Copyright | (c) 2013-2016 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
- Service Configuration
- Errors
- ChangeAction
- ChangeTokenStatus
- ComparisonOperator
- IPSetDescriptorType
- MatchFieldType
- PositionalConstraint
- PredicateType
- TextTransformation
- WafActionType
- ActivatedRule
- ByteMatchSet
- ByteMatchSetSummary
- ByteMatchSetUpdate
- ByteMatchTuple
- FieldToMatch
- HTTPHeader
- HTTPRequest
- IPSet
- IPSetDescriptor
- IPSetSummary
- IPSetUpdate
- Predicate
- Rule
- RuleSummary
- RuleUpdate
- SampledHTTPRequest
- SizeConstraint
- SizeConstraintSet
- SizeConstraintSetSummary
- SizeConstraintSetUpdate
- SqlInjectionMatchSet
- SqlInjectionMatchSetSummary
- SqlInjectionMatchSetUpdate
- SqlInjectionMatchTuple
- TimeWindow
- WafAction
- WebACL
- WebACLSummary
- WebACLUpdate
- XSSMatchSet
- XSSMatchSetSummary
- XSSMatchSetUpdate
- XSSMatchTuple
- waf :: Service
- _WAFInvalidAccountException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFReferencedItemException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFInvalidOperationException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFNonexistentItemException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFInvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFLimitsExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFStaleDataException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFInternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFNonexistentContainerException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFDisallowedNameException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFNonEmptyEntityException :: AsError a => Getting (First ServiceError) a ServiceError
- data ChangeAction
- data ChangeTokenStatus
- = Insync
- | Pending
- | Provisioned
- data ComparisonOperator
- data IPSetDescriptorType
- data MatchFieldType
- = Body
- | Header
- | Method
- | QueryString
- | URI
- data PositionalConstraint
- data PredicateType
- data TextTransformation
- data WafActionType
- data ActivatedRule
- activatedRule :: Int -> Text -> WafAction -> ActivatedRule
- arPriority :: Lens' ActivatedRule Int
- arRuleId :: Lens' ActivatedRule Text
- arAction :: Lens' ActivatedRule WafAction
- data ByteMatchSet
- byteMatchSet :: Text -> ByteMatchSet
- bmsName :: Lens' ByteMatchSet (Maybe Text)
- bmsByteMatchSetId :: Lens' ByteMatchSet Text
- bmsByteMatchTuples :: Lens' ByteMatchSet [ByteMatchTuple]
- data ByteMatchSetSummary
- byteMatchSetSummary :: Text -> Text -> ByteMatchSetSummary
- bmssByteMatchSetId :: Lens' ByteMatchSetSummary Text
- bmssName :: Lens' ByteMatchSetSummary Text
- data ByteMatchSetUpdate
- byteMatchSetUpdate :: ChangeAction -> ByteMatchTuple -> ByteMatchSetUpdate
- bmsuAction :: Lens' ByteMatchSetUpdate ChangeAction
- bmsuByteMatchTuple :: Lens' ByteMatchSetUpdate ByteMatchTuple
- data ByteMatchTuple
- byteMatchTuple :: FieldToMatch -> ByteString -> TextTransformation -> PositionalConstraint -> ByteMatchTuple
- bmtFieldToMatch :: Lens' ByteMatchTuple FieldToMatch
- bmtTargetString :: Lens' ByteMatchTuple ByteString
- bmtTextTransformation :: Lens' ByteMatchTuple TextTransformation
- bmtPositionalConstraint :: Lens' ByteMatchTuple PositionalConstraint
- data FieldToMatch
- fieldToMatch :: MatchFieldType -> FieldToMatch
- ftmData :: Lens' FieldToMatch (Maybe Text)
- ftmType :: Lens' FieldToMatch MatchFieldType
- data HTTPHeader
- hTTPHeader :: HTTPHeader
- httphValue :: Lens' HTTPHeader (Maybe Text)
- httphName :: Lens' HTTPHeader (Maybe Text)
- data HTTPRequest
- hTTPRequest :: HTTPRequest
- httprHTTPVersion :: Lens' HTTPRequest (Maybe Text)
- httprCountry :: Lens' HTTPRequest (Maybe Text)
- httprURI :: Lens' HTTPRequest (Maybe Text)
- httprHeaders :: Lens' HTTPRequest [HTTPHeader]
- httprMethod :: Lens' HTTPRequest (Maybe Text)
- httprClientIP :: Lens' HTTPRequest (Maybe Text)
- data IPSet
- ipSet :: Text -> IPSet
- isName :: Lens' IPSet (Maybe Text)
- isIPSetId :: Lens' IPSet Text
- isIPSetDescriptors :: Lens' IPSet [IPSetDescriptor]
- data IPSetDescriptor
- ipSetDescriptor :: IPSetDescriptorType -> Text -> IPSetDescriptor
- isdType :: Lens' IPSetDescriptor IPSetDescriptorType
- isdValue :: Lens' IPSetDescriptor Text
- data IPSetSummary
- ipSetSummary :: Text -> Text -> IPSetSummary
- issIPSetId :: Lens' IPSetSummary Text
- issName :: Lens' IPSetSummary Text
- data IPSetUpdate
- ipSetUpdate :: ChangeAction -> IPSetDescriptor -> IPSetUpdate
- isuAction :: Lens' IPSetUpdate ChangeAction
- isuIPSetDescriptor :: Lens' IPSetUpdate IPSetDescriptor
- data Predicate
- predicate :: Bool -> PredicateType -> Text -> Predicate
- pNegated :: Lens' Predicate Bool
- pType :: Lens' Predicate PredicateType
- pDataId :: Lens' Predicate Text
- data Rule
- rule :: Text -> Rule
- rMetricName :: Lens' Rule (Maybe Text)
- rName :: Lens' Rule (Maybe Text)
- rRuleId :: Lens' Rule Text
- rPredicates :: Lens' Rule [Predicate]
- data RuleSummary
- ruleSummary :: Text -> Text -> RuleSummary
- rsRuleId :: Lens' RuleSummary Text
- rsName :: Lens' RuleSummary Text
- data RuleUpdate
- ruleUpdate :: ChangeAction -> Predicate -> RuleUpdate
- ruAction :: Lens' RuleUpdate ChangeAction
- ruPredicate :: Lens' RuleUpdate Predicate
- data SampledHTTPRequest
- sampledHTTPRequest :: HTTPRequest -> Natural -> SampledHTTPRequest
- shttprAction :: Lens' SampledHTTPRequest (Maybe Text)
- shttprTimestamp :: Lens' SampledHTTPRequest (Maybe UTCTime)
- shttprRequest :: Lens' SampledHTTPRequest HTTPRequest
- shttprWeight :: Lens' SampledHTTPRequest Natural
- data SizeConstraint
- sizeConstraint :: FieldToMatch -> TextTransformation -> ComparisonOperator -> Natural -> SizeConstraint
- scFieldToMatch :: Lens' SizeConstraint FieldToMatch
- scTextTransformation :: Lens' SizeConstraint TextTransformation
- scComparisonOperator :: Lens' SizeConstraint ComparisonOperator
- scSize :: Lens' SizeConstraint Natural
- data SizeConstraintSet
- sizeConstraintSet :: Text -> SizeConstraintSet
- scsName :: Lens' SizeConstraintSet (Maybe Text)
- scsSizeConstraintSetId :: Lens' SizeConstraintSet Text
- scsSizeConstraints :: Lens' SizeConstraintSet [SizeConstraint]
- data SizeConstraintSetSummary
- sizeConstraintSetSummary :: Text -> Text -> SizeConstraintSetSummary
- scssSizeConstraintSetId :: Lens' SizeConstraintSetSummary Text
- scssName :: Lens' SizeConstraintSetSummary Text
- data SizeConstraintSetUpdate
- sizeConstraintSetUpdate :: ChangeAction -> SizeConstraint -> SizeConstraintSetUpdate
- scsuAction :: Lens' SizeConstraintSetUpdate ChangeAction
- scsuSizeConstraint :: Lens' SizeConstraintSetUpdate SizeConstraint
- data SqlInjectionMatchSet
- sqlInjectionMatchSet :: Text -> SqlInjectionMatchSet
- simsName :: Lens' SqlInjectionMatchSet (Maybe Text)
- simsSqlInjectionMatchSetId :: Lens' SqlInjectionMatchSet Text
- simsSqlInjectionMatchTuples :: Lens' SqlInjectionMatchSet [SqlInjectionMatchTuple]
- data SqlInjectionMatchSetSummary
- sqlInjectionMatchSetSummary :: Text -> Text -> SqlInjectionMatchSetSummary
- simssSqlInjectionMatchSetId :: Lens' SqlInjectionMatchSetSummary Text
- simssName :: Lens' SqlInjectionMatchSetSummary Text
- data SqlInjectionMatchSetUpdate
- sqlInjectionMatchSetUpdate :: ChangeAction -> SqlInjectionMatchTuple -> SqlInjectionMatchSetUpdate
- simsuAction :: Lens' SqlInjectionMatchSetUpdate ChangeAction
- simsuSqlInjectionMatchTuple :: Lens' SqlInjectionMatchSetUpdate SqlInjectionMatchTuple
- data SqlInjectionMatchTuple
- sqlInjectionMatchTuple :: FieldToMatch -> TextTransformation -> SqlInjectionMatchTuple
- simtFieldToMatch :: Lens' SqlInjectionMatchTuple FieldToMatch
- simtTextTransformation :: Lens' SqlInjectionMatchTuple TextTransformation
- data TimeWindow
- timeWindow :: UTCTime -> UTCTime -> TimeWindow
- twStartTime :: Lens' TimeWindow UTCTime
- twEndTime :: Lens' TimeWindow UTCTime
- data WafAction
- wafAction :: WafActionType -> WafAction
- waType :: Lens' WafAction WafActionType
- data WebACL
- webACL :: Text -> WafAction -> WebACL
- waMetricName :: Lens' WebACL (Maybe Text)
- waName :: Lens' WebACL (Maybe Text)
- waWebACLId :: Lens' WebACL Text
- waDefaultAction :: Lens' WebACL WafAction
- waRules :: Lens' WebACL [ActivatedRule]
- data WebACLSummary
- webACLSummary :: Text -> Text -> WebACLSummary
- wasWebACLId :: Lens' WebACLSummary Text
- wasName :: Lens' WebACLSummary Text
- data WebACLUpdate
- webACLUpdate :: ChangeAction -> ActivatedRule -> WebACLUpdate
- wauAction :: Lens' WebACLUpdate ChangeAction
- wauActivatedRule :: Lens' WebACLUpdate ActivatedRule
- data XSSMatchSet
- xssMatchSet :: Text -> XSSMatchSet
- xmsName :: Lens' XSSMatchSet (Maybe Text)
- xmsXSSMatchSetId :: Lens' XSSMatchSet Text
- xmsXSSMatchTuples :: Lens' XSSMatchSet [XSSMatchTuple]
- data XSSMatchSetSummary
- xssMatchSetSummary :: Text -> Text -> XSSMatchSetSummary
- xmssXSSMatchSetId :: Lens' XSSMatchSetSummary Text
- xmssName :: Lens' XSSMatchSetSummary Text
- data XSSMatchSetUpdate
- xssMatchSetUpdate :: ChangeAction -> XSSMatchTuple -> XSSMatchSetUpdate
- xmsuAction :: Lens' XSSMatchSetUpdate ChangeAction
- xmsuXSSMatchTuple :: Lens' XSSMatchSetUpdate XSSMatchTuple
- data XSSMatchTuple
- xssMatchTuple :: FieldToMatch -> TextTransformation -> XSSMatchTuple
- xmtFieldToMatch :: Lens' XSSMatchTuple FieldToMatch
- xmtTextTransformation :: Lens' XSSMatchTuple TextTransformation
Service Configuration
Errors
_WAFInvalidAccountException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
_WAFReferencedItemException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because you tried to delete an object that is still in use. For example:
- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
_WAFInvalidOperationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because there was nothing to do. For example:
- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
_WAFNonexistentItemException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because the referenced object doesn't exist.
_WAFInvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because AWS WAF didn't recognize a parameter in the request. For example:
- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
_WAFLimitsExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation exceeds a resource limit, for example, the maximum number of WebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide .
_WAFStaleDataException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.
_WAFInternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because of a system problem, even though the request was valid. Retry your request.
_WAFNonexistentContainerException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:
- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
_WAFDisallowedNameException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The name specified is invalid.
_WAFNonEmptyEntityException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because you tried to delete an object that isn't empty. For example:
- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
ChangeAction
data ChangeAction Source #
ChangeTokenStatus
data ChangeTokenStatus Source #
ComparisonOperator
data ComparisonOperator Source #
IPSetDescriptorType
data IPSetDescriptorType Source #
MatchFieldType
data MatchFieldType Source #
PositionalConstraint
data PositionalConstraint Source #
PredicateType
data PredicateType Source #
TextTransformation
data TextTransformation Source #
WafActionType
data WafActionType Source #
ActivatedRule
data ActivatedRule Source #
The ActivatedRule
object in an UpdateWebACL
request specifies a Rule
that you want to insert or delete, the priority of the Rule
in the WebACL
, and the action that you want AWS WAF to take when a web request matches the Rule
(ALLOW
, BLOCK
, or COUNT
).
To specify whether to insert or delete a Rule
, use the Action
parameter in the WebACLUpdate
data type.
See: activatedRule
smart constructor.
Creates a value of ActivatedRule
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
arPriority
- Specifies the order in which theRules
in aWebACL
are evaluated. Rules with a lower value forPriority
are evaluated beforeRules
with a higher value. The value must be a unique integer. If you add multipleRules
to aWebACL
, the values don't need to be consecutive.arRuleId
- TheRuleId
for aRule
. You useRuleId
to get more information about aRule
(seeGetRule
), update aRule
(seeUpdateRule
), insert aRule
into aWebACL
or delete a one from aWebACL
(seeUpdateWebACL
), or delete aRule
from AWS WAF (seeDeleteRule
).RuleId
is returned byCreateRule
and byListRules
.arAction
- Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in theRule
. Valid values forAction
include the following: *ALLOW
: CloudFront responds with the requested object. *BLOCK
: CloudFront responds with an HTTP 403 (Forbidden) status code. *COUNT
: AWS WAF increments a counter of requests that match the conditions in the rule and then continues to inspect the web request based on the remaining rules in the web ACL.
arPriority :: Lens' ActivatedRule Int Source #
Specifies the order in which the Rules
in a WebACL
are evaluated. Rules with a lower value for Priority
are evaluated before Rules
with a higher value. The value must be a unique integer. If you add multiple Rules
to a WebACL
, the values don't need to be consecutive.
arRuleId :: Lens' ActivatedRule Text Source #
The RuleId
for a Rule
. You use RuleId
to get more information about a Rule
(see GetRule
), update a Rule
(see UpdateRule
), insert a Rule
into a WebACL
or delete a one from a WebACL
(see UpdateWebACL
), or delete a Rule
from AWS WAF (see DeleteRule
). RuleId
is returned by CreateRule
and by ListRules
.
arAction :: Lens' ActivatedRule WafAction Source #
Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the Rule
. Valid values for Action
include the following: * ALLOW
: CloudFront responds with the requested object. * BLOCK
: CloudFront responds with an HTTP 403 (Forbidden) status code. * COUNT
: AWS WAF increments a counter of requests that match the conditions in the rule and then continues to inspect the web request based on the remaining rules in the web ACL.
ByteMatchSet
data ByteMatchSet Source #
In a GetByteMatchSet
request, ByteMatchSet
is a complex type that contains the ByteMatchSetId
and Name
of a ByteMatchSet
, and the values that you specified when you updated the ByteMatchSet
.
A complex type that contains ByteMatchTuple
objects, which specify the parts of web requests that you want AWS WAF to inspect and the values that you want AWS WAF to search for. If a ByteMatchSet
contains more than one ByteMatchTuple
object, a request needs to match the settings in only one ByteMatchTuple
to be considered a match.
See: byteMatchSet
smart constructor.
Creates a value of ByteMatchSet
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
bmsName
- A friendly name or description of theByteMatchSet
. You can't changeName
after you create aByteMatchSet
.bmsByteMatchSetId
- TheByteMatchSetId
for aByteMatchSet
. You useByteMatchSetId
to get information about aByteMatchSet
(seeGetByteMatchSet
), update aByteMatchSet
(seeUpdateByteMatchSet
), insert aByteMatchSet
into aRule
or delete one from aRule
(seeUpdateRule
), and delete aByteMatchSet
from AWS WAF (seeDeleteByteMatchSet
).ByteMatchSetId
is returned byCreateByteMatchSet
and byListByteMatchSets
.bmsByteMatchTuples
- Specifies the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.
bmsName :: Lens' ByteMatchSet (Maybe Text) Source #
A friendly name or description of the ByteMatchSet
. You can't change Name
after you create a ByteMatchSet
.
bmsByteMatchSetId :: Lens' ByteMatchSet Text Source #
The ByteMatchSetId
for a ByteMatchSet
. You use ByteMatchSetId
to get information about a ByteMatchSet
(see GetByteMatchSet
), update a ByteMatchSet
(see UpdateByteMatchSet
), insert a ByteMatchSet
into a Rule
or delete one from a Rule
(see UpdateRule
), and delete a ByteMatchSet
from AWS WAF (see DeleteByteMatchSet
). ByteMatchSetId
is returned by CreateByteMatchSet
and by ListByteMatchSets
.
bmsByteMatchTuples :: Lens' ByteMatchSet [ByteMatchTuple] Source #
Specifies the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.
ByteMatchSetSummary
data ByteMatchSetSummary Source #
Returned by ListByteMatchSets
. Each ByteMatchSetSummary
object includes the Name
and ByteMatchSetId
for one ByteMatchSet
.
See: byteMatchSetSummary
smart constructor.
Creates a value of ByteMatchSetSummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
bmssByteMatchSetId
- TheByteMatchSetId
for aByteMatchSet
. You useByteMatchSetId
to get information about aByteMatchSet
, update aByteMatchSet
, remove aByteMatchSet
from aRule
, and delete aByteMatchSet
from AWS WAF.ByteMatchSetId
is returned byCreateByteMatchSet
and byListByteMatchSets
.bmssName
- A friendly name or description of theByteMatchSet
. You can't changeName
after you create aByteMatchSet
.
bmssByteMatchSetId :: Lens' ByteMatchSetSummary Text Source #
The ByteMatchSetId
for a ByteMatchSet
. You use ByteMatchSetId
to get information about a ByteMatchSet
, update a ByteMatchSet
, remove a ByteMatchSet
from a Rule
, and delete a ByteMatchSet
from AWS WAF. ByteMatchSetId
is returned by CreateByteMatchSet
and by ListByteMatchSets
.
bmssName :: Lens' ByteMatchSetSummary Text Source #
A friendly name or description of the ByteMatchSet
. You can't change Name
after you create a ByteMatchSet
.
ByteMatchSetUpdate
data ByteMatchSetUpdate Source #
In an UpdateByteMatchSet
request, ByteMatchSetUpdate
specifies whether to insert or delete a ByteMatchTuple
and includes the settings for the ByteMatchTuple
.
See: byteMatchSetUpdate
smart constructor.
Creates a value of ByteMatchSetUpdate
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
bmsuAction
- Specifies whether to insert or delete aByteMatchTuple
.bmsuByteMatchTuple
- Information about the part of a web request that you want AWS WAF to inspect and the value that you want AWS WAF to search for. If you specifyDELETE
for the value ofAction
, theByteMatchTuple
values must exactly match the values in theByteMatchTuple
that you want to delete from theByteMatchSet
.
bmsuAction :: Lens' ByteMatchSetUpdate ChangeAction Source #
Specifies whether to insert or delete a ByteMatchTuple
.
bmsuByteMatchTuple :: Lens' ByteMatchSetUpdate ByteMatchTuple Source #
Information about the part of a web request that you want AWS WAF to inspect and the value that you want AWS WAF to search for. If you specify DELETE
for the value of Action
, the ByteMatchTuple
values must exactly match the values in the ByteMatchTuple
that you want to delete from the ByteMatchSet
.
ByteMatchTuple
data ByteMatchTuple Source #
The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.
See: byteMatchTuple
smart constructor.
Creates a value of ByteMatchTuple
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
bmtFieldToMatch
- The part of a web request that you want AWS WAF to search, such as a specified header or a query string. For more information, seeFieldToMatch
.bmtTargetString
- The value that you want AWS WAF to search for. AWS WAF searches for the specified string in the part of web requests that you specified inFieldToMatch
. The maximum length of the value is 50 bytes. Valid values depend on the values that you specified forFieldToMatch
: *HEADER
: The value that you want AWS WAF to search for in the request header that you specified inFieldToMatch
, for example, the value of theUser-Agent
orReferer
header. *METHOD
: The HTTP method, which indicates the type of operation specified in the request. CloudFront supports the following methods:DELETE
,GET
,HEAD
,OPTIONS
,PATCH
,POST
, andPUT
. *QUERY_STRING
: The value that you want AWS WAF to search for in the query string, which is the part of a URL that appears after a?
character. *URI
: The value that you want AWS WAF to search for in the part of a URL that identifies a resource, for example,imagesdaily-ad.jpg
. *BODY
: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first8192
bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, seeCreateSizeConstraintSet
. IfTargetString
includes alphabetic characters A-Z and a-z, note that the value is case sensitive. If you're using the AWS WAF API Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 50 bytes. For example, suppose the value ofType
isHEADER
and the value ofData
isUser-Agent
. If you want to search theUser-Agent
header for the valueBadBot
, you base64-encodeBadBot
using MIME base64 encoding and include the resulting value,QmFkQm90
, in the value ofTargetString
. If you're using the AWS CLI or one of the AWS SDKs The value that you want AWS WAF to search for. The SDK automatically base64 encodes the value.-- Note: ThisLens
automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. ThisLens
accepts and returns only raw unencoded data.bmtTextTransformation
- Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation onTargetString
before inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160COMPRESS_WHITE_SPACE
also replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters.HTML_ENTITY_DECODE
performs the following operations: * Replaces(ampersand)quot;
with"
* Replaces(ampersand)nbsp;
with a non-breaking space, decimal 160 * Replaces(ampersand)lt;
with a "less than" symbol * Replaces(ampersand)gt;
with>
* Replaces characters that are represented in hexadecimal format,(ampersand)#xhhhh;
, with the corresponding characters * Replaces characters that are represented in decimal format,(ampersand)#nnnn;
, with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE SpecifyNONE
if you don't want to perform any text transformations.bmtPositionalConstraint
- Within the portion of a web request that you want to search (for example, in the query string, if any), specify where you want AWS WAF to search. Valid values include the following: CONTAINS The specified part of the web request must include the value ofTargetString
, but the location doesn't matter. CONTAINS_WORD The specified part of the web request must include the value ofTargetString
, andTargetString
must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition,TargetString
must be a word, which means one of the following: *TargetString
exactly matches the value of the specified part of the web request, such as the value of a header. *TargetString
is at the beginning of the specified part of the web request and is followed by a character other than an alphanumeric character or underscore (_), for example,BadBot;
. *TargetString
is at the end of the specified part of the web request and is preceded by a character other than an alphanumeric character or underscore (_), for example,;BadBot
. *TargetString
is in the middle of the specified part of the web request and is preceded and followed by characters other than alphanumeric characters or underscore (_), for example,-BadBot;
. EXACTLY The value of the specified part of the web request must exactly match the value ofTargetString
. STARTS_WITH The value ofTargetString
must appear at the beginning of the specified part of the web request. ENDS_WITH The value ofTargetString
must appear at the end of the specified part of the web request.
bmtFieldToMatch :: Lens' ByteMatchTuple FieldToMatch Source #
The part of a web request that you want AWS WAF to search, such as a specified header or a query string. For more information, see FieldToMatch
.
bmtTargetString :: Lens' ByteMatchTuple ByteString Source #
The value that you want AWS WAF to search for. AWS WAF searches for the specified string in the part of web requests that you specified in FieldToMatch
. The maximum length of the value is 50 bytes. Valid values depend on the values that you specified for FieldToMatch
: * HEADER
: The value that you want AWS WAF to search for in the request header that you specified in FieldToMatch
, for example, the value of the User-Agent
or Referer
header. * METHOD
: The HTTP method, which indicates the type of operation specified in the request. CloudFront supports the following methods: DELETE
, GET
, HEAD
, OPTIONS
, PATCH
, POST
, and PUT
. * QUERY_STRING
: The value that you want AWS WAF to search for in the query string, which is the part of a URL that appears after a ?
character. * URI
: The value that you want AWS WAF to search for in the part of a URL that identifies a resource, for example, imagesdaily-ad.jpg
. * BODY
: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192
bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet
. If TargetString
includes alphabetic characters A-Z and a-z, note that the value is case sensitive. If you're using the AWS WAF API Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 50 bytes. For example, suppose the value of Type
is HEADER
and the value of Data
is User-Agent
. If you want to search the User-Agent
header for the value BadBot
, you base64-encode BadBot
using MIME base64 encoding and include the resulting value, QmFkQm90
, in the value of TargetString
. If you're using the AWS CLI or one of the AWS SDKs The value that you want AWS WAF to search for. The SDK automatically base64 encodes the value.-- Note: This Lens
automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens
accepts and returns only raw unencoded data.
bmtTextTransformation :: Lens' ByteMatchTuple TextTransformation Source #
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on TargetString
before inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160 COMPRESS_WHITE_SPACE
also replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE
performs the following operations: * Replaces (ampersand)quot;
with "
* Replaces (ampersand)nbsp;
with a non-breaking space, decimal 160 * Replaces (ampersand)lt;
with a "less than" symbol * Replaces (ampersand)gt;
with >
* Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;
, with the corresponding characters * Replaces characters that are represented in decimal format, (ampersand)#nnnn;
, with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE Specify NONE
if you don't want to perform any text transformations.
bmtPositionalConstraint :: Lens' ByteMatchTuple PositionalConstraint Source #
Within the portion of a web request that you want to search (for example, in the query string, if any), specify where you want AWS WAF to search. Valid values include the following: CONTAINS The specified part of the web request must include the value of TargetString
, but the location doesn't matter. CONTAINS_WORD The specified part of the web request must include the value of TargetString
, and TargetString
must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition, TargetString
must be a word, which means one of the following: * TargetString
exactly matches the value of the specified part of the web request, such as the value of a header. * TargetString
is at the beginning of the specified part of the web request and is followed by a character other than an alphanumeric character or underscore (_), for example, BadBot;
. * TargetString
is at the end of the specified part of the web request and is preceded by a character other than an alphanumeric character or underscore (_), for example, ;BadBot
. * TargetString
is in the middle of the specified part of the web request and is preceded and followed by characters other than alphanumeric characters or underscore (_), for example, -BadBot;
. EXACTLY The value of the specified part of the web request must exactly match the value of TargetString
. STARTS_WITH The value of TargetString
must appear at the beginning of the specified part of the web request. ENDS_WITH The value of TargetString
must appear at the end of the specified part of the web request.
FieldToMatch
data FieldToMatch Source #
Specifies where in a web request to look for TargetString
.
See: fieldToMatch
smart constructor.
Creates a value of FieldToMatch
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ftmData
- When the value ofType
isHEADER
, enter the name of the header that you want AWS WAF to search, for example,User-Agent
orReferer
. If the value ofType
is any other value, omitData
. The name of the header is not case sensitive.ftmType
- The part of the web request that you want AWS WAF to search for a specified string. Parts of a request that you can search include the following: *HEADER
: A specified request header, for example, the value of theUser-Agent
orReferer
header. If you chooseHEADER
for the type, specify the name of the header inData
. *METHOD
: The HTTP method, which indicated the type of operation that the request is asking the origin to perform. Amazon CloudFront supports the following methods:DELETE
,GET
,HEAD
,OPTIONS
,PATCH
,POST
, andPUT
. *QUERY_STRING
: A query string, which is the part of a URL that appears after a?
character, if any. *URI
: The part of a web request that identifies a resource, for example,imagesdaily-ad.jpg
. *BODY
: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first8192
bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, seeCreateSizeConstraintSet
.
ftmData :: Lens' FieldToMatch (Maybe Text) Source #
When the value of Type
is HEADER
, enter the name of the header that you want AWS WAF to search, for example, User-Agent
or Referer
. If the value of Type
is any other value, omit Data
. The name of the header is not case sensitive.
ftmType :: Lens' FieldToMatch MatchFieldType Source #
The part of the web request that you want AWS WAF to search for a specified string. Parts of a request that you can search include the following: * HEADER
: A specified request header, for example, the value of the User-Agent
or Referer
header. If you choose HEADER
for the type, specify the name of the header in Data
. * METHOD
: The HTTP method, which indicated the type of operation that the request is asking the origin to perform. Amazon CloudFront supports the following methods: DELETE
, GET
, HEAD
, OPTIONS
, PATCH
, POST
, and PUT
. * QUERY_STRING
: A query string, which is the part of a URL that appears after a ?
character, if any. * URI
: The part of a web request that identifies a resource, for example, imagesdaily-ad.jpg
. * BODY
: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192
bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet
.
HTTPHeader
data HTTPHeader Source #
The response from a GetSampledRequests
request includes an HTTPHeader
complex type that appears as Headers
in the response syntax. HTTPHeader
contains the names and values of all of the headers that appear in one of the web requests that were returned by GetSampledRequests
.
See: hTTPHeader
smart constructor.
hTTPHeader :: HTTPHeader Source #
Creates a value of HTTPHeader
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
httphValue
- The value of one of the headers in the sampled web request.httphName
- The name of one of the headers in the sampled web request.
httphValue :: Lens' HTTPHeader (Maybe Text) Source #
The value of one of the headers in the sampled web request.
httphName :: Lens' HTTPHeader (Maybe Text) Source #
The name of one of the headers in the sampled web request.
HTTPRequest
data HTTPRequest Source #
The response from a GetSampledRequests
request includes an HTTPRequest
complex type that appears as Request
in the response syntax. HTTPRequest
contains information about one of the web requests that were returned by GetSampledRequests
.
See: hTTPRequest
smart constructor.
hTTPRequest :: HTTPRequest Source #
Creates a value of HTTPRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
httprHTTPVersion
- The HTTP version specified in the sampled web request, for example,HTTP/1.1
.httprCountry
- The two-letter country code for the country that the request originated from. For a current list of country codes, see the Wikipedia entry ISO 3166-1 alpha-2 .httprURI
- The part of a web request that identifies the resource, for example,imagesdaily-ad.jpg
.httprHeaders
- A complex type that contains two values for each header in the sampled web request: the name of the header and the value of the header.httprMethod
- The HTTP method specified in the sampled web request. CloudFront supports the following methods:DELETE
,GET
,HEAD
,OPTIONS
,PATCH
,POST
, andPUT
.httprClientIP
- The IP address that the request originated from. If theWebACL
is associated with a CloudFront distribution, this is the value of one of the following fields in CloudFront access logs: *c-ip
, if the viewer did not use an HTTP proxy or a load balancer to send the request *x-forwarded-for
, if the viewer did use an HTTP proxy or a load balancer to send the request
httprHTTPVersion :: Lens' HTTPRequest (Maybe Text) Source #
The HTTP version specified in the sampled web request, for example, HTTP/1.1
.
httprCountry :: Lens' HTTPRequest (Maybe Text) Source #
The two-letter country code for the country that the request originated from. For a current list of country codes, see the Wikipedia entry ISO 3166-1 alpha-2 .
httprURI :: Lens' HTTPRequest (Maybe Text) Source #
The part of a web request that identifies the resource, for example, imagesdaily-ad.jpg
.
httprHeaders :: Lens' HTTPRequest [HTTPHeader] Source #
A complex type that contains two values for each header in the sampled web request: the name of the header and the value of the header.
httprMethod :: Lens' HTTPRequest (Maybe Text) Source #
The HTTP method specified in the sampled web request. CloudFront supports the following methods: DELETE
, GET
, HEAD
, OPTIONS
, PATCH
, POST
, and PUT
.
httprClientIP :: Lens' HTTPRequest (Maybe Text) Source #
The IP address that the request originated from. If the WebACL
is associated with a CloudFront distribution, this is the value of one of the following fields in CloudFront access logs: * c-ip
, if the viewer did not use an HTTP proxy or a load balancer to send the request * x-forwarded-for
, if the viewer did use an HTTP proxy or a load balancer to send the request
IPSet
Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. To specify an individual IP address, you specify the four-part IP address followed by a /32
, for example, 192.0.2.031. To block a range of IP addresses, you can specify a @24 , a
16 , or a
8 CIDR. For more information about CIDR notation, perform an Internet search on
cidr notation@ .
See: ipSet
smart constructor.
Creates a value of IPSet
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
isName
- A friendly name or description of theIPSet
. You can't change the name of anIPSet
after you create it.isIPSetId
- TheIPSetId
for anIPSet
. You useIPSetId
to get information about anIPSet
(seeGetIPSet
), update anIPSet
(seeUpdateIPSet
), insert anIPSet
into aRule
or delete one from aRule
(seeUpdateRule
), and delete anIPSet
from AWS WAF (seeDeleteIPSet
).IPSetId
is returned byCreateIPSet
and byListIPSets
.isIPSetDescriptors
- The IP address type (IPV4
) and the IP address range (in CIDR notation) that web requests originate from. If theWebACL
is associated with a CloudFront distribution, this is the value of one of the following fields in CloudFront access logs: *c-ip
, if the viewer did not use an HTTP proxy or a load balancer to send the request *x-forwarded-for
, if the viewer did use an HTTP proxy or a load balancer to send the request
isName :: Lens' IPSet (Maybe Text) Source #
A friendly name or description of the IPSet
. You can't change the name of an IPSet
after you create it.
isIPSetId :: Lens' IPSet Text Source #
The IPSetId
for an IPSet
. You use IPSetId
to get information about an IPSet
(see GetIPSet
), update an IPSet
(see UpdateIPSet
), insert an IPSet
into a Rule
or delete one from a Rule
(see UpdateRule
), and delete an IPSet
from AWS WAF (see DeleteIPSet
). IPSetId
is returned by CreateIPSet
and by ListIPSets
.
isIPSetDescriptors :: Lens' IPSet [IPSetDescriptor] Source #
The IP address type (IPV4
) and the IP address range (in CIDR notation) that web requests originate from. If the WebACL
is associated with a CloudFront distribution, this is the value of one of the following fields in CloudFront access logs: * c-ip
, if the viewer did not use an HTTP proxy or a load balancer to send the request * x-forwarded-for
, if the viewer did use an HTTP proxy or a load balancer to send the request
IPSetDescriptor
data IPSetDescriptor Source #
Specifies the IP address type (IPV4
) and the IP address range (in CIDR format) that web requests originate from.
See: ipSetDescriptor
smart constructor.
Creates a value of IPSetDescriptor
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
isdType
- SpecifyIPV4
.isdValue
- Specify an IPv4 address by using CIDR notation. For example: * To configure AWS WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify192.0.2.44/32
. * To configure AWS WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify192.0.2.0/24
. AWS WAF supports only 8, 16, 24, and 32 IP addresses. For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .
isdType :: Lens' IPSetDescriptor IPSetDescriptorType Source #
Specify IPV4
.
isdValue :: Lens' IPSetDescriptor Text Source #
Specify an IPv4 address by using CIDR notation. For example: * To configure AWS WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32
. * To configure AWS WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24
. AWS WAF supports only 8, 16, 24, and 32 IP addresses. For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .
IPSetSummary
data IPSetSummary Source #
Contains the identifier and the name of the IPSet
.
See: ipSetSummary
smart constructor.
Creates a value of IPSetSummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
issIPSetId
- TheIPSetId
for anIPSet
. You can useIPSetId
in aGetIPSet
request to get detailed information about anIPSet
.issName
- A friendly name or description of theIPSet
. You can't change the name of anIPSet
after you create it.
issName :: Lens' IPSetSummary Text Source #
A friendly name or description of the IPSet
. You can't change the name of an IPSet
after you create it.
IPSetUpdate
data IPSetUpdate Source #
Specifies the type of update to perform to an IPSet
with UpdateIPSet
.
See: ipSetUpdate
smart constructor.
Creates a value of IPSetUpdate
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
isuAction
- Specifies whether to insert or delete an IP address withUpdateIPSet
.isuIPSetDescriptor
- The IP address type (IPV4
) and the IP address range (in CIDR notation) that web requests originate from.
isuAction :: Lens' IPSetUpdate ChangeAction Source #
Specifies whether to insert or delete an IP address with UpdateIPSet
.
isuIPSetDescriptor :: Lens' IPSetUpdate IPSetDescriptor Source #
The IP address type (IPV4
) and the IP address range (in CIDR notation) that web requests originate from.
Predicate
Specifies the ByteMatchSet
, IPSet
, SqlInjectionMatchSet
, XssMatchSet
, and SizeConstraintSet
objects that you want to add to a Rule
and, for each object, indicates whether you want to negate the settings, for example, requests that do NOT originate from the IP address 192.0.2.44.
See: predicate
smart constructor.
Creates a value of Predicate
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pNegated
- SetNegated
toFalse
if you want AWS WAF to allow, block, or count requests based on the settings in the specifiedByteMatchSet
,IPSet
,SqlInjectionMatchSet
,XssMatchSet
, orSizeConstraintSet
. For example, if anIPSet
includes the IP address192.0.2.44
, AWS WAF will allow or block requests based on that IP address. SetNegated
toTrue
if you want AWS WAF to allow or block a request based on the negation of the settings in theByteMatchSet
,IPSet
,SqlInjectionMatchSet
,XssMatchSet
, orSizeConstraintSet
. For example, if anIPSet
includes the IP address192.0.2.44
, AWS WAF will allow, block, or count requests based on all IP addresses except192.0.2.44
.pType
- The type of predicate in aRule
, such asByteMatchSet
orIPSet
.pDataId
- A unique identifier for a predicate in aRule
, such asByteMatchSetId
orIPSetId
. The ID is returned by the correspondingCreate
orList
command.
pNegated :: Lens' Predicate Bool Source #
Set Negated
to False
if you want AWS WAF to allow, block, or count requests based on the settings in the specified ByteMatchSet
, IPSet
, SqlInjectionMatchSet
, XssMatchSet
, or SizeConstraintSet
. For example, if an IPSet
includes the IP address 192.0.2.44
, AWS WAF will allow or block requests based on that IP address. Set Negated
to True
if you want AWS WAF to allow or block a request based on the negation of the settings in the ByteMatchSet
, IPSet
, SqlInjectionMatchSet
, XssMatchSet
, or SizeConstraintSet
. For example, if an IPSet
includes the IP address 192.0.2.44
, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44
.
pType :: Lens' Predicate PredicateType Source #
The type of predicate in a Rule
, such as ByteMatchSet
or IPSet
.
pDataId :: Lens' Predicate Text Source #
A unique identifier for a predicate in a Rule
, such as ByteMatchSetId
or IPSetId
. The ID is returned by the corresponding Create
or List
command.
Rule
A combination of ByteMatchSet
, IPSet
, and/or SqlInjectionMatchSet
objects that identify the web requests that you want to allow, block, or count. For example, you might create a Rule
that includes the following predicates:
- An
IPSet
that causes AWS WAF to search for web requests that originate from the IP address192.0.2.44
- A
ByteMatchSet
that causes AWS WAF to search for web requests for which the value of theUser-Agent
header isBadBot
.
To match the settings in this Rule
, a request must originate from 192.0.2.44
AND include a User-Agent
header for which the value is BadBot
.
See: rule
smart constructor.
Creates a value of Rule
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rMetricName
- Undocumented member.rName
- The friendly name or description for theRule
. You can't change the name of aRule
after you create it.rRuleId
- A unique identifier for aRule
. You useRuleId
to get more information about aRule
(seeGetRule
), update aRule
(seeUpdateRule
), insert aRule
into aWebACL
or delete a one from aWebACL
(seeUpdateWebACL
), or delete aRule
from AWS WAF (seeDeleteRule
).RuleId
is returned byCreateRule
and byListRules
.rPredicates
- ThePredicates
object contains onePredicate
element for eachByteMatchSet
,IPSet
, orSqlInjectionMatchSet
object that you want to include in aRule
.
rName :: Lens' Rule (Maybe Text) Source #
The friendly name or description for the Rule
. You can't change the name of a Rule
after you create it.
rRuleId :: Lens' Rule Text Source #
A unique identifier for a Rule
. You use RuleId
to get more information about a Rule
(see GetRule
), update a Rule
(see UpdateRule
), insert a Rule
into a WebACL
or delete a one from a WebACL
(see UpdateWebACL
), or delete a Rule
from AWS WAF (see DeleteRule
). RuleId
is returned by CreateRule
and by ListRules
.
rPredicates :: Lens' Rule [Predicate] Source #
The Predicates
object contains one Predicate
element for each ByteMatchSet
, IPSet
, or SqlInjectionMatchSet
object that you want to include in a Rule
.
RuleSummary
data RuleSummary Source #
Contains the identifier and the friendly name or description of the Rule
.
See: ruleSummary
smart constructor.
:: Text | |
-> Text | |
-> RuleSummary |
Creates a value of RuleSummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rsRuleId
- A unique identifier for aRule
. You useRuleId
to get more information about aRule
(seeGetRule
), update aRule
(seeUpdateRule
), insert aRule
into aWebACL
or delete one from aWebACL
(seeUpdateWebACL
), or delete aRule
from AWS WAF (seeDeleteRule
).RuleId
is returned byCreateRule
and byListRules
.rsName
- A friendly name or description of theRule
. You can't change the name of aRule
after you create it.
rsRuleId :: Lens' RuleSummary Text Source #
A unique identifier for a Rule
. You use RuleId
to get more information about a Rule
(see GetRule
), update a Rule
(see UpdateRule
), insert a Rule
into a WebACL
or delete one from a WebACL
(see UpdateWebACL
), or delete a Rule
from AWS WAF (see DeleteRule
). RuleId
is returned by CreateRule
and by ListRules
.
rsName :: Lens' RuleSummary Text Source #
A friendly name or description of the Rule
. You can't change the name of a Rule
after you create it.
RuleUpdate
data RuleUpdate Source #
Specifies a Predicate
(such as an IPSet
) and indicates whether you want to add it to a Rule
or delete it from a Rule
.
See: ruleUpdate
smart constructor.
Creates a value of RuleUpdate
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ruAction
- SpecifyINSERT
to add aPredicate
to aRule
. UseDELETE
to remove aPredicate
from aRule
.ruPredicate
- The ID of thePredicate
(such as anIPSet
) that you want to add to aRule
.
ruAction :: Lens' RuleUpdate ChangeAction Source #
Specify INSERT
to add a Predicate
to a Rule
. Use DELETE
to remove a Predicate
from a Rule
.
ruPredicate :: Lens' RuleUpdate Predicate Source #
The ID of the Predicate
(such as an IPSet
) that you want to add to a Rule
.
SampledHTTPRequest
data SampledHTTPRequest Source #
The response from a GetSampledRequests
request includes a SampledHTTPRequests
complex type that appears as SampledRequests
in the response syntax. SampledHTTPRequests
contains one SampledHTTPRequest
object for each web request that is returned by GetSampledRequests
.
See: sampledHTTPRequest
smart constructor.
Creates a value of SampledHTTPRequest
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
shttprAction
- The action for theRule
that the request matched:ALLOW
,BLOCK
, orCOUNT
.shttprTimestamp
- The time at which AWS WAF received the request from your AWS resource, in Unix time format (in seconds).shttprRequest
- A complex type that contains detailed information about the request.shttprWeight
- A value that indicates how one result in the response relates proportionally to other results in the response. A result that has a weight of2
represents roughly twice as many CloudFront web requests as a result that has a weight of1
.
shttprAction :: Lens' SampledHTTPRequest (Maybe Text) Source #
The action for the Rule
that the request matched: ALLOW
, BLOCK
, or COUNT
.
shttprTimestamp :: Lens' SampledHTTPRequest (Maybe UTCTime) Source #
The time at which AWS WAF received the request from your AWS resource, in Unix time format (in seconds).
shttprRequest :: Lens' SampledHTTPRequest HTTPRequest Source #
A complex type that contains detailed information about the request.
shttprWeight :: Lens' SampledHTTPRequest Natural Source #
A value that indicates how one result in the response relates proportionally to other results in the response. A result that has a weight of 2
represents roughly twice as many CloudFront web requests as a result that has a weight of 1
.
SizeConstraint
data SizeConstraint Source #
Specifies a constraint on the size of a part of the web request. AWS WAF uses the Size
, ComparisonOperator
, and FieldToMatch
to build an expression in the form of "Size
ComparisonOperator
size in bytes of FieldToMatch
". If that expression is true, the SizeConstraint
is considered to match.
See: sizeConstraint
smart constructor.
Creates a value of SizeConstraint
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
scFieldToMatch
- Undocumented member.scTextTransformation
- Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation onFieldToMatch
before inspecting a request for a match. Note that if you chooseBODY
for the value ofType
, you must chooseNONE
forTextTransformation
because CloudFront forwards only the first 8192 bytes for inspection. NONE SpecifyNONE
if you don't want to perform any text transformations. CMD_LINE When you're concerned that attackers are injecting an operating system command line command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160COMPRESS_WHITE_SPACE
also replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters.HTML_ENTITY_DECODE
performs the following operations: * Replaces(ampersand)quot;
with"
* Replaces(ampersand)nbsp;
with a non-breaking space, decimal 160 * Replaces(ampersand)lt;
with a "less than" symbol * Replaces(ampersand)gt;
with>
* Replaces characters that are represented in hexadecimal format,(ampersand)#xhhhh;
, with the corresponding characters * Replaces characters that are represented in decimal format,(ampersand)#nnnn;
, with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value.scComparisonOperator
- The type of comparison you want AWS WAF to perform. AWS WAF uses this in combination with the providedSize
andFieldToMatch
to build an expression in the form of "Size
ComparisonOperator
size in bytes ofFieldToMatch
". If that expression is true, theSizeConstraint
is considered to match. EQ : Used to test if theSize
is equal to the size of theFieldToMatch
NE : Used to test if theSize
is not equal to the size of theFieldToMatch
LE : Used to test if theSize
is less than or equal to the size of theFieldToMatch
LT : Used to test if theSize
is strictly less than the size of theFieldToMatch
GE : Used to test if theSize
is greater than or equal to the size of theFieldToMatch
GT : Used to test if theSize
is strictly greater than the size of theFieldToMatch
scSize
- The size in bytes that you want AWS WAF to compare against the size of the specifiedFieldToMatch
. AWS WAF uses this in combination withComparisonOperator
andFieldToMatch
to build an expression in the form of "Size
ComparisonOperator
size in bytes ofFieldToMatch
". If that expression is true, theSizeConstraint
is considered to match. Valid values for size are 0 - 21474836480 bytes (0 - 20 GB). If you specifyURI
for the value ofType
, the in the URI counts as one character. For example, the URI @logo.jpg@ is nine characters long.
scFieldToMatch :: Lens' SizeConstraint FieldToMatch Source #
Undocumented member.
scTextTransformation :: Lens' SizeConstraint TextTransformation Source #
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch
before inspecting a request for a match. Note that if you choose BODY
for the value of Type
, you must choose NONE
for TextTransformation
because CloudFront forwards only the first 8192 bytes for inspection. NONE Specify NONE
if you don't want to perform any text transformations. CMD_LINE When you're concerned that attackers are injecting an operating system command line command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160 COMPRESS_WHITE_SPACE
also replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE
performs the following operations: * Replaces (ampersand)quot;
with "
* Replaces (ampersand)nbsp;
with a non-breaking space, decimal 160 * Replaces (ampersand)lt;
with a "less than" symbol * Replaces (ampersand)gt;
with >
* Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;
, with the corresponding characters * Replaces characters that are represented in decimal format, (ampersand)#nnnn;
, with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value.
scComparisonOperator :: Lens' SizeConstraint ComparisonOperator Source #
The type of comparison you want AWS WAF to perform. AWS WAF uses this in combination with the provided Size
and FieldToMatch
to build an expression in the form of "Size
ComparisonOperator
size in bytes of FieldToMatch
". If that expression is true, the SizeConstraint
is considered to match. EQ : Used to test if the Size
is equal to the size of the FieldToMatch
NE : Used to test if the Size
is not equal to the size of the FieldToMatch
LE : Used to test if the Size
is less than or equal to the size of the FieldToMatch
LT : Used to test if the Size
is strictly less than the size of the FieldToMatch
GE : Used to test if the Size
is greater than or equal to the size of the FieldToMatch
GT : Used to test if the Size
is strictly greater than the size of the FieldToMatch
scSize :: Lens' SizeConstraint Natural Source #
The size in bytes that you want AWS WAF to compare against the size of the specified FieldToMatch
. AWS WAF uses this in combination with ComparisonOperator
and FieldToMatch
to build an expression in the form of "Size
ComparisonOperator
size in bytes of FieldToMatch
". If that expression is true, the SizeConstraint
is considered to match. Valid values for size are 0 - 21474836480 bytes (0 - 20 GB). If you specify URI
for the value of Type
, the in the URI counts as one character. For example, the URI @logo.jpg@ is nine characters long.
SizeConstraintSet
data SizeConstraintSet Source #
A complex type that contains SizeConstraint
objects, which specify the parts of web requests that you want AWS WAF to inspect the size of. If a SizeConstraintSet
contains more than one SizeConstraint
object, a request only needs to match one constraint to be considered a match.
See: sizeConstraintSet
smart constructor.
Creates a value of SizeConstraintSet
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
scsName
- The name, if any, of theSizeConstraintSet
.scsSizeConstraintSetId
- A unique identifier for aSizeConstraintSet
. You useSizeConstraintSetId
to get information about aSizeConstraintSet
(seeGetSizeConstraintSet
), update aSizeConstraintSet
(seeUpdateSizeConstraintSet
), insert aSizeConstraintSet
into aRule
or delete one from aRule
(seeUpdateRule
), and delete aSizeConstraintSet
from AWS WAF (seeDeleteSizeConstraintSet
).SizeConstraintSetId
is returned byCreateSizeConstraintSet
and byListSizeConstraintSets
.scsSizeConstraints
- Specifies the parts of web requests that you want to inspect the size of.
scsName :: Lens' SizeConstraintSet (Maybe Text) Source #
The name, if any, of the SizeConstraintSet
.
scsSizeConstraintSetId :: Lens' SizeConstraintSet Text Source #
A unique identifier for a SizeConstraintSet
. You use SizeConstraintSetId
to get information about a SizeConstraintSet
(see GetSizeConstraintSet
), update a SizeConstraintSet
(see UpdateSizeConstraintSet
), insert a SizeConstraintSet
into a Rule
or delete one from a Rule
(see UpdateRule
), and delete a SizeConstraintSet
from AWS WAF (see DeleteSizeConstraintSet
). SizeConstraintSetId
is returned by CreateSizeConstraintSet
and by ListSizeConstraintSets
.
scsSizeConstraints :: Lens' SizeConstraintSet [SizeConstraint] Source #
Specifies the parts of web requests that you want to inspect the size of.
SizeConstraintSetSummary
data SizeConstraintSetSummary Source #
The Id
and Name
of a SizeConstraintSet
.
See: sizeConstraintSetSummary
smart constructor.
sizeConstraintSetSummary Source #
Creates a value of SizeConstraintSetSummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
scssSizeConstraintSetId
- A unique identifier for aSizeConstraintSet
. You useSizeConstraintSetId
to get information about aSizeConstraintSet
(seeGetSizeConstraintSet
), update aSizeConstraintSet
(seeUpdateSizeConstraintSet
), insert aSizeConstraintSet
into aRule
or delete one from aRule
(seeUpdateRule
), and delete aSizeConstraintSet
from AWS WAF (seeDeleteSizeConstraintSet
).SizeConstraintSetId
is returned byCreateSizeConstraintSet
and byListSizeConstraintSets
.scssName
- The name of theSizeConstraintSet
, if any.
scssSizeConstraintSetId :: Lens' SizeConstraintSetSummary Text Source #
A unique identifier for a SizeConstraintSet
. You use SizeConstraintSetId
to get information about a SizeConstraintSet
(see GetSizeConstraintSet
), update a SizeConstraintSet
(see UpdateSizeConstraintSet
), insert a SizeConstraintSet
into a Rule
or delete one from a Rule
(see UpdateRule
), and delete a SizeConstraintSet
from AWS WAF (see DeleteSizeConstraintSet
). SizeConstraintSetId
is returned by CreateSizeConstraintSet
and by ListSizeConstraintSets
.
SizeConstraintSetUpdate
data SizeConstraintSetUpdate Source #
Specifies the part of a web request that you want to inspect the size of and indicates whether you want to add the specification to a SizeConstraintSet
or delete it from a SizeConstraintSet
.
See: sizeConstraintSetUpdate
smart constructor.
sizeConstraintSetUpdate Source #
Creates a value of SizeConstraintSetUpdate
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
scsuAction
- SpecifyINSERT
to add aSizeConstraintSetUpdate
to aSizeConstraintSet
. UseDELETE
to remove aSizeConstraintSetUpdate
from aSizeConstraintSet
.scsuSizeConstraint
- Specifies a constraint on the size of a part of the web request. AWS WAF uses theSize
,ComparisonOperator
, andFieldToMatch
to build an expression in the form of "Size
ComparisonOperator
size in bytes ofFieldToMatch
". If that expression is true, theSizeConstraint
is considered to match.
scsuAction :: Lens' SizeConstraintSetUpdate ChangeAction Source #
Specify INSERT
to add a SizeConstraintSetUpdate
to a SizeConstraintSet
. Use DELETE
to remove a SizeConstraintSetUpdate
from a SizeConstraintSet
.
scsuSizeConstraint :: Lens' SizeConstraintSetUpdate SizeConstraint Source #
Specifies a constraint on the size of a part of the web request. AWS WAF uses the Size
, ComparisonOperator
, and FieldToMatch
to build an expression in the form of "Size
ComparisonOperator
size in bytes of FieldToMatch
". If that expression is true, the SizeConstraint
is considered to match.
SqlInjectionMatchSet
data SqlInjectionMatchSet Source #
A complex type that contains SqlInjectionMatchTuple
objects, which specify the parts of web requests that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. If a SqlInjectionMatchSet
contains more than one SqlInjectionMatchTuple
object, a request needs to include snippets of SQL code in only one of the specified parts of the request to be considered a match.
See: sqlInjectionMatchSet
smart constructor.
Creates a value of SqlInjectionMatchSet
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
simsName
- The name, if any, of theSqlInjectionMatchSet
.simsSqlInjectionMatchSetId
- A unique identifier for aSqlInjectionMatchSet
. You useSqlInjectionMatchSetId
to get information about aSqlInjectionMatchSet
(seeGetSqlInjectionMatchSet
), update aSqlInjectionMatchSet
(seeUpdateSqlInjectionMatchSet
), insert aSqlInjectionMatchSet
into aRule
or delete one from aRule
(seeUpdateRule
), and delete aSqlInjectionMatchSet
from AWS WAF (seeDeleteSqlInjectionMatchSet
).SqlInjectionMatchSetId
is returned byCreateSqlInjectionMatchSet
and byListSqlInjectionMatchSets
.simsSqlInjectionMatchTuples
- Specifies the parts of web requests that you want to inspect for snippets of malicious SQL code.
simsName :: Lens' SqlInjectionMatchSet (Maybe Text) Source #
The name, if any, of the SqlInjectionMatchSet
.
simsSqlInjectionMatchSetId :: Lens' SqlInjectionMatchSet Text Source #
A unique identifier for a SqlInjectionMatchSet
. You use SqlInjectionMatchSetId
to get information about a SqlInjectionMatchSet
(see GetSqlInjectionMatchSet
), update a SqlInjectionMatchSet
(see UpdateSqlInjectionMatchSet
), insert a SqlInjectionMatchSet
into a Rule
or delete one from a Rule
(see UpdateRule
), and delete a SqlInjectionMatchSet
from AWS WAF (see DeleteSqlInjectionMatchSet
). SqlInjectionMatchSetId
is returned by CreateSqlInjectionMatchSet
and by ListSqlInjectionMatchSets
.
simsSqlInjectionMatchTuples :: Lens' SqlInjectionMatchSet [SqlInjectionMatchTuple] Source #
Specifies the parts of web requests that you want to inspect for snippets of malicious SQL code.
SqlInjectionMatchSetSummary
data SqlInjectionMatchSetSummary Source #
The Id
and Name
of a SqlInjectionMatchSet
.
See: sqlInjectionMatchSetSummary
smart constructor.
sqlInjectionMatchSetSummary Source #
Creates a value of SqlInjectionMatchSetSummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
simssSqlInjectionMatchSetId
- A unique identifier for aSqlInjectionMatchSet
. You useSqlInjectionMatchSetId
to get information about aSqlInjectionMatchSet
(seeGetSqlInjectionMatchSet
), update aSqlInjectionMatchSet
(seeUpdateSqlInjectionMatchSet
), insert aSqlInjectionMatchSet
into aRule
or delete one from aRule
(seeUpdateRule
), and delete aSqlInjectionMatchSet
from AWS WAF (seeDeleteSqlInjectionMatchSet
).SqlInjectionMatchSetId
is returned byCreateSqlInjectionMatchSet
and byListSqlInjectionMatchSets
.simssName
- The name of theSqlInjectionMatchSet
, if any, specified byId
.
simssSqlInjectionMatchSetId :: Lens' SqlInjectionMatchSetSummary Text Source #
A unique identifier for a SqlInjectionMatchSet
. You use SqlInjectionMatchSetId
to get information about a SqlInjectionMatchSet
(see GetSqlInjectionMatchSet
), update a SqlInjectionMatchSet
(see UpdateSqlInjectionMatchSet
), insert a SqlInjectionMatchSet
into a Rule
or delete one from a Rule
(see UpdateRule
), and delete a SqlInjectionMatchSet
from AWS WAF (see DeleteSqlInjectionMatchSet
). SqlInjectionMatchSetId
is returned by CreateSqlInjectionMatchSet
and by ListSqlInjectionMatchSets
.
simssName :: Lens' SqlInjectionMatchSetSummary Text Source #
The name of the SqlInjectionMatchSet
, if any, specified by Id
.
SqlInjectionMatchSetUpdate
data SqlInjectionMatchSetUpdate Source #
Specifies the part of a web request that you want to inspect for snippets of malicious SQL code and indicates whether you want to add the specification to a SqlInjectionMatchSet
or delete it from a SqlInjectionMatchSet
.
See: sqlInjectionMatchSetUpdate
smart constructor.
sqlInjectionMatchSetUpdate Source #
Creates a value of SqlInjectionMatchSetUpdate
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
simsuAction
- SpecifyINSERT
to add aSqlInjectionMatchSetUpdate
to aSqlInjectionMatchSet
. UseDELETE
to remove aSqlInjectionMatchSetUpdate
from aSqlInjectionMatchSet
.simsuSqlInjectionMatchTuple
- Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.
simsuAction :: Lens' SqlInjectionMatchSetUpdate ChangeAction Source #
Specify INSERT
to add a SqlInjectionMatchSetUpdate
to a SqlInjectionMatchSet
. Use DELETE
to remove a SqlInjectionMatchSetUpdate
from a SqlInjectionMatchSet
.
simsuSqlInjectionMatchTuple :: Lens' SqlInjectionMatchSetUpdate SqlInjectionMatchTuple Source #
Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.
SqlInjectionMatchTuple
data SqlInjectionMatchTuple Source #
Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.
See: sqlInjectionMatchTuple
smart constructor.
sqlInjectionMatchTuple Source #
Creates a value of SqlInjectionMatchTuple
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
simtFieldToMatch
- Undocumented member.simtTextTransformation
- Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation onFieldToMatch
before inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160COMPRESS_WHITE_SPACE
also replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters.HTML_ENTITY_DECODE
performs the following operations: * Replaces(ampersand)quot;
with"
* Replaces(ampersand)nbsp;
with a non-breaking space, decimal 160 * Replaces(ampersand)lt;
with a "less than" symbol * Replaces(ampersand)gt;
with>
* Replaces characters that are represented in hexadecimal format,(ampersand)#xhhhh;
, with the corresponding characters * Replaces characters that are represented in decimal format,(ampersand)#nnnn;
, with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE SpecifyNONE
if you don't want to perform any text transformations.
simtFieldToMatch :: Lens' SqlInjectionMatchTuple FieldToMatch Source #
Undocumented member.
simtTextTransformation :: Lens' SqlInjectionMatchTuple TextTransformation Source #
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch
before inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160 COMPRESS_WHITE_SPACE
also replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE
performs the following operations: * Replaces (ampersand)quot;
with "
* Replaces (ampersand)nbsp;
with a non-breaking space, decimal 160 * Replaces (ampersand)lt;
with a "less than" symbol * Replaces (ampersand)gt;
with >
* Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;
, with the corresponding characters * Replaces characters that are represented in decimal format, (ampersand)#nnnn;
, with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE Specify NONE
if you don't want to perform any text transformations.
TimeWindow
data TimeWindow Source #
In a GetSampledRequests
request, the StartTime
and EndTime
objects specify the time range for which you want AWS WAF to return a sample of web requests.
In a GetSampledRequests
response, the StartTime
and EndTime
objects specify the time range for which AWS WAF actually returned a sample of web requests. AWS WAF gets the specified number of requests from among the first 5,000 requests that your AWS resource receives during the specified time period. If your resource receives more than 5,000 requests during that period, AWS WAF stops sampling after the 5,000th request. In that case, EndTime
is the time that AWS WAF received the 5,000th request.
See: timeWindow
smart constructor.
Creates a value of TimeWindow
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
twStartTime
- The beginning of the time range from which you wantGetSampledRequests
to return a sample of the requests that your AWS resource received. You can specify any time range in the previous three hours.twEndTime
- The end of the time range from which you wantGetSampledRequests
to return a sample of the requests that your AWS resource received. You can specify any time range in the previous three hours.
twStartTime :: Lens' TimeWindow UTCTime Source #
The beginning of the time range from which you want GetSampledRequests
to return a sample of the requests that your AWS resource received. You can specify any time range in the previous three hours.
twEndTime :: Lens' TimeWindow UTCTime Source #
The end of the time range from which you want GetSampledRequests
to return a sample of the requests that your AWS resource received. You can specify any time range in the previous three hours.
WafAction
For the action that is associated with a rule in a WebACL
, specifies the action that you want AWS WAF to perform when a web request matches all of the conditions in a rule. For the default action in a WebACL
, specifies the action that you want AWS WAF to take when a web request doesn't match all of the conditions in any of the rules in a WebACL
.
See: wafAction
smart constructor.
Creates a value of WafAction
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
waType
- Specifies how you want AWS WAF to respond to requests that match the settings in aRule
. Valid settings include the following: *ALLOW
: AWS WAF allows requests *BLOCK
: AWS WAF blocks requests *COUNT
: AWS WAF increments a counter of the requests that match all of the conditions in the rule. AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specifyCOUNT
for the default action for aWebACL
.
waType :: Lens' WafAction WafActionType Source #
Specifies how you want AWS WAF to respond to requests that match the settings in a Rule
. Valid settings include the following: * ALLOW
: AWS WAF allows requests * BLOCK
: AWS WAF blocks requests * COUNT
: AWS WAF increments a counter of the requests that match all of the conditions in the rule. AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specify COUNT
for the default action for a WebACL
.
WebACL
Contains the Rules
that identify the requests that you want to allow, block, or count. In a WebACL
, you also specify a default action (ALLOW
or BLOCK
), and the action for each Rule
that you add to a WebACL
, for example, block requests from specified IP addresses or block requests from specified referrers. You also associate the WebACL
with a CloudFront distribution to identify the requests that you want AWS WAF to filter. If you add more than one Rule
to a WebACL
, a request needs to match only one of the specifications to be allowed, blocked, or counted. For more information, see UpdateWebACL
.
See: webACL
smart constructor.
Creates a value of WebACL
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
waMetricName
- Undocumented member.waName
- A friendly name or description of theWebACL
. You can't change the name of aWebACL
after you create it.waWebACLId
- A unique identifier for aWebACL
. You useWebACLId
to get information about aWebACL
(seeGetWebACL
), update aWebACL
(seeUpdateWebACL
), and delete aWebACL
from AWS WAF (seeDeleteWebACL
).WebACLId
is returned byCreateWebACL
and byListWebACLs
.waDefaultAction
- The action to perform if none of theRules
contained in theWebACL
match. The action is specified by theWafAction
object.waRules
- An array that contains the action for eachRule
in aWebACL
, the priority of theRule
, and the ID of theRule
.
waName :: Lens' WebACL (Maybe Text) Source #
A friendly name or description of the WebACL
. You can't change the name of a WebACL
after you create it.
waWebACLId :: Lens' WebACL Text Source #
A unique identifier for a WebACL
. You use WebACLId
to get information about a WebACL
(see GetWebACL
), update a WebACL
(see UpdateWebACL
), and delete a WebACL
from AWS WAF (see DeleteWebACL
). WebACLId
is returned by CreateWebACL
and by ListWebACLs
.
waDefaultAction :: Lens' WebACL WafAction Source #
The action to perform if none of the Rules
contained in the WebACL
match. The action is specified by the WafAction
object.
waRules :: Lens' WebACL [ActivatedRule] Source #
An array that contains the action for each Rule
in a WebACL
, the priority of the Rule
, and the ID of the Rule
.
WebACLSummary
data WebACLSummary Source #
Contains the identifier and the name or description of the WebACL
.
See: webACLSummary
smart constructor.
Creates a value of WebACLSummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
wasWebACLId
- A unique identifier for aWebACL
. You useWebACLId
to get information about aWebACL
(seeGetWebACL
), update aWebACL
(seeUpdateWebACL
), and delete aWebACL
from AWS WAF (seeDeleteWebACL
).WebACLId
is returned byCreateWebACL
and byListWebACLs
.wasName
- A friendly name or description of theWebACL
. You can't change the name of aWebACL
after you create it.
wasWebACLId :: Lens' WebACLSummary Text Source #
A unique identifier for a WebACL
. You use WebACLId
to get information about a WebACL
(see GetWebACL
), update a WebACL
(see UpdateWebACL
), and delete a WebACL
from AWS WAF (see DeleteWebACL
). WebACLId
is returned by CreateWebACL
and by ListWebACLs
.
wasName :: Lens' WebACLSummary Text Source #
A friendly name or description of the WebACL
. You can't change the name of a WebACL
after you create it.
WebACLUpdate
data WebACLUpdate Source #
Specifies whether to insert a Rule
into or delete a Rule
from a WebACL
.
See: webACLUpdate
smart constructor.
Creates a value of WebACLUpdate
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
wauAction
- Specifies whether to insert aRule
into or delete aRule
from aWebACL
.wauActivatedRule
- Undocumented member.
wauAction :: Lens' WebACLUpdate ChangeAction Source #
Specifies whether to insert a Rule
into or delete a Rule
from a WebACL
.
wauActivatedRule :: Lens' WebACLUpdate ActivatedRule Source #
Undocumented member.
XSSMatchSet
data XSSMatchSet Source #
A complex type that contains XssMatchTuple
objects, which specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header. If a XssMatchSet
contains more than one XssMatchTuple
object, a request needs to include cross-site scripting attacks in only one of the specified parts of the request to be considered a match.
See: xssMatchSet
smart constructor.
Creates a value of XSSMatchSet
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
xmsName
- The name, if any, of theXssMatchSet
.xmsXSSMatchSetId
- A unique identifier for anXssMatchSet
. You useXssMatchSetId
to get information about anXssMatchSet
(seeGetXssMatchSet
), update anXssMatchSet
(seeUpdateXssMatchSet
), insert anXssMatchSet
into aRule
or delete one from aRule
(seeUpdateRule
), and delete anXssMatchSet
from AWS WAF (seeDeleteXssMatchSet
).XssMatchSetId
is returned byCreateXssMatchSet
and byListXssMatchSets
.xmsXSSMatchTuples
- Specifies the parts of web requests that you want to inspect for cross-site scripting attacks.
xmsXSSMatchSetId :: Lens' XSSMatchSet Text Source #
A unique identifier for an XssMatchSet
. You use XssMatchSetId
to get information about an XssMatchSet
(see GetXssMatchSet
), update an XssMatchSet
(see UpdateXssMatchSet
), insert an XssMatchSet
into a Rule
or delete one from a Rule
(see UpdateRule
), and delete an XssMatchSet
from AWS WAF (see DeleteXssMatchSet
). XssMatchSetId
is returned by CreateXssMatchSet
and by ListXssMatchSets
.
xmsXSSMatchTuples :: Lens' XSSMatchSet [XSSMatchTuple] Source #
Specifies the parts of web requests that you want to inspect for cross-site scripting attacks.
XSSMatchSetSummary
data XSSMatchSetSummary Source #
The Id
and Name
of an XssMatchSet
.
See: xssMatchSetSummary
smart constructor.
Creates a value of XSSMatchSetSummary
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
xmssXSSMatchSetId
- A unique identifier for anXssMatchSet
. You useXssMatchSetId
to get information about aXssMatchSet
(seeGetXssMatchSet
), update anXssMatchSet
(seeUpdateXssMatchSet
), insert anXssMatchSet
into aRule
or delete one from aRule
(seeUpdateRule
), and delete anXssMatchSet
from AWS WAF (seeDeleteXssMatchSet
).XssMatchSetId
is returned byCreateXssMatchSet
and byListXssMatchSets
.xmssName
- The name of theXssMatchSet
, if any, specified byId
.
xmssXSSMatchSetId :: Lens' XSSMatchSetSummary Text Source #
A unique identifier for an XssMatchSet
. You use XssMatchSetId
to get information about a XssMatchSet
(see GetXssMatchSet
), update an XssMatchSet
(see UpdateXssMatchSet
), insert an XssMatchSet
into a Rule
or delete one from a Rule
(see UpdateRule
), and delete an XssMatchSet
from AWS WAF (see DeleteXssMatchSet
). XssMatchSetId
is returned by CreateXssMatchSet
and by ListXssMatchSets
.
xmssName :: Lens' XSSMatchSetSummary Text Source #
The name of the XssMatchSet
, if any, specified by Id
.
XSSMatchSetUpdate
data XSSMatchSetUpdate Source #
Specifies the part of a web request that you want to inspect for cross-site scripting attacks and indicates whether you want to add the specification to an XssMatchSet
or delete it from an XssMatchSet
.
See: xssMatchSetUpdate
smart constructor.
Creates a value of XSSMatchSetUpdate
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
xmsuAction
- SpecifyINSERT
to add aXssMatchSetUpdate
to anXssMatchSet
. UseDELETE
to remove aXssMatchSetUpdate
from anXssMatchSet
.xmsuXSSMatchTuple
- Specifies the part of a web request that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header.
xmsuAction :: Lens' XSSMatchSetUpdate ChangeAction Source #
Specify INSERT
to add a XssMatchSetUpdate
to an XssMatchSet
. Use DELETE
to remove a XssMatchSetUpdate
from an XssMatchSet
.
xmsuXSSMatchTuple :: Lens' XSSMatchSetUpdate XSSMatchTuple Source #
Specifies the part of a web request that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header.
XSSMatchTuple
data XSSMatchTuple Source #
Specifies the part of a web request that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header.
See: xssMatchTuple
smart constructor.
Creates a value of XSSMatchTuple
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
xmtFieldToMatch
- Undocumented member.xmtTextTransformation
- Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation onFieldToMatch
before inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160COMPRESS_WHITE_SPACE
also replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters.HTML_ENTITY_DECODE
performs the following operations: * Replaces(ampersand)quot;
with"
* Replaces(ampersand)nbsp;
with a non-breaking space, decimal 160 * Replaces(ampersand)lt;
with a "less than" symbol * Replaces(ampersand)gt;
with>
* Replaces characters that are represented in hexadecimal format,(ampersand)#xhhhh;
, with the corresponding characters * Replaces characters that are represented in decimal format,(ampersand)#nnnn;
, with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE SpecifyNONE
if you don't want to perform any text transformations.
xmtFieldToMatch :: Lens' XSSMatchTuple FieldToMatch Source #
Undocumented member.
xmtTextTransformation :: Lens' XSSMatchTuple TextTransformation Source #
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch
before inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160 COMPRESS_WHITE_SPACE
also replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE
performs the following operations: * Replaces (ampersand)quot;
with "
* Replaces (ampersand)nbsp;
with a non-breaking space, decimal 160 * Replaces (ampersand)lt;
with a "less than" symbol * Replaces (ampersand)gt;
with >
* Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;
, with the corresponding characters * Replaces characters that are represented in decimal format, (ampersand)#nnnn;
, with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE Specify NONE
if you don't want to perform any text transformations.