Interface CfnWebACL.AWSManagedRulesAntiDDoSRuleSetProperty
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
CfnWebACL.AWSManagedRulesAntiDDoSRuleSetProperty.Jsii$Proxy
- Enclosing class:
CfnWebACL
@Stability(Stable)
public static interface CfnWebACL.AWSManagedRulesAntiDDoSRuleSetProperty
extends software.amazon.jsii.JsiiSerializable
Configures the use of the anti-DDoS managed rule group,
AWSManagedRulesAntiDDoSRuleSet . This configuration is used in ManagedRuleGroupConfig .
The configuration that you provide here determines whether and how the rules in the rule group are used.
For additional information about this and the other intelligent threat mitigation rule groups, see Intelligent threat mitigation in AWS WAF and AWS Managed Rules rule groups list in the AWS WAF Developer Guide .
Example:
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import software.amazon.awscdk.services.wafv2.*;
AWSManagedRulesAntiDDoSRuleSetProperty aWSManagedRulesAntiDDoSRuleSetProperty = AWSManagedRulesAntiDDoSRuleSetProperty.builder()
.clientSideActionConfig(ClientSideActionConfigProperty.builder()
.challenge(ClientSideActionProperty.builder()
.usageOfAction("usageOfAction")
// the properties below are optional
.exemptUriRegularExpressions(List.of(RegexProperty.builder()
.regexString("regexString")
.build()))
.sensitivity("sensitivity")
.build())
.build())
// the properties below are optional
.sensitivityToBlock("sensitivityToBlock")
.build();
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic final classA builder forCfnWebACL.AWSManagedRulesAntiDDoSRuleSetPropertystatic final classAn implementation forCfnWebACL.AWSManagedRulesAntiDDoSRuleSetProperty -
Method Summary
Modifier and TypeMethodDescriptionbuilder()Configures the request handling that's applied by the managed rule group rulesChallengeAllDuringEventandChallengeDDoSRequestsduring a distributed denial of service (DDoS) attack.default StringThe sensitivity that the rule group ruleDDoSRequestsuses when matching against the DDoS suspicion labeling on a request.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getClientSideActionConfig
Configures the request handling that's applied by the managed rule group rulesChallengeAllDuringEventandChallengeDDoSRequestsduring a distributed denial of service (DDoS) attack.- See Also:
-
getSensitivityToBlock
The sensitivity that the rule group ruleDDoSRequestsuses when matching against the DDoS suspicion labeling on a request.The managed rule group adds the labeling during DDoS events, before the
DDoSRequestsrule runs.The higher the sensitivity, the more levels of labeling that the rule matches:
- Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label
awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request. - Medium sensitivity causes the rule to match on the medium and high suspicion labels.
- High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.
Default:
LOW- See Also:
- Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label
-
builder
-