
	// web requests, and parameters that govern how WAF handles them.
	Rules []*Rule `json:"rules,omitempty"`
	// Specifies whether this is for an Amazon CloudFront distribution or for a
	// regional application. A regional application can be an Application Load Balancer
	// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
	// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
	// Access instance.
	//
	// To work with CloudFront, you must also specify the Region US East (N. Virginia)
	// as follows:
	//
	//   - CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
	//     --region=us-east-1.
	//
	//   - API and SDKs - For all calls, use the Region endpoint us-east-1.
	//
	// +kubebuilder:validation:Required
	Scope *string `json:"scope"`
	// An array of key:value pairs to associate with the resource.
	Tags []*Tag `json:"tags,omitempty"`
	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	// +kubebuilder:validation:Required
	VisibilityConfig *VisibilityConfig `json:"visibilityConfig"`
}

RuleGroupSpec defines the desired state of RuleGroup.

A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.

func (*RuleGroupSpec) DeepCopy added in v0.0.2 

func (in *RuleGroupSpec) DeepCopy() *RuleGroupSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleGroupSpec.

func (*RuleGroupSpec) DeepCopyInto added in v0.0.2 

func (in *RuleGroupSpec) DeepCopyInto(out *RuleGroupSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleGroupStatus added in v0.0.2 

type RuleGroupStatus struct {
	// All CRs managed by ACK have a common `Status.ACKResourceMetadata` member
	// that is used to contain resource sync state, account ownership,
	// constructed ARN for the resource
	// +kubebuilder:validation:Optional
	ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"`
	// All CRS managed by ACK have a common `Status.Conditions` member that
	// contains a collection of `ackv1alpha1.Condition` objects that describe
	// the various terminal states of the CR and its backend AWS service API
	// resource
	// +kubebuilder:validation:Optional
	Conditions []*ackv1alpha1.Condition `json:"conditions"`
	// A unique identifier for the rule group. This ID is returned in the responses
	// to create and list commands. You provide it to operations like update and
	// delete.
	// +kubebuilder:validation:Optional
	ID *string `json:"id,omitempty"`
	// A token used for optimistic locking. WAF returns a token to your get and
	// list requests, to mark the state of the entity at the time of the request.
	// To make changes to the entity associated with the token, you provide the
	// token to operations like update and delete. WAF uses the token to ensure
	// that no changes have been made to the entity since you last retrieved it.
	// If a change has been made, the update fails with a WAFOptimisticLockException.
	// If this happens, perform another get, and use the new token returned by that
	// operation.
	// +kubebuilder:validation:Optional
	LockToken *string `json:"lockToken,omitempty"`
}

RuleGroupStatus defines the observed state of RuleGroup

func (*RuleGroupStatus) DeepCopy added in v0.0.2 

func (in *RuleGroupStatus) DeepCopy() *RuleGroupStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleGroupStatus.

func (*RuleGroupStatus) DeepCopyInto added in v0.0.2 

func (in *RuleGroupStatus) DeepCopyInto(out *RuleGroupStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleGroupSummary 

type RuleGroupSummary struct {
	ARN         *string `json:"arn,omitempty"`
	Description *string `json:"description,omitempty"`
	ID          *string `json:"id,omitempty"`
	LockToken   *string `json:"lockToken,omitempty"`
	Name        *string `json:"name,omitempty"`
}

High-level information about a RuleGroup, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a RuleGroup, and the ARN, that you provide to the RuleGroupReferenceStatement to use the rule group in a Rule.

func (*RuleGroupSummary) DeepCopy 

func (in *RuleGroupSummary) DeepCopy() *RuleGroupSummary

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleGroupSummary.

func (*RuleGroupSummary) DeepCopyInto 

func (in *RuleGroupSummary) DeepCopyInto(out *RuleGroupSummary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleGroup_SDK added in v0.0.2 

type RuleGroup_SDK struct {
	ARN                  *string                        `json:"arn,omitempty"`
	AvailableLabels      []*LabelSummary                `json:"availableLabels,omitempty"`
	Capacity             *int64                         `json:"capacity,omitempty"`
	ConsumedLabels       []*LabelSummary                `json:"consumedLabels,omitempty"`
	CustomResponseBodies map[string]*CustomResponseBody `json:"customResponseBodies,omitempty"`
	Description          *string                        `json:"description,omitempty"`
	ID                   *string                        `json:"id,omitempty"`
	LabelNamespace       *string                        `json:"labelNamespace,omitempty"`
	Name                 *string                        `json:"name,omitempty"`
	Rules                []*Rule                        `json:"rules,omitempty"`
	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	VisibilityConfig *VisibilityConfig `json:"visibilityConfig,omitempty"`
}

A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.

func (*RuleGroup_SDK) DeepCopy added in v0.0.2 

func (in *RuleGroup_SDK) DeepCopy() *RuleGroup_SDK

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleGroup_SDK.

func (*RuleGroup_SDK) DeepCopyInto added in v0.0.2 

func (in *RuleGroup_SDK) DeepCopyInto(out *RuleGroup_SDK)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type RuleSummary 

type RuleSummary struct {
	// The action that WAF should take on a web request when it matches a rule's
	// statement. Settings at the web ACL level can override the rule action setting.
	Action *RuleAction `json:"action,omitempty"`
	Name   *string     `json:"name,omitempty"`
}

High-level information about a Rule, returned by operations like DescribeManagedRuleGroup. This provides information like the ID, that you can use to retrieve and manage a RuleGroup, and the ARN, that you provide to the RuleGroupReferenceStatement to use the rule group in a Rule.

func (*RuleSummary) DeepCopy 

func (in *RuleSummary) DeepCopy() *RuleSummary

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleSummary.

func (*RuleSummary) DeepCopyInto 

func (in *RuleSummary) DeepCopyInto(out *RuleSummary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SQLIMatchStatement added in v0.0.2 

type SQLIMatchStatement struct {
	// Specifies a web request component to be used in a rule match statement or
	// in a logging configuration.
	//
	//    * In a rule statement, this is the part of the web request that you want
	//    WAF to inspect. Include the single FieldToMatch type that you want to
	//    inspect, with additional specifications as needed, according to the type.
	//    You specify a single request component in FieldToMatch for each rule statement
	//    that requires it. To inspect more than one component of the web request,
	//    create a separate rule statement for each component. Example JSON for
	//    a QueryString field to match: "FieldToMatch": { "QueryString": {} } Example
	//    JSON for a Method field to match specification: "FieldToMatch": { "Method":
	//    { "Name": "DELETE" } }
	//
	//    * In a logging configuration, this is used in the RedactedFields property
	//    to specify a field to redact from the logging records. For this use case,
	//    note the following: Even though all FieldToMatch settings are available,
	//    the only valid settings for field redaction are UriPath, QueryString,
	//    SingleHeader, and Method. In this documentation, the descriptions of the
	//    individual fields talk about specifying the web request component to inspect,
	//    but for field redaction, you are specifying the component type to redact
	//    from the logs.
	FieldToMatch        *FieldToMatch         `json:"fieldToMatch,omitempty"`
	SensitivityLevel    *string               `json:"sensitivityLevel,omitempty"`
	TextTransformations []*TextTransformation `json:"textTransformations,omitempty"`
}

A rule statement that inspects for malicious SQL code. Attackers insert malicious SQL code into web requests to do things like modify your database or extract data from it.

func (*SQLIMatchStatement) DeepCopy added in v0.0.2 

func (in *SQLIMatchStatement) DeepCopy() *SQLIMatchStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SQLIMatchStatement.

func (*SQLIMatchStatement) DeepCopyInto added in v0.0.2 

func (in *SQLIMatchStatement) DeepCopyInto(out *SQLIMatchStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SampledHTTPRequest 

type SampledHTTPRequest struct {
	Labels                  []*Label `json:"labels,omitempty"`
	ResponseCodeSent        *int64   `json:"responseCodeSent,omitempty"`
	RuleNameWithinRuleGroup *string  `json:"ruleNameWithinRuleGroup,omitempty"`
}

Represents a single sampled web request. The response from GetSampledRequests includes a SampledHTTPRequests complex type that appears as SampledRequests in the response syntax. SampledHTTPRequests contains an array of SampledHTTPRequest objects.

func (*SampledHTTPRequest) DeepCopy 

func (in *SampledHTTPRequest) DeepCopy() *SampledHTTPRequest

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SampledHTTPRequest.

func (*SampledHTTPRequest) DeepCopyInto 

func (in *SampledHTTPRequest) DeepCopyInto(out *SampledHTTPRequest)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Scope 

type Scope string
const (
	Scope_CLOUDFRONT Scope = "CLOUDFRONT"
	Scope_REGIONAL   Scope = "REGIONAL"
)

type SensitivityLevel 

type SensitivityLevel string
const (
	SensitivityLevel_LOW  SensitivityLevel = "LOW"
	SensitivityLevel_HIGH SensitivityLevel = "HIGH"
)

type SingleHeader added in v0.0.2 

type SingleHeader struct {
	Name *string `json:"name,omitempty"`
}

Inspect one of the headers in the web request, identified by name, for example, User-Agent or Referer. The name isn't case sensitive.

You can filter and inspect all headers with the FieldToMatch setting Headers.

This is used to indicate the web request component to inspect, in the FieldToMatch specification.

Example JSON: "SingleHeader": { "Name": "haystack" }

func (*SingleHeader) DeepCopy added in v0.0.2 

func (in *SingleHeader) DeepCopy() *SingleHeader

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SingleHeader.

func (*SingleHeader) DeepCopyInto added in v0.0.2 

func (in *SingleHeader) DeepCopyInto(out *SingleHeader)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SingleQueryArgument added in v0.0.2 

type SingleQueryArgument struct {
	Name *string `json:"name,omitempty"`
}

Inspect one query argument in the web request, identified by name, for example UserName or SalesRegion. The name isn't case sensitive.

This is used to indicate the web request component to inspect, in the FieldToMatch specification.

Example JSON: "SingleQueryArgument": { "Name": "myArgument" }

func (*SingleQueryArgument) DeepCopy added in v0.0.2 

func (in *SingleQueryArgument) DeepCopy() *SingleQueryArgument

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SingleQueryArgument.

func (*SingleQueryArgument) DeepCopyInto added in v0.0.2 

func (in *SingleQueryArgument) DeepCopyInto(out *SingleQueryArgument)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SizeConstraintStatement added in v0.0.2 

type SizeConstraintStatement struct {
	ComparisonOperator *string `json:"comparisonOperator,omitempty"`
	// Specifies a web request component to be used in a rule match statement or
	// in a logging configuration.
	//
	//    * In a rule statement, this is the part of the web request that you want
	//    WAF to inspect. Include the single FieldToMatch type that you want to
	//    inspect, with additional specifications as needed, according to the type.
	//    You specify a single request component in FieldToMatch for each rule statement
	//    that requires it. To inspect more than one component of the web request,
	//    create a separate rule statement for each component. Example JSON for
	//    a QueryString field to match: "FieldToMatch": { "QueryString": {} } Example
	//    JSON for a Method field to match specification: "FieldToMatch": { "Method":
	//    { "Name": "DELETE" } }
	//
	//    * In a logging configuration, this is used in the RedactedFields property
	//    to specify a field to redact from the logging records. For this use case,
	//    note the following: Even though all FieldToMatch settings are available,
	//    the only valid settings for field redaction are UriPath, QueryString,
	//    SingleHeader, and Method. In this documentation, the descriptions of the
	//    individual fields talk about specifying the web request component to inspect,
	//    but for field redaction, you are specifying the component type to redact
	//    from the logs.
	FieldToMatch        *FieldToMatch         `json:"fieldToMatch,omitempty"`
	Size                *int64                `json:"size,omitempty"`
	TextTransformations []*TextTransformation `json:"textTransformations,omitempty"`
}

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

If you configure WAF to inspect the request body, WAF inspects only the number of bytes in the body up to the limit for the web ACL and protected resource type. If you know that the request body for your web requests should never exceed the inspection limit, you can use a size constraint statement to block requests that have a larger request body size. For more information about the inspection limits, see Body and JsonBody settings for the FieldToMatch data type.

If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

func (*SizeConstraintStatement) DeepCopy added in v0.0.2 

func (in *SizeConstraintStatement) DeepCopy() *SizeConstraintStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SizeConstraintStatement.

func (*SizeConstraintStatement) DeepCopyInto added in v0.0.2 

func (in *SizeConstraintStatement) DeepCopyInto(out *SizeConstraintStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SizeInspectionLimit 

type SizeInspectionLimit string
const (
	SizeInspectionLimit_KB_16 SizeInspectionLimit = "KB_16"
	SizeInspectionLimit_KB_32 SizeInspectionLimit = "KB_32"
	SizeInspectionLimit_KB_48 SizeInspectionLimit = "KB_48"
	SizeInspectionLimit_KB_64 SizeInspectionLimit = "KB_64"
)

type Statement added in v0.0.2 

type Statement struct {
	AndStatement *string `json:"andStatement,omitempty"`
	// A rule statement that defines a string match search for WAF to apply to web
	// requests. The byte match statement provides the bytes to search for, the
	// location in requests that you want WAF to search, and other settings. The
	// bytes to search for are typically a string that corresponds with ASCII characters.
	// In the WAF console and the developer guide, this is called a string match
	// statement.
	ByteMatchStatement *ByteMatchStatement `json:"byteMatchStatement,omitempty"`
	// A rule statement that labels web requests by country and region and that
	// matches against web requests based on country code. A geo match rule labels
	// every request that it inspects regardless of whether it finds a match.
	//
	//    * To manage requests only by country, you can use this statement by itself
	//    and specify the countries that you want to match against in the CountryCodes
	//    array.
	//
	//    * Otherwise, configure your geo match rule with Count action so that it
	//    only labels requests. Then, add one or more label match rules to run after
	//    the geo match rule and configure them to match against the geographic
	//    labels and handle the requests as needed.
	//
	// WAF labels requests using the alpha-2 country and region codes from the International
	// Organization for Standardization (ISO) 3166 standard. WAF determines the
	// codes using either the IP address in the web request origin or, if you specify
	// it, the address in the geo match ForwardedIPConfig.
	//
	// If you use the web request origin, the label formats are awswaf:clientip:geo:region:<ISO
	// country code>-<ISO region code> and awswaf:clientip:geo:country:<ISO country
	// code>.
	//
	// If you use a forwarded IP address, the label formats are awswaf:forwardedip:geo:region:<ISO
	// country code>-<ISO region code> and awswaf:forwardedip:geo:country:<ISO country
	// code>.
	//
	// For additional details, see Geographic match rule statement (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html)
	// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
	GeoMatchStatement *GeoMatchStatement `json:"geoMatchStatement,omitempty"`
	// A rule statement used to detect web requests coming from particular IP addresses
	// or address ranges. To use this, create an IPSet that specifies the addresses
	// you want to detect, then use the ARN of that set in this statement. To create
	// an IP set, see CreateIPSet.
	//
	// Each IP set rule statement references an IP set. You create and maintain
	// the set independent of your rules. This allows you to use the single set
	// in multiple rules. When you update the referenced set, WAF automatically
	// updates all rules that reference it.
	IPSetReferenceStatement *IPSetReferenceStatement `json:"ipSetReferenceStatement,omitempty"`
	// A rule statement to match against labels that have been added to the web
	// request by rules that have already run in the web ACL.
	//
	// The label match statement provides the label or namespace string to search
	// for. The label string can represent a part or all of the fully qualified
	// label name that had been added to the web request. Fully qualified labels
	// have a prefix, optional namespaces, and label name. The prefix identifies
	// the rule group or web ACL context of the rule that added the label. If you
	// do not provide the fully qualified name in your label match string, WAF performs
	// the search for labels that were added in the same context as the label match
	// statement.
	LabelMatchStatement *LabelMatchStatement `json:"labelMatchStatement,omitempty"`
	// A rule statement used to run the rules that are defined in a managed rule
	// group. To use this, provide the vendor name and the name of the rule group
	// in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
	//
	// You cannot nest a ManagedRuleGroupStatement, for example for use inside a
	// NotStatement or OrStatement. You cannot use a managed rule group inside another
	// rule group. You can only reference a managed rule group as a top-level statement
	// within a rule that you define in a web ACL.
	//
	// You are charged additional fees when you use the WAF Bot Control managed
	// rule group AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account
	// takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet, or
	// the WAF Fraud Control account creation fraud prevention (ACFP) managed rule
	// group AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing (http://aws.amazon.com/waf/pricing/).
	ManagedRuleGroupStatement *ManagedRuleGroupStatement `json:"managedRuleGroupStatement,omitempty"`
	NotStatement              *string                    `json:"notStatement,omitempty"`
	OrStatement               *string                    `json:"orStatement,omitempty"`
	// A rate-based rule counts incoming requests and rate limits requests when
	// they are coming at too fast a rate. The rule categorizes requests according
	// to your aggregation criteria, collects them into aggregation instances, and
	// counts and rate limits the requests for each instance.
	//
	// If you change any of these settings in a rule that's currently in use, the
	// change resets the rule's rate limiting counts. This can pause the rule's
	// rate limiting activities for up to a minute.
	//
	// You can specify individual aggregation keys, like IP address or HTTP method.
	// You can also specify aggregation key combinations, like IP address and HTTP
	// method, or HTTP method, query argument, and cookie.
	//
	// Each unique set of values for the aggregation keys that you specify is a
	// separate aggregation instance, with the value from each key contributing
	// to the aggregation instance definition.
	//
	// For example, assume the rule evaluates web requests with the following IP
	// address and HTTP method values:
	//
	//    * IP address 10.1.1.1, HTTP method POST
	//
	//    * IP address 10.1.1.1, HTTP method GET
	//
	//    * IP address 127.0.0.0, HTTP method POST
	//
	//    * IP address 10.1.1.1, HTTP method GET
	//
	// The rule would create different aggregation instances according to your aggregation
	// criteria, for example:
	//
	//    * If the aggregation criteria is just the IP address, then each individual
	//    address is an aggregation instance, and WAF counts requests separately
	//    for each. The aggregation instances and request counts for our example
	//    would be the following: IP address 10.1.1.1: count 3 IP address 127.0.0.0:
	//    count 1
	//
	//    * If the aggregation criteria is HTTP method, then each individual HTTP
	//    method is an aggregation instance. The aggregation instances and request
	//    counts for our example would be the following: HTTP method POST: count
	//    2 HTTP method GET: count 2
	//
	//    * If the aggregation criteria is IP address and HTTP method, then each
	//    IP address and each HTTP method would contribute to the combined aggregation
	//    instance. The aggregation instances and request counts for our example
	//    would be the following: IP address 10.1.1.1, HTTP method POST: count 1
	//    IP address 10.1.1.1, HTTP method GET: count 2 IP address 127.0.0.0, HTTP
	//    method POST: count 1
	//
	// For any n-tuple of aggregation keys, each unique combination of values for
	// the keys defines a separate aggregation instance, which WAF counts and rate-limits
	// individually.
	//
	// You can optionally nest another statement inside the rate-based statement,
	// to narrow the scope of the rule so that it only counts and rate limits requests
	// that match the nested statement. You can use this nested scope-down statement
	// in conjunction with your aggregation key specifications or you can just count
	// and rate limit all requests that match the scope-down statement, without
	// additional aggregation. When you choose to just manage all requests that
	// match a scope-down statement, the aggregation instance is singular for the
	// rule.
	//
	// You cannot nest a RateBasedStatement inside another statement, for example
	// inside a NotStatement or OrStatement. You can define a RateBasedStatement
	// inside a web ACL and inside a rule group.
	//
	// For additional information about the options, see Rate limiting web requests
	// using rate-based rules (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rate-based-rules.html)
	// in the WAF Developer Guide.
	//
	// If you only aggregate on the individual IP address or forwarded IP address,
	// you can retrieve the list of IP addresses that WAF is currently rate limiting
	// for a rule through the API call GetRateBasedStatementManagedKeys. This option
	// is not available for other aggregation configurations.
	//
	// WAF tracks and manages web requests separately for each instance of a rate-based
	// rule that you use. For example, if you provide the same rate-based rule settings
	// in two web ACLs, each of the two rule statements represents a separate instance
	// of the rate-based rule and gets its own tracking and management by WAF. If
	// you define a rate-based rule inside a rule group, and then use that rule
	// group in multiple places, each use creates a separate instance of the rate-based
	// rule that gets its own tracking and management by WAF.
	RateBasedStatement *RateBasedStatement `json:"rateBasedStatement,omitempty"`
	// A rule statement used to search web request components for a match against
	// a single regular expression.
	RegexMatchStatement *RegexMatchStatement `json:"regexMatchStatement,omitempty"`
	// A rule statement used to search web request components for matches with regular
	// expressions. To use this, create a RegexPatternSet that specifies the expressions
	// that you want to detect, then use the ARN of that set in this statement.
	// A web request matches the pattern set rule statement if the request component
	// matches any of the patterns in the set. To create a regex pattern set, see
	// CreateRegexPatternSet.
	//
	// Each regex pattern set rule statement references a regex pattern set. You
	// create and maintain the set independent of your rules. This allows you to
	// use the single set in multiple rules. When you update the referenced set,
	// WAF automatically updates all rules that reference it.
	RegexPatternSetReferenceStatement *RegexPatternSetReferenceStatement `json:"regexPatternSetReferenceStatement,omitempty"`
	// A rule statement used to run the rules that are defined in a RuleGroup. To
	// use this, create a rule group with your rules, then provide the ARN of the
	// rule group in this statement.
	//
	// You cannot nest a RuleGroupReferenceStatement, for example for use inside
	// a NotStatement or OrStatement. You cannot use a rule group reference statement
	// inside another rule group. You can only reference a rule group as a top-level
	// statement within a rule that you define in a web ACL.
	RuleGroupReferenceStatement *RuleGroupReferenceStatement `json:"ruleGroupReferenceStatement,omitempty"`
	// A rule statement that compares a number of bytes against the size of a request
	// component, using a comparison operator, such as greater than (>) or less
	// than (<). For example, you can use a size constraint statement to look for
	// query strings that are longer than 100 bytes.
	//
	// If you configure WAF to inspect the request body, WAF inspects only the number
	// of bytes in the body up to the limit for the web ACL and protected resource
	// type. If you know that the request body for your web requests should never
	// exceed the inspection limit, you can use a size constraint statement to block
	// requests that have a larger request body size. For more information about
	// the inspection limits, see Body and JsonBody settings for the FieldToMatch
	// data type.
	//
	// If you choose URI for the value of Part of the request to filter on, the
	// slash (/) in the URI counts as one character. For example, the URI /logo.jpg
	// is nine characters long.
	SizeConstraintStatement *SizeConstraintStatement `json:"sizeConstraintStatement,omitempty"`
	// A rule statement that inspects for malicious SQL code. Attackers insert malicious
	// SQL code into web requests to do things like modify your database or extract
	// data from it.
	SQLIMatchStatement *SQLIMatchStatement `json:"sqliMatchStatement,omitempty"`
	// A rule statement that inspects for cross-site scripting (XSS) attacks. In
	// XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle
	// to inject malicious client-site scripts into other legitimate web browsers.
	XSSMatchStatement *XSSMatchStatement `json:"xssMatchStatement,omitempty"`
}

The processing guidance for a Rule, used by WAF to determine whether a web request matches the rule.

For example specifications, see the examples section of CreateWebACL.

func (*Statement) DeepCopy added in v0.0.2 

func (in *Statement) DeepCopy() *Statement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Statement.

func (*Statement) DeepCopyInto added in v0.0.2 

func (in *Statement) DeepCopyInto(out *Statement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Tag 

type Tag struct {
	Key   *string `json:"key,omitempty"`
	Value *string `json:"value,omitempty"`
}

A tag associated with an Amazon Web Services resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing or other management. Typically, the tag key represents a category, such as "environment", and the tag value represents a specific value within that category, such as "test," "development," or "production". Or you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.

You can tag the Amazon Web Services resources that you manage through WAF: web ACLs, rule groups, IP sets, and regex pattern sets. You can't manage or view tags through the WAF console.

func (*Tag) DeepCopy 

func (in *Tag) DeepCopy() *Tag

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Tag.

func (*Tag) DeepCopyInto 

func (in *Tag) DeepCopyInto(out *Tag)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TagInfoForResource 

type TagInfoForResource struct {
	ResourceARN *string `json:"resourceARN,omitempty"`
	TagList     []*Tag  `json:"tagList,omitempty"`
}

The collection of tagging definitions for an Amazon Web Services resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing or other management. Typically, the tag key represents a category, such as "environment", and the tag value represents a specific value within that category, such as "test," "development," or "production". Or you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.

You can tag the Amazon Web Services resources that you manage through WAF: web ACLs, rule groups, IP sets, and regex pattern sets. You can't manage or view tags through the WAF console.

func (*TagInfoForResource) DeepCopy 

func (in *TagInfoForResource) DeepCopy() *TagInfoForResource

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TagInfoForResource.

func (*TagInfoForResource) DeepCopyInto 

func (in *TagInfoForResource) DeepCopyInto(out *TagInfoForResource)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TextTransformation added in v0.0.2 

type TextTransformation struct {
	Priority *int64  `json:"priority,omitempty"`
	Type     *string `json:"type,omitempty"`
}

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.

func (*TextTransformation) DeepCopy added in v0.0.2 

func (in *TextTransformation) DeepCopy() *TextTransformation

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TextTransformation.

func (*TextTransformation) DeepCopyInto added in v0.0.2 

func (in *TextTransformation) DeepCopyInto(out *TextTransformation)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TextTransformationType 

type TextTransformationType string
const (
	TextTransformationType_NONE                 TextTransformationType = "NONE"
	TextTransformationType_COMPRESS_WHITE_SPACE TextTransformationType = "COMPRESS_WHITE_SPACE"
	TextTransformationType_HTML_ENTITY_DECODE   TextTransformationType = "HTML_ENTITY_DECODE"
	TextTransformationType_LOWERCASE            TextTransformationType = "LOWERCASE"
	TextTransformationType_CMD_LINE             TextTransformationType = "CMD_LINE"
	TextTransformationType_URL_DECODE           TextTransformationType = "URL_DECODE"
	TextTransformationType_BASE64_DECODE        TextTransformationType = "BASE64_DECODE"
	TextTransformationType_HEX_DECODE           TextTransformationType = "HEX_DECODE"
	TextTransformationType_MD5                  TextTransformationType = "MD5"
	TextTransformationType_REPLACE_COMMENTS     TextTransformationType = "REPLACE_COMMENTS"
	TextTransformationType_ESCAPE_SEQ_DECODE    TextTransformationType = "ESCAPE_SEQ_DECODE"
	TextTransformationType_SQL_HEX_DECODE       TextTransformationType = "SQL_HEX_DECODE"
	TextTransformationType_CSS_DECODE           TextTransformationType = "CSS_DECODE"
	TextTransformationType_JS_DECODE            TextTransformationType = "JS_DECODE"
	TextTransformationType_NORMALIZE_PATH       TextTransformationType = "NORMALIZE_PATH"
	TextTransformationType_NORMALIZE_PATH_WIN   TextTransformationType = "NORMALIZE_PATH_WIN"
	TextTransformationType_REMOVE_NULLS         TextTransformationType = "REMOVE_NULLS"
	TextTransformationType_REPLACE_NULLS        TextTransformationType = "REPLACE_NULLS"
	TextTransformationType_BASE64_DECODE_EXT    TextTransformationType = "BASE64_DECODE_EXT"
	TextTransformationType_URL_DECODE_UNI       TextTransformationType = "URL_DECODE_UNI"
	TextTransformationType_UTF8_TO_UNICODE      TextTransformationType = "UTF8_TO_UNICODE"
)

type UsernameField added in v0.0.2 

type UsernameField struct {
	Identifier *string `json:"identifier,omitempty"`
}

The name of the field in the request payload that contains your customer's username.

This data type is used in the RequestInspection and RequestInspectionACFP data types.

func (*UsernameField) DeepCopy added in v0.0.2 

func (in *UsernameField) DeepCopy() *UsernameField

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UsernameField.

func (*UsernameField) DeepCopyInto added in v0.0.2 

func (in *UsernameField) DeepCopyInto(out *UsernameField)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VersionToPublish 

type VersionToPublish struct {
	AssociatedRuleGroupARN *string `json:"associatedRuleGroupARN,omitempty"`
}

A version of the named managed rule group, that the rule group's vendor publishes for use by customers.

This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.

Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.

func (*VersionToPublish) DeepCopy 

func (in *VersionToPublish) DeepCopy() *VersionToPublish

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VersionToPublish.

func (*VersionToPublish) DeepCopyInto 

func (in *VersionToPublish) DeepCopyInto(out *VersionToPublish)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type VisibilityConfig added in v0.0.2 

type VisibilityConfig struct {
	CloudWatchMetricsEnabled *bool   `json:"cloudWatchMetricsEnabled,omitempty"`
	MetricName               *string `json:"metricName,omitempty"`
	SampledRequestsEnabled   *bool   `json:"sampledRequestsEnabled,omitempty"`
}

Defines and enables Amazon CloudWatch metrics and web request sample collection.

func (*VisibilityConfig) DeepCopy added in v0.0.2 

func (in *VisibilityConfig) DeepCopy() *VisibilityConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VisibilityConfig.

func (*VisibilityConfig) DeepCopyInto added in v0.0.2 

func (in *VisibilityConfig) DeepCopyInto(out *VisibilityConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebACL 

type WebACL struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`
	Spec              WebACLSpec   `json:"spec,omitempty"`
	Status            WebACLStatus `json:"status,omitempty"`
}

WebACL is the Schema for the WebACLS API +kubebuilder:object:root=true +kubebuilder:subresource:status

func (*WebACL) DeepCopy 

func (in *WebACL) DeepCopy() *WebACL

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebACL.

func (*WebACL) DeepCopyInto 

func (in *WebACL) DeepCopyInto(out *WebACL)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WebACL) DeepCopyObject added in v0.0.3 

func (in *WebACL) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type WebACLList added in v0.0.3 

type WebACLList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []WebACL `json:"items"`
}

WebACLList contains a list of WebACL +kubebuilder:object:root=true

func (*WebACLList) DeepCopy added in v0.0.3 

func (in *WebACLList) DeepCopy() *WebACLList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebACLList.

func (*WebACLList) DeepCopyInto added in v0.0.3 

func (in *WebACLList) DeepCopyInto(out *WebACLList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WebACLList) DeepCopyObject added in v0.0.3 

func (in *WebACLList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type WebACLSpec added in v0.0.3 

type WebACLSpec struct {

	// Specifies custom configurations for the associations between the web ACL
	// and protected resources.
	//
	// Use this to customize the maximum size of the request body that your protected
	// resources forward to WAF for inspection. You can customize this setting for
	// CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources.
	// The default setting is 16 KB (16,384 bytes).
	//
	// You are charged additional fees when your protected resources forward body
	// sizes that are larger than the default. For more information, see WAF Pricing
	// (http://aws.amazon.com/waf/pricing/).
	//
	// For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192
	// bytes).
	AssociationConfig *AssociationConfig `json:"associationConfig,omitempty"`
	// Specifies how WAF should handle CAPTCHA evaluations for rules that don't
	// have their own CaptchaConfig settings. If you don't specify this, WAF uses
	// its default settings for CaptchaConfig.
	CaptchaConfig *CaptchaConfig `json:"captchaConfig,omitempty"`
	// Specifies how WAF should handle challenge evaluations for rules that don't
	// have their own ChallengeConfig settings. If you don't specify this, WAF uses
	// its default settings for ChallengeConfig.
	ChallengeConfig *ChallengeConfig `json:"challengeConfig,omitempty"`
	// A map of custom response keys and content bodies. When you create a rule
	// with a block action, you can send a custom response to the web request. You
	// define these for the web ACL, and then use them in the rules and default
	// actions that you define in the web ACL.
	//
	// For information about customizing web requests and responses, see Customizing
	// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide.
	//
	// For information about the limits on count and size for custom request and
	// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
	// in the WAF Developer Guide.
	CustomResponseBodies map[string]*CustomResponseBody `json:"customResponseBodies,omitempty"`
	// The action to perform if none of the Rules contained in the WebACL match.
	// +kubebuilder:validation:Required
	DefaultAction *DefaultAction `json:"defaultAction"`
	// A description of the web ACL that helps with identification.
	Description *string `json:"description,omitempty"`
	// The name of the web ACL. You cannot change the name of a web ACL after you
	// create it.
	// +kubebuilder:validation:Required
	Name *string `json:"name"`
	// The Rule statements used to identify the web requests that you want to manage.
	// Each rule includes one top-level statement that WAF uses to identify matching
	// web requests, and parameters that govern how WAF handles them.
	Rules []*Rule `json:"rules,omitempty"`
	// Specifies whether this is for an Amazon CloudFront distribution or for a
	// regional application. A regional application can be an Application Load Balancer
	// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
	// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
	// Access instance.
	//
	// To work with CloudFront, you must also specify the Region US East (N. Virginia)
	// as follows:
	//
	//   - CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
	//     --region=us-east-1.
	//
	//   - API and SDKs - For all calls, use the Region endpoint us-east-1.
	//
	// +kubebuilder:validation:Required
	Scope *string `json:"scope"`
	// An array of key:value pairs to associate with the resource.
	Tags []*Tag `json:"tags,omitempty"`
	// Specifies the domains that WAF should accept in a web request token. This
	// enables the use of tokens across multiple protected websites. When WAF provides
	// a token, it uses the domain of the Amazon Web Services resource that the
	// web ACL is protecting. If you don't specify a list of token domains, WAF
	// accepts tokens only for the domain of the protected resource. With a token
	// domain list, WAF accepts the resource's host domain plus all domains in the
	// token domain list, including their prefixed subdomains.
	//
	// Example JSON: "TokenDomains": { "mywebsite.com", "myotherwebsite.com" }
	//
	// Public suffixes aren't allowed. For example, you can't use gov.au or co.uk
	// as token domains.
	TokenDomains []*string `json:"tokenDomains,omitempty"`
	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	// +kubebuilder:validation:Required
	VisibilityConfig *VisibilityConfig `json:"visibilityConfig"`
}

WebACLSpec defines the desired state of WebACL.

A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

func (*WebACLSpec) DeepCopy added in v0.0.3 

func (in *WebACLSpec) DeepCopy() *WebACLSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebACLSpec.

func (*WebACLSpec) DeepCopyInto added in v0.0.3 

func (in *WebACLSpec) DeepCopyInto(out *WebACLSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebACLStatus added in v0.0.3 

type WebACLStatus struct {
	// All CRs managed by ACK have a common `Status.ACKResourceMetadata` member
	// that is used to contain resource sync state, account ownership,
	// constructed ARN for the resource
	// +kubebuilder:validation:Optional
	ACKResourceMetadata *ackv1alpha1.ResourceMetadata `json:"ackResourceMetadata"`
	// All CRS managed by ACK have a common `Status.Conditions` member that
	// contains a collection of `ackv1alpha1.Condition` objects that describe
	// the various terminal states of the CR and its backend AWS service API
	// resource
	// +kubebuilder:validation:Optional
	Conditions []*ackv1alpha1.Condition `json:"conditions"`
	// The unique identifier for the web ACL. This ID is returned in the responses
	// to create and list commands. You provide it to operations like update and
	// delete.
	// +kubebuilder:validation:Optional
	ID *string `json:"id,omitempty"`
	// A token used for optimistic locking. WAF returns a token to your get and
	// list requests, to mark the state of the entity at the time of the request.
	// To make changes to the entity associated with the token, you provide the
	// token to operations like update and delete. WAF uses the token to ensure
	// that no changes have been made to the entity since you last retrieved it.
	// If a change has been made, the update fails with a WAFOptimisticLockException.
	// If this happens, perform another get, and use the new token returned by that
	// operation.
	// +kubebuilder:validation:Optional
	LockToken *string `json:"lockToken,omitempty"`
}

WebACLStatus defines the observed state of WebACL

func (*WebACLStatus) DeepCopy added in v0.0.3 

func (in *WebACLStatus) DeepCopy() *WebACLStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebACLStatus.

func (*WebACLStatus) DeepCopyInto added in v0.0.3 

func (in *WebACLStatus) DeepCopyInto(out *WebACLStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebACLSummary 

type WebACLSummary struct {
	ARN         *string `json:"arn,omitempty"`
	Description *string `json:"description,omitempty"`
	ID          *string `json:"id,omitempty"`
	LockToken   *string `json:"lockToken,omitempty"`
	Name        *string `json:"name,omitempty"`
}

High-level information about a WebACL, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a WebACL, and the ARN, that you provide to operations like AssociateWebACL.

func (*WebACLSummary) DeepCopy 

func (in *WebACLSummary) DeepCopy() *WebACLSummary

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebACLSummary.

func (*WebACLSummary) DeepCopyInto 

func (in *WebACLSummary) DeepCopyInto(out *WebACLSummary)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WebACL_SDK added in v0.0.3 

type WebACL_SDK struct {
	ARN *string `json:"arn,omitempty"`
	// Specifies custom configurations for the associations between the web ACL
	// and protected resources.
	//
	// Use this to customize the maximum size of the request body that your protected
	// resources forward to WAF for inspection. You can customize this setting for
	// CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources.
	// The default setting is 16 KB (16,384 bytes).
	//
	// You are charged additional fees when your protected resources forward body
	// sizes that are larger than the default. For more information, see WAF Pricing
	// (http://aws.amazon.com/waf/pricing/).
	//
	// For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192
	// bytes).
	AssociationConfig *AssociationConfig `json:"associationConfig,omitempty"`
	Capacity          *int64             `json:"capacity,omitempty"`
	// Specifies how WAF should handle CAPTCHA evaluations. This is available at
	// the web ACL level and in each rule.
	CaptchaConfig *CaptchaConfig `json:"captchaConfig,omitempty"`
	// Specifies how WAF should handle Challenge evaluations. This is available
	// at the web ACL level and in each rule.
	ChallengeConfig      *ChallengeConfig               `json:"challengeConfig,omitempty"`
	CustomResponseBodies map[string]*CustomResponseBody `json:"customResponseBodies,omitempty"`
	// In a WebACL, this is the action that you want WAF to perform when a web request
	// doesn't match any of the rules in the WebACL. The default action must be
	// a terminating action.
	DefaultAction                        *DefaultAction              `json:"defaultAction,omitempty"`
	Description                          *string                     `json:"description,omitempty"`
	ID                                   *string                     `json:"id,omitempty"`
	LabelNamespace                       *string                     `json:"labelNamespace,omitempty"`
	ManagedByFirewallManager             *bool                       `json:"managedByFirewallManager,omitempty"`
	Name                                 *string                     `json:"name,omitempty"`
	PostProcessFirewallManagerRuleGroups []*FirewallManagerRuleGroup `json:"postProcessFirewallManagerRuleGroups,omitempty"`
	PreProcessFirewallManagerRuleGroups  []*FirewallManagerRuleGroup `json:"preProcessFirewallManagerRuleGroups,omitempty"`
	Rules                                []*Rule                     `json:"rules,omitempty"`
	TokenDomains                         []*string                   `json:"tokenDomains,omitempty"`
	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	VisibilityConfig *VisibilityConfig `json:"visibilityConfig,omitempty"`
}

A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.

func (*WebACL_SDK) DeepCopy added in v0.0.3 

func (in *WebACL_SDK) DeepCopy() *WebACL_SDK

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WebACL_SDK.

func (*WebACL_SDK) DeepCopyInto added in v0.0.3 

func (in *WebACL_SDK) DeepCopyInto(out *WebACL_SDK)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type XSSMatchStatement added in v0.0.2 

type XSSMatchStatement struct {
	// Specifies a web request component to be used in a rule match statement or
	// in a logging configuration.
	//
	//    * In a rule statement, this is the part of the web request that you want
	//    WAF to inspect. Include the single FieldToMatch type that you want to
	//    inspect, with additional specifications as needed, according to the type.
	//    You specify a single request component in FieldToMatch for each rule statement
	//    that requires it. To inspect more than one component of the web request,
	//    create a separate rule statement for each component. Example JSON for
	//    a QueryString field to match: "FieldToMatch": { "QueryString": {} } Example
	//    JSON for a Method field to match specification: "FieldToMatch": { "Method":
	//    { "Name": "DELETE" } }
	//
	//    * In a logging configuration, this is used in the RedactedFields property
	//    to specify a field to redact from the logging records. For this use case,
	//    note the following: Even though all FieldToMatch settings are available,
	//    the only valid settings for field redaction are UriPath, QueryString,
	//    SingleHeader, and Method. In this documentation, the descriptions of the
	//    individual fields talk about specifying the web request component to inspect,
	//    but for field redaction, you are specifying the component type to redact
	//    from the logs.
	FieldToMatch        *FieldToMatch         `json:"fieldToMatch,omitempty"`
	TextTransformations []*TextTransformation `json:"textTransformations,omitempty"`
}

A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.

func (*XSSMatchStatement) DeepCopy added in v0.0.2 

func (in *XSSMatchStatement) DeepCopy() *XSSMatchStatement

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XSSMatchStatement.

func (*XSSMatchStatement) DeepCopyInto added in v0.0.2 

func (in *XSSMatchStatement) DeepCopyInto(out *XSSMatchStatement)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.