Class CfnWebACLPropsMixin.ManagedRuleGroupConfigProperty
Additional information that's used by a managed rule group. Many managed rule groups don't require this.
Inherited Members
Namespace: Amazon.CDK.CfnPropertyMixins.AWS.WAFv2
Assembly: Amazon.CDK.CfnPropertyMixins.dll
Syntax (csharp)
public class CfnWebACLPropsMixin.ManagedRuleGroupConfigProperty : CfnWebACLPropsMixin.IManagedRuleGroupConfigPropertySyntax (vb)
Public Class CfnWebACLPropsMixin.ManagedRuleGroupConfigProperty Implements CfnWebACLPropsMixin.IManagedRuleGroupConfigPropertyRemarks
The rule groups used for intelligent threat mitigation require additional configuration:
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.CfnPropertyMixins.AWS.WAFv2;
var managedRuleGroupConfigProperty = new ManagedRuleGroupConfigProperty {
AwsManagedRulesAcfpRuleSet = new AWSManagedRulesACFPRuleSetProperty {
CreationPath = "creationPath",
EnableRegexInPath = false,
RegistrationPagePath = "registrationPagePath",
RequestInspection = new RequestInspectionACFPProperty {
AddressFields = new [] { new FieldIdentifierProperty {
Identifier = "identifier"
} },
EmailField = new FieldIdentifierProperty {
Identifier = "identifier"
},
PasswordField = new FieldIdentifierProperty {
Identifier = "identifier"
},
PayloadType = "payloadType",
PhoneNumberFields = new [] { new FieldIdentifierProperty {
Identifier = "identifier"
} },
UsernameField = new FieldIdentifierProperty {
Identifier = "identifier"
}
},
ResponseInspection = new ResponseInspectionProperty {
BodyContains = new ResponseInspectionBodyContainsProperty {
FailureStrings = new [] { "failureStrings" },
SuccessStrings = new [] { "successStrings" }
},
Header = new ResponseInspectionHeaderProperty {
FailureValues = new [] { "failureValues" },
Name = "name",
SuccessValues = new [] { "successValues" }
},
Json = new ResponseInspectionJsonProperty {
FailureValues = new [] { "failureValues" },
Identifier = "identifier",
SuccessValues = new [] { "successValues" }
},
StatusCode = new ResponseInspectionStatusCodeProperty {
FailureCodes = new [] { 123 },
SuccessCodes = new [] { 123 }
}
}
},
AwsManagedRulesAntiDDoSRuleSet = new AWSManagedRulesAntiDDoSRuleSetProperty {
ClientSideActionConfig = new ClientSideActionConfigProperty {
Challenge = new ClientSideActionProperty {
ExemptUriRegularExpressions = new [] { new RegexProperty {
RegexString = "regexString"
} },
Sensitivity = "sensitivity",
UsageOfAction = "usageOfAction"
}
},
SensitivityToBlock = "sensitivityToBlock"
},
AwsManagedRulesAtpRuleSet = new AWSManagedRulesATPRuleSetProperty {
EnableRegexInPath = false,
LoginPath = "loginPath",
RequestInspection = new RequestInspectionProperty {
PasswordField = new FieldIdentifierProperty {
Identifier = "identifier"
},
PayloadType = "payloadType",
UsernameField = new FieldIdentifierProperty {
Identifier = "identifier"
}
},
ResponseInspection = new ResponseInspectionProperty {
BodyContains = new ResponseInspectionBodyContainsProperty {
FailureStrings = new [] { "failureStrings" },
SuccessStrings = new [] { "successStrings" }
},
Header = new ResponseInspectionHeaderProperty {
FailureValues = new [] { "failureValues" },
Name = "name",
SuccessValues = new [] { "successValues" }
},
Json = new ResponseInspectionJsonProperty {
FailureValues = new [] { "failureValues" },
Identifier = "identifier",
SuccessValues = new [] { "successValues" }
},
StatusCode = new ResponseInspectionStatusCodeProperty {
FailureCodes = new [] { 123 },
SuccessCodes = new [] { 123 }
}
}
},
AwsManagedRulesBotControlRuleSet = new AWSManagedRulesBotControlRuleSetProperty {
EnableMachineLearning = false,
InspectionLevel = "inspectionLevel"
},
LoginPath = "loginPath",
PasswordField = new FieldIdentifierProperty {
Identifier = "identifier"
},
PayloadType = "payloadType",
UsernameField = new FieldIdentifierProperty {
Identifier = "identifier"
}
};Synopsis
Constructors
| ManagedRuleGroupConfigProperty() | Additional information that's used by a managed rule group. Many managed rule groups don't require this. |
Properties
| AwsManagedRulesAcfpRuleSet | Additional configuration for using the account creation fraud prevention (ACFP) managed rule group, |
| AwsManagedRulesAntiDDoSRuleSet | Additional configuration for using the anti-DDoS managed rule group, |
| AwsManagedRulesAtpRuleSet | Additional configuration for using the account takeover prevention (ATP) managed rule group, |
| AwsManagedRulesBotControlRuleSet | Additional configuration for using the Bot Control managed rule group. |
| LoginPath | Instead of this setting, provide your configuration under |
| PasswordField | Instead of this setting, provide your configuration under the request inspection configuration for |
| PayloadType | Instead of this setting, provide your configuration under the request inspection configuration for |
| UsernameField | Instead of this setting, provide your configuration under the request inspection configuration for |
Constructors
ManagedRuleGroupConfigProperty()
Additional information that's used by a managed rule group. Many managed rule groups don't require this.
public ManagedRuleGroupConfigProperty()Remarks
The rule groups used for intelligent threat mitigation require additional configuration:
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.CfnPropertyMixins.AWS.WAFv2;
var managedRuleGroupConfigProperty = new ManagedRuleGroupConfigProperty {
AwsManagedRulesAcfpRuleSet = new AWSManagedRulesACFPRuleSetProperty {
CreationPath = "creationPath",
EnableRegexInPath = false,
RegistrationPagePath = "registrationPagePath",
RequestInspection = new RequestInspectionACFPProperty {
AddressFields = new [] { new FieldIdentifierProperty {
Identifier = "identifier"
} },
EmailField = new FieldIdentifierProperty {
Identifier = "identifier"
},
PasswordField = new FieldIdentifierProperty {
Identifier = "identifier"
},
PayloadType = "payloadType",
PhoneNumberFields = new [] { new FieldIdentifierProperty {
Identifier = "identifier"
} },
UsernameField = new FieldIdentifierProperty {
Identifier = "identifier"
}
},
ResponseInspection = new ResponseInspectionProperty {
BodyContains = new ResponseInspectionBodyContainsProperty {
FailureStrings = new [] { "failureStrings" },
SuccessStrings = new [] { "successStrings" }
},
Header = new ResponseInspectionHeaderProperty {
FailureValues = new [] { "failureValues" },
Name = "name",
SuccessValues = new [] { "successValues" }
},
Json = new ResponseInspectionJsonProperty {
FailureValues = new [] { "failureValues" },
Identifier = "identifier",
SuccessValues = new [] { "successValues" }
},
StatusCode = new ResponseInspectionStatusCodeProperty {
FailureCodes = new [] { 123 },
SuccessCodes = new [] { 123 }
}
}
},
AwsManagedRulesAntiDDoSRuleSet = new AWSManagedRulesAntiDDoSRuleSetProperty {
ClientSideActionConfig = new ClientSideActionConfigProperty {
Challenge = new ClientSideActionProperty {
ExemptUriRegularExpressions = new [] { new RegexProperty {
RegexString = "regexString"
} },
Sensitivity = "sensitivity",
UsageOfAction = "usageOfAction"
}
},
SensitivityToBlock = "sensitivityToBlock"
},
AwsManagedRulesAtpRuleSet = new AWSManagedRulesATPRuleSetProperty {
EnableRegexInPath = false,
LoginPath = "loginPath",
RequestInspection = new RequestInspectionProperty {
PasswordField = new FieldIdentifierProperty {
Identifier = "identifier"
},
PayloadType = "payloadType",
UsernameField = new FieldIdentifierProperty {
Identifier = "identifier"
}
},
ResponseInspection = new ResponseInspectionProperty {
BodyContains = new ResponseInspectionBodyContainsProperty {
FailureStrings = new [] { "failureStrings" },
SuccessStrings = new [] { "successStrings" }
},
Header = new ResponseInspectionHeaderProperty {
FailureValues = new [] { "failureValues" },
Name = "name",
SuccessValues = new [] { "successValues" }
},
Json = new ResponseInspectionJsonProperty {
FailureValues = new [] { "failureValues" },
Identifier = "identifier",
SuccessValues = new [] { "successValues" }
},
StatusCode = new ResponseInspectionStatusCodeProperty {
FailureCodes = new [] { 123 },
SuccessCodes = new [] { 123 }
}
}
},
AwsManagedRulesBotControlRuleSet = new AWSManagedRulesBotControlRuleSetProperty {
EnableMachineLearning = false,
InspectionLevel = "inspectionLevel"
},
LoginPath = "loginPath",
PasswordField = new FieldIdentifierProperty {
Identifier = "identifier"
},
PayloadType = "payloadType",
UsernameField = new FieldIdentifierProperty {
Identifier = "identifier"
}
};Properties
AwsManagedRulesAcfpRuleSet
Additional configuration for using the account creation fraud prevention (ACFP) managed rule group, AWSManagedRulesACFPRuleSet .
public object? AwsManagedRulesAcfpRuleSet { get; set; }Property Value
Remarks
Use this to provide account creation request information to the rule group. For web ACLs that protect CloudFront distributions, use this to also provide the information about how your distribution responds to account creation requests.
For information about using the ACFP managed rule group, see AWS WAF Fraud Control account creation fraud prevention (ACFP) rule group and AWS WAF Fraud Control account creation fraud prevention (ACFP) in the AWS WAF Developer Guide .
Type union: either IResolvable or CfnWebACLPropsMixin.IAWSManagedRulesACFPRuleSetProperty
AwsManagedRulesAntiDDoSRuleSet
Additional configuration for using the anti-DDoS managed rule group, AWSManagedRulesAntiDDoSRuleSet .
public object? AwsManagedRulesAntiDDoSRuleSet { get; set; }Property Value
Remarks
Use this to configure anti-DDoS behavior for the rule group.
For information about using the anti-DDoS managed rule group, see AWS WAF Anti-DDoS rule group and Distributed Denial of Service (DDoS) prevention in the AWS WAF Developer Guide .
Type union: either IResolvable or CfnWebACLPropsMixin.IAWSManagedRulesAntiDDoSRuleSetProperty
AwsManagedRulesAtpRuleSet
Additional configuration for using the account takeover prevention (ATP) managed rule group, AWSManagedRulesATPRuleSet .
public object? AwsManagedRulesAtpRuleSet { get; set; }Property Value
Remarks
Use this to provide login request information to the rule group. For web ACLs that protect CloudFront distributions, use this to also provide the information about how your distribution responds to login requests.
This configuration replaces the individual configuration fields in ManagedRuleGroupConfig and provides additional feature configuration.
For information about using the ATP managed rule group, see AWS WAF Fraud Control account takeover prevention (ATP) rule group and AWS WAF Fraud Control account takeover prevention (ATP) in the AWS WAF Developer Guide .
Type union: either IResolvable or CfnWebACLPropsMixin.IAWSManagedRulesATPRuleSetProperty
AwsManagedRulesBotControlRuleSet
Additional configuration for using the Bot Control managed rule group.
public object? AwsManagedRulesBotControlRuleSet { get; set; }Property Value
Remarks
Use this to specify the inspection level that you want to use. For information about using the Bot Control managed rule group, see AWS WAF Bot Control rule group and AWS WAF Bot Control in the AWS WAF Developer Guide .
Type union: either IResolvable or CfnWebACLPropsMixin.IAWSManagedRulesBotControlRuleSetProperty
LoginPath
Instead of this setting, provide your configuration under
AWSManagedRulesATPRuleSet.
public string? LoginPath { get; set; }Property Value
Remarks
PasswordField
Instead of this setting, provide your configuration under the request inspection configuration for
AWSManagedRulesATPRuleSetorAWSManagedRulesACFPRuleSet.
public object? PasswordField { get; set; }Property Value
Remarks
PayloadType
Instead of this setting, provide your configuration under the request inspection configuration for
AWSManagedRulesATPRuleSetorAWSManagedRulesACFPRuleSet.
public string? PayloadType { get; set; }Property Value
Remarks
UsernameField
Instead of this setting, provide your configuration under the request inspection configuration for
AWSManagedRulesATPRuleSetorAWSManagedRulesACFPRuleSet.
public object? UsernameField { get; set; }