interface XssMatchStatementProperty
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.WAFv2.CfnWebACL.XssMatchStatementProperty |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awswafv2#CfnWebACL_XssMatchStatementProperty |
 Java | software.amazon.awscdk.services.wafv2.CfnWebACL.XssMatchStatementProperty |
 Python | aws_cdk.aws_wafv2.CfnWebACL.XssMatchStatementProperty |
 TypeScript | aws-cdk-lib » aws_wafv2 » CfnWebACL » XssMatchStatementProperty |
A rule statement that inspects for cross-site scripting (XSS) attacks.
In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_wafv2 as wafv2 } from 'aws-cdk-lib';
declare const all: any;
declare const allQueryArguments: any;
declare const method: any;
declare const queryString: any;
declare const singleHeader: any;
declare const singleQueryArgument: any;
declare const uriPath: any;
const xssMatchStatementProperty: wafv2.CfnWebACL.XssMatchStatementProperty = {
fieldToMatch: {
allQueryArguments: allQueryArguments,
body: {
oversizeHandling: 'oversizeHandling',
},
cookies: {
matchPattern: {
all: all,
excludedCookies: ['excludedCookies'],
includedCookies: ['includedCookies'],
},
matchScope: 'matchScope',
oversizeHandling: 'oversizeHandling',
},
headers: {
matchPattern: {
all: all,
excludedHeaders: ['excludedHeaders'],
includedHeaders: ['includedHeaders'],
},
matchScope: 'matchScope',
oversizeHandling: 'oversizeHandling',
},
ja3Fingerprint: {
fallbackBehavior: 'fallbackBehavior',
},
ja4Fingerprint: {
fallbackBehavior: 'fallbackBehavior',
},
jsonBody: {
matchPattern: {
all: all,
includedPaths: ['includedPaths'],
},
matchScope: 'matchScope',
// the properties below are optional
invalidFallbackBehavior: 'invalidFallbackBehavior',
oversizeHandling: 'oversizeHandling',
},
method: method,
queryString: queryString,
singleHeader: singleHeader,
singleQueryArgument: singleQueryArgument,
uriFragment: {
fallbackBehavior: 'fallbackBehavior',
},
uriPath: uriPath,
},
textTransformations: [{
priority: 123,
type: 'type',
}],
};
Properties
| Name | Type | Description |
|---|---|---|
| field | IResolvable | Field | The part of the web request that you want AWS WAF to inspect. |
| text | IResolvable | (IResolvable | Text)[] | Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. |
fieldToMatch
Type:
IResolvable | Field
The part of the web request that you want AWS WAF to inspect.
textTransformations
Type:
IResolvable | (IResolvable | Text)[]
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.
If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by FieldToMatch , starting from the lowest priority setting, before inspecting the content for a match.