CfnRateBasedRulePropsMixin
- class aws_cdk.mixins_preview.aws_wafregional.mixins.CfnRateBasedRulePropsMixin(props, *, strategy=None)
Bases:
MixinThis is AWS WAF Classic documentation.
For more information, see AWS WAF Classic in the developer guide. .. epigraph:
*For the latest version of AWS WAF* , use the AWS WAF V2 API and see the `AWS WAF Developer Guide <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html>`_ . With the latest version, AWS WAF has a single set of endpoints for regional and global use.
A
RateBasedRuleis identical to a regularRule, with one addition: aRateBasedRulecounts the number of requests that arrive from a specified IP address every five minutes. For example, based on recent requests that you’ve seen from an attacker, you might create aRateBasedRulethat includes the following conditions:The requests come from 192.0.2.44.
They contain the value
BadBotin theUser-Agentheader.
In the rule, you also define the rate limit as 15,000.
Requests that meet both of these conditions and exceed 15,000 requests every five minutes trigger the rule’s action (block or count), which is defined in the web ACL.
Note you can only create rate-based rules using an CloudFormation template. To add the rate-based rules created through CloudFormation to a web ACL, use the AWS WAF console, API, or command line interface (CLI). For more information, see UpdateWebACL .
- see:
- cloudformationResource:
AWS::WAFRegional::RateBasedRule
- mixin:
true
- exampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview import mixins from aws_cdk.mixins_preview.aws_wafregional import mixins as wafregional_mixins cfn_rate_based_rule_props_mixin = wafregional_mixins.CfnRateBasedRulePropsMixin(wafregional_mixins.CfnRateBasedRuleMixinProps( match_predicates=[wafregional_mixins.CfnRateBasedRulePropsMixin.PredicateProperty( data_id="dataId", negated=False, type="type" )], metric_name="metricName", name="name", rate_key="rateKey", rate_limit=123 ), strategy=mixins.PropertyMergeStrategy.OVERRIDE )
Create a mixin to apply properties to
AWS::WAFRegional::RateBasedRule.- Parameters:
props (
Union[CfnRateBasedRuleMixinProps,Dict[str,Any]]) – L1 properties to apply.strategy (
Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE
Methods
- apply_to(construct)
Apply the mixin properties to the construct.
- Parameters:
construct (
IConstruct)- Return type:
- supports(construct)
Check if this mixin supports the given construct.
- Parameters:
construct (
IConstruct)- Return type:
bool
Attributes
- CFN_PROPERTY_KEYS = ['matchPredicates', 'metricName', 'name', 'rateKey', 'rateLimit']
Static Methods
- classmethod is_mixin(x)
(experimental) Checks if
xis a Mixin.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsMixin.- Stability:
experimental
PredicateProperty
- class CfnRateBasedRulePropsMixin.PredicateProperty(*, data_id=None, negated=None, type=None)
Bases:
objectSpecifies the
ByteMatchSet,IPSet,SqlInjectionMatchSet,XssMatchSet,RegexMatchSet,GeoMatchSet, andSizeConstraintSetobjects that you want to add to aRuleand, for each object, indicates whether you want to negate the settings, for example, requests that do NOT originate from the IP address 192.0.2.44.- Parameters:
data_id (
Optional[str]) – A unique identifier for a predicate in aRule, such asByteMatchSetIdorIPSetId. The ID is returned by the correspondingCreateorListcommand.negated (
Union[bool,IResolvable,None]) – SetNegatedtoFalseif you want AWS WAF to allow, block, or count requests based on the settings in the specifiedByteMatchSet,IPSet,SqlInjectionMatchSet,XssMatchSet,RegexMatchSet,GeoMatchSet, orSizeConstraintSet. For example, if anIPSetincludes the IP address192.0.2.44, AWS WAF will allow or block requests based on that IP address. SetNegatedtoTrueif you want AWS WAF to allow or block a request based on the negation of the settings in theByteMatchSet,IPSet,SqlInjectionMatchSet,XssMatchSet,RegexMatchSet,GeoMatchSet, orSizeConstraintSet>. For example, if anIPSetincludes the IP address192.0.2.44, AWS WAF will allow, block, or count requests based on all IP addresses except192.0.2.44.type (
Optional[str]) – The type of predicate in aRule, such asByteMatchorIPSet.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_wafregional import mixins as wafregional_mixins predicate_property = wafregional_mixins.CfnRateBasedRulePropsMixin.PredicateProperty( data_id="dataId", negated=False, type="type" )
Attributes
- data_id
A unique identifier for a predicate in a
Rule, such asByteMatchSetIdorIPSetId.The ID is returned by the corresponding
CreateorListcommand.
- negated
Set
NegatedtoFalseif you want AWS WAF to allow, block, or count requests based on the settings in the specifiedByteMatchSet,IPSet,SqlInjectionMatchSet,XssMatchSet,RegexMatchSet,GeoMatchSet, orSizeConstraintSet.For example, if an
IPSetincludes the IP address192.0.2.44, AWS WAF will allow or block requests based on that IP address.Set
NegatedtoTrueif you want AWS WAF to allow or block a request based on the negation of the settings in theByteMatchSet,IPSet,SqlInjectionMatchSet,XssMatchSet,RegexMatchSet,GeoMatchSet, orSizeConstraintSet>. For example, if anIPSetincludes the IP address192.0.2.44, AWS WAF will allow, block, or count requests based on all IP addresses except192.0.2.44.
- type
The type of predicate in a
Rule, such asByteMatchorIPSet.