Class CfnWebACLPropsMixin
java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.Mixin
software.amazon.awscdk.cfnpropertymixins.services.wafv2.CfnWebACLPropsMixin
- All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable,software.constructs.IMixin
@Generated(value="jsii-pacmak/1.127.0 (build 2117ad5)",
date="2026-03-11T13:20:06.138Z")
@Stability(Stable)
public class CfnWebACLPropsMixin
extends Mixin
implements software.constructs.IMixin
This is the latest version of AWS WAF , named AWS WAF V2, released in November, 2019.
For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF developer guide .
Use an WebACL to define a collection of rules to use to inspect and control web requests. Each rule in a web ACL has a statement that defines what to look for in web requests and an action that AWS WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that doesn't match any of the rules.
The rules in a web ACL can be a combination of explicitly defined rules and rule groups that you reference from the web ACL. The rule groups can be rule groups that you manage or rule groups that are managed by others.
You can associate a web ACL with one or more AWS resources to protect. The resources can be an Amazon CloudFront distribution, an REST API, an Application Load Balancer , an AWS AppSync GraphQL API , an Amazon Cognito user pool, an AWS App Runner service, an AWS Amplify application, or an AWS Verified Access instance.
For more information, see Web access control lists (web ACLs) in the AWS WAF developer guide .
Web ACLs used in AWS Shield Advanced automatic application layer DDoS mitigation
If you use Shield Advanced automatic application layer DDoS mitigation, the web ACLs that you use with automatic mitigation have a rule group rule whose name starts with ShieldMitigationRuleGroup . This rule is used for automatic mitigations and it's managed for you in the web ACL by Shield Advanced and AWS WAF . You'll see the rule listed among the web ACL rules when you view the web ACL through the AWS WAF interfaces.
When you manage the web ACL through CloudFormation interfaces, you won't see the Shield Advanced rule. CloudFormation doesn't include this type of rule in the stack drift status between the actual configuration of the web ACL and your web ACL template.
Don't add the Shield Advanced rule group rule to your web ACL template. The rule shouldn't be in your template. When you update the web ACL template in a stack, the Shield Advanced rule is maintained for you by AWS WAF in the resulting web ACL.
For more information, see Shield Advanced automatic application layer DDoS mitigation in the AWS Shield Advanced developer guide .
Example:
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceSpecifies that AWS WAF should allow the request and optionally defines additional custom handling for the request.static interfaceA logical rule statement used to combine other rule statements with AND logic.static interfaceApplication details defined during the web ACL creation process.static interfaceA list ofApplicationAttributes that contains information about the application.static interfaceA rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address.static interfaceSpecifies custom configurations for the associations between the web ACL and protected resources.static interfaceDetails for your use of the account creation fraud prevention managed rule group,AWSManagedRulesACFPRuleSet.static interfaceConfigures the use of the anti-DDoS managed rule group,AWSManagedRulesAntiDDoSRuleSet.static interfaceDetails for your use of the account takeover prevention managed rule group,AWSManagedRulesATPRuleSet.static interfaceDetails for your use of the Bot Control managed rule group,AWSManagedRulesBotControlRuleSet.static interfaceSpecifies that AWS WAF should block the request and optionally defines additional custom handling for the response to the web request.static interfaceInspect the body of the web request.static final classA fluent builder forCfnWebACLPropsMixin.static interfaceA rule statement that defines a string match search for AWS WAF to apply to web requests.static interfaceSpecifies that AWS WAF should run aCAPTCHAcheck against the request:.static interfaceSpecifies how AWS WAF should handleCAPTCHAevaluations for rules that don't have their ownCaptchaConfigsettings.static interfaceSpecifies that AWS WAF should run aChallengecheck against the request to verify that the request is coming from a legitimate client session: - If the request includes a valid, unexpired challenge token, AWS WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to proceed to the next rule, similar to aCountAction.static interfaceSpecifies how AWS WAF should handleChallengeevaluations.static interfaceThis is part of the configuration for the managed rulesAWSManagedRulesAntiDDoSRuleSetinManagedRuleGroupConfig.static interfaceThis is part of theAWSManagedRulesAntiDDoSRuleSetClientSideActionConfigconfiguration inManagedRuleGroupConfig.static interfaceThe filter to use to identify the subset of cookies to inspect in a web request.static interfaceInspect the cookies in the web request.static interfaceSpecifies that AWS WAF should count the request.static interfaceA custom header for custom request and response handling.static interfaceCustom request handling behavior that inserts custom headers into a web request.static interfaceThe response body to use in a custom response to a web request.static interfaceA custom response to send to the client.static interfaceSpecifies data protection to apply to the web request data for the web ACL.static interfaceExample:static interfaceIn aWebACL, this is the action that you want AWS WAF to perform when a web request doesn't match any of the rules in theWebACL.static interfaceSpecifies a single rule in a rule group whose action you want to override toCount.static interfaceThe identifier of a field in the web request payload that contains customer data.static interfaceSpecifies a web request component to be used in a rule match statement or in a logging configuration.static interfaceSpecifies a field type and keys to protect in stored web request data.static interfaceThe configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin.static interfaceA rule statement that labels web requests by country and region and that matches against web requests based on country code.static interfaceThe filter to use to identify the subset of headers to inspect in a web request.static interfaceThe string containing the list of a web request's header names, ordered as they appear in the web request, separated by colons.static interfaceInspect all headers in the web request.static interfaceUsed for CAPTCHA and challenge token settings.static interfaceThe configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin.static interfaceA rule statement used to detect web requests coming from particular IP addresses or address ranges.static interfaceAvailable for use with Amazon CloudFront distributions and Application Load Balancers.static interfaceAvailable for use with Amazon CloudFront distributions and Application Load Balancers.static interfaceInspect the body of the web request as JSON.static interfaceThe patterns to look for in the JSON body.static interfaceA rule statement to match against labels that have been added to the web request by rules that have already run in the web ACL.static interfaceA single label container.static interfaceAdditional information that's used by a managed rule group.static interfaceA rule statement used to run the rules that are defined in a managed rule group.static interfaceA logical rule statement used to negate the results of another rule statement.static interfaceConfigures the level of DDoS protection that applies to web ACLs associated with Application Load Balancers.static interfaceA logical rule statement used to combine other rule statements with OR logic.static interfaceThe action to use in the place of the action that results from the rule group evaluation.static interfaceSpecifies a single custom aggregate key for a rate-base rule.static interfaceA rate-based rule counts incoming requests and rate limits requests when they are coming at too fast a rate.static interfaceSpecifies a cookie as an aggregate key for a rate-based rule.static interfaceSpecifies a header as an aggregate key for a rate-based rule.static interfaceUse the request's JA3 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key.static interfaceUse the request's JA4 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key.static interfaceSpecifies a label namespace to use as an aggregate key for a rate-based rule.static interfaceSpecifies a query argument in the request as an aggregate key for a rate-based rule.static interfaceSpecifies the request's query string as an aggregate key for a rate-based rule.static interfaceSpecifies the request's URI path as an aggregate key for a rate-based rule.static interfaceA rule statement used to search web request components for a match against a single regular expression.static interfaceA rule statement used to search web request components for matches with regular expressions.static interfaceA single regular expression.static interfaceCustomizes the maximum size of the request body that your protected CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access resources forward to AWS WAF for inspection.static interfaceThe criteria for inspecting account creation requests, used by the ACFP rule group to validate and track account creation attempts.static interfaceThe criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.static interfaceConfigures inspection of the response body.static interfaceConfigures inspection of the response header.static interfaceConfigures inspection of the response JSON.static interfaceThe criteria for inspecting responses to login requests and account creation requests, used by the ATP and ACFP rule groups to track login and account creation success and failure rates.static interfaceConfigures inspection of the response status code.static interfaceAction setting to use in the place of a rule action that is configured inside the rule group.static interfaceThe action that AWS WAF should take on a web request when it matches a rule's statement.static interfaceA rule statement used to run the rules that are defined in aRuleGroup.static interfaceA single rule, which you can use in aWebACLorRuleGroupto identify web requests that you want to manage in some way.static interfaceA rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<).static interfaceA rule statement that inspects for malicious SQL code.static interfaceThe processing guidance for a rule, used by AWS WAF to determine whether a web request matches the rule.static interfaceText transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.static interfaceInspect fragments of the request URI.static interfaceDefines and enables Amazon CloudWatch metrics and web request sample collection.static interfaceA rule statement that inspects for cross-site scripting (XSS) attacks.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationModeNested classes/interfaces inherited from interface software.constructs.IMixin
software.constructs.IMixin.Jsii$Default, software.constructs.IMixin.Jsii$Proxy -
Field Summary
Fields -
Constructor Summary
ConstructorsModifierConstructorDescriptionCreate a mixin to apply properties toAWS::WAFv2::WebACL.CfnWebACLPropsMixin(CfnWebACLMixinProps props, CfnPropertyMixinOptions options) Create a mixin to apply properties toAWS::WAFv2::WebACL.protectedCfnWebACLPropsMixin(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protectedCfnWebACLPropsMixin(software.amazon.jsii.JsiiObjectRef objRef) -
Method Summary
Modifier and TypeMethodDescriptionvoidapplyTo(software.constructs.IConstruct construct) Apply the mixin properties to the construct.protected CfnWebACLMixinPropsgetProps()protected IMergeStrategysupports(software.constructs.IConstruct construct) Check if this mixin supports the given construct.Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSetMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_PROPERTY_KEYS
-
-
Constructor Details
-
CfnWebACLPropsMixin
protected CfnWebACLPropsMixin(software.amazon.jsii.JsiiObjectRef objRef) -
CfnWebACLPropsMixin
protected CfnWebACLPropsMixin(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnWebACLPropsMixin
@Stability(Stable) public CfnWebACLPropsMixin(@NotNull CfnWebACLMixinProps props, @Nullable CfnPropertyMixinOptions options) Create a mixin to apply properties toAWS::WAFv2::WebACL.- Parameters:
props- L1 properties to apply. This parameter is required.options- Mixin options.
-
CfnWebACLPropsMixin
Create a mixin to apply properties toAWS::WAFv2::WebACL.- Parameters:
props- L1 properties to apply. This parameter is required.
-
-
Method Details
-
applyTo
@Stability(Stable) public void applyTo(@NotNull software.constructs.IConstruct construct) Apply the mixin properties to the construct. -
supports
@Stability(Stable) @NotNull public Boolean supports(@NotNull software.constructs.IConstruct construct) Check if this mixin supports the given construct. -
getProps
-
getStrategy
-