Class CfnRuleGroup.XssMatchStatementProperty
A rule statement that inspects for cross-site scripting (XSS) attacks.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.WAFv2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnRuleGroup.XssMatchStatementProperty : CfnRuleGroup.IXssMatchStatementPropertySyntax (vb)
Public Class CfnRuleGroup.XssMatchStatementProperty Implements CfnRuleGroup.IXssMatchStatementPropertyRemarks
In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.WAFv2;
var all;
var allQueryArguments;
var method;
var queryString;
var singleHeader;
var singleQueryArgument;
var uriPath;
var xssMatchStatementProperty = new XssMatchStatementProperty {
FieldToMatch = new FieldToMatchProperty {
AllQueryArguments = allQueryArguments,
Body = new BodyProperty {
OversizeHandling = "oversizeHandling"
},
Cookies = new CookiesProperty {
MatchPattern = new CookieMatchPatternProperty {
All = all,
ExcludedCookies = new [] { "excludedCookies" },
IncludedCookies = new [] { "includedCookies" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
Headers = new HeadersProperty {
MatchPattern = new HeaderMatchPatternProperty {
All = all,
ExcludedHeaders = new [] { "excludedHeaders" },
IncludedHeaders = new [] { "includedHeaders" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
Ja3Fingerprint = new JA3FingerprintProperty {
FallbackBehavior = "fallbackBehavior"
},
Ja4Fingerprint = new JA4FingerprintProperty {
FallbackBehavior = "fallbackBehavior"
},
JsonBody = new JsonBodyProperty {
MatchPattern = new JsonMatchPatternProperty {
All = all,
IncludedPaths = new [] { "includedPaths" }
},
MatchScope = "matchScope",
// the properties below are optional
InvalidFallbackBehavior = "invalidFallbackBehavior",
OversizeHandling = "oversizeHandling"
},
Method = method,
QueryString = queryString,
SingleHeader = singleHeader,
SingleQueryArgument = singleQueryArgument,
UriFragment = new UriFragmentProperty {
FallbackBehavior = "fallbackBehavior"
},
UriPath = uriPath
},
TextTransformations = new [] { new TextTransformationProperty {
Priority = 123,
Type = "type"
} }
};Synopsis
Constructors
| XssMatchStatementProperty() | A rule statement that inspects for cross-site scripting (XSS) attacks. |
Properties
| FieldToMatch | The part of the web request that you want AWS WAF to inspect. |
| TextTransformations | Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. |
Constructors
XssMatchStatementProperty()
A rule statement that inspects for cross-site scripting (XSS) attacks.
public XssMatchStatementProperty()Remarks
In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.WAFv2;
var all;
var allQueryArguments;
var method;
var queryString;
var singleHeader;
var singleQueryArgument;
var uriPath;
var xssMatchStatementProperty = new XssMatchStatementProperty {
FieldToMatch = new FieldToMatchProperty {
AllQueryArguments = allQueryArguments,
Body = new BodyProperty {
OversizeHandling = "oversizeHandling"
},
Cookies = new CookiesProperty {
MatchPattern = new CookieMatchPatternProperty {
All = all,
ExcludedCookies = new [] { "excludedCookies" },
IncludedCookies = new [] { "includedCookies" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
Headers = new HeadersProperty {
MatchPattern = new HeaderMatchPatternProperty {
All = all,
ExcludedHeaders = new [] { "excludedHeaders" },
IncludedHeaders = new [] { "includedHeaders" }
},
MatchScope = "matchScope",
OversizeHandling = "oversizeHandling"
},
Ja3Fingerprint = new JA3FingerprintProperty {
FallbackBehavior = "fallbackBehavior"
},
Ja4Fingerprint = new JA4FingerprintProperty {
FallbackBehavior = "fallbackBehavior"
},
JsonBody = new JsonBodyProperty {
MatchPattern = new JsonMatchPatternProperty {
All = all,
IncludedPaths = new [] { "includedPaths" }
},
MatchScope = "matchScope",
// the properties below are optional
InvalidFallbackBehavior = "invalidFallbackBehavior",
OversizeHandling = "oversizeHandling"
},
Method = method,
QueryString = queryString,
SingleHeader = singleHeader,
SingleQueryArgument = singleQueryArgument,
UriFragment = new UriFragmentProperty {
FallbackBehavior = "fallbackBehavior"
},
UriPath = uriPath
},
TextTransformations = new [] { new TextTransformationProperty {
Priority = 123,
Type = "type"
} }
};Properties
FieldToMatch
The part of the web request that you want AWS WAF to inspect.
public object FieldToMatch { get; set; }Property Value
Remarks
TextTransformations
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.
public object TextTransformations { get; set; }Property Value
Remarks
If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by FieldToMatch , starting from the lowest priority setting, before inspecting the content for a match.