| Copyright | (c) 2013-2018 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
| Language | Haskell2010 |
Network.AWS.WAF.Types
Contents
- Service Configuration
- Errors
- ChangeAction
- ChangeTokenStatus
- ComparisonOperator
- GeoMatchConstraintType
- GeoMatchConstraintValue
- IPSetDescriptorType
- MatchFieldType
- PositionalConstraint
- PredicateType
- RateKey
- TextTransformation
- WafActionType
- WafOverrideActionType
- WafRuleType
- ActivatedRule
- ByteMatchSet
- ByteMatchSetSummary
- ByteMatchSetUpdate
- ByteMatchTuple
- FieldToMatch
- GeoMatchConstraint
- GeoMatchSet
- GeoMatchSetSummary
- GeoMatchSetUpdate
- HTTPHeader
- HTTPRequest
- IPSet
- IPSetDescriptor
- IPSetSummary
- IPSetUpdate
- Predicate
- RateBasedRule
- RegexMatchSet
- RegexMatchSetSummary
- RegexMatchSetUpdate
- RegexMatchTuple
- RegexPatternSet
- RegexPatternSetSummary
- RegexPatternSetUpdate
- Rule
- RuleGroup
- RuleGroupSummary
- RuleGroupUpdate
- RuleSummary
- RuleUpdate
- SampledHTTPRequest
- SizeConstraint
- SizeConstraintSet
- SizeConstraintSetSummary
- SizeConstraintSetUpdate
- SqlInjectionMatchSet
- SqlInjectionMatchSetSummary
- SqlInjectionMatchSetUpdate
- SqlInjectionMatchTuple
- SubscribedRuleGroupSummary
- TimeWindow
- WafAction
- WafOverrideAction
- WebACL
- WebACLSummary
- WebACLUpdate
- XSSMatchSet
- XSSMatchSetSummary
- XSSMatchSetUpdate
- XSSMatchTuple
Description
Synopsis
- waf :: Service
- _WAFInvalidAccountException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFSubscriptionNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFReferencedItemException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFInvalidRegexPatternException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFInvalidOperationException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFNonexistentItemException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFInvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFLimitsExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFInvalidPermissionPolicyException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFStaleDataException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFInternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFNonexistentContainerException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFDisallowedNameException :: AsError a => Getting (First ServiceError) a ServiceError
- _WAFNonEmptyEntityException :: AsError a => Getting (First ServiceError) a ServiceError
- data ChangeAction
- data ChangeTokenStatus
- = Insync
- | Pending
- | Provisioned
- data ComparisonOperator
- data GeoMatchConstraintType = Country
- data GeoMatchConstraintValue
- = GMCVAD
- | GMCVAE
- | GMCVAF
- | GMCVAG
- | GMCVAI
- | GMCVAL
- | GMCVAM
- | GMCVAO
- | GMCVAQ
- | GMCVAR
- | GMCVAS
- | GMCVAT
- | GMCVAU
- | GMCVAW
- | GMCVAX
- | GMCVAZ
- | GMCVBA
- | GMCVBB
- | GMCVBD
- | GMCVBE
- | GMCVBF
- | GMCVBG
- | GMCVBH
- | GMCVBI
- | GMCVBJ
- | GMCVBL
- | GMCVBM
- | GMCVBN
- | GMCVBO
- | GMCVBQ
- | GMCVBR
- | GMCVBS
- | GMCVBT
- | GMCVBV
- | GMCVBW
- | GMCVBY
- | GMCVBZ
- | GMCVCA
- | GMCVCC
- | GMCVCD
- | GMCVCF
- | GMCVCG
- | GMCVCH
- | GMCVCI
- | GMCVCK
- | GMCVCL
- | GMCVCM
- | GMCVCN
- | GMCVCO
- | GMCVCR
- | GMCVCU
- | GMCVCV
- | GMCVCW
- | GMCVCX
- | GMCVCY
- | GMCVCZ
- | GMCVDE
- | GMCVDJ
- | GMCVDK
- | GMCVDM
- | GMCVDO
- | GMCVDZ
- | GMCVEC
- | GMCVEE
- | GMCVEG
- | GMCVEH
- | GMCVER
- | GMCVES
- | GMCVET
- | GMCVFI
- | GMCVFJ
- | GMCVFK
- | GMCVFM
- | GMCVFO
- | GMCVFR
- | GMCVGA
- | GMCVGB
- | GMCVGD
- | GMCVGE
- | GMCVGF
- | GMCVGG
- | GMCVGH
- | GMCVGI
- | GMCVGL
- | GMCVGM
- | GMCVGN
- | GMCVGP
- | GMCVGQ
- | GMCVGR
- | GMCVGS
- | GMCVGT'
- | GMCVGU
- | GMCVGW
- | GMCVGY
- | GMCVHK
- | GMCVHM
- | GMCVHN
- | GMCVHR
- | GMCVHT
- | GMCVHU
- | GMCVIE
- | GMCVIL
- | GMCVIM
- | GMCVIN
- | GMCVIO
- | GMCVIQ
- | GMCVIR
- | GMCVIS
- | GMCVIT
- | GMCVId
- | GMCVJE
- | GMCVJM
- | GMCVJO
- | GMCVJP
- | GMCVKE
- | GMCVKG
- | GMCVKH
- | GMCVKI
- | GMCVKM
- | GMCVKN
- | GMCVKP
- | GMCVKR
- | GMCVKW
- | GMCVKY
- | GMCVKZ
- | GMCVLA
- | GMCVLB
- | GMCVLC
- | GMCVLI
- | GMCVLK
- | GMCVLR
- | GMCVLS
- | GMCVLT'
- | GMCVLU
- | GMCVLV
- | GMCVLY
- | GMCVMA
- | GMCVMC
- | GMCVMD
- | GMCVME
- | GMCVMF
- | GMCVMG
- | GMCVMH
- | GMCVMK
- | GMCVML
- | GMCVMM
- | GMCVMN
- | GMCVMO
- | GMCVMP
- | GMCVMQ
- | GMCVMR
- | GMCVMS
- | GMCVMT
- | GMCVMU
- | GMCVMV
- | GMCVMW
- | GMCVMX
- | GMCVMY
- | GMCVMZ
- | GMCVNA
- | GMCVNC
- | GMCVNE
- | GMCVNF
- | GMCVNG
- | GMCVNI
- | GMCVNL
- | GMCVNO
- | GMCVNP
- | GMCVNR
- | GMCVNU
- | GMCVNZ
- | GMCVOM
- | GMCVPA
- | GMCVPE
- | GMCVPF
- | GMCVPG
- | GMCVPH
- | GMCVPK
- | GMCVPL
- | GMCVPM
- | GMCVPN
- | GMCVPR
- | GMCVPS
- | GMCVPT
- | GMCVPW
- | GMCVPY
- | GMCVQA
- | GMCVRE
- | GMCVRO
- | GMCVRS
- | GMCVRU
- | GMCVRW
- | GMCVSA
- | GMCVSB
- | GMCVSC
- | GMCVSD
- | GMCVSE
- | GMCVSG
- | GMCVSH
- | GMCVSI
- | GMCVSJ
- | GMCVSK
- | GMCVSL
- | GMCVSM
- | GMCVSN
- | GMCVSO
- | GMCVSR
- | GMCVSS
- | GMCVST
- | GMCVSV
- | GMCVSX
- | GMCVSY
- | GMCVSZ
- | GMCVTC
- | GMCVTD
- | GMCVTF
- | GMCVTG
- | GMCVTH
- | GMCVTJ
- | GMCVTK
- | GMCVTL
- | GMCVTM
- | GMCVTN
- | GMCVTO
- | GMCVTR
- | GMCVTT
- | GMCVTV
- | GMCVTW
- | GMCVTZ
- | GMCVUA
- | GMCVUG
- | GMCVUM
- | GMCVUS
- | GMCVUY
- | GMCVUZ
- | GMCVVA
- | GMCVVC
- | GMCVVE
- | GMCVVG
- | GMCVVI
- | GMCVVN
- | GMCVVU
- | GMCVWF
- | GMCVWS
- | GMCVYE
- | GMCVYT
- | GMCVZA
- | GMCVZM
- | GMCVZW
- data IPSetDescriptorType
- data MatchFieldType
- = Body
- | Header
- | Method
- | QueryString
- | URI
- data PositionalConstraint
- data PredicateType
- data RateKey = IP
- data TextTransformation
- data WafActionType
- data WafOverrideActionType
- data WafRuleType
- data ActivatedRule
- activatedRule :: Int -> Text -> ActivatedRule
- arOverrideAction :: Lens' ActivatedRule (Maybe WafOverrideAction)
- arAction :: Lens' ActivatedRule (Maybe WafAction)
- arType :: Lens' ActivatedRule (Maybe WafRuleType)
- arPriority :: Lens' ActivatedRule Int
- arRuleId :: Lens' ActivatedRule Text
- data ByteMatchSet
- byteMatchSet :: Text -> ByteMatchSet
- bmsName :: Lens' ByteMatchSet (Maybe Text)
- bmsByteMatchSetId :: Lens' ByteMatchSet Text
- bmsByteMatchTuples :: Lens' ByteMatchSet [ByteMatchTuple]
- data ByteMatchSetSummary
- byteMatchSetSummary :: Text -> Text -> ByteMatchSetSummary
- bmssByteMatchSetId :: Lens' ByteMatchSetSummary Text
- bmssName :: Lens' ByteMatchSetSummary Text
- data ByteMatchSetUpdate
- byteMatchSetUpdate :: ChangeAction -> ByteMatchTuple -> ByteMatchSetUpdate
- bmsuAction :: Lens' ByteMatchSetUpdate ChangeAction
- bmsuByteMatchTuple :: Lens' ByteMatchSetUpdate ByteMatchTuple
- data ByteMatchTuple
- byteMatchTuple :: FieldToMatch -> ByteString -> TextTransformation -> PositionalConstraint -> ByteMatchTuple
- bmtFieldToMatch :: Lens' ByteMatchTuple FieldToMatch
- bmtTargetString :: Lens' ByteMatchTuple ByteString
- bmtTextTransformation :: Lens' ByteMatchTuple TextTransformation
- bmtPositionalConstraint :: Lens' ByteMatchTuple PositionalConstraint
- data FieldToMatch
- fieldToMatch :: MatchFieldType -> FieldToMatch
- ftmData :: Lens' FieldToMatch (Maybe Text)
- ftmType :: Lens' FieldToMatch MatchFieldType
- data GeoMatchConstraint
- geoMatchConstraint :: GeoMatchConstraintType -> GeoMatchConstraintValue -> GeoMatchConstraint
- gmcType :: Lens' GeoMatchConstraint GeoMatchConstraintType
- gmcValue :: Lens' GeoMatchConstraint GeoMatchConstraintValue
- data GeoMatchSet
- geoMatchSet :: Text -> GeoMatchSet
- gmsName :: Lens' GeoMatchSet (Maybe Text)
- gmsGeoMatchSetId :: Lens' GeoMatchSet Text
- gmsGeoMatchConstraints :: Lens' GeoMatchSet [GeoMatchConstraint]
- data GeoMatchSetSummary
- geoMatchSetSummary :: Text -> Text -> GeoMatchSetSummary
- gmssGeoMatchSetId :: Lens' GeoMatchSetSummary Text
- gmssName :: Lens' GeoMatchSetSummary Text
- data GeoMatchSetUpdate
- geoMatchSetUpdate :: ChangeAction -> GeoMatchConstraint -> GeoMatchSetUpdate
- gmsuAction :: Lens' GeoMatchSetUpdate ChangeAction
- gmsuGeoMatchConstraint :: Lens' GeoMatchSetUpdate GeoMatchConstraint
- data HTTPHeader
- hTTPHeader :: HTTPHeader
- httphValue :: Lens' HTTPHeader (Maybe Text)
- httphName :: Lens' HTTPHeader (Maybe Text)
- data HTTPRequest
- hTTPRequest :: HTTPRequest
- httprHTTPVersion :: Lens' HTTPRequest (Maybe Text)
- httprCountry :: Lens' HTTPRequest (Maybe Text)
- httprURI :: Lens' HTTPRequest (Maybe Text)
- httprHeaders :: Lens' HTTPRequest [HTTPHeader]
- httprMethod :: Lens' HTTPRequest (Maybe Text)
- httprClientIP :: Lens' HTTPRequest (Maybe Text)
- data IPSet
- ipSet :: Text -> IPSet
- isName :: Lens' IPSet (Maybe Text)
- isIPSetId :: Lens' IPSet Text
- isIPSetDescriptors :: Lens' IPSet [IPSetDescriptor]
- data IPSetDescriptor
- ipSetDescriptor :: IPSetDescriptorType -> Text -> IPSetDescriptor
- isdType :: Lens' IPSetDescriptor IPSetDescriptorType
- isdValue :: Lens' IPSetDescriptor Text
- data IPSetSummary
- ipSetSummary :: Text -> Text -> IPSetSummary
- issIPSetId :: Lens' IPSetSummary Text
- issName :: Lens' IPSetSummary Text
- data IPSetUpdate
- ipSetUpdate :: ChangeAction -> IPSetDescriptor -> IPSetUpdate
- isuAction :: Lens' IPSetUpdate ChangeAction
- isuIPSetDescriptor :: Lens' IPSetUpdate IPSetDescriptor
- data Predicate
- predicate :: Bool -> PredicateType -> Text -> Predicate
- pNegated :: Lens' Predicate Bool
- pType :: Lens' Predicate PredicateType
- pDataId :: Lens' Predicate Text
- data RateBasedRule
- rateBasedRule :: Text -> RateKey -> Natural -> RateBasedRule
- rbrMetricName :: Lens' RateBasedRule (Maybe Text)
- rbrName :: Lens' RateBasedRule (Maybe Text)
- rbrRuleId :: Lens' RateBasedRule Text
- rbrMatchPredicates :: Lens' RateBasedRule [Predicate]
- rbrRateKey :: Lens' RateBasedRule RateKey
- rbrRateLimit :: Lens' RateBasedRule Natural
- data RegexMatchSet
- regexMatchSet :: RegexMatchSet
- rmsName :: Lens' RegexMatchSet (Maybe Text)
- rmsRegexMatchTuples :: Lens' RegexMatchSet [RegexMatchTuple]
- rmsRegexMatchSetId :: Lens' RegexMatchSet (Maybe Text)
- data RegexMatchSetSummary
- regexMatchSetSummary :: Text -> Text -> RegexMatchSetSummary
- rmssRegexMatchSetId :: Lens' RegexMatchSetSummary Text
- rmssName :: Lens' RegexMatchSetSummary Text
- data RegexMatchSetUpdate
- regexMatchSetUpdate :: ChangeAction -> RegexMatchTuple -> RegexMatchSetUpdate
- rmsuAction :: Lens' RegexMatchSetUpdate ChangeAction
- rmsuRegexMatchTuple :: Lens' RegexMatchSetUpdate RegexMatchTuple
- data RegexMatchTuple
- regexMatchTuple :: FieldToMatch -> TextTransformation -> Text -> RegexMatchTuple
- rmtFieldToMatch :: Lens' RegexMatchTuple FieldToMatch
- rmtTextTransformation :: Lens' RegexMatchTuple TextTransformation
- rmtRegexPatternSetId :: Lens' RegexMatchTuple Text
- data RegexPatternSet
- regexPatternSet :: Text -> RegexPatternSet
- rpsName :: Lens' RegexPatternSet (Maybe Text)
- rpsRegexPatternSetId :: Lens' RegexPatternSet Text
- rpsRegexPatternStrings :: Lens' RegexPatternSet [Text]
- data RegexPatternSetSummary
- regexPatternSetSummary :: Text -> Text -> RegexPatternSetSummary
- rpssRegexPatternSetId :: Lens' RegexPatternSetSummary Text
- rpssName :: Lens' RegexPatternSetSummary Text
- data RegexPatternSetUpdate
- regexPatternSetUpdate :: ChangeAction -> Text -> RegexPatternSetUpdate
- rpsuAction :: Lens' RegexPatternSetUpdate ChangeAction
- rpsuRegexPatternString :: Lens' RegexPatternSetUpdate Text
- data Rule
- rule :: Text -> Rule
- rMetricName :: Lens' Rule (Maybe Text)
- rName :: Lens' Rule (Maybe Text)
- rRuleId :: Lens' Rule Text
- rPredicates :: Lens' Rule [Predicate]
- data RuleGroup
- ruleGroup :: Text -> RuleGroup
- rgMetricName :: Lens' RuleGroup (Maybe Text)
- rgName :: Lens' RuleGroup (Maybe Text)
- rgRuleGroupId :: Lens' RuleGroup Text
- data RuleGroupSummary
- ruleGroupSummary :: Text -> Text -> RuleGroupSummary
- rgsRuleGroupId :: Lens' RuleGroupSummary Text
- rgsName :: Lens' RuleGroupSummary Text
- data RuleGroupUpdate
- ruleGroupUpdate :: ChangeAction -> ActivatedRule -> RuleGroupUpdate
- rguAction :: Lens' RuleGroupUpdate ChangeAction
- rguActivatedRule :: Lens' RuleGroupUpdate ActivatedRule
- data RuleSummary
- ruleSummary :: Text -> Text -> RuleSummary
- rsRuleId :: Lens' RuleSummary Text
- rsName :: Lens' RuleSummary Text
- data RuleUpdate
- ruleUpdate :: ChangeAction -> Predicate -> RuleUpdate
- ruAction :: Lens' RuleUpdate ChangeAction
- ruPredicate :: Lens' RuleUpdate Predicate
- data SampledHTTPRequest
- sampledHTTPRequest :: HTTPRequest -> Natural -> SampledHTTPRequest
- shttprRuleWithinRuleGroup :: Lens' SampledHTTPRequest (Maybe Text)
- shttprAction :: Lens' SampledHTTPRequest (Maybe Text)
- shttprTimestamp :: Lens' SampledHTTPRequest (Maybe UTCTime)
- shttprRequest :: Lens' SampledHTTPRequest HTTPRequest
- shttprWeight :: Lens' SampledHTTPRequest Natural
- data SizeConstraint
- sizeConstraint :: FieldToMatch -> TextTransformation -> ComparisonOperator -> Natural -> SizeConstraint
- scFieldToMatch :: Lens' SizeConstraint FieldToMatch
- scTextTransformation :: Lens' SizeConstraint TextTransformation
- scComparisonOperator :: Lens' SizeConstraint ComparisonOperator
- scSize :: Lens' SizeConstraint Natural
- data SizeConstraintSet
- sizeConstraintSet :: Text -> SizeConstraintSet
- scsName :: Lens' SizeConstraintSet (Maybe Text)
- scsSizeConstraintSetId :: Lens' SizeConstraintSet Text
- scsSizeConstraints :: Lens' SizeConstraintSet [SizeConstraint]
- data SizeConstraintSetSummary
- sizeConstraintSetSummary :: Text -> Text -> SizeConstraintSetSummary
- scssSizeConstraintSetId :: Lens' SizeConstraintSetSummary Text
- scssName :: Lens' SizeConstraintSetSummary Text
- data SizeConstraintSetUpdate
- sizeConstraintSetUpdate :: ChangeAction -> SizeConstraint -> SizeConstraintSetUpdate
- scsuAction :: Lens' SizeConstraintSetUpdate ChangeAction
- scsuSizeConstraint :: Lens' SizeConstraintSetUpdate SizeConstraint
- data SqlInjectionMatchSet
- sqlInjectionMatchSet :: Text -> SqlInjectionMatchSet
- simsName :: Lens' SqlInjectionMatchSet (Maybe Text)
- simsSqlInjectionMatchSetId :: Lens' SqlInjectionMatchSet Text
- simsSqlInjectionMatchTuples :: Lens' SqlInjectionMatchSet [SqlInjectionMatchTuple]
- data SqlInjectionMatchSetSummary
- sqlInjectionMatchSetSummary :: Text -> Text -> SqlInjectionMatchSetSummary
- simssSqlInjectionMatchSetId :: Lens' SqlInjectionMatchSetSummary Text
- simssName :: Lens' SqlInjectionMatchSetSummary Text
- data SqlInjectionMatchSetUpdate
- sqlInjectionMatchSetUpdate :: ChangeAction -> SqlInjectionMatchTuple -> SqlInjectionMatchSetUpdate
- simsuAction :: Lens' SqlInjectionMatchSetUpdate ChangeAction
- simsuSqlInjectionMatchTuple :: Lens' SqlInjectionMatchSetUpdate SqlInjectionMatchTuple
- data SqlInjectionMatchTuple
- sqlInjectionMatchTuple :: FieldToMatch -> TextTransformation -> SqlInjectionMatchTuple
- simtFieldToMatch :: Lens' SqlInjectionMatchTuple FieldToMatch
- simtTextTransformation :: Lens' SqlInjectionMatchTuple TextTransformation
- data SubscribedRuleGroupSummary
- subscribedRuleGroupSummary :: Text -> Text -> Text -> SubscribedRuleGroupSummary
- srgsRuleGroupId :: Lens' SubscribedRuleGroupSummary Text
- srgsName :: Lens' SubscribedRuleGroupSummary Text
- srgsMetricName :: Lens' SubscribedRuleGroupSummary Text
- data TimeWindow
- timeWindow :: UTCTime -> UTCTime -> TimeWindow
- twStartTime :: Lens' TimeWindow UTCTime
- twEndTime :: Lens' TimeWindow UTCTime
- data WafAction
- wafAction :: WafActionType -> WafAction
- waType :: Lens' WafAction WafActionType
- data WafOverrideAction
- wafOverrideAction :: WafOverrideActionType -> WafOverrideAction
- woaType :: Lens' WafOverrideAction WafOverrideActionType
- data WebACL
- webACL :: Text -> WafAction -> WebACL
- waMetricName :: Lens' WebACL (Maybe Text)
- waName :: Lens' WebACL (Maybe Text)
- waWebACLId :: Lens' WebACL Text
- waDefaultAction :: Lens' WebACL WafAction
- waRules :: Lens' WebACL [ActivatedRule]
- data WebACLSummary
- webACLSummary :: Text -> Text -> WebACLSummary
- wasWebACLId :: Lens' WebACLSummary Text
- wasName :: Lens' WebACLSummary Text
- data WebACLUpdate
- webACLUpdate :: ChangeAction -> ActivatedRule -> WebACLUpdate
- wauAction :: Lens' WebACLUpdate ChangeAction
- wauActivatedRule :: Lens' WebACLUpdate ActivatedRule
- data XSSMatchSet
- xssMatchSet :: Text -> XSSMatchSet
- xmsName :: Lens' XSSMatchSet (Maybe Text)
- xmsXSSMatchSetId :: Lens' XSSMatchSet Text
- xmsXSSMatchTuples :: Lens' XSSMatchSet [XSSMatchTuple]
- data XSSMatchSetSummary
- xssMatchSetSummary :: Text -> Text -> XSSMatchSetSummary
- xmssXSSMatchSetId :: Lens' XSSMatchSetSummary Text
- xmssName :: Lens' XSSMatchSetSummary Text
- data XSSMatchSetUpdate
- xssMatchSetUpdate :: ChangeAction -> XSSMatchTuple -> XSSMatchSetUpdate
- xmsuAction :: Lens' XSSMatchSetUpdate ChangeAction
- xmsuXSSMatchTuple :: Lens' XSSMatchSetUpdate XSSMatchTuple
- data XSSMatchTuple
- xssMatchTuple :: FieldToMatch -> TextTransformation -> XSSMatchTuple
- xmtFieldToMatch :: Lens' XSSMatchTuple FieldToMatch
- xmtTextTransformation :: Lens' XSSMatchTuple TextTransformation
Service Configuration
Errors
_WAFInvalidAccountException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
_WAFSubscriptionNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The specified subscription does not exist.
_WAFReferencedItemException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because you tried to delete an object that is still in use. For example:
- You tried to delete a
ByteMatchSetthat is still referenced by aRule. - You tried to delete a
Rulethat is still referenced by aWebACL.
_WAFInvalidRegexPatternException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The regular expression (regex) you specified in RegexPatternString is invalid.
_WAFInvalidOperationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because there was nothing to do. For example:
- You tried to remove a
Rulefrom aWebACL, but theRuleisn't in the specifiedWebACL. - You tried to remove an IP address from an
IPSet, but the IP address isn't in the specifiedIPSet. - You tried to remove a
ByteMatchTuplefrom aByteMatchSet, but theByteMatchTupleisn't in the specifiedWebACL. - You tried to add a
Ruleto aWebACL, but theRulealready exists in the specifiedWebACL. - You tried to add an IP address to an
IPSet, but the IP address already exists in the specifiedIPSet. - You tried to add a
ByteMatchTupleto aByteMatchSet, but theByteMatchTuplealready exists in the specifiedWebACL.
_WAFNonexistentItemException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because the referenced object doesn't exist.
_WAFInvalidParameterException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because AWS WAF didn't recognize a parameter in the request. For example:
- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet,IPSet,Rule, orWebACL) using an action other thanINSERTorDELETE. - You tried to create a
WebACLwith aDefaultActionTypeother thanALLOW,BLOCK, orCOUNT. - You tried to create a
RateBasedRulewith aRateKeyvalue other thanIP. - You tried to update a
WebACLwith aWafActionTypeother thanALLOW,BLOCK, orCOUNT. - You tried to update a
ByteMatchSetwith aFieldToMatchTypeother than HEADER, METHOD, QUERY_STRING, URI, or BODY. - You tried to update a
ByteMatchSetwith aFieldofHEADERbut no value forData. - Your request references an ARN that is malformed, or corresponds to a resource with which a web ACL cannot be associated.
_WAFLimitsExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation exceeds a resource limit, for example, the maximum number of WebACL objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide .
_WAFInvalidPermissionPolicyException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because the specified policy is not in the proper format.
The policy is subject to the following restrictions:
- You can attach only one policy with each
PutPermissionPolicyrequest. - The policy must include an
Effect,ActionandPrincipal. Effectmust specifyAllow.- The
Actionin the policy must bewaf:UpdateWebACLorwaf-regional:UpdateWebACL. Any extra or wildcard actions in the policy will be rejected. - The policy cannot include a
Resourceparameter. - The ARN in the request must be a valid WAF RuleGroup ARN and the RuleGroup must exist in the same region.
- The user making the request must be the owner of the RuleGroup.
- Your policy must be composed using IAM Policy version 2012-10-17.
_WAFStaleDataException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.
_WAFInternalErrorException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because of a system problem, even though the request was valid. Retry your request.
_WAFNonexistentContainerException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:
- You tried to add a
Ruleto or delete aRulefrom aWebACLthat doesn't exist. - You tried to add a
ByteMatchSetto or delete aByteMatchSetfrom aRulethat doesn't exist. - You tried to add an IP address to or delete an IP address from an
IPSetthat doesn't exist. - You tried to add a
ByteMatchTupleto or delete aByteMatchTuplefrom aByteMatchSetthat doesn't exist.
_WAFDisallowedNameException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The name specified is invalid.
_WAFNonEmptyEntityException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The operation failed because you tried to delete an object that isn't empty. For example:
- You tried to delete a
WebACLthat still contains one or moreRuleobjects. - You tried to delete a
Rulethat still contains one or moreByteMatchSetobjects or other predicates. - You tried to delete a
ByteMatchSetthat contains one or moreByteMatchTupleobjects. - You tried to delete an
IPSetthat references one or more IP addresses.
ChangeAction
data ChangeAction Source #
Instances
ChangeTokenStatus
data ChangeTokenStatus Source #
Constructors
| Insync | |
| Pending | |
| Provisioned |
Instances
ComparisonOperator
data ComparisonOperator Source #
Instances
GeoMatchConstraintType
data GeoMatchConstraintType Source #
Constructors
| Country |
Instances
GeoMatchConstraintValue
data GeoMatchConstraintValue Source #
Constructors
Instances
IPSetDescriptorType
data IPSetDescriptorType Source #
Instances
MatchFieldType
data MatchFieldType Source #
Constructors
| Body | |
| Header | |
| Method | |
| QueryString | |
| URI |
Instances
PositionalConstraint
data PositionalConstraint Source #
Constructors
| Contains | |
| ContainsWord | |
| EndsWith | |
| Exactly | |
| StartsWith |
Instances
PredicateType
data PredicateType Source #
Instances
RateKey
Constructors
| IP |
Instances
TextTransformation
data TextTransformation Source #
Constructors
| CmdLine | |
| CompressWhiteSpace | |
| HTMLEntityDecode | |
| Lowercase | |
| None | |
| URLDecode |
Instances
WafActionType
data WafActionType Source #
Instances
WafOverrideActionType
data WafOverrideActionType Source #
Instances
WafRuleType
data WafRuleType Source #
Instances
ActivatedRule
data ActivatedRule Source #
The ActivatedRule object in an UpdateWebACL request specifies a Rule that you want to insert or delete, the priority of the Rule in the WebACL , and the action that you want AWS WAF to take when a web request matches the Rule (ALLOW , BLOCK , or COUNT ).
To specify whether to insert or delete a Rule , use the Action parameter in the WebACLUpdate data type.
See: activatedRule smart constructor.
Instances
Arguments
| :: Int | |
| -> Text | |
| -> ActivatedRule |
Creates a value of ActivatedRule with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
arOverrideAction- Use theOverrideActionto test yourRuleGroup. Any rule in aRuleGroupcan potentially block a request. If you set theOverrideActiontoNone, theRuleGroupwill block a request if any individual rule in theRuleGroupmatches the request and is configured to block that request. However if you first want to test theRuleGroup, set theOverrideActiontoCount. TheRuleGroupwill then override any block action specified by individual rules contained within the group. Instead of blocking matching requests, those requests will be counted. You can view a record of counted requests usingGetSampledRequests.ActivatedRule|OverrideActionapplies only when updating or adding aRuleGroupto aWebACL. In this case you do not useActivatedRule|Action. For all other update requests,ActivatedRule|Actionis used instead ofActivatedRule|OverrideAction.arAction- Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in theRule. Valid values forActioninclude the following: *ALLOW: CloudFront responds with the requested object. *BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code. *COUNT: AWS WAF increments a counter of requests that match the conditions in the rule and then continues to inspect the web request based on the remaining rules in the web ACL.ActivatedRule|OverrideActionapplies only when updating or adding aRuleGroupto aWebACL. In this case you do not useActivatedRule|Action. For all other update requests,ActivatedRule|Actionis used instead ofActivatedRule|OverrideAction.arType- The rule type, eitherREGULAR, as defined byRule,RATE_BASED, as defined byRateBasedRule, orGROUP, as defined byRuleGroup. The default is REGULAR. Although this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without setting the type, theUpdateWebACLrequest will fail because the request tries to add a REGULAR rule with the specified ID, which does not exist.arPriority- Specifies the order in which theRulesin aWebACLare evaluated. Rules with a lower value forPriorityare evaluated beforeRuleswith a higher value. The value must be a unique integer. If you add multipleRulesto aWebACL, the values don't need to be consecutive.arRuleId- TheRuleIdfor aRule. You useRuleIdto get more information about aRule(seeGetRule), update aRule(seeUpdateRule), insert aRuleinto aWebACLor delete a one from aWebACL(seeUpdateWebACL), or delete aRulefrom AWS WAF (seeDeleteRule).RuleIdis returned byCreateRuleand byListRules.
arOverrideAction :: Lens' ActivatedRule (Maybe WafOverrideAction) Source #
Use the OverrideAction to test your RuleGroup . Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction to None , the RuleGroup will block a request if any individual rule in the RuleGroup matches the request and is configured to block that request. However if you first want to test the RuleGroup , set the OverrideAction to Count . The RuleGroup will then override any block action specified by individual rules contained within the group. Instead of blocking matching requests, those requests will be counted. You can view a record of counted requests using GetSampledRequests . ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a WebACL . In this case you do not use ActivatedRule|Action . For all other update requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction .
arAction :: Lens' ActivatedRule (Maybe WafAction) Source #
Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the Rule . Valid values for Action include the following: * ALLOW : CloudFront responds with the requested object. * BLOCK : CloudFront responds with an HTTP 403 (Forbidden) status code. * COUNT : AWS WAF increments a counter of requests that match the conditions in the rule and then continues to inspect the web request based on the remaining rules in the web ACL. ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a WebACL . In this case you do not use ActivatedRule|Action . For all other update requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction .
arType :: Lens' ActivatedRule (Maybe WafRuleType) Source #
The rule type, either REGULAR , as defined by Rule , RATE_BASED , as defined by RateBasedRule , or GROUP , as defined by RuleGroup . The default is REGULAR. Although this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without setting the type, the UpdateWebACL request will fail because the request tries to add a REGULAR rule with the specified ID, which does not exist.
arPriority :: Lens' ActivatedRule Int Source #
Specifies the order in which the Rules in a WebACL are evaluated. Rules with a lower value for Priority are evaluated before Rules with a higher value. The value must be a unique integer. If you add multiple Rules to a WebACL , the values don't need to be consecutive.
arRuleId :: Lens' ActivatedRule Text Source #
The RuleId for a Rule . You use RuleId to get more information about a Rule (see GetRule ), update a Rule (see UpdateRule ), insert a Rule into a WebACL or delete a one from a WebACL (see UpdateWebACL ), or delete a Rule from AWS WAF (see DeleteRule ). RuleId is returned by CreateRule and by ListRules .
ByteMatchSet
data ByteMatchSet Source #
In a GetByteMatchSet request, ByteMatchSet is a complex type that contains the ByteMatchSetId and Name of a ByteMatchSet , and the values that you specified when you updated the ByteMatchSet .
A complex type that contains ByteMatchTuple objects, which specify the parts of web requests that you want AWS WAF to inspect and the values that you want AWS WAF to search for. If a ByteMatchSet contains more than one ByteMatchTuple object, a request needs to match the settings in only one ByteMatchTuple to be considered a match.
See: byteMatchSet smart constructor.
Instances
Arguments
| :: Text | |
| -> ByteMatchSet |
Creates a value of ByteMatchSet with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
bmsName- A friendly name or description of theByteMatchSet. You can't changeNameafter you create aByteMatchSet.bmsByteMatchSetId- TheByteMatchSetIdfor aByteMatchSet. You useByteMatchSetIdto get information about aByteMatchSet(seeGetByteMatchSet), update aByteMatchSet(seeUpdateByteMatchSet), insert aByteMatchSetinto aRuleor delete one from aRule(seeUpdateRule), and delete aByteMatchSetfrom AWS WAF (seeDeleteByteMatchSet).ByteMatchSetIdis returned byCreateByteMatchSetand byListByteMatchSets.bmsByteMatchTuples- Specifies the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.
bmsName :: Lens' ByteMatchSet (Maybe Text) Source #
A friendly name or description of the ByteMatchSet . You can't change Name after you create a ByteMatchSet .
bmsByteMatchSetId :: Lens' ByteMatchSet Text Source #
The ByteMatchSetId for a ByteMatchSet . You use ByteMatchSetId to get information about a ByteMatchSet (see GetByteMatchSet ), update a ByteMatchSet (see UpdateByteMatchSet ), insert a ByteMatchSet into a Rule or delete one from a Rule (see UpdateRule ), and delete a ByteMatchSet from AWS WAF (see DeleteByteMatchSet ). ByteMatchSetId is returned by CreateByteMatchSet and by ListByteMatchSets .
bmsByteMatchTuples :: Lens' ByteMatchSet [ByteMatchTuple] Source #
Specifies the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.
ByteMatchSetSummary
data ByteMatchSetSummary Source #
Returned by ListByteMatchSets . Each ByteMatchSetSummary object includes the Name and ByteMatchSetId for one ByteMatchSet .
See: byteMatchSetSummary smart constructor.
Instances
Arguments
| :: Text | |
| -> Text | |
| -> ByteMatchSetSummary |
Creates a value of ByteMatchSetSummary with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
bmssByteMatchSetId- TheByteMatchSetIdfor aByteMatchSet. You useByteMatchSetIdto get information about aByteMatchSet, update aByteMatchSet, remove aByteMatchSetfrom aRule, and delete aByteMatchSetfrom AWS WAF.ByteMatchSetIdis returned byCreateByteMatchSetand byListByteMatchSets.bmssName- A friendly name or description of theByteMatchSet. You can't changeNameafter you create aByteMatchSet.
bmssByteMatchSetId :: Lens' ByteMatchSetSummary Text Source #
The ByteMatchSetId for a ByteMatchSet . You use ByteMatchSetId to get information about a ByteMatchSet , update a ByteMatchSet , remove a ByteMatchSet from a Rule , and delete a ByteMatchSet from AWS WAF. ByteMatchSetId is returned by CreateByteMatchSet and by ListByteMatchSets .
bmssName :: Lens' ByteMatchSetSummary Text Source #
A friendly name or description of the ByteMatchSet . You can't change Name after you create a ByteMatchSet .
ByteMatchSetUpdate
data ByteMatchSetUpdate Source #
In an UpdateByteMatchSet request, ByteMatchSetUpdate specifies whether to insert or delete a ByteMatchTuple and includes the settings for the ByteMatchTuple .
See: byteMatchSetUpdate smart constructor.
Instances
Arguments
| :: ChangeAction | |
| -> ByteMatchTuple | |
| -> ByteMatchSetUpdate |
Creates a value of ByteMatchSetUpdate with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
bmsuAction- Specifies whether to insert or delete aByteMatchTuple.bmsuByteMatchTuple- Information about the part of a web request that you want AWS WAF to inspect and the value that you want AWS WAF to search for. If you specifyDELETEfor the value ofAction, theByteMatchTuplevalues must exactly match the values in theByteMatchTuplethat you want to delete from theByteMatchSet.
bmsuAction :: Lens' ByteMatchSetUpdate ChangeAction Source #
Specifies whether to insert or delete a ByteMatchTuple .
bmsuByteMatchTuple :: Lens' ByteMatchSetUpdate ByteMatchTuple Source #
Information about the part of a web request that you want AWS WAF to inspect and the value that you want AWS WAF to search for. If you specify DELETE for the value of Action , the ByteMatchTuple values must exactly match the values in the ByteMatchTuple that you want to delete from the ByteMatchSet .
ByteMatchTuple
data ByteMatchTuple Source #
The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.
See: byteMatchTuple smart constructor.
Instances
Arguments
| :: FieldToMatch | |
| -> ByteString | |
| -> TextTransformation | |
| -> PositionalConstraint | |
| -> ByteMatchTuple |
Creates a value of ByteMatchTuple with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
bmtFieldToMatch- The part of a web request that you want AWS WAF to search, such as a specified header or a query string. For more information, seeFieldToMatch.bmtTargetString- The value that you want AWS WAF to search for. AWS WAF searches for the specified string in the part of web requests that you specified inFieldToMatch. The maximum length of the value is 50 bytes. Valid values depend on the values that you specified forFieldToMatch: *HEADER: The value that you want AWS WAF to search for in the request header that you specified inFieldToMatch, for example, the value of theUser-AgentorRefererheader. *METHOD: The HTTP method, which indicates the type of operation specified in the request. CloudFront supports the following methods:DELETE,GET,HEAD,OPTIONS,PATCH,POST, andPUT. *QUERY_STRING: The value that you want AWS WAF to search for in the query string, which is the part of a URL that appears after a?character. *URI: The value that you want AWS WAF to search for in the part of a URL that identifies a resource, for example,imagesdaily-ad.jpg. *BODY: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first8192bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, seeCreateSizeConstraintSet. IfTargetStringincludes alphabetic characters A-Z and a-z, note that the value is case sensitive. If you're using the AWS WAF API Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 50 bytes. For example, suppose the value ofTypeisHEADERand the value ofDataisUser-Agent. If you want to search theUser-Agentheader for the valueBadBot, you base64-encodeBadBotusing MIME base64 encoding and include the resulting value,QmFkQm90, in the value ofTargetString. If you're using the AWS CLI or one of the AWS SDKs The value that you want AWS WAF to search for. The SDK automatically base64 encodes the value.-- Note: ThisLensautomatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. ThisLensaccepts and returns only raw unencoded data.bmtTextTransformation- Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation onTargetStringbefore inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160COMPRESS_WHITE_SPACEalso replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters.HTML_ENTITY_DECODEperforms the following operations: * Replaces(ampersand)quot;with"* Replaces(ampersand)nbsp;with a non-breaking space, decimal 160 * Replaces(ampersand)lt;with a "less than" symbol * Replaces(ampersand)gt;with>* Replaces characters that are represented in hexadecimal format,(ampersand)#xhhhh;, with the corresponding characters * Replaces characters that are represented in decimal format,(ampersand)#nnnn;, with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE SpecifyNONEif you don't want to perform any text transformations.bmtPositionalConstraint- Within the portion of a web request that you want to search (for example, in the query string, if any), specify where you want AWS WAF to search. Valid values include the following: CONTAINS The specified part of the web request must include the value ofTargetString, but the location doesn't matter. CONTAINS_WORD The specified part of the web request must include the value ofTargetString, andTargetStringmust contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition,TargetStringmust be a word, which means one of the following: *TargetStringexactly matches the value of the specified part of the web request, such as the value of a header. *TargetStringis at the beginning of the specified part of the web request and is followed by a character other than an alphanumeric character or underscore (_), for example,BadBot;. *TargetStringis at the end of the specified part of the web request and is preceded by a character other than an alphanumeric character or underscore (_), for example,;BadBot. *TargetStringis in the middle of the specified part of the web request and is preceded and followed by characters other than alphanumeric characters or underscore (_), for example,-BadBot;. EXACTLY The value of the specified part of the web request must exactly match the value ofTargetString. STARTS_WITH The value ofTargetStringmust appear at the beginning of the specified part of the web request. ENDS_WITH The value ofTargetStringmust appear at the end of the specified part of the web request.
bmtFieldToMatch :: Lens' ByteMatchTuple FieldToMatch Source #
The part of a web request that you want AWS WAF to search, such as a specified header or a query string. For more information, see FieldToMatch .
bmtTargetString :: Lens' ByteMatchTuple ByteString Source #
The value that you want AWS WAF to search for. AWS WAF searches for the specified string in the part of web requests that you specified in FieldToMatch . The maximum length of the value is 50 bytes. Valid values depend on the values that you specified for FieldToMatch : * HEADER : The value that you want AWS WAF to search for in the request header that you specified in FieldToMatch , for example, the value of the User-Agent or Referer header. * METHOD : The HTTP method, which indicates the type of operation specified in the request. CloudFront supports the following methods: DELETE , GET , HEAD , OPTIONS , PATCH , POST , and PUT . * QUERY_STRING : The value that you want AWS WAF to search for in the query string, which is the part of a URL that appears after a ? character. * URI : The value that you want AWS WAF to search for in the part of a URL that identifies a resource, for example, imagesdaily-ad.jpg . * BODY : The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192 bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet . If TargetString includes alphabetic characters A-Z and a-z, note that the value is case sensitive. If you're using the AWS WAF API Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 50 bytes. For example, suppose the value of Type is HEADER and the value of Data is User-Agent . If you want to search the User-Agent header for the value BadBot , you base64-encode BadBot using MIME base64 encoding and include the resulting value, QmFkQm90 , in the value of TargetString . If you're using the AWS CLI or one of the AWS SDKs The value that you want AWS WAF to search for. The SDK automatically base64 encodes the value.-- Note: This Lens automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This Lens accepts and returns only raw unencoded data.
bmtTextTransformation :: Lens' ByteMatchTuple TextTransformation Source #
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on TargetString before inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160 COMPRESS_WHITE_SPACE also replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations: * Replaces (ampersand)quot; with " * Replaces (ampersand)nbsp; with a non-breaking space, decimal 160 * Replaces (ampersand)lt; with a "less than" symbol * Replaces (ampersand)gt; with > * Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh; , with the corresponding characters * Replaces characters that are represented in decimal format, (ampersand)#nnnn; , with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE Specify NONE if you don't want to perform any text transformations.
bmtPositionalConstraint :: Lens' ByteMatchTuple PositionalConstraint Source #
Within the portion of a web request that you want to search (for example, in the query string, if any), specify where you want AWS WAF to search. Valid values include the following: CONTAINS The specified part of the web request must include the value of TargetString , but the location doesn't matter. CONTAINS_WORD The specified part of the web request must include the value of TargetString , and TargetString must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition, TargetString must be a word, which means one of the following: * TargetString exactly matches the value of the specified part of the web request, such as the value of a header. * TargetString is at the beginning of the specified part of the web request and is followed by a character other than an alphanumeric character or underscore (_), for example, BadBot; . * TargetString is at the end of the specified part of the web request and is preceded by a character other than an alphanumeric character or underscore (_), for example, ;BadBot . * TargetString is in the middle of the specified part of the web request and is preceded and followed by characters other than alphanumeric characters or underscore (_), for example, -BadBot; . EXACTLY The value of the specified part of the web request must exactly match the value of TargetString . STARTS_WITH The value of TargetString must appear at the beginning of the specified part of the web request. ENDS_WITH The value of TargetString must appear at the end of the specified part of the web request.
FieldToMatch
data FieldToMatch Source #
Specifies where in a web request to look for TargetString .
See: fieldToMatch smart constructor.
Instances
Arguments
| :: MatchFieldType | |
| -> FieldToMatch |
Creates a value of FieldToMatch with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ftmData- When the value ofTypeisHEADER, enter the name of the header that you want AWS WAF to search, for example,User-AgentorReferer. If the value ofTypeis any other value, omitData. The name of the header is not case sensitive.ftmType- The part of the web request that you want AWS WAF to search for a specified string. Parts of a request that you can search include the following: *HEADER: A specified request header, for example, the value of theUser-AgentorRefererheader. If you chooseHEADERfor the type, specify the name of the header inData. *METHOD: The HTTP method, which indicated the type of operation that the request is asking the origin to perform. Amazon CloudFront supports the following methods:DELETE,GET,HEAD,OPTIONS,PATCH,POST, andPUT. *QUERY_STRING: A query string, which is the part of a URL that appears after a?character, if any. *URI: The part of a web request that identifies a resource, for example,imagesdaily-ad.jpg. *BODY: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first8192bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, seeCreateSizeConstraintSet.
ftmData :: Lens' FieldToMatch (Maybe Text) Source #
When the value of Type is HEADER , enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer . If the value of Type is any other value, omit Data . The name of the header is not case sensitive.
ftmType :: Lens' FieldToMatch MatchFieldType Source #
The part of the web request that you want AWS WAF to search for a specified string. Parts of a request that you can search include the following: * HEADER : A specified request header, for example, the value of the User-Agent or Referer header. If you choose HEADER for the type, specify the name of the header in Data . * METHOD : The HTTP method, which indicated the type of operation that the request is asking the origin to perform. Amazon CloudFront supports the following methods: DELETE , GET , HEAD , OPTIONS , PATCH , POST , and PUT . * QUERY_STRING : A query string, which is the part of a URL that appears after a ? character, if any. * URI : The part of a web request that identifies a resource, for example, imagesdaily-ad.jpg . * BODY : The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192 bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet .
GeoMatchConstraint
data GeoMatchConstraint Source #
The country from which web requests originate that you want AWS WAF to search for.
See: geoMatchConstraint smart constructor.
Instances
Creates a value of GeoMatchConstraint with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gmcType :: Lens' GeoMatchConstraint GeoMatchConstraintType Source #
The type of geographical area you want AWS WAF to search for. Currently Country is the only valid value.
gmcValue :: Lens' GeoMatchConstraint GeoMatchConstraintValue Source #
The country that you want AWS WAF to search for.
GeoMatchSet
data GeoMatchSet Source #
Contains one or more countries that AWS WAF will search for.
See: geoMatchSet smart constructor.
Instances
Arguments
| :: Text | |
| -> GeoMatchSet |
Creates a value of GeoMatchSet with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gmsName- A friendly name or description of theGeoMatchSet. You can't change the name of anGeoMatchSetafter you create it.gmsGeoMatchSetId- TheGeoMatchSetIdfor anGeoMatchSet. You useGeoMatchSetIdto get information about aGeoMatchSet(seeGeoMatchSet), update aGeoMatchSet(seeUpdateGeoMatchSet), insert aGeoMatchSetinto aRuleor delete one from aRule(seeUpdateRule), and delete aGeoMatchSetfrom AWS WAF (seeDeleteGeoMatchSet).GeoMatchSetIdis returned byCreateGeoMatchSetand byListGeoMatchSets.gmsGeoMatchConstraints- An array ofGeoMatchConstraintobjects, which contain the country that you want AWS WAF to search for.
gmsName :: Lens' GeoMatchSet (Maybe Text) Source #
A friendly name or description of the GeoMatchSet . You can't change the name of an GeoMatchSet after you create it.
gmsGeoMatchSetId :: Lens' GeoMatchSet Text Source #
The GeoMatchSetId for an GeoMatchSet . You use GeoMatchSetId to get information about a GeoMatchSet (see GeoMatchSet ), update a GeoMatchSet (see UpdateGeoMatchSet ), insert a GeoMatchSet into a Rule or delete one from a Rule (see UpdateRule ), and delete a GeoMatchSet from AWS WAF (see DeleteGeoMatchSet ). GeoMatchSetId is returned by CreateGeoMatchSet and by ListGeoMatchSets .
gmsGeoMatchConstraints :: Lens' GeoMatchSet [GeoMatchConstraint] Source #
An array of GeoMatchConstraint objects, which contain the country that you want AWS WAF to search for.
GeoMatchSetSummary
data GeoMatchSetSummary Source #
Contains the identifier and the name of the GeoMatchSet .
See: geoMatchSetSummary smart constructor.
Instances
Arguments
| :: Text | |
| -> Text | |
| -> GeoMatchSetSummary |
Creates a value of GeoMatchSetSummary with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gmssGeoMatchSetId- TheGeoMatchSetIdfor anGeoMatchSet. You can useGeoMatchSetIdin aGetGeoMatchSetrequest to get detailed information about anGeoMatchSet.gmssName- A friendly name or description of theGeoMatchSet. You can't change the name of anGeoMatchSetafter you create it.
gmssGeoMatchSetId :: Lens' GeoMatchSetSummary Text Source #
The GeoMatchSetId for an GeoMatchSet . You can use GeoMatchSetId in a GetGeoMatchSet request to get detailed information about an GeoMatchSet .
gmssName :: Lens' GeoMatchSetSummary Text Source #
A friendly name or description of the GeoMatchSet . You can't change the name of an GeoMatchSet after you create it.
GeoMatchSetUpdate
data GeoMatchSetUpdate Source #
Specifies the type of update to perform to an GeoMatchSet with UpdateGeoMatchSet .
See: geoMatchSetUpdate smart constructor.
Instances
Creates a value of GeoMatchSetUpdate with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gmsuAction- Specifies whether to insert or delete a country withUpdateGeoMatchSet.gmsuGeoMatchConstraint- The country from which web requests originate that you want AWS WAF to search for.
gmsuAction :: Lens' GeoMatchSetUpdate ChangeAction Source #
Specifies whether to insert or delete a country with UpdateGeoMatchSet .
gmsuGeoMatchConstraint :: Lens' GeoMatchSetUpdate GeoMatchConstraint Source #
The country from which web requests originate that you want AWS WAF to search for.
HTTPHeader
data HTTPHeader Source #
The response from a GetSampledRequests request includes an HTTPHeader complex type that appears as Headers in the response syntax. HTTPHeader contains the names and values of all of the headers that appear in one of the web requests that were returned by GetSampledRequests .
See: hTTPHeader smart constructor.
Instances
hTTPHeader :: HTTPHeader Source #
Creates a value of HTTPHeader with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
httphValue- The value of one of the headers in the sampled web request.httphName- The name of one of the headers in the sampled web request.
httphValue :: Lens' HTTPHeader (Maybe Text) Source #
The value of one of the headers in the sampled web request.
httphName :: Lens' HTTPHeader (Maybe Text) Source #
The name of one of the headers in the sampled web request.
HTTPRequest
data HTTPRequest Source #
The response from a GetSampledRequests request includes an HTTPRequest complex type that appears as Request in the response syntax. HTTPRequest contains information about one of the web requests that were returned by GetSampledRequests .
See: hTTPRequest smart constructor.
Instances
hTTPRequest :: HTTPRequest Source #
Creates a value of HTTPRequest with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
httprHTTPVersion- The HTTP version specified in the sampled web request, for example,HTTP/1.1.httprCountry- The two-letter country code for the country that the request originated from. For a current list of country codes, see the Wikipedia entry ISO 3166-1 alpha-2 .httprURI- The part of a web request that identifies the resource, for example,imagesdaily-ad.jpg.httprHeaders- A complex type that contains two values for each header in the sampled web request: the name of the header and the value of the header.httprMethod- The HTTP method specified in the sampled web request. CloudFront supports the following methods:DELETE,GET,HEAD,OPTIONS,PATCH,POST, andPUT.httprClientIP- The IP address that the request originated from. If theWebACLis associated with a CloudFront distribution, this is the value of one of the following fields in CloudFront access logs: *c-ip, if the viewer did not use an HTTP proxy or a load balancer to send the request *x-forwarded-for, if the viewer did use an HTTP proxy or a load balancer to send the request
httprHTTPVersion :: Lens' HTTPRequest (Maybe Text) Source #
The HTTP version specified in the sampled web request, for example, HTTP/1.1 .
httprCountry :: Lens' HTTPRequest (Maybe Text) Source #
The two-letter country code for the country that the request originated from. For a current list of country codes, see the Wikipedia entry ISO 3166-1 alpha-2 .
httprURI :: Lens' HTTPRequest (Maybe Text) Source #
The part of a web request that identifies the resource, for example, imagesdaily-ad.jpg .
httprHeaders :: Lens' HTTPRequest [HTTPHeader] Source #
A complex type that contains two values for each header in the sampled web request: the name of the header and the value of the header.
httprMethod :: Lens' HTTPRequest (Maybe Text) Source #
The HTTP method specified in the sampled web request. CloudFront supports the following methods: DELETE , GET , HEAD , OPTIONS , PATCH , POST , and PUT .
httprClientIP :: Lens' HTTPRequest (Maybe Text) Source #
The IP address that the request originated from. If the WebACL is associated with a CloudFront distribution, this is the value of one of the following fields in CloudFront access logs: * c-ip , if the viewer did not use an HTTP proxy or a load balancer to send the request * x-forwarded-for , if the viewer did use an HTTP proxy or a load balancer to send the request
IPSet
Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports 8, 16, 24, and 32 IP address ranges for IPv4, and 24, 32, 48, 56, 64 and 128 for IPv6.
To specify an individual IP address, you specify the four-part IP address followed by a /32 , for example, 192.0.2.031. To block a range of IP addresses, you can specify a @128 , 64 , 56 , 48 , 32 , 24 , 16 , or 8@ CIDR. For more information about CIDR notation, see the Wikipedia entry <https:en.wikipedia.orgwiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing> .
See: ipSet smart constructor.
Instances
| Eq IPSet Source # | |
| Data IPSet Source # | |
Defined in Network.AWS.WAF.Types.Product Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> IPSet -> c IPSet # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c IPSet # dataTypeOf :: IPSet -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c IPSet) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c IPSet) # gmapT :: (forall b. Data b => b -> b) -> IPSet -> IPSet # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> IPSet -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> IPSet -> r # gmapQ :: (forall d. Data d => d -> u) -> IPSet -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> IPSet -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> IPSet -> m IPSet # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> IPSet -> m IPSet # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> IPSet -> m IPSet # | |
| Read IPSet Source # | |
| Show IPSet Source # | |
| Generic IPSet Source # | |
| Hashable IPSet Source # | |
Defined in Network.AWS.WAF.Types.Product | |
| FromJSON IPSet Source # | |
| NFData IPSet Source # | |
Defined in Network.AWS.WAF.Types.Product | |
| type Rep IPSet Source # | |
Defined in Network.AWS.WAF.Types.Product type Rep IPSet = D1 (MetaData "IPSet" "Network.AWS.WAF.Types.Product" "amazonka-waf-1.6.1-AAUMqlxoZ2N3dlHnZE2nzz" False) (C1 (MetaCons "IPSet'" PrefixI True) (S1 (MetaSel (Just "_isName") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)) :*: (S1 (MetaSel (Just "_isIPSetId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text) :*: S1 (MetaSel (Just "_isIPSetDescriptors") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 [IPSetDescriptor])))) | |
Creates a value of IPSet with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
isName- A friendly name or description of theIPSet. You can't change the name of anIPSetafter you create it.isIPSetId- TheIPSetIdfor anIPSet. You useIPSetIdto get information about anIPSet(seeGetIPSet), update anIPSet(seeUpdateIPSet), insert anIPSetinto aRuleor delete one from aRule(seeUpdateRule), and delete anIPSetfrom AWS WAF (seeDeleteIPSet).IPSetIdis returned byCreateIPSetand byListIPSets.isIPSetDescriptors- The IP address type (IPV4orIPV6) and the IP address range (in CIDR notation) that web requests originate from. If theWebACLis associated with a CloudFront distribution and the viewer did not use an HTTP proxy or a load balancer to send the request, this is the value of the c-ip field in the CloudFront access logs.
isName :: Lens' IPSet (Maybe Text) Source #
A friendly name or description of the IPSet . You can't change the name of an IPSet after you create it.
isIPSetId :: Lens' IPSet Text Source #
The IPSetId for an IPSet . You use IPSetId to get information about an IPSet (see GetIPSet ), update an IPSet (see UpdateIPSet ), insert an IPSet into a Rule or delete one from a Rule (see UpdateRule ), and delete an IPSet from AWS WAF (see DeleteIPSet ). IPSetId is returned by CreateIPSet and by ListIPSets .
isIPSetDescriptors :: Lens' IPSet [IPSetDescriptor] Source #
The IP address type (IPV4 or IPV6 ) and the IP address range (in CIDR notation) that web requests originate from. If the WebACL is associated with a CloudFront distribution and the viewer did not use an HTTP proxy or a load balancer to send the request, this is the value of the c-ip field in the CloudFront access logs.
IPSetDescriptor
data IPSetDescriptor Source #
Specifies the IP address type (IPV4 or IPV6 ) and the IP address range (in CIDR format) that web requests originate from.
See: ipSetDescriptor smart constructor.
Instances
Arguments
| :: IPSetDescriptorType | |
| -> Text | |
| -> IPSetDescriptor |
Creates a value of IPSetDescriptor with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
isdType- SpecifyIPV4orIPV6.isdValue- Specify an IPv4 address by using CIDR notation. For example: * To configure AWS WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify192.0.2.44/32. * To configure AWS WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify192.0.2.0/24. For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing . Specify an IPv6 address by using CIDR notation. For example: * To configure AWS WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify1111:0000:0000:0000:0000:0000:0000:0111/128. * To configure AWS WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify1111:0000:0000:0000:0000:0000:0000:0000/64.
isdType :: Lens' IPSetDescriptor IPSetDescriptorType Source #
Specify IPV4 or IPV6 .
isdValue :: Lens' IPSetDescriptor Text Source #
Specify an IPv4 address by using CIDR notation. For example: * To configure AWS WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32 . * To configure AWS WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24 . For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing . Specify an IPv6 address by using CIDR notation. For example: * To configure AWS WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128 . * To configure AWS WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64 .
IPSetSummary
data IPSetSummary Source #
Contains the identifier and the name of the IPSet .
See: ipSetSummary smart constructor.
Instances
Arguments
| :: Text | |
| -> Text | |
| -> IPSetSummary |
Creates a value of IPSetSummary with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
issIPSetId- TheIPSetIdfor anIPSet. You can useIPSetIdin aGetIPSetrequest to get detailed information about anIPSet.issName- A friendly name or description of theIPSet. You can't change the name of anIPSetafter you create it.
issName :: Lens' IPSetSummary Text Source #
A friendly name or description of the IPSet . You can't change the name of an IPSet after you create it.
IPSetUpdate
data IPSetUpdate Source #
Specifies the type of update to perform to an IPSet with UpdateIPSet .
See: ipSetUpdate smart constructor.
Instances
Arguments
| :: ChangeAction | |
| -> IPSetDescriptor | |
| -> IPSetUpdate |
Creates a value of IPSetUpdate with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
isuAction- Specifies whether to insert or delete an IP address withUpdateIPSet.isuIPSetDescriptor- The IP address type (IPV4orIPV6) and the IP address range (in CIDR notation) that web requests originate from.
isuAction :: Lens' IPSetUpdate ChangeAction Source #
Specifies whether to insert or delete an IP address with UpdateIPSet .
isuIPSetDescriptor :: Lens' IPSetUpdate IPSetDescriptor Source #
The IP address type (IPV4 or IPV6 ) and the IP address range (in CIDR notation) that web requests originate from.
Predicate
Specifies the ByteMatchSet , IPSet , SqlInjectionMatchSet , XssMatchSet , RegexMatchSet , GeoMatchSet , and SizeConstraintSet objects that you want to add to a Rule and, for each object, indicates whether you want to negate the settings, for example, requests that do NOT originate from the IP address 192.0.2.44.
See: predicate smart constructor.
Instances
Creates a value of Predicate with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
pNegated- SetNegatedtoFalseif you want AWS WAF to allow, block, or count requests based on the settings in the specifiedByteMatchSet,IPSet,SqlInjectionMatchSet,XssMatchSet,RegexMatchSet,GeoMatchSet, orSizeConstraintSet. For example, if anIPSetincludes the IP address192.0.2.44, AWS WAF will allow or block requests based on that IP address. SetNegatedtoTrueif you want AWS WAF to allow or block a request based on the negation of the settings in theByteMatchSet,IPSet,SqlInjectionMatchSet,XssMatchSet,RegexMatchSet,GeoMatchSet, orSizeConstraintSet. For example, if anIPSetincludes the IP address192.0.2.44, AWS WAF will allow, block, or count requests based on all IP addresses except192.0.2.44.pType- The type of predicate in aRule, such asByteMatchSetorIPSet.pDataId- A unique identifier for a predicate in aRule, such asByteMatchSetIdorIPSetId. The ID is returned by the correspondingCreateorListcommand.
pNegated :: Lens' Predicate Bool Source #
Set Negated to False if you want AWS WAF to allow, block, or count requests based on the settings in the specified ByteMatchSet , IPSet , SqlInjectionMatchSet , XssMatchSet , RegexMatchSet , GeoMatchSet , or SizeConstraintSet . For example, if an IPSet includes the IP address 192.0.2.44 , AWS WAF will allow or block requests based on that IP address. Set Negated to True if you want AWS WAF to allow or block a request based on the negation of the settings in the ByteMatchSet , IPSet , SqlInjectionMatchSet , XssMatchSet , RegexMatchSet , GeoMatchSet , or SizeConstraintSet . For example, if an IPSet includes the IP address 192.0.2.44 , AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44 .
pType :: Lens' Predicate PredicateType Source #
The type of predicate in a Rule , such as ByteMatchSet or IPSet .
pDataId :: Lens' Predicate Text Source #
A unique identifier for a predicate in a Rule , such as ByteMatchSetId or IPSetId . The ID is returned by the corresponding Create or List command.
RateBasedRule
data RateBasedRule Source #
A RateBasedRule is identical to a regular Rule , with one addition: a RateBasedRule counts the number of requests that arrive from a specified IP address every five minutes. For example, based on recent requests that you've seen from an attacker, you might create a RateBasedRule that includes the following conditions:
- The requests come from 192.0.2.44.
- They contain the value
BadBotin theUser-Agentheader.
In the rule, you also define the rate limit as 15,000.
Requests that meet both of these conditions and exceed 15,000 requests every five minutes trigger the rule's action (block or count), which is defined in the web ACL.
See: rateBasedRule smart constructor.
Instances
Arguments
| :: Text | |
| -> RateKey | |
| -> Natural | |
| -> RateBasedRule |
Creates a value of RateBasedRule with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rbrMetricName- A friendly name or description for the metrics for aRateBasedRule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. You can't change the name of the metric after you create theRateBasedRule.rbrName- A friendly name or description for aRateBasedRule. You can't change the name of aRateBasedRuleafter you create it.rbrRuleId- A unique identifier for aRateBasedRule. You useRuleIdto get more information about aRateBasedRule(seeGetRateBasedRule), update aRateBasedRule(seeUpdateRateBasedRule), insert aRateBasedRuleinto aWebACLor delete one from aWebACL(seeUpdateWebACL), or delete aRateBasedRulefrom AWS WAF (seeDeleteRateBasedRule).rbrMatchPredicates- ThePredicatesobject contains onePredicateelement for eachByteMatchSet,IPSet, orSqlInjectionMatchSetobject that you want to include in aRateBasedRule.rbrRateKey- The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring. The only valid value forRateKeyisIP.IPindicates that requests arriving from the same IP address are subject to theRateLimitthat is specified in theRateBasedRule.rbrRateLimit- The maximum number of requests, which have an identical value in the field specified by theRateKey, allowed in a five-minute period. If the number of requests exceeds theRateLimitand the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.
rbrMetricName :: Lens' RateBasedRule (Maybe Text) Source #
A friendly name or description for the metrics for a RateBasedRule . The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. You can't change the name of the metric after you create the RateBasedRule .
rbrName :: Lens' RateBasedRule (Maybe Text) Source #
A friendly name or description for a RateBasedRule . You can't change the name of a RateBasedRule after you create it.
rbrRuleId :: Lens' RateBasedRule Text Source #
A unique identifier for a RateBasedRule . You use RuleId to get more information about a RateBasedRule (see GetRateBasedRule ), update a RateBasedRule (see UpdateRateBasedRule ), insert a RateBasedRule into a WebACL or delete one from a WebACL (see UpdateWebACL ), or delete a RateBasedRule from AWS WAF (see DeleteRateBasedRule ).
rbrMatchPredicates :: Lens' RateBasedRule [Predicate] Source #
The Predicates object contains one Predicate element for each ByteMatchSet , IPSet , or SqlInjectionMatchSet object that you want to include in a RateBasedRule .
rbrRateKey :: Lens' RateBasedRule RateKey Source #
The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring. The only valid value for RateKey is IP . IP indicates that requests arriving from the same IP address are subject to the RateLimit that is specified in the RateBasedRule .
rbrRateLimit :: Lens' RateBasedRule Natural Source #
The maximum number of requests, which have an identical value in the field specified by the RateKey , allowed in a five-minute period. If the number of requests exceeds the RateLimit and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.
RegexMatchSet
data RegexMatchSet Source #
In a GetRegexMatchSet request, RegexMatchSet is a complex type that contains the RegexMatchSetId and Name of a RegexMatchSet , and the values that you specified when you updated the RegexMatchSet .
The values are contained in a RegexMatchTuple object, which specify the parts of web requests that you want AWS WAF to inspect and the values that you want AWS WAF to search for. If a RegexMatchSet contains more than one RegexMatchTuple object, a request needs to match the settings in only one ByteMatchTuple to be considered a match.
See: regexMatchSet smart constructor.
Instances
regexMatchSet :: RegexMatchSet Source #
Creates a value of RegexMatchSet with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rmsName- A friendly name or description of theRegexMatchSet. You can't changeNameafter you create aRegexMatchSet.rmsRegexMatchTuples- Contains an array ofRegexMatchTupleobjects. EachRegexMatchTupleobject contains: * The part of a web request that you want AWS WAF to inspect, such as a query string or the value of theUser-Agentheader. * The identifier of the pattern (a regular expression) that you want AWS WAF to look for. For more information, seeRegexPatternSet. * Whether to perform any conversions on the request, such as converting it to lowercase, before inspecting it for the specified string.rmsRegexMatchSetId- TheRegexMatchSetIdfor aRegexMatchSet. You useRegexMatchSetIdto get information about aRegexMatchSet(seeGetRegexMatchSet), update aRegexMatchSet(seeUpdateRegexMatchSet), insert aRegexMatchSetinto aRuleor delete one from aRule(seeUpdateRule), and delete aRegexMatchSetfrom AWS WAF (seeDeleteRegexMatchSet).RegexMatchSetIdis returned byCreateRegexMatchSetand byListRegexMatchSets.
rmsName :: Lens' RegexMatchSet (Maybe Text) Source #
A friendly name or description of the RegexMatchSet . You can't change Name after you create a RegexMatchSet .
rmsRegexMatchTuples :: Lens' RegexMatchSet [RegexMatchTuple] Source #
Contains an array of RegexMatchTuple objects. Each RegexMatchTuple object contains: * The part of a web request that you want AWS WAF to inspect, such as a query string or the value of the User-Agent header. * The identifier of the pattern (a regular expression) that you want AWS WAF to look for. For more information, see RegexPatternSet . * Whether to perform any conversions on the request, such as converting it to lowercase, before inspecting it for the specified string.
rmsRegexMatchSetId :: Lens' RegexMatchSet (Maybe Text) Source #
The RegexMatchSetId for a RegexMatchSet . You use RegexMatchSetId to get information about a RegexMatchSet (see GetRegexMatchSet ), update a RegexMatchSet (see UpdateRegexMatchSet ), insert a RegexMatchSet into a Rule or delete one from a Rule (see UpdateRule ), and delete a RegexMatchSet from AWS WAF (see DeleteRegexMatchSet ). RegexMatchSetId is returned by CreateRegexMatchSet and by ListRegexMatchSets .
RegexMatchSetSummary
data RegexMatchSetSummary Source #
Returned by ListRegexMatchSets . Each RegexMatchSetSummary object includes the Name and RegexMatchSetId for one RegexMatchSet .
See: regexMatchSetSummary smart constructor.
Instances
Arguments
| :: Text | |
| -> Text | |
| -> RegexMatchSetSummary |
Creates a value of RegexMatchSetSummary with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rmssRegexMatchSetId- TheRegexMatchSetIdfor aRegexMatchSet. You useRegexMatchSetIdto get information about aRegexMatchSet, update aRegexMatchSet, remove aRegexMatchSetfrom aRule, and delete aRegexMatchSetfrom AWS WAF.RegexMatchSetIdis returned byCreateRegexMatchSetand byListRegexMatchSets.rmssName- A friendly name or description of theRegexMatchSet. You can't changeNameafter you create aRegexMatchSet.
rmssRegexMatchSetId :: Lens' RegexMatchSetSummary Text Source #
The RegexMatchSetId for a RegexMatchSet . You use RegexMatchSetId to get information about a RegexMatchSet , update a RegexMatchSet , remove a RegexMatchSet from a Rule , and delete a RegexMatchSet from AWS WAF. RegexMatchSetId is returned by CreateRegexMatchSet and by ListRegexMatchSets .
rmssName :: Lens' RegexMatchSetSummary Text Source #
A friendly name or description of the RegexMatchSet . You can't change Name after you create a RegexMatchSet .
RegexMatchSetUpdate
data RegexMatchSetUpdate Source #
In an UpdateRegexMatchSet request, RegexMatchSetUpdate specifies whether to insert or delete a RegexMatchTuple and includes the settings for the RegexMatchTuple .
See: regexMatchSetUpdate smart constructor.
Instances
Creates a value of RegexMatchSetUpdate with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rmsuAction- Specifies whether to insert or delete aRegexMatchTuple.rmsuRegexMatchTuple- Information about the part of a web request that you want AWS WAF to inspect and the identifier of the regular expression (regex) pattern that you want AWS WAF to search for. If you specifyDELETEfor the value ofAction, theRegexMatchTuplevalues must exactly match the values in theRegexMatchTuplethat you want to delete from theRegexMatchSet.
rmsuAction :: Lens' RegexMatchSetUpdate ChangeAction Source #
Specifies whether to insert or delete a RegexMatchTuple .
rmsuRegexMatchTuple :: Lens' RegexMatchSetUpdate RegexMatchTuple Source #
Information about the part of a web request that you want AWS WAF to inspect and the identifier of the regular expression (regex) pattern that you want AWS WAF to search for. If you specify DELETE for the value of Action , the RegexMatchTuple values must exactly match the values in the RegexMatchTuple that you want to delete from the RegexMatchSet .
RegexMatchTuple
data RegexMatchTuple Source #
The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. Each RegexMatchTuple object contains:
- The part of a web request that you want AWS WAF to inspect, such as a query string or the value of the
User-Agentheader. - The identifier of the pattern (a regular expression) that you want AWS WAF to look for. For more information, see
RegexPatternSet. - Whether to perform any conversions on the request, such as converting it to lowercase, before inspecting it for the specified string.
See: regexMatchTuple smart constructor.
Instances
Arguments
| :: FieldToMatch | |
| -> TextTransformation | |
| -> Text | |
| -> RegexMatchTuple |
Creates a value of RegexMatchTuple with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rmtFieldToMatch- Specifies where in a web request to look for theRegexPatternSet.rmtTextTransformation- Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation onRegexPatternSetbefore inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160COMPRESS_WHITE_SPACEalso replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters.HTML_ENTITY_DECODEperforms the following operations: * Replaces(ampersand)quot;with"* Replaces(ampersand)nbsp;with a non-breaking space, decimal 160 * Replaces(ampersand)lt;with a "less than" symbol * Replaces(ampersand)gt;with>* Replaces characters that are represented in hexadecimal format,(ampersand)#xhhhh;, with the corresponding characters * Replaces characters that are represented in decimal format,(ampersand)#nnnn;, with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE SpecifyNONEif you don't want to perform any text transformations.rmtRegexPatternSetId- TheRegexPatternSetIdfor aRegexPatternSet. You useRegexPatternSetIdto get information about aRegexPatternSet(seeGetRegexPatternSet), update aRegexPatternSet(seeUpdateRegexPatternSet), insert aRegexPatternSetinto aRegexMatchSetor delete one from aRegexMatchSet(seeUpdateRegexMatchSet), and delete anRegexPatternSetfrom AWS WAF (seeDeleteRegexPatternSet).RegexPatternSetIdis returned byCreateRegexPatternSetand byListRegexPatternSets.
rmtFieldToMatch :: Lens' RegexMatchTuple FieldToMatch Source #
Specifies where in a web request to look for the RegexPatternSet .
rmtTextTransformation :: Lens' RegexMatchTuple TextTransformation Source #
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on RegexPatternSet before inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160 COMPRESS_WHITE_SPACE also replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations: * Replaces (ampersand)quot; with " * Replaces (ampersand)nbsp; with a non-breaking space, decimal 160 * Replaces (ampersand)lt; with a "less than" symbol * Replaces (ampersand)gt; with > * Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh; , with the corresponding characters * Replaces characters that are represented in decimal format, (ampersand)#nnnn; , with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE Specify NONE if you don't want to perform any text transformations.
rmtRegexPatternSetId :: Lens' RegexMatchTuple Text Source #
The RegexPatternSetId for a RegexPatternSet . You use RegexPatternSetId to get information about a RegexPatternSet (see GetRegexPatternSet ), update a RegexPatternSet (see UpdateRegexPatternSet ), insert a RegexPatternSet into a RegexMatchSet or delete one from a RegexMatchSet (see UpdateRegexMatchSet ), and delete an RegexPatternSet from AWS WAF (see DeleteRegexPatternSet ). RegexPatternSetId is returned by CreateRegexPatternSet and by ListRegexPatternSets .
RegexPatternSet
data RegexPatternSet Source #
The RegexPatternSet specifies the regular expression (regex) pattern that you want AWS WAF to search for, such as B[a]dB[o0]t@ . You can then configure AWS WAF to reject those requests.
See: regexPatternSet smart constructor.
Instances
Arguments
| :: Text | |
| -> RegexPatternSet |
Creates a value of RegexPatternSet with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rpsName- A friendly name or description of theRegexPatternSet. You can't changeNameafter you create aRegexPatternSet.rpsRegexPatternSetId- The identifier for theRegexPatternSet. You useRegexPatternSetIdto get information about aRegexPatternSet, update aRegexPatternSet, remove aRegexPatternSetfrom aRegexMatchSet, and delete aRegexPatternSetfrom AWS WAF.RegexMatchSetIdis returned byCreateRegexPatternSetand byListRegexPatternSets.rpsRegexPatternStrings- Specifies the regular expression (regex) patterns that you want AWS WAF to search for, such asB[a]dB[o0]t@ .
rpsName :: Lens' RegexPatternSet (Maybe Text) Source #
A friendly name or description of the RegexPatternSet . You can't change Name after you create a RegexPatternSet .
rpsRegexPatternSetId :: Lens' RegexPatternSet Text Source #
The identifier for the RegexPatternSet . You use RegexPatternSetId to get information about a RegexPatternSet , update a RegexPatternSet , remove a RegexPatternSet from a RegexMatchSet , and delete a RegexPatternSet from AWS WAF. RegexMatchSetId is returned by CreateRegexPatternSet and by ListRegexPatternSets .
rpsRegexPatternStrings :: Lens' RegexPatternSet [Text] Source #
Specifies the regular expression (regex) patterns that you want AWS WAF to search for, such as B[a]dB[o0]t@ .
RegexPatternSetSummary
data RegexPatternSetSummary Source #
Returned by ListRegexPatternSets . Each RegexPatternSetSummary object includes the Name and RegexPatternSetId for one RegexPatternSet .
See: regexPatternSetSummary smart constructor.
Instances
regexPatternSetSummary Source #
Arguments
| :: Text | |
| -> Text | |
| -> RegexPatternSetSummary |
Creates a value of RegexPatternSetSummary with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rpssRegexPatternSetId- TheRegexPatternSetIdfor aRegexPatternSet. You useRegexPatternSetIdto get information about aRegexPatternSet, update aRegexPatternSet, remove aRegexPatternSetfrom aRegexMatchSet, and delete aRegexPatternSetfrom AWS WAF.RegexPatternSetIdis returned byCreateRegexPatternSetand byListRegexPatternSets.rpssName- A friendly name or description of theRegexPatternSet. You can't changeNameafter you create aRegexPatternSet.
rpssRegexPatternSetId :: Lens' RegexPatternSetSummary Text Source #
The RegexPatternSetId for a RegexPatternSet . You use RegexPatternSetId to get information about a RegexPatternSet , update a RegexPatternSet , remove a RegexPatternSet from a RegexMatchSet , and delete a RegexPatternSet from AWS WAF. RegexPatternSetId is returned by CreateRegexPatternSet and by ListRegexPatternSets .
rpssName :: Lens' RegexPatternSetSummary Text Source #
A friendly name or description of the RegexPatternSet . You can't change Name after you create a RegexPatternSet .
RegexPatternSetUpdate
data RegexPatternSetUpdate Source #
In an UpdateRegexPatternSet request, RegexPatternSetUpdate specifies whether to insert or delete a RegexPatternString and includes the settings for the RegexPatternString .
See: regexPatternSetUpdate smart constructor.
Instances
regexPatternSetUpdate Source #
Arguments
| :: ChangeAction | |
| -> Text | |
| -> RegexPatternSetUpdate |
Creates a value of RegexPatternSetUpdate with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rpsuAction- Specifies whether to insert or delete aRegexPatternString.rpsuRegexPatternString- Specifies the regular expression (regex) pattern that you want AWS WAF to search for, such asB[a]dB[o0]t@ .
rpsuAction :: Lens' RegexPatternSetUpdate ChangeAction Source #
Specifies whether to insert or delete a RegexPatternString .
rpsuRegexPatternString :: Lens' RegexPatternSetUpdate Text Source #
Specifies the regular expression (regex) pattern that you want AWS WAF to search for, such as B[a]dB[o0]t@ .
Rule
A combination of ByteMatchSet , IPSet , and/or SqlInjectionMatchSet objects that identify the web requests that you want to allow, block, or count. For example, you might create a Rule that includes the following predicates:
- An
IPSetthat causes AWS WAF to search for web requests that originate from the IP address192.0.2.44 - A
ByteMatchSetthat causes AWS WAF to search for web requests for which the value of theUser-Agentheader isBadBot.
To match the settings in this Rule , a request must originate from 192.0.2.44 AND include a User-Agent header for which the value is BadBot .
See: rule smart constructor.
Instances
| Eq Rule Source # | |
| Data Rule Source # | |
Defined in Network.AWS.WAF.Types.Product Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Rule -> c Rule # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Rule # dataTypeOf :: Rule -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c Rule) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Rule) # gmapT :: (forall b. Data b => b -> b) -> Rule -> Rule # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Rule -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Rule -> r # gmapQ :: (forall d. Data d => d -> u) -> Rule -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> Rule -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> Rule -> m Rule # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Rule -> m Rule # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Rule -> m Rule # | |
| Read Rule Source # | |
| Show Rule Source # | |
| Generic Rule Source # | |
| Hashable Rule Source # | |
Defined in Network.AWS.WAF.Types.Product | |
| FromJSON Rule Source # | |
| NFData Rule Source # | |
Defined in Network.AWS.WAF.Types.Product | |
| type Rep Rule Source # | |
Defined in Network.AWS.WAF.Types.Product type Rep Rule = D1 (MetaData "Rule" "Network.AWS.WAF.Types.Product" "amazonka-waf-1.6.1-AAUMqlxoZ2N3dlHnZE2nzz" False) (C1 (MetaCons "Rule'" PrefixI True) ((S1 (MetaSel (Just "_rMetricName") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)) :*: S1 (MetaSel (Just "_rName") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text))) :*: (S1 (MetaSel (Just "_rRuleId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text) :*: S1 (MetaSel (Just "_rPredicates") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 [Predicate])))) | |
Creates a value of Rule with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rMetricName- A friendly name or description for the metrics for thisRule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. You can't changeMetricNameafter you create theRule.rName- The friendly name or description for theRule. You can't change the name of aRuleafter you create it.rRuleId- A unique identifier for aRule. You useRuleIdto get more information about aRule(seeGetRule), update aRule(seeUpdateRule), insert aRuleinto aWebACLor delete a one from aWebACL(seeUpdateWebACL), or delete aRulefrom AWS WAF (seeDeleteRule).RuleIdis returned byCreateRuleand byListRules.rPredicates- ThePredicatesobject contains onePredicateelement for eachByteMatchSet,IPSet, orSqlInjectionMatchSetobject that you want to include in aRule.
rMetricName :: Lens' Rule (Maybe Text) Source #
A friendly name or description for the metrics for this Rule . The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. You can't change MetricName after you create the Rule .
rName :: Lens' Rule (Maybe Text) Source #
The friendly name or description for the Rule . You can't change the name of a Rule after you create it.
rRuleId :: Lens' Rule Text Source #
A unique identifier for a Rule . You use RuleId to get more information about a Rule (see GetRule ), update a Rule (see UpdateRule ), insert a Rule into a WebACL or delete a one from a WebACL (see UpdateWebACL ), or delete a Rule from AWS WAF (see DeleteRule ). RuleId is returned by CreateRule and by ListRules .
rPredicates :: Lens' Rule [Predicate] Source #
The Predicates object contains one Predicate element for each ByteMatchSet , IPSet , or SqlInjectionMatchSet object that you want to include in a Rule .
RuleGroup
A collection of predefined rules that you can add to a web ACL.
Rule groups are subject to the following limits:
- Three rule groups per account. You can request an increase to this limit by contacting customer support.
- One rule group per web ACL.
- Ten rules per rule group.
See: ruleGroup smart constructor.
Instances
| Eq RuleGroup Source # | |
| Data RuleGroup Source # | |
Defined in Network.AWS.WAF.Types.Product Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> RuleGroup -> c RuleGroup # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c RuleGroup # toConstr :: RuleGroup -> Constr # dataTypeOf :: RuleGroup -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c RuleGroup) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c RuleGroup) # gmapT :: (forall b. Data b => b -> b) -> RuleGroup -> RuleGroup # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> RuleGroup -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> RuleGroup -> r # gmapQ :: (forall d. Data d => d -> u) -> RuleGroup -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> RuleGroup -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> RuleGroup -> m RuleGroup # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> RuleGroup -> m RuleGroup # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> RuleGroup -> m RuleGroup # | |
| Read RuleGroup Source # | |
| Show RuleGroup Source # | |
| Generic RuleGroup Source # | |
| Hashable RuleGroup Source # | |
Defined in Network.AWS.WAF.Types.Product | |
| FromJSON RuleGroup Source # | |
| NFData RuleGroup Source # | |
Defined in Network.AWS.WAF.Types.Product | |
| type Rep RuleGroup Source # | |
Defined in Network.AWS.WAF.Types.Product type Rep RuleGroup = D1 (MetaData "RuleGroup" "Network.AWS.WAF.Types.Product" "amazonka-waf-1.6.1-AAUMqlxoZ2N3dlHnZE2nzz" False) (C1 (MetaCons "RuleGroup'" PrefixI True) (S1 (MetaSel (Just "_rgMetricName") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)) :*: (S1 (MetaSel (Just "_rgName") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 (Maybe Text)) :*: S1 (MetaSel (Just "_rgRuleGroupId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text)))) | |
Creates a value of RuleGroup with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rgMetricName- A friendly name or description for the metrics for thisRuleGroup. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. You can't change the name of the metric after you create theRuleGroup.rgName- The friendly name or description for theRuleGroup. You can't change the name of aRuleGroupafter you create it.rgRuleGroupId- A unique identifier for aRuleGroup. You useRuleGroupIdto get more information about aRuleGroup(seeGetRuleGroup), update aRuleGroup(seeUpdateRuleGroup), insert aRuleGroupinto aWebACLor delete a one from aWebACL(seeUpdateWebACL), or delete aRuleGroupfrom AWS WAF (seeDeleteRuleGroup).RuleGroupIdis returned byCreateRuleGroupand byListRuleGroups.
rgMetricName :: Lens' RuleGroup (Maybe Text) Source #
A friendly name or description for the metrics for this RuleGroup . The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. You can't change the name of the metric after you create the RuleGroup .
rgName :: Lens' RuleGroup (Maybe Text) Source #
The friendly name or description for the RuleGroup . You can't change the name of a RuleGroup after you create it.
rgRuleGroupId :: Lens' RuleGroup Text Source #
A unique identifier for a RuleGroup . You use RuleGroupId to get more information about a RuleGroup (see GetRuleGroup ), update a RuleGroup (see UpdateRuleGroup ), insert a RuleGroup into a WebACL or delete a one from a WebACL (see UpdateWebACL ), or delete a RuleGroup from AWS WAF (see DeleteRuleGroup ). RuleGroupId is returned by CreateRuleGroup and by ListRuleGroups .
RuleGroupSummary
data RuleGroupSummary Source #
Contains the identifier and the friendly name or description of the RuleGroup .
See: ruleGroupSummary smart constructor.
Instances
Arguments
| :: Text | |
| -> Text | |
| -> RuleGroupSummary |
Creates a value of RuleGroupSummary with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rgsRuleGroupId- A unique identifier for aRuleGroup. You useRuleGroupIdto get more information about aRuleGroup(seeGetRuleGroup), update aRuleGroup(seeUpdateRuleGroup), insert aRuleGroupinto aWebACLor delete one from aWebACL(seeUpdateWebACL), or delete aRuleGroupfrom AWS WAF (seeDeleteRuleGroup).RuleGroupIdis returned byCreateRuleGroupand byListRuleGroups.rgsName- A friendly name or description of theRuleGroup. You can't change the name of aRuleGroupafter you create it.
rgsRuleGroupId :: Lens' RuleGroupSummary Text Source #
A unique identifier for a RuleGroup . You use RuleGroupId to get more information about a RuleGroup (see GetRuleGroup ), update a RuleGroup (see UpdateRuleGroup ), insert a RuleGroup into a WebACL or delete one from a WebACL (see UpdateWebACL ), or delete a RuleGroup from AWS WAF (see DeleteRuleGroup ). RuleGroupId is returned by CreateRuleGroup and by ListRuleGroups .
rgsName :: Lens' RuleGroupSummary Text Source #
A friendly name or description of the RuleGroup . You can't change the name of a RuleGroup after you create it.
RuleGroupUpdate
data RuleGroupUpdate Source #
Specifies an ActivatedRule and indicates whether you want to add it to a RuleGroup or delete it from a RuleGroup .
See: ruleGroupUpdate smart constructor.
Instances
Arguments
| :: ChangeAction | |
| -> ActivatedRule | |
| -> RuleGroupUpdate |
Creates a value of RuleGroupUpdate with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rguAction- SpecifyINSERTto add anActivatedRuleto aRuleGroup. UseDELETEto remove anActivatedRulefrom aRuleGroup.rguActivatedRule- TheActivatedRuleobject specifies aRulethat you want to insert or delete, the priority of theRulein theWebACL, and the action that you want AWS WAF to take when a web request matches theRule(ALLOW,BLOCK, orCOUNT).
rguAction :: Lens' RuleGroupUpdate ChangeAction Source #
Specify INSERT to add an ActivatedRule to a RuleGroup . Use DELETE to remove an ActivatedRule from a RuleGroup .
rguActivatedRule :: Lens' RuleGroupUpdate ActivatedRule Source #
The ActivatedRule object specifies a Rule that you want to insert or delete, the priority of the Rule in the WebACL , and the action that you want AWS WAF to take when a web request matches the Rule (ALLOW , BLOCK , or COUNT ).
RuleSummary
data RuleSummary Source #
Contains the identifier and the friendly name or description of the Rule .
See: ruleSummary smart constructor.
Instances
Arguments
| :: Text | |
| -> Text | |
| -> RuleSummary |
Creates a value of RuleSummary with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
rsRuleId- A unique identifier for aRule. You useRuleIdto get more information about aRule(seeGetRule), update aRule(seeUpdateRule), insert aRuleinto aWebACLor delete one from aWebACL(seeUpdateWebACL), or delete aRulefrom AWS WAF (seeDeleteRule).RuleIdis returned byCreateRuleand byListRules.rsName- A friendly name or description of theRule. You can't change the name of aRuleafter you create it.
rsRuleId :: Lens' RuleSummary Text Source #
A unique identifier for a Rule . You use RuleId to get more information about a Rule (see GetRule ), update a Rule (see UpdateRule ), insert a Rule into a WebACL or delete one from a WebACL (see UpdateWebACL ), or delete a Rule from AWS WAF (see DeleteRule ). RuleId is returned by CreateRule and by ListRules .
rsName :: Lens' RuleSummary Text Source #
A friendly name or description of the Rule . You can't change the name of a Rule after you create it.
RuleUpdate
data RuleUpdate Source #
Specifies a Predicate (such as an IPSet ) and indicates whether you want to add it to a Rule or delete it from a Rule .
See: ruleUpdate smart constructor.
Instances
Arguments
| :: ChangeAction | |
| -> Predicate | |
| -> RuleUpdate |
Creates a value of RuleUpdate with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
ruAction- SpecifyINSERTto add aPredicateto aRule. UseDELETEto remove aPredicatefrom aRule.ruPredicate- The ID of thePredicate(such as anIPSet) that you want to add to aRule.
ruAction :: Lens' RuleUpdate ChangeAction Source #
Specify INSERT to add a Predicate to a Rule . Use DELETE to remove a Predicate from a Rule .
ruPredicate :: Lens' RuleUpdate Predicate Source #
The ID of the Predicate (such as an IPSet ) that you want to add to a Rule .
SampledHTTPRequest
data SampledHTTPRequest Source #
The response from a GetSampledRequests request includes a SampledHTTPRequests complex type that appears as SampledRequests in the response syntax. SampledHTTPRequests contains one SampledHTTPRequest object for each web request that is returned by GetSampledRequests .
See: sampledHTTPRequest smart constructor.
Instances
Arguments
| :: HTTPRequest | |
| -> Natural | |
| -> SampledHTTPRequest |
Creates a value of SampledHTTPRequest with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
shttprRuleWithinRuleGroup- This value is returned if theGetSampledRequestsrequest specifies the ID of aRuleGrouprather than the ID of an individual rule.RuleWithinRuleGroupis the rule within the specifiedRuleGroupthat matched the request listed in the response.shttprAction- The action for theRulethat the request matched:ALLOW,BLOCK, orCOUNT.shttprTimestamp- The time at which AWS WAF received the request from your AWS resource, in Unix time format (in seconds).shttprRequest- A complex type that contains detailed information about the request.shttprWeight- A value that indicates how one result in the response relates proportionally to other results in the response. A result that has a weight of2represents roughly twice as many CloudFront web requests as a result that has a weight of1.
shttprRuleWithinRuleGroup :: Lens' SampledHTTPRequest (Maybe Text) Source #
This value is returned if the GetSampledRequests request specifies the ID of a RuleGroup rather than the ID of an individual rule. RuleWithinRuleGroup is the rule within the specified RuleGroup that matched the request listed in the response.
shttprAction :: Lens' SampledHTTPRequest (Maybe Text) Source #
The action for the Rule that the request matched: ALLOW , BLOCK , or COUNT .
shttprTimestamp :: Lens' SampledHTTPRequest (Maybe UTCTime) Source #
The time at which AWS WAF received the request from your AWS resource, in Unix time format (in seconds).
shttprRequest :: Lens' SampledHTTPRequest HTTPRequest Source #
A complex type that contains detailed information about the request.
shttprWeight :: Lens' SampledHTTPRequest Natural Source #
A value that indicates how one result in the response relates proportionally to other results in the response. A result that has a weight of 2 represents roughly twice as many CloudFront web requests as a result that has a weight of 1 .
SizeConstraint
data SizeConstraint Source #
Specifies a constraint on the size of a part of the web request. AWS WAF uses the Size , ComparisonOperator , and FieldToMatch to build an expression in the form of "Size ComparisonOperator size in bytes of FieldToMatch ". If that expression is true, the SizeConstraint is considered to match.
See: sizeConstraint smart constructor.
Instances
Arguments
| :: FieldToMatch | |
| -> TextTransformation | |
| -> ComparisonOperator | |
| -> Natural | |
| -> SizeConstraint |
Creates a value of SizeConstraint with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
scFieldToMatch- Specifies where in a web request to look for the size constraint.scTextTransformation- Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation onFieldToMatchbefore inspecting a request for a match. Note that if you chooseBODYfor the value ofType, you must chooseNONEforTextTransformationbecause CloudFront forwards only the first 8192 bytes for inspection. NONE SpecifyNONEif you don't want to perform any text transformations. CMD_LINE When you're concerned that attackers are injecting an operating system command line command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160COMPRESS_WHITE_SPACEalso replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters.HTML_ENTITY_DECODEperforms the following operations: * Replaces(ampersand)quot;with"* Replaces(ampersand)nbsp;with a non-breaking space, decimal 160 * Replaces(ampersand)lt;with a "less than" symbol * Replaces(ampersand)gt;with>* Replaces characters that are represented in hexadecimal format,(ampersand)#xhhhh;, with the corresponding characters * Replaces characters that are represented in decimal format,(ampersand)#nnnn;, with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value.scComparisonOperator- The type of comparison you want AWS WAF to perform. AWS WAF uses this in combination with the providedSizeandFieldToMatchto build an expression in the form of "SizeComparisonOperatorsize in bytes ofFieldToMatch". If that expression is true, theSizeConstraintis considered to match. EQ : Used to test if theSizeis equal to the size of theFieldToMatchNE : Used to test if theSizeis not equal to the size of theFieldToMatchLE : Used to test if theSizeis less than or equal to the size of theFieldToMatchLT : Used to test if theSizeis strictly less than the size of theFieldToMatchGE : Used to test if theSizeis greater than or equal to the size of theFieldToMatchGT : Used to test if theSizeis strictly greater than the size of theFieldToMatchscSize- The size in bytes that you want AWS WAF to compare against the size of the specifiedFieldToMatch. AWS WAF uses this in combination withComparisonOperatorandFieldToMatchto build an expression in the form of "SizeComparisonOperatorsize in bytes ofFieldToMatch". If that expression is true, theSizeConstraintis considered to match. Valid values for size are 0 - 21474836480 bytes (0 - 20 GB). If you specifyURIfor the value ofType, the in the URI counts as one character. For example, the URI @logo.jpg@ is nine characters long.
scFieldToMatch :: Lens' SizeConstraint FieldToMatch Source #
Specifies where in a web request to look for the size constraint.
scTextTransformation :: Lens' SizeConstraint TextTransformation Source #
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch before inspecting a request for a match. Note that if you choose BODY for the value of Type , you must choose NONE for TextTransformation because CloudFront forwards only the first 8192 bytes for inspection. NONE Specify NONE if you don't want to perform any text transformations. CMD_LINE When you're concerned that attackers are injecting an operating system command line command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160 COMPRESS_WHITE_SPACE also replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations: * Replaces (ampersand)quot; with " * Replaces (ampersand)nbsp; with a non-breaking space, decimal 160 * Replaces (ampersand)lt; with a "less than" symbol * Replaces (ampersand)gt; with > * Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh; , with the corresponding characters * Replaces characters that are represented in decimal format, (ampersand)#nnnn; , with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value.
scComparisonOperator :: Lens' SizeConstraint ComparisonOperator Source #
The type of comparison you want AWS WAF to perform. AWS WAF uses this in combination with the provided Size and FieldToMatch to build an expression in the form of "Size ComparisonOperator size in bytes of FieldToMatch ". If that expression is true, the SizeConstraint is considered to match. EQ : Used to test if the Size is equal to the size of the FieldToMatch NE : Used to test if the Size is not equal to the size of the FieldToMatch LE : Used to test if the Size is less than or equal to the size of the FieldToMatch LT : Used to test if the Size is strictly less than the size of the FieldToMatch GE : Used to test if the Size is greater than or equal to the size of the FieldToMatch GT : Used to test if the Size is strictly greater than the size of the FieldToMatch
scSize :: Lens' SizeConstraint Natural Source #
The size in bytes that you want AWS WAF to compare against the size of the specified FieldToMatch . AWS WAF uses this in combination with ComparisonOperator and FieldToMatch to build an expression in the form of "Size ComparisonOperator size in bytes of FieldToMatch ". If that expression is true, the SizeConstraint is considered to match. Valid values for size are 0 - 21474836480 bytes (0 - 20 GB). If you specify URI for the value of Type , the in the URI counts as one character. For example, the URI @logo.jpg@ is nine characters long.
SizeConstraintSet
data SizeConstraintSet Source #
A complex type that contains SizeConstraint objects, which specify the parts of web requests that you want AWS WAF to inspect the size of. If a SizeConstraintSet contains more than one SizeConstraint object, a request only needs to match one constraint to be considered a match.
See: sizeConstraintSet smart constructor.
Instances
Arguments
| :: Text | |
| -> SizeConstraintSet |
Creates a value of SizeConstraintSet with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
scsName- The name, if any, of theSizeConstraintSet.scsSizeConstraintSetId- A unique identifier for aSizeConstraintSet. You useSizeConstraintSetIdto get information about aSizeConstraintSet(seeGetSizeConstraintSet), update aSizeConstraintSet(seeUpdateSizeConstraintSet), insert aSizeConstraintSetinto aRuleor delete one from aRule(seeUpdateRule), and delete aSizeConstraintSetfrom AWS WAF (seeDeleteSizeConstraintSet).SizeConstraintSetIdis returned byCreateSizeConstraintSetand byListSizeConstraintSets.scsSizeConstraints- Specifies the parts of web requests that you want to inspect the size of.
scsName :: Lens' SizeConstraintSet (Maybe Text) Source #
The name, if any, of the SizeConstraintSet .
scsSizeConstraintSetId :: Lens' SizeConstraintSet Text Source #
A unique identifier for a SizeConstraintSet . You use SizeConstraintSetId to get information about a SizeConstraintSet (see GetSizeConstraintSet ), update a SizeConstraintSet (see UpdateSizeConstraintSet ), insert a SizeConstraintSet into a Rule or delete one from a Rule (see UpdateRule ), and delete a SizeConstraintSet from AWS WAF (see DeleteSizeConstraintSet ). SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets .
scsSizeConstraints :: Lens' SizeConstraintSet [SizeConstraint] Source #
Specifies the parts of web requests that you want to inspect the size of.
SizeConstraintSetSummary
data SizeConstraintSetSummary Source #
The Id and Name of a SizeConstraintSet .
See: sizeConstraintSetSummary smart constructor.
Instances
sizeConstraintSetSummary Source #
Arguments
| :: Text | |
| -> Text | |
| -> SizeConstraintSetSummary |
Creates a value of SizeConstraintSetSummary with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
scssSizeConstraintSetId- A unique identifier for aSizeConstraintSet. You useSizeConstraintSetIdto get information about aSizeConstraintSet(seeGetSizeConstraintSet), update aSizeConstraintSet(seeUpdateSizeConstraintSet), insert aSizeConstraintSetinto aRuleor delete one from aRule(seeUpdateRule), and delete aSizeConstraintSetfrom AWS WAF (seeDeleteSizeConstraintSet).SizeConstraintSetIdis returned byCreateSizeConstraintSetand byListSizeConstraintSets.scssName- The name of theSizeConstraintSet, if any.
scssSizeConstraintSetId :: Lens' SizeConstraintSetSummary Text Source #
A unique identifier for a SizeConstraintSet . You use SizeConstraintSetId to get information about a SizeConstraintSet (see GetSizeConstraintSet ), update a SizeConstraintSet (see UpdateSizeConstraintSet ), insert a SizeConstraintSet into a Rule or delete one from a Rule (see UpdateRule ), and delete a SizeConstraintSet from AWS WAF (see DeleteSizeConstraintSet ). SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets .
SizeConstraintSetUpdate
data SizeConstraintSetUpdate Source #
Specifies the part of a web request that you want to inspect the size of and indicates whether you want to add the specification to a SizeConstraintSet or delete it from a SizeConstraintSet .
See: sizeConstraintSetUpdate smart constructor.
Instances
sizeConstraintSetUpdate Source #
Creates a value of SizeConstraintSetUpdate with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
scsuAction- SpecifyINSERTto add aSizeConstraintSetUpdateto aSizeConstraintSet. UseDELETEto remove aSizeConstraintSetUpdatefrom aSizeConstraintSet.scsuSizeConstraint- Specifies a constraint on the size of a part of the web request. AWS WAF uses theSize,ComparisonOperator, andFieldToMatchto build an expression in the form of "SizeComparisonOperatorsize in bytes ofFieldToMatch". If that expression is true, theSizeConstraintis considered to match.
scsuAction :: Lens' SizeConstraintSetUpdate ChangeAction Source #
Specify INSERT to add a SizeConstraintSetUpdate to a SizeConstraintSet . Use DELETE to remove a SizeConstraintSetUpdate from a SizeConstraintSet .
scsuSizeConstraint :: Lens' SizeConstraintSetUpdate SizeConstraint Source #
Specifies a constraint on the size of a part of the web request. AWS WAF uses the Size , ComparisonOperator , and FieldToMatch to build an expression in the form of "Size ComparisonOperator size in bytes of FieldToMatch ". If that expression is true, the SizeConstraint is considered to match.
SqlInjectionMatchSet
data SqlInjectionMatchSet Source #
A complex type that contains SqlInjectionMatchTuple objects, which specify the parts of web requests that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. If a SqlInjectionMatchSet contains more than one SqlInjectionMatchTuple object, a request needs to include snippets of SQL code in only one of the specified parts of the request to be considered a match.
See: sqlInjectionMatchSet smart constructor.
Instances
Arguments
| :: Text | |
| -> SqlInjectionMatchSet |
Creates a value of SqlInjectionMatchSet with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
simsName- The name, if any, of theSqlInjectionMatchSet.simsSqlInjectionMatchSetId- A unique identifier for aSqlInjectionMatchSet. You useSqlInjectionMatchSetIdto get information about aSqlInjectionMatchSet(seeGetSqlInjectionMatchSet), update aSqlInjectionMatchSet(seeUpdateSqlInjectionMatchSet), insert aSqlInjectionMatchSetinto aRuleor delete one from aRule(seeUpdateRule), and delete aSqlInjectionMatchSetfrom AWS WAF (seeDeleteSqlInjectionMatchSet).SqlInjectionMatchSetIdis returned byCreateSqlInjectionMatchSetand byListSqlInjectionMatchSets.simsSqlInjectionMatchTuples- Specifies the parts of web requests that you want to inspect for snippets of malicious SQL code.
simsName :: Lens' SqlInjectionMatchSet (Maybe Text) Source #
The name, if any, of the SqlInjectionMatchSet .
simsSqlInjectionMatchSetId :: Lens' SqlInjectionMatchSet Text Source #
A unique identifier for a SqlInjectionMatchSet . You use SqlInjectionMatchSetId to get information about a SqlInjectionMatchSet (see GetSqlInjectionMatchSet ), update a SqlInjectionMatchSet (see UpdateSqlInjectionMatchSet ), insert a SqlInjectionMatchSet into a Rule or delete one from a Rule (see UpdateRule ), and delete a SqlInjectionMatchSet from AWS WAF (see DeleteSqlInjectionMatchSet ). SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets .
simsSqlInjectionMatchTuples :: Lens' SqlInjectionMatchSet [SqlInjectionMatchTuple] Source #
Specifies the parts of web requests that you want to inspect for snippets of malicious SQL code.
SqlInjectionMatchSetSummary
data SqlInjectionMatchSetSummary Source #
The Id and Name of a SqlInjectionMatchSet .
See: sqlInjectionMatchSetSummary smart constructor.
Instances
sqlInjectionMatchSetSummary Source #
Arguments
| :: Text | |
| -> Text | |
| -> SqlInjectionMatchSetSummary |
Creates a value of SqlInjectionMatchSetSummary with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
simssSqlInjectionMatchSetId- A unique identifier for aSqlInjectionMatchSet. You useSqlInjectionMatchSetIdto get information about aSqlInjectionMatchSet(seeGetSqlInjectionMatchSet), update aSqlInjectionMatchSet(seeUpdateSqlInjectionMatchSet), insert aSqlInjectionMatchSetinto aRuleor delete one from aRule(seeUpdateRule), and delete aSqlInjectionMatchSetfrom AWS WAF (seeDeleteSqlInjectionMatchSet).SqlInjectionMatchSetIdis returned byCreateSqlInjectionMatchSetand byListSqlInjectionMatchSets.simssName- The name of theSqlInjectionMatchSet, if any, specified byId.
simssSqlInjectionMatchSetId :: Lens' SqlInjectionMatchSetSummary Text Source #
A unique identifier for a SqlInjectionMatchSet . You use SqlInjectionMatchSetId to get information about a SqlInjectionMatchSet (see GetSqlInjectionMatchSet ), update a SqlInjectionMatchSet (see UpdateSqlInjectionMatchSet ), insert a SqlInjectionMatchSet into a Rule or delete one from a Rule (see UpdateRule ), and delete a SqlInjectionMatchSet from AWS WAF (see DeleteSqlInjectionMatchSet ). SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets .
simssName :: Lens' SqlInjectionMatchSetSummary Text Source #
The name of the SqlInjectionMatchSet , if any, specified by Id .
SqlInjectionMatchSetUpdate
data SqlInjectionMatchSetUpdate Source #
Specifies the part of a web request that you want to inspect for snippets of malicious SQL code and indicates whether you want to add the specification to a SqlInjectionMatchSet or delete it from a SqlInjectionMatchSet .
See: sqlInjectionMatchSetUpdate smart constructor.
Instances
sqlInjectionMatchSetUpdate Source #
Arguments
| :: ChangeAction | |
| -> SqlInjectionMatchTuple | |
| -> SqlInjectionMatchSetUpdate |
Creates a value of SqlInjectionMatchSetUpdate with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
simsuAction- SpecifyINSERTto add aSqlInjectionMatchSetUpdateto aSqlInjectionMatchSet. UseDELETEto remove aSqlInjectionMatchSetUpdatefrom aSqlInjectionMatchSet.simsuSqlInjectionMatchTuple- Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.
simsuAction :: Lens' SqlInjectionMatchSetUpdate ChangeAction Source #
Specify INSERT to add a SqlInjectionMatchSetUpdate to a SqlInjectionMatchSet . Use DELETE to remove a SqlInjectionMatchSetUpdate from a SqlInjectionMatchSet .
simsuSqlInjectionMatchTuple :: Lens' SqlInjectionMatchSetUpdate SqlInjectionMatchTuple Source #
Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.
SqlInjectionMatchTuple
data SqlInjectionMatchTuple Source #
Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.
See: sqlInjectionMatchTuple smart constructor.
Instances
sqlInjectionMatchTuple Source #
Arguments
| :: FieldToMatch | |
| -> TextTransformation | |
| -> SqlInjectionMatchTuple |
Creates a value of SqlInjectionMatchTuple with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
simtFieldToMatch- Specifies where in a web request to look for snippets of malicious SQL code.simtTextTransformation- Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation onFieldToMatchbefore inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160COMPRESS_WHITE_SPACEalso replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters.HTML_ENTITY_DECODEperforms the following operations: * Replaces(ampersand)quot;with"* Replaces(ampersand)nbsp;with a non-breaking space, decimal 160 * Replaces(ampersand)lt;with a "less than" symbol * Replaces(ampersand)gt;with>* Replaces characters that are represented in hexadecimal format,(ampersand)#xhhhh;, with the corresponding characters * Replaces characters that are represented in decimal format,(ampersand)#nnnn;, with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE SpecifyNONEif you don't want to perform any text transformations.
simtFieldToMatch :: Lens' SqlInjectionMatchTuple FieldToMatch Source #
Specifies where in a web request to look for snippets of malicious SQL code.
simtTextTransformation :: Lens' SqlInjectionMatchTuple TextTransformation Source #
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch before inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160 COMPRESS_WHITE_SPACE also replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations: * Replaces (ampersand)quot; with " * Replaces (ampersand)nbsp; with a non-breaking space, decimal 160 * Replaces (ampersand)lt; with a "less than" symbol * Replaces (ampersand)gt; with > * Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh; , with the corresponding characters * Replaces characters that are represented in decimal format, (ampersand)#nnnn; , with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE Specify NONE if you don't want to perform any text transformations.
SubscribedRuleGroupSummary
data SubscribedRuleGroupSummary Source #
A summary of the rule groups you are subscribed to.
See: subscribedRuleGroupSummary smart constructor.
Instances
subscribedRuleGroupSummary Source #
Arguments
| :: Text | |
| -> Text | |
| -> Text | |
| -> SubscribedRuleGroupSummary |
Creates a value of SubscribedRuleGroupSummary with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
srgsRuleGroupId- A unique identifier for aRuleGroup.srgsName- A friendly name or description of theRuleGroup. You can't change the name of aRuleGroupafter you create it.srgsMetricName- A friendly name or description for the metrics for thisRuleGroup. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. You can't change the name of the metric after you create theRuleGroup.
srgsRuleGroupId :: Lens' SubscribedRuleGroupSummary Text Source #
A unique identifier for a RuleGroup .
srgsName :: Lens' SubscribedRuleGroupSummary Text Source #
A friendly name or description of the RuleGroup . You can't change the name of a RuleGroup after you create it.
srgsMetricName :: Lens' SubscribedRuleGroupSummary Text Source #
A friendly name or description for the metrics for this RuleGroup . The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. You can't change the name of the metric after you create the RuleGroup .
TimeWindow
data TimeWindow Source #
In a GetSampledRequests request, the StartTime and EndTime objects specify the time range for which you want AWS WAF to return a sample of web requests.
In a GetSampledRequests response, the StartTime and EndTime objects specify the time range for which AWS WAF actually returned a sample of web requests. AWS WAF gets the specified number of requests from among the first 5,000 requests that your AWS resource receives during the specified time period. If your resource receives more than 5,000 requests during that period, AWS WAF stops sampling after the 5,000th request. In that case, EndTime is the time that AWS WAF received the 5,000th request.
See: timeWindow smart constructor.
Instances
Arguments
| :: UTCTime | |
| -> UTCTime | |
| -> TimeWindow |
Creates a value of TimeWindow with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
twStartTime- The beginning of the time range from which you wantGetSampledRequeststo return a sample of the requests that your AWS resource received. Specify the date and time in the following format:"2016-09-27T14:50Z". You can specify any time range in the previous three hours.twEndTime- The end of the time range from which you wantGetSampledRequeststo return a sample of the requests that your AWS resource received. Specify the date and time in the following format:"2016-09-27T14:50Z". You can specify any time range in the previous three hours.
twStartTime :: Lens' TimeWindow UTCTime Source #
The beginning of the time range from which you want GetSampledRequests to return a sample of the requests that your AWS resource received. Specify the date and time in the following format: "2016-09-27T14:50Z" . You can specify any time range in the previous three hours.
twEndTime :: Lens' TimeWindow UTCTime Source #
The end of the time range from which you want GetSampledRequests to return a sample of the requests that your AWS resource received. Specify the date and time in the following format: "2016-09-27T14:50Z" . You can specify any time range in the previous three hours.
WafAction
For the action that is associated with a rule in a WebACL , specifies the action that you want AWS WAF to perform when a web request matches all of the conditions in a rule. For the default action in a WebACL , specifies the action that you want AWS WAF to take when a web request doesn't match all of the conditions in any of the rules in a WebACL .
See: wafAction smart constructor.
Instances
| Eq WafAction Source # | |
| Data WafAction Source # | |
Defined in Network.AWS.WAF.Types.Product Methods gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> WafAction -> c WafAction # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c WafAction # toConstr :: WafAction -> Constr # dataTypeOf :: WafAction -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c WafAction) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c WafAction) # gmapT :: (forall b. Data b => b -> b) -> WafAction -> WafAction # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> WafAction -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> WafAction -> r # gmapQ :: (forall d. Data d => d -> u) -> WafAction -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> WafAction -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> WafAction -> m WafAction # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> WafAction -> m WafAction # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> WafAction -> m WafAction # | |
| Read WafAction Source # | |
| Show WafAction Source # | |
| Generic WafAction Source # | |
| Hashable WafAction Source # | |
Defined in Network.AWS.WAF.Types.Product | |
| ToJSON WafAction Source # | |
Defined in Network.AWS.WAF.Types.Product | |
| FromJSON WafAction Source # | |
| NFData WafAction Source # | |
Defined in Network.AWS.WAF.Types.Product | |
| type Rep WafAction Source # | |
Defined in Network.AWS.WAF.Types.Product type Rep WafAction = D1 (MetaData "WafAction" "Network.AWS.WAF.Types.Product" "amazonka-waf-1.6.1-AAUMqlxoZ2N3dlHnZE2nzz" True) (C1 (MetaCons "WafAction'" PrefixI True) (S1 (MetaSel (Just "_waType") NoSourceUnpackedness NoSourceStrictness DecidedLazy) (Rec0 WafActionType))) | |
Arguments
| :: WafActionType | |
| -> WafAction |
Creates a value of WafAction with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
waType- Specifies how you want AWS WAF to respond to requests that match the settings in aRule. Valid settings include the following: *ALLOW: AWS WAF allows requests *BLOCK: AWS WAF blocks requests *COUNT: AWS WAF increments a counter of the requests that match all of the conditions in the rule. AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specifyCOUNTfor the default action for aWebACL.
waType :: Lens' WafAction WafActionType Source #
Specifies how you want AWS WAF to respond to requests that match the settings in a Rule . Valid settings include the following: * ALLOW : AWS WAF allows requests * BLOCK : AWS WAF blocks requests * COUNT : AWS WAF increments a counter of the requests that match all of the conditions in the rule. AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specify COUNT for the default action for a WebACL .
WafOverrideAction
data WafOverrideAction Source #
The action to take if any rule within the RuleGroup matches a request.
See: wafOverrideAction smart constructor.
Instances
Arguments
| :: WafOverrideActionType | |
| -> WafOverrideAction |
Creates a value of WafOverrideAction with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
woaType-COUNToverrides the action specified by the individual rule within aRuleGroup. If set toNONE, the rule's action will take place.
woaType :: Lens' WafOverrideAction WafOverrideActionType Source #
COUNT overrides the action specified by the individual rule within a RuleGroup . If set to NONE , the rule's action will take place.
WebACL
Contains the Rules that identify the requests that you want to allow, block, or count. In a WebACL , you also specify a default action (ALLOW or BLOCK ), and the action for each Rule that you add to a WebACL , for example, block requests from specified IP addresses or block requests from specified referrers. You also associate the WebACL with a CloudFront distribution to identify the requests that you want AWS WAF to filter. If you add more than one Rule to a WebACL , a request needs to match only one of the specifications to be allowed, blocked, or counted. For more information, see UpdateWebACL .
See: webACL smart constructor.
Instances
Creates a value of WebACL with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
waMetricName- A friendly name or description for the metrics for thisWebACL. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. You can't changeMetricNameafter you create theWebACL.waName- A friendly name or description of theWebACL. You can't change the name of aWebACLafter you create it.waWebACLId- A unique identifier for aWebACL. You useWebACLIdto get information about aWebACL(seeGetWebACL), update aWebACL(seeUpdateWebACL), and delete aWebACLfrom AWS WAF (seeDeleteWebACL).WebACLIdis returned byCreateWebACLand byListWebACLs.waDefaultAction- The action to perform if none of theRulescontained in theWebACLmatch. The action is specified by theWafActionobject.waRules- An array that contains the action for eachRulein aWebACL, the priority of theRule, and the ID of theRule.
waMetricName :: Lens' WebACL (Maybe Text) Source #
A friendly name or description for the metrics for this WebACL . The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. You can't change MetricName after you create the WebACL .
waName :: Lens' WebACL (Maybe Text) Source #
A friendly name or description of the WebACL . You can't change the name of a WebACL after you create it.
waWebACLId :: Lens' WebACL Text Source #
A unique identifier for a WebACL . You use WebACLId to get information about a WebACL (see GetWebACL ), update a WebACL (see UpdateWebACL ), and delete a WebACL from AWS WAF (see DeleteWebACL ). WebACLId is returned by CreateWebACL and by ListWebACLs .
waDefaultAction :: Lens' WebACL WafAction Source #
The action to perform if none of the Rules contained in the WebACL match. The action is specified by the WafAction object.
waRules :: Lens' WebACL [ActivatedRule] Source #
An array that contains the action for each Rule in a WebACL , the priority of the Rule , and the ID of the Rule .
WebACLSummary
data WebACLSummary Source #
Contains the identifier and the name or description of the WebACL .
See: webACLSummary smart constructor.
Instances
Arguments
| :: Text | |
| -> Text | |
| -> WebACLSummary |
Creates a value of WebACLSummary with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
wasWebACLId- A unique identifier for aWebACL. You useWebACLIdto get information about aWebACL(seeGetWebACL), update aWebACL(seeUpdateWebACL), and delete aWebACLfrom AWS WAF (seeDeleteWebACL).WebACLIdis returned byCreateWebACLand byListWebACLs.wasName- A friendly name or description of theWebACL. You can't change the name of aWebACLafter you create it.
wasWebACLId :: Lens' WebACLSummary Text Source #
A unique identifier for a WebACL . You use WebACLId to get information about a WebACL (see GetWebACL ), update a WebACL (see UpdateWebACL ), and delete a WebACL from AWS WAF (see DeleteWebACL ). WebACLId is returned by CreateWebACL and by ListWebACLs .
wasName :: Lens' WebACLSummary Text Source #
A friendly name or description of the WebACL . You can't change the name of a WebACL after you create it.
WebACLUpdate
data WebACLUpdate Source #
Specifies whether to insert a Rule into or delete a Rule from a WebACL .
See: webACLUpdate smart constructor.
Instances
Arguments
| :: ChangeAction | |
| -> ActivatedRule | |
| -> WebACLUpdate |
Creates a value of WebACLUpdate with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
wauAction- Specifies whether to insert aRuleinto or delete aRulefrom aWebACL.wauActivatedRule- TheActivatedRuleobject in anUpdateWebACLrequest specifies aRulethat you want to insert or delete, the priority of theRulein theWebACL, and the action that you want AWS WAF to take when a web request matches theRule(ALLOW,BLOCK, orCOUNT).
wauAction :: Lens' WebACLUpdate ChangeAction Source #
Specifies whether to insert a Rule into or delete a Rule from a WebACL .
wauActivatedRule :: Lens' WebACLUpdate ActivatedRule Source #
The ActivatedRule object in an UpdateWebACL request specifies a Rule that you want to insert or delete, the priority of the Rule in the WebACL , and the action that you want AWS WAF to take when a web request matches the Rule (ALLOW , BLOCK , or COUNT ).
XSSMatchSet
data XSSMatchSet Source #
A complex type that contains XssMatchTuple objects, which specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header. If a XssMatchSet contains more than one XssMatchTuple object, a request needs to include cross-site scripting attacks in only one of the specified parts of the request to be considered a match.
See: xssMatchSet smart constructor.
Instances
Arguments
| :: Text | |
| -> XSSMatchSet |
Creates a value of XSSMatchSet with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
xmsName- The name, if any, of theXssMatchSet.xmsXSSMatchSetId- A unique identifier for anXssMatchSet. You useXssMatchSetIdto get information about anXssMatchSet(seeGetXssMatchSet), update anXssMatchSet(seeUpdateXssMatchSet), insert anXssMatchSetinto aRuleor delete one from aRule(seeUpdateRule), and delete anXssMatchSetfrom AWS WAF (seeDeleteXssMatchSet).XssMatchSetIdis returned byCreateXssMatchSetand byListXssMatchSets.xmsXSSMatchTuples- Specifies the parts of web requests that you want to inspect for cross-site scripting attacks.
xmsXSSMatchSetId :: Lens' XSSMatchSet Text Source #
A unique identifier for an XssMatchSet . You use XssMatchSetId to get information about an XssMatchSet (see GetXssMatchSet ), update an XssMatchSet (see UpdateXssMatchSet ), insert an XssMatchSet into a Rule or delete one from a Rule (see UpdateRule ), and delete an XssMatchSet from AWS WAF (see DeleteXssMatchSet ). XssMatchSetId is returned by CreateXssMatchSet and by ListXssMatchSets .
xmsXSSMatchTuples :: Lens' XSSMatchSet [XSSMatchTuple] Source #
Specifies the parts of web requests that you want to inspect for cross-site scripting attacks.
XSSMatchSetSummary
data XSSMatchSetSummary Source #
The Id and Name of an XssMatchSet .
See: xssMatchSetSummary smart constructor.
Instances
Arguments
| :: Text | |
| -> Text | |
| -> XSSMatchSetSummary |
Creates a value of XSSMatchSetSummary with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
xmssXSSMatchSetId- A unique identifier for anXssMatchSet. You useXssMatchSetIdto get information about aXssMatchSet(seeGetXssMatchSet), update anXssMatchSet(seeUpdateXssMatchSet), insert anXssMatchSetinto aRuleor delete one from aRule(seeUpdateRule), and delete anXssMatchSetfrom AWS WAF (seeDeleteXssMatchSet).XssMatchSetIdis returned byCreateXssMatchSetand byListXssMatchSets.xmssName- The name of theXssMatchSet, if any, specified byId.
xmssXSSMatchSetId :: Lens' XSSMatchSetSummary Text Source #
A unique identifier for an XssMatchSet . You use XssMatchSetId to get information about a XssMatchSet (see GetXssMatchSet ), update an XssMatchSet (see UpdateXssMatchSet ), insert an XssMatchSet into a Rule or delete one from a Rule (see UpdateRule ), and delete an XssMatchSet from AWS WAF (see DeleteXssMatchSet ). XssMatchSetId is returned by CreateXssMatchSet and by ListXssMatchSets .
xmssName :: Lens' XSSMatchSetSummary Text Source #
The name of the XssMatchSet , if any, specified by Id .
XSSMatchSetUpdate
data XSSMatchSetUpdate Source #
Specifies the part of a web request that you want to inspect for cross-site scripting attacks and indicates whether you want to add the specification to an XssMatchSet or delete it from an XssMatchSet .
See: xssMatchSetUpdate smart constructor.
Instances
Arguments
| :: ChangeAction | |
| -> XSSMatchTuple | |
| -> XSSMatchSetUpdate |
Creates a value of XSSMatchSetUpdate with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
xmsuAction- SpecifyINSERTto add aXssMatchSetUpdateto anXssMatchSet. UseDELETEto remove aXssMatchSetUpdatefrom anXssMatchSet.xmsuXSSMatchTuple- Specifies the part of a web request that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header.
xmsuAction :: Lens' XSSMatchSetUpdate ChangeAction Source #
Specify INSERT to add a XssMatchSetUpdate to an XssMatchSet . Use DELETE to remove a XssMatchSetUpdate from an XssMatchSet .
xmsuXSSMatchTuple :: Lens' XSSMatchSetUpdate XSSMatchTuple Source #
Specifies the part of a web request that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header.
XSSMatchTuple
data XSSMatchTuple Source #
Specifies the part of a web request that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header.
See: xssMatchTuple smart constructor.
Instances
Creates a value of XSSMatchTuple with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
xmtFieldToMatch- Specifies where in a web request to look for cross-site scripting attacks.xmtTextTransformation- Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation onFieldToMatchbefore inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160COMPRESS_WHITE_SPACEalso replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters.HTML_ENTITY_DECODEperforms the following operations: * Replaces(ampersand)quot;with"* Replaces(ampersand)nbsp;with a non-breaking space, decimal 160 * Replaces(ampersand)lt;with a "less than" symbol * Replaces(ampersand)gt;with>* Replaces characters that are represented in hexadecimal format,(ampersand)#xhhhh;, with the corresponding characters * Replaces characters that are represented in decimal format,(ampersand)#nnnn;, with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE SpecifyNONEif you don't want to perform any text transformations.
xmtFieldToMatch :: Lens' XSSMatchTuple FieldToMatch Source #
Specifies where in a web request to look for cross-site scripting attacks.
xmtTextTransformation :: Lens' XSSMatchTuple TextTransformation Source #
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch before inspecting a request for a match. CMD_LINE When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations: * Delete the following characters: " ' ^ * Delete spaces before the following characters: / ( * Replace the following characters with a space: , ; * Replace multiple spaces with one space * Convert uppercase letters (A-Z) to lowercase (a-z) COMPRESS_WHITE_SPACE Use this option to replace the following characters with a space character (decimal 32): * f, formfeed, decimal 12 * t, tab, decimal 9 * n, newline, decimal 10 * r, carriage return, decimal 13 * v, vertical tab, decimal 11 * non-breaking space, decimal 160 COMPRESS_WHITE_SPACE also replaces multiple spaces with one space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations: * Replaces (ampersand)quot; with " * Replaces (ampersand)nbsp; with a non-breaking space, decimal 160 * Replaces (ampersand)lt; with a "less than" symbol * Replaces (ampersand)gt; with > * Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh; , with the corresponding characters * Replaces characters that are represented in decimal format, (ampersand)#nnnn; , with the corresponding characters LOWERCASE Use this option to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this option to decode a URL-encoded value. NONE Specify NONE if you don't want to perform any text transformations.