Interface CfnRuleGroup.RulesSourceListProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnRuleGroup.RulesSourceListProperty.Jsii$Proxy
- Enclosing class:
CfnRuleGroup
For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.
By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the HOME_NET rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see RuleVariables in this guide and Stateful domain list rule groups in AWS Network Firewall in the Network Firewall Developer Guide
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.networkfirewall.*;
RulesSourceListProperty rulesSourceListProperty = RulesSourceListProperty.builder()
.generatedRulesType("generatedRulesType")
.targets(List.of("targets"))
.targetTypes(List.of("targetTypes"))
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCfnRuleGroup.RulesSourceListPropertystatic final classAn implementation forCfnRuleGroup.RulesSourceListProperty -
Method Summary
Modifier and TypeMethodDescriptionbuilder()Whether you want to apply allow, reject, alert, or drop behavior to the domains in your target list.The domains that you want to inspect for in your traffic flows.The types of targets to inspect for.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getGeneratedRulesType
Whether you want to apply allow, reject, alert, or drop behavior to the domains in your target list.When logging is enabled and you choose Alert, traffic that matches the domain specifications generates an alert in the firewall's logs. Then, traffic either passes, is rejected, or drops based on other rules in the firewall policy.
- See Also:
-
getTargets
The domains that you want to inspect for in your traffic flows. Valid domain specifications are the following:.- Explicit names. For example,
abc.example.commatches only the domainabc.example.com. - Names that use a domain wildcard, which you indicate with an initial '
.'. For example,.example.commatchesexample.comand matches all subdomains ofexample.com, such asabc.example.comandwww.example.com.
- See Also:
- Explicit names. For example,
-
getTargetTypes
The types of targets to inspect for.Valid values are
TLS_SNIandHTTP_HOST.- See Also:
-
builder
-