Interface CfnRuleGroupPropsMixin.IRulesSourceListProperty

Stateful inspection criteria for a domain list rule group.

Namespace: Amazon.CDK.CfnPropertyMixins.AWS.NetworkFirewall

Assembly: Amazon.CDK.CfnPropertyMixins.dll

Syntax (csharp)

public interface CfnRuleGroupPropsMixin.IRulesSourceListProperty

Syntax (vb)

Public Interface CfnRuleGroupPropsMixin.IRulesSourceListProperty

Remarks

For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.

By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the HOME_NET rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see RuleVariables in this guide and Stateful domain list rule groups in AWS Network Firewall in the Network Firewall Developer Guide

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessourcelist.html

ExampleMetadata: fixture=_generated

Examples

// The code below shows an example of how to instantiate this type.
             // The values are placeholders you should change.
             using Amazon.CDK.CfnPropertyMixins.AWS.NetworkFirewall;

             var rulesSourceListProperty = new RulesSourceListProperty {
                 GeneratedRulesType = "generatedRulesType",
                 Targets = new [] { "targets" },
                 TargetTypes = new [] { "targetTypes" }
             };

Synopsis

Properties

GeneratedRulesType	Whether you want to apply allow, reject, alert, or drop behavior to the domains in your target list.
TargetTypes	The types of targets to inspect for.
Targets	The domains that you want to inspect for in your traffic flows. Valid domain specifications are the following:.

Properties

GeneratedRulesType

Whether you want to apply allow, reject, alert, or drop behavior to the domains in your target list.

string? GeneratedRulesType { get; }

Property Value

string

Remarks

When logging is enabled and you choose Alert, traffic that matches the domain specifications generates an alert in the firewall's logs. Then, traffic either passes, is rejected, or drops based on other rules in the firewall policy.

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessourcelist.html#cfn-networkfirewall-rulegroup-rulessourcelist-generatedrulestype

TargetTypes

The types of targets to inspect for.

string[]? TargetTypes { get; }

Property Value

string[]

Remarks

Valid values are TLS_SNI and HTTP_HOST .

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessourcelist.html#cfn-networkfirewall-rulegroup-rulessourcelist-targettypes

Targets

The domains that you want to inspect for in your traffic flows. Valid domain specifications are the following:.

string[]? Targets { get; }

Property Value

string[]

Remarks

See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessourcelist.html#cfn-networkfirewall-rulegroup-rulessourcelist-targets