1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package types 4 5import ( 6 "time" 7) 8 9// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 10// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 11// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 12// and see the AWS WAF Developer Guide 13// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 14// the latest version, AWS WAF has a single set of endpoints for regional and 15// global use. The ActivatedRule object in an UpdateWebACL request specifies a Rule 16// that you want to insert or delete, the priority of the Rule in the WebACL, and 17// the action that you want AWS WAF to take when a web request matches the Rule 18// (ALLOW, BLOCK, or COUNT). To specify whether to insert or delete a Rule, use the 19// Action parameter in the WebACLUpdate data type. 20type ActivatedRule struct { 21 22 // Specifies the order in which the Rules in a WebACL are evaluated. Rules with a 23 // lower value for Priority are evaluated before Rules with a higher value. The 24 // value must be a unique integer. If you add multiple Rules to a WebACL, the 25 // values don't need to be consecutive. 26 // 27 // This member is required. 28 Priority *int32 29 30 // The RuleId for a Rule. You use RuleId to get more information about a Rule (see 31 // GetRule), update a Rule (see UpdateRule), insert a Rule into a WebACL or delete 32 // a one from a WebACL (see UpdateWebACL), or delete a Rule from AWS WAF (see 33 // DeleteRule). RuleId is returned by CreateRule and by ListRules. 34 // 35 // This member is required. 36 RuleId *string 37 38 // Specifies the action that CloudFront or AWS WAF takes when a web request matches 39 // the conditions in the Rule. Valid values for Action include the following: 40 // 41 // * 42 // ALLOW: CloudFront responds with the requested object. 43 // 44 // * BLOCK: CloudFront 45 // responds with an HTTP 403 (Forbidden) status code. 46 // 47 // * COUNT: AWS WAF increments 48 // a counter of requests that match the conditions in the rule and then continues 49 // to inspect the web request based on the remaining rules in the web 50 // ACL. 51 // 52 // ActivatedRule|OverrideAction applies only when updating or adding a 53 // RuleGroup to a WebACL. In this case, you do not use ActivatedRule|Action. For 54 // all other update requests, ActivatedRule|Action is used instead of 55 // ActivatedRule|OverrideAction. 56 Action *WafAction 57 58 // An array of rules to exclude from a rule group. This is applicable only when the 59 // ActivatedRule refers to a RuleGroup. Sometimes it is necessary to troubleshoot 60 // rule groups that are blocking traffic unexpectedly (false positives). One 61 // troubleshooting technique is to identify the specific rule within the rule group 62 // that is blocking the legitimate traffic and then disable (exclude) that 63 // particular rule. You can exclude rules from both your own rule groups and AWS 64 // Marketplace rule groups that have been associated with a web ACL. Specifying 65 // ExcludedRules does not remove those rules from the rule group. Rather, it 66 // changes the action for the rules to COUNT. Therefore, requests that match an 67 // ExcludedRule are counted but not blocked. The RuleGroup owner will receive COUNT 68 // metrics for each ExcludedRule. If you want to exclude rules from a rule group 69 // that is already associated with a web ACL, perform the following steps: 70 // 71 // * Use 72 // the AWS WAF logs to identify the IDs of the rules that you want to exclude. For 73 // more information about the logs, see Logging Web ACL Traffic Information 74 // (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html). 75 // 76 // * Submit 77 // an UpdateWebACL request that has two actions: 78 // 79 // * The first action deletes the 80 // existing rule group from the web ACL. That is, in the UpdateWebACL request, the 81 // first Updates:Action should be DELETE and Updates:ActivatedRule:RuleId should be 82 // the rule group that contains the rules that you want to exclude. 83 // 84 // * The second 85 // action inserts the same rule group back in, but specifying the rules to exclude. 86 // That is, the second Updates:Action should be INSERT, 87 // Updates:ActivatedRule:RuleId should be the rule group that you just removed, and 88 // ExcludedRules should contain the rules that you want to exclude. 89 ExcludedRules []ExcludedRule 90 91 // Use the OverrideAction to test your RuleGroup. Any rule in a RuleGroup can 92 // potentially block a request. If you set the OverrideAction to None, the 93 // RuleGroup will block a request if any individual rule in the RuleGroup matches 94 // the request and is configured to block that request. However if you first want 95 // to test the RuleGroup, set the OverrideAction to Count. The RuleGroup will then 96 // override any block action specified by individual rules contained within the 97 // group. Instead of blocking matching requests, those requests will be counted. 98 // You can view a record of counted requests using GetSampledRequests. 99 // ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to 100 // a WebACL. In this case you do not use ActivatedRule|Action. For all other update 101 // requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction. 102 OverrideAction *WafOverrideAction 103 104 // The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by 105 // RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. 106 // Although this field is optional, be aware that if you try to add a RATE_BASED 107 // rule to a web ACL without setting the type, the UpdateWebACL request will fail 108 // because the request tries to add a REGULAR rule with the specified ID, which 109 // does not exist. 110 Type WafRuleType 111} 112 113// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 114// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 115// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 116// and see the AWS WAF Developer Guide 117// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 118// the latest version, AWS WAF has a single set of endpoints for regional and 119// global use. In a GetByteMatchSet request, ByteMatchSet is a complex type that 120// contains the ByteMatchSetId and Name of a ByteMatchSet, and the values that you 121// specified when you updated the ByteMatchSet. A complex type that contains 122// ByteMatchTuple objects, which specify the parts of web requests that you want 123// AWS WAF to inspect and the values that you want AWS WAF to search for. If a 124// ByteMatchSet contains more than one ByteMatchTuple object, a request needs to 125// match the settings in only one ByteMatchTuple to be considered a match. 126type ByteMatchSet struct { 127 128 // The ByteMatchSetId for a ByteMatchSet. You use ByteMatchSetId to get information 129 // about a ByteMatchSet (see GetByteMatchSet), update a ByteMatchSet (see 130 // UpdateByteMatchSet), insert a ByteMatchSet into a Rule or delete one from a Rule 131 // (see UpdateRule), and delete a ByteMatchSet from AWS WAF (see 132 // DeleteByteMatchSet). ByteMatchSetId is returned by CreateByteMatchSet and by 133 // ListByteMatchSets. 134 // 135 // This member is required. 136 ByteMatchSetId *string 137 138 // Specifies the bytes (typically a string that corresponds with ASCII characters) 139 // that you want AWS WAF to search for in web requests, the location in requests 140 // that you want AWS WAF to search, and other settings. 141 // 142 // This member is required. 143 ByteMatchTuples []ByteMatchTuple 144 145 // A friendly name or description of the ByteMatchSet. You can't change Name after 146 // you create a ByteMatchSet. 147 Name *string 148} 149 150// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 151// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 152// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 153// and see the AWS WAF Developer Guide 154// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 155// the latest version, AWS WAF has a single set of endpoints for regional and 156// global use. Returned by ListByteMatchSets. Each ByteMatchSetSummary object 157// includes the Name and ByteMatchSetId for one ByteMatchSet. 158type ByteMatchSetSummary struct { 159 160 // The ByteMatchSetId for a ByteMatchSet. You use ByteMatchSetId to get information 161 // about a ByteMatchSet, update a ByteMatchSet, remove a ByteMatchSet from a Rule, 162 // and delete a ByteMatchSet from AWS WAF. ByteMatchSetId is returned by 163 // CreateByteMatchSet and by ListByteMatchSets. 164 // 165 // This member is required. 166 ByteMatchSetId *string 167 168 // A friendly name or description of the ByteMatchSet. You can't change Name after 169 // you create a ByteMatchSet. 170 // 171 // This member is required. 172 Name *string 173} 174 175// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 176// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 177// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 178// and see the AWS WAF Developer Guide 179// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 180// the latest version, AWS WAF has a single set of endpoints for regional and 181// global use. In an UpdateByteMatchSet request, ByteMatchSetUpdate specifies 182// whether to insert or delete a ByteMatchTuple and includes the settings for the 183// ByteMatchTuple. 184type ByteMatchSetUpdate struct { 185 186 // Specifies whether to insert or delete a ByteMatchTuple. 187 // 188 // This member is required. 189 Action ChangeAction 190 191 // Information about the part of a web request that you want AWS WAF to inspect and 192 // the value that you want AWS WAF to search for. If you specify DELETE for the 193 // value of Action, the ByteMatchTuple values must exactly match the values in the 194 // ByteMatchTuple that you want to delete from the ByteMatchSet. 195 // 196 // This member is required. 197 ByteMatchTuple *ByteMatchTuple 198} 199 200// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 201// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 202// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 203// and see the AWS WAF Developer Guide 204// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 205// the latest version, AWS WAF has a single set of endpoints for regional and 206// global use. The bytes (typically a string that corresponds with ASCII 207// characters) that you want AWS WAF to search for in web requests, the location in 208// requests that you want AWS WAF to search, and other settings. 209type ByteMatchTuple struct { 210 211 // The part of a web request that you want AWS WAF to search, such as a specified 212 // header or a query string. For more information, see FieldToMatch. 213 // 214 // This member is required. 215 FieldToMatch *FieldToMatch 216 217 // Within the portion of a web request that you want to search (for example, in the 218 // query string, if any), specify where you want AWS WAF to search. Valid values 219 // include the following: CONTAINS The specified part of the web request must 220 // include the value of TargetString, but the location doesn't matter. 221 // CONTAINS_WORD The specified part of the web request must include the value of 222 // TargetString, and TargetString must contain only alphanumeric characters or 223 // underscore (A-Z, a-z, 0-9, or _). In addition, TargetString must be a word, 224 // which means one of the following: 225 // 226 // * TargetString exactly matches the value of 227 // the specified part of the web request, such as the value of a header. 228 // 229 // * 230 // TargetString is at the beginning of the specified part of the web request and is 231 // followed by a character other than an alphanumeric character or underscore (_), 232 // for example, BadBot;. 233 // 234 // * TargetString is at the end of the specified part of the 235 // web request and is preceded by a character other than an alphanumeric character 236 // or underscore (_), for example, ;BadBot. 237 // 238 // * TargetString is in the middle of the 239 // specified part of the web request and is preceded and followed by characters 240 // other than alphanumeric characters or underscore (_), for example, 241 // -BadBot;. 242 // 243 // EXACTLY The value of the specified part of the web request must 244 // exactly match the value of TargetString. STARTS_WITH The value of TargetString 245 // must appear at the beginning of the specified part of the web request. ENDS_WITH 246 // The value of TargetString must appear at the end of the specified part of the 247 // web request. 248 // 249 // This member is required. 250 PositionalConstraint PositionalConstraint 251 252 // The value that you want AWS WAF to search for. AWS WAF searches for the 253 // specified string in the part of web requests that you specified in FieldToMatch. 254 // The maximum length of the value is 50 bytes. Valid values depend on the values 255 // that you specified for FieldToMatch: 256 // 257 // * HEADER: The value that you want AWS WAF 258 // to search for in the request header that you specified in FieldToMatch, for 259 // example, the value of the User-Agent or Referer header. 260 // 261 // * METHOD: The HTTP 262 // method, which indicates the type of operation specified in the request. 263 // CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, 264 // POST, and PUT. 265 // 266 // * QUERY_STRING: The value that you want AWS WAF to search for in 267 // the query string, which is the part of a URL that appears after a ? 268 // character. 269 // 270 // * URI: The value that you want AWS WAF to search for in the part of 271 // a URL that identifies a resource, for example, /images/daily-ad.jpg. 272 // 273 // * BODY: 274 // The part of a request that contains any additional data that you want to send to 275 // your web server as the HTTP request body, such as data from a form. The request 276 // body immediately follows the request headers. Note that only the first 8192 277 // bytes of the request body are forwarded to AWS WAF for inspection. To allow or 278 // block requests based on the length of the body, you can create a size constraint 279 // set. For more information, see CreateSizeConstraintSet. 280 // 281 // * SINGLE_QUERY_ARG: The 282 // parameter in the query string that you will inspect, such as UserName or 283 // SalesRegion. The maximum length for SINGLE_QUERY_ARG is 30 characters. 284 // 285 // * 286 // ALL_QUERY_ARGS: Similar to SINGLE_QUERY_ARG, but instead of inspecting a single 287 // parameter, AWS WAF inspects all parameters within the query string for the value 288 // or regex pattern that you specify in TargetString. 289 // 290 // If TargetString includes 291 // alphabetic characters A-Z and a-z, note that the value is case sensitive. If 292 // you're using the AWS WAF API Specify a base64-encoded version of the value. The 293 // maximum length of the value before you base64-encode it is 50 bytes. For 294 // example, suppose the value of Type is HEADER and the value of Data is 295 // User-Agent. If you want to search the User-Agent header for the value BadBot, 296 // you base64-encode BadBot using MIME base64-encoding and include the resulting 297 // value, QmFkQm90, in the value of TargetString. If you're using the AWS CLI or 298 // one of the AWS SDKs The value that you want AWS WAF to search for. The SDK 299 // automatically base64 encodes the value. 300 // 301 // This member is required. 302 TargetString []byte 303 304 // Text transformations eliminate some of the unusual formatting that attackers use 305 // in web requests in an effort to bypass AWS WAF. If you specify a transformation, 306 // AWS WAF performs the transformation on FieldToMatch before inspecting it for a 307 // match. You can only specify a single type of TextTransformation. CMD_LINE When 308 // you're concerned that attackers are injecting an operating system command line 309 // command and using unusual formatting to disguise some or all of the command, use 310 // this option to perform the following transformations: 311 // 312 // * Delete the following 313 // characters: \ " ' ^ 314 // 315 // * Delete spaces before the following characters: / ( 316 // 317 // * 318 // Replace the following characters with a space: , ; 319 // 320 // * Replace multiple spaces 321 // with one space 322 // 323 // * Convert uppercase letters (A-Z) to lowercase 324 // (a-z) 325 // 326 // COMPRESS_WHITE_SPACE Use this option to replace the following characters 327 // with a space character (decimal 32): 328 // 329 // * \f, formfeed, decimal 12 330 // 331 // * \t, tab, 332 // decimal 9 333 // 334 // * \n, newline, decimal 10 335 // 336 // * \r, carriage return, decimal 13 337 // 338 // * \v, 339 // vertical tab, decimal 11 340 // 341 // * non-breaking space, decimal 342 // 160 343 // 344 // COMPRESS_WHITE_SPACE also replaces multiple spaces with one space. 345 // HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with 346 // unencoded characters. HTML_ENTITY_DECODE performs the following operations: 347 // 348 // * 349 // Replaces (ampersand)quot; with " 350 // 351 // * Replaces (ampersand)nbsp; with a 352 // non-breaking space, decimal 160 353 // 354 // * Replaces (ampersand)lt; with a "less than" 355 // symbol 356 // 357 // * Replaces (ampersand)gt; with > 358 // 359 // * Replaces characters that are 360 // represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding 361 // characters 362 // 363 // * Replaces characters that are represented in decimal format, 364 // (ampersand)#nnnn;, with the corresponding characters 365 // 366 // LOWERCASE Use this option 367 // to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this 368 // option to decode a URL-encoded value. NONE Specify NONE if you don't want to 369 // perform any text transformations. 370 // 371 // This member is required. 372 TextTransformation TextTransformation 373} 374 375// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 376// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 377// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 378// and see the AWS WAF Developer Guide 379// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 380// the latest version, AWS WAF has a single set of endpoints for regional and 381// global use. The rule to exclude from a rule group. This is applicable only when 382// the ActivatedRule refers to a RuleGroup. The rule must belong to the RuleGroup 383// that is specified by the ActivatedRule. 384type ExcludedRule struct { 385 386 // The unique identifier for the rule to exclude from the rule group. 387 // 388 // This member is required. 389 RuleId *string 390} 391 392// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 393// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 394// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 395// and see the AWS WAF Developer Guide 396// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 397// the latest version, AWS WAF has a single set of endpoints for regional and 398// global use. Specifies where in a web request to look for TargetString. 399type FieldToMatch struct { 400 401 // The part of the web request that you want AWS WAF to search for a specified 402 // string. Parts of a request that you can search include the following: 403 // 404 // * HEADER: 405 // A specified request header, for example, the value of the User-Agent or Referer 406 // header. If you choose HEADER for the type, specify the name of the header in 407 // Data. 408 // 409 // * METHOD: The HTTP method, which indicated the type of operation that the 410 // request is asking the origin to perform. Amazon CloudFront supports the 411 // following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT. 412 // 413 // * 414 // QUERY_STRING: A query string, which is the part of a URL that appears after a ? 415 // character, if any. 416 // 417 // * URI: The part of a web request that identifies a resource, 418 // for example, /images/daily-ad.jpg. 419 // 420 // * BODY: The part of a request that contains 421 // any additional data that you want to send to your web server as the HTTP request 422 // body, such as data from a form. The request body immediately follows the request 423 // headers. Note that only the first 8192 bytes of the request body are forwarded 424 // to AWS WAF for inspection. To allow or block requests based on the length of the 425 // body, you can create a size constraint set. For more information, see 426 // CreateSizeConstraintSet. 427 // 428 // * SINGLE_QUERY_ARG: The parameter in the query string 429 // that you will inspect, such as UserName or SalesRegion. The maximum length for 430 // SINGLE_QUERY_ARG is 30 characters. 431 // 432 // * ALL_QUERY_ARGS: Similar to 433 // SINGLE_QUERY_ARG, but rather than inspecting a single parameter, AWS WAF will 434 // inspect all parameters within the query for the value or regex pattern that you 435 // specify in TargetString. 436 // 437 // This member is required. 438 Type MatchFieldType 439 440 // When the value of Type is HEADER, enter the name of the header that you want AWS 441 // WAF to search, for example, User-Agent or Referer. The name of the header is not 442 // case sensitive. When the value of Type is SINGLE_QUERY_ARG, enter the name of 443 // the parameter that you want AWS WAF to search, for example, UserName or 444 // SalesRegion. The parameter name is not case sensitive. If the value of Type is 445 // any other value, omit Data. 446 Data *string 447} 448 449// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 450// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 451// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 452// and see the AWS WAF Developer Guide 453// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 454// the latest version, AWS WAF has a single set of endpoints for regional and 455// global use. The country from which web requests originate that you want AWS WAF 456// to search for. 457type GeoMatchConstraint struct { 458 459 // The type of geographical area you want AWS WAF to search for. Currently Country 460 // is the only valid value. 461 // 462 // This member is required. 463 Type GeoMatchConstraintType 464 465 // The country that you want AWS WAF to search for. 466 // 467 // This member is required. 468 Value GeoMatchConstraintValue 469} 470 471// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 472// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 473// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 474// and see the AWS WAF Developer Guide 475// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 476// the latest version, AWS WAF has a single set of endpoints for regional and 477// global use. Contains one or more countries that AWS WAF will search for. 478type GeoMatchSet struct { 479 480 // An array of GeoMatchConstraint objects, which contain the country that you want 481 // AWS WAF to search for. 482 // 483 // This member is required. 484 GeoMatchConstraints []GeoMatchConstraint 485 486 // The GeoMatchSetId for an GeoMatchSet. You use GeoMatchSetId to get information 487 // about a GeoMatchSet (see GeoMatchSet), update a GeoMatchSet (see 488 // UpdateGeoMatchSet), insert a GeoMatchSet into a Rule or delete one from a Rule 489 // (see UpdateRule), and delete a GeoMatchSet from AWS WAF (see DeleteGeoMatchSet). 490 // GeoMatchSetId is returned by CreateGeoMatchSet and by ListGeoMatchSets. 491 // 492 // This member is required. 493 GeoMatchSetId *string 494 495 // A friendly name or description of the GeoMatchSet. You can't change the name of 496 // an GeoMatchSet after you create it. 497 Name *string 498} 499 500// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 501// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 502// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 503// and see the AWS WAF Developer Guide 504// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 505// the latest version, AWS WAF has a single set of endpoints for regional and 506// global use. Contains the identifier and the name of the GeoMatchSet. 507type GeoMatchSetSummary struct { 508 509 // The GeoMatchSetId for an GeoMatchSet. You can use GeoMatchSetId in a 510 // GetGeoMatchSet request to get detailed information about an GeoMatchSet. 511 // 512 // This member is required. 513 GeoMatchSetId *string 514 515 // A friendly name or description of the GeoMatchSet. You can't change the name of 516 // an GeoMatchSet after you create it. 517 // 518 // This member is required. 519 Name *string 520} 521 522// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 523// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 524// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 525// and see the AWS WAF Developer Guide 526// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 527// the latest version, AWS WAF has a single set of endpoints for regional and 528// global use. Specifies the type of update to perform to an GeoMatchSet with 529// UpdateGeoMatchSet. 530type GeoMatchSetUpdate struct { 531 532 // Specifies whether to insert or delete a country with UpdateGeoMatchSet. 533 // 534 // This member is required. 535 Action ChangeAction 536 537 // The country from which web requests originate that you want AWS WAF to search 538 // for. 539 // 540 // This member is required. 541 GeoMatchConstraint *GeoMatchConstraint 542} 543 544// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 545// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 546// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 547// and see the AWS WAF Developer Guide 548// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 549// the latest version, AWS WAF has a single set of endpoints for regional and 550// global use. The response from a GetSampledRequests request includes an 551// HTTPHeader complex type that appears as Headers in the response syntax. 552// HTTPHeader contains the names and values of all of the headers that appear in 553// one of the web requests that were returned by GetSampledRequests. 554type HTTPHeader struct { 555 556 // The name of one of the headers in the sampled web request. 557 Name *string 558 559 // The value of one of the headers in the sampled web request. 560 Value *string 561} 562 563// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 564// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 565// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 566// and see the AWS WAF Developer Guide 567// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 568// the latest version, AWS WAF has a single set of endpoints for regional and 569// global use. The response from a GetSampledRequests request includes an 570// HTTPRequest complex type that appears as Request in the response syntax. 571// HTTPRequest contains information about one of the web requests that were 572// returned by GetSampledRequests. 573type HTTPRequest struct { 574 575 // The IP address that the request originated from. If the WebACL is associated 576 // with a CloudFront distribution, this is the value of one of the following fields 577 // in CloudFront access logs: 578 // 579 // * c-ip, if the viewer did not use an HTTP proxy or a 580 // load balancer to send the request 581 // 582 // * x-forwarded-for, if the viewer did use an 583 // HTTP proxy or a load balancer to send the request 584 ClientIP *string 585 586 // The two-letter country code for the country that the request originated from. 587 // For a current list of country codes, see the Wikipedia entry ISO 3166-1 alpha-2 588 // (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). 589 Country *string 590 591 // The HTTP version specified in the sampled web request, for example, HTTP/1.1. 592 HTTPVersion *string 593 594 // A complex type that contains two values for each header in the sampled web 595 // request: the name of the header and the value of the header. 596 Headers []HTTPHeader 597 598 // The HTTP method specified in the sampled web request. CloudFront supports the 599 // following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT. 600 Method *string 601 602 // The part of a web request that identifies the resource, for example, 603 // /images/daily-ad.jpg. 604 URI *string 605} 606 607// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 608// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 609// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 610// and see the AWS WAF Developer Guide 611// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 612// the latest version, AWS WAF has a single set of endpoints for regional and 613// global use. Contains one or more IP addresses or blocks of IP addresses 614// specified in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports 615// IPv4 address ranges: /8 and any range between /16 through /32. AWS WAF supports 616// IPv6 address ranges: /24, /32, /48, /56, /64, and /128. To specify an individual 617// IP address, you specify the four-part IP address followed by a /32, for example, 618// 192.0.2.0/32. To block a range of IP addresses, you can specify /8 or any range 619// between /16 through /32 (for IPv4) or /24, /32, /48, /56, /64, or /128 (for 620// IPv6). For more information about CIDR notation, see the Wikipedia entry 621// Classless Inter-Domain Routing 622// (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). 623type IPSet struct { 624 625 // The IP address type (IPV4 or IPV6) and the IP address range (in CIDR notation) 626 // that web requests originate from. If the WebACL is associated with a CloudFront 627 // distribution and the viewer did not use an HTTP proxy or a load balancer to send 628 // the request, this is the value of the c-ip field in the CloudFront access logs. 629 // 630 // This member is required. 631 IPSetDescriptors []IPSetDescriptor 632 633 // The IPSetId for an IPSet. You use IPSetId to get information about an IPSet (see 634 // GetIPSet), update an IPSet (see UpdateIPSet), insert an IPSet into a Rule or 635 // delete one from a Rule (see UpdateRule), and delete an IPSet from AWS WAF (see 636 // DeleteIPSet). IPSetId is returned by CreateIPSet and by ListIPSets. 637 // 638 // This member is required. 639 IPSetId *string 640 641 // A friendly name or description of the IPSet. You can't change the name of an 642 // IPSet after you create it. 643 Name *string 644} 645 646// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 647// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 648// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 649// and see the AWS WAF Developer Guide 650// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 651// the latest version, AWS WAF has a single set of endpoints for regional and 652// global use. Specifies the IP address type (IPV4 or IPV6) and the IP address 653// range (in CIDR format) that web requests originate from. 654type IPSetDescriptor struct { 655 656 // Specify IPV4 or IPV6. 657 // 658 // This member is required. 659 Type IPSetDescriptorType 660 661 // Specify an IPv4 address by using CIDR notation. For example: 662 // 663 // * To configure AWS 664 // WAF to allow, block, or count requests that originated from the IP address 665 // 192.0.2.44, specify 192.0.2.44/32. 666 // 667 // * To configure AWS WAF to allow, block, or 668 // count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, 669 // specify 192.0.2.0/24. 670 // 671 // For more information about CIDR notation, see the 672 // Wikipedia entry Classless Inter-Domain Routing 673 // (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing). Specify an IPv6 674 // address by using CIDR notation. For example: 675 // 676 // * To configure AWS WAF to allow, 677 // block, or count requests that originated from the IP address 678 // 1111:0000:0000:0000:0000:0000:0000:0111, specify 679 // 1111:0000:0000:0000:0000:0000:0000:0111/128. 680 // 681 // * To configure AWS WAF to allow, 682 // block, or count requests that originated from IP addresses 683 // 1111:0000:0000:0000:0000:0000:0000:0000 to 684 // 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 685 // 1111:0000:0000:0000:0000:0000:0000:0000/64. 686 // 687 // This member is required. 688 Value *string 689} 690 691// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 692// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 693// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 694// and see the AWS WAF Developer Guide 695// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 696// the latest version, AWS WAF has a single set of endpoints for regional and 697// global use. Contains the identifier and the name of the IPSet. 698type IPSetSummary struct { 699 700 // The IPSetId for an IPSet. You can use IPSetId in a GetIPSet request to get 701 // detailed information about an IPSet. 702 // 703 // This member is required. 704 IPSetId *string 705 706 // A friendly name or description of the IPSet. You can't change the name of an 707 // IPSet after you create it. 708 // 709 // This member is required. 710 Name *string 711} 712 713// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 714// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 715// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 716// and see the AWS WAF Developer Guide 717// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 718// the latest version, AWS WAF has a single set of endpoints for regional and 719// global use. Specifies the type of update to perform to an IPSet with 720// UpdateIPSet. 721type IPSetUpdate struct { 722 723 // Specifies whether to insert or delete an IP address with UpdateIPSet. 724 // 725 // This member is required. 726 Action ChangeAction 727 728 // The IP address type (IPV4 or IPV6) and the IP address range (in CIDR notation) 729 // that web requests originate from. 730 // 731 // This member is required. 732 IPSetDescriptor *IPSetDescriptor 733} 734 735// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 736// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 737// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 738// and see the AWS WAF Developer Guide 739// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 740// the latest version, AWS WAF has a single set of endpoints for regional and 741// global use. The Amazon Kinesis Data Firehose, RedactedFields information, and 742// the web ACL Amazon Resource Name (ARN). 743type LoggingConfiguration struct { 744 745 // An array of Amazon Kinesis Data Firehose ARNs. 746 // 747 // This member is required. 748 LogDestinationConfigs []string 749 750 // The Amazon Resource Name (ARN) of the web ACL that you want to associate with 751 // LogDestinationConfigs. 752 // 753 // This member is required. 754 ResourceArn *string 755 756 // The parts of the request that you want redacted from the logs. For example, if 757 // you redact the cookie field, the cookie field in the firehose will be xxx. 758 RedactedFields []FieldToMatch 759} 760 761// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 762// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 763// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 764// and see the AWS WAF Developer Guide 765// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 766// the latest version, AWS WAF has a single set of endpoints for regional and 767// global use. Specifies the ByteMatchSet, IPSet, SqlInjectionMatchSet, 768// XssMatchSet, RegexMatchSet, GeoMatchSet, and SizeConstraintSet objects that you 769// want to add to a Rule and, for each object, indicates whether you want to negate 770// the settings, for example, requests that do NOT originate from the IP address 771// 192.0.2.44. 772type Predicate struct { 773 774 // A unique identifier for a predicate in a Rule, such as ByteMatchSetId or 775 // IPSetId. The ID is returned by the corresponding Create or List command. 776 // 777 // This member is required. 778 DataId *string 779 780 // Set Negated to False if you want AWS WAF to allow, block, or count requests 781 // based on the settings in the specified ByteMatchSet, IPSet, 782 // SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, or 783 // SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, 784 // AWS WAF will allow or block requests based on that IP address. Set Negated to 785 // True if you want AWS WAF to allow or block a request based on the negation of 786 // the settings in the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, 787 // RegexMatchSet, GeoMatchSet, or SizeConstraintSet. For example, if an IPSet 788 // includes the IP address 192.0.2.44, AWS WAF will allow, block, or count requests 789 // based on all IP addresses except 192.0.2.44. 790 // 791 // This member is required. 792 Negated *bool 793 794 // The type of predicate in a Rule, such as ByteMatch or IPSet. 795 // 796 // This member is required. 797 Type PredicateType 798} 799 800// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 801// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 802// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 803// and see the AWS WAF Developer Guide 804// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 805// the latest version, AWS WAF has a single set of endpoints for regional and 806// global use. A RateBasedRule is identical to a regular Rule, with one addition: a 807// RateBasedRule counts the number of requests that arrive from a specified IP 808// address every five minutes. For example, based on recent requests that you've 809// seen from an attacker, you might create a RateBasedRule that includes the 810// following conditions: 811// 812// * The requests come from 192.0.2.44. 813// 814// * They contain the 815// value BadBot in the User-Agent header. 816// 817// In the rule, you also define the rate 818// limit as 1,000. Requests that meet both of these conditions and exceed 1,000 819// requests every five minutes trigger the rule's action (block or count), which is 820// defined in the web ACL. 821type RateBasedRule struct { 822 823 // The Predicates object contains one Predicate element for each ByteMatchSet, 824 // IPSet, or SqlInjectionMatchSet object that you want to include in a 825 // RateBasedRule. 826 // 827 // This member is required. 828 MatchPredicates []Predicate 829 830 // The field that AWS WAF uses to determine if requests are likely arriving from 831 // single source and thus subject to rate monitoring. The only valid value for 832 // RateKey is IP. IP indicates that requests arriving from the same IP address are 833 // subject to the RateLimit that is specified in the RateBasedRule. 834 // 835 // This member is required. 836 RateKey RateKey 837 838 // The maximum number of requests, which have an identical value in the field 839 // specified by the RateKey, allowed in a five-minute period. If the number of 840 // requests exceeds the RateLimit and the other predicates specified in the rule 841 // are also met, AWS WAF triggers the action that is specified for this rule. 842 // 843 // This member is required. 844 RateLimit int64 845 846 // A unique identifier for a RateBasedRule. You use RuleId to get more information 847 // about a RateBasedRule (see GetRateBasedRule), update a RateBasedRule (see 848 // UpdateRateBasedRule), insert a RateBasedRule into a WebACL or delete one from a 849 // WebACL (see UpdateWebACL), or delete a RateBasedRule from AWS WAF (see 850 // DeleteRateBasedRule). 851 // 852 // This member is required. 853 RuleId *string 854 855 // A friendly name or description for the metrics for a RateBasedRule. The name can 856 // contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 857 // and minimum length one. It can't contain whitespace or metric names reserved for 858 // AWS WAF, including "All" and "Default_Action." You can't change the name of the 859 // metric after you create the RateBasedRule. 860 MetricName *string 861 862 // A friendly name or description for a RateBasedRule. You can't change the name of 863 // a RateBasedRule after you create it. 864 Name *string 865} 866 867// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 868// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 869// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 870// and see the AWS WAF Developer Guide 871// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 872// the latest version, AWS WAF has a single set of endpoints for regional and 873// global use. In a GetRegexMatchSet request, RegexMatchSet is a complex type that 874// contains the RegexMatchSetId and Name of a RegexMatchSet, and the values that 875// you specified when you updated the RegexMatchSet. The values are contained in a 876// RegexMatchTuple object, which specify the parts of web requests that you want 877// AWS WAF to inspect and the values that you want AWS WAF to search for. If a 878// RegexMatchSet contains more than one RegexMatchTuple object, a request needs to 879// match the settings in only one ByteMatchTuple to be considered a match. 880type RegexMatchSet struct { 881 882 // A friendly name or description of the RegexMatchSet. You can't change Name after 883 // you create a RegexMatchSet. 884 Name *string 885 886 // The RegexMatchSetId for a RegexMatchSet. You use RegexMatchSetId to get 887 // information about a RegexMatchSet (see GetRegexMatchSet), update a RegexMatchSet 888 // (see UpdateRegexMatchSet), insert a RegexMatchSet into a Rule or delete one from 889 // a Rule (see UpdateRule), and delete a RegexMatchSet from AWS WAF (see 890 // DeleteRegexMatchSet). RegexMatchSetId is returned by CreateRegexMatchSet and by 891 // ListRegexMatchSets. 892 RegexMatchSetId *string 893 894 // Contains an array of RegexMatchTuple objects. Each RegexMatchTuple object 895 // contains: 896 // 897 // * The part of a web request that you want AWS WAF to inspect, such as 898 // a query string or the value of the User-Agent header. 899 // 900 // * The identifier of the 901 // pattern (a regular expression) that you want AWS WAF to look for. For more 902 // information, see RegexPatternSet. 903 // 904 // * Whether to perform any conversions on the 905 // request, such as converting it to lowercase, before inspecting it for the 906 // specified string. 907 RegexMatchTuples []RegexMatchTuple 908} 909 910// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 911// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 912// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 913// and see the AWS WAF Developer Guide 914// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 915// the latest version, AWS WAF has a single set of endpoints for regional and 916// global use. Returned by ListRegexMatchSets. Each RegexMatchSetSummary object 917// includes the Name and RegexMatchSetId for one RegexMatchSet. 918type RegexMatchSetSummary struct { 919 920 // A friendly name or description of the RegexMatchSet. You can't change Name after 921 // you create a RegexMatchSet. 922 // 923 // This member is required. 924 Name *string 925 926 // The RegexMatchSetId for a RegexMatchSet. You use RegexMatchSetId to get 927 // information about a RegexMatchSet, update a RegexMatchSet, remove a 928 // RegexMatchSet from a Rule, and delete a RegexMatchSet from AWS WAF. 929 // RegexMatchSetId is returned by CreateRegexMatchSet and by ListRegexMatchSets. 930 // 931 // This member is required. 932 RegexMatchSetId *string 933} 934 935// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 936// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 937// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 938// and see the AWS WAF Developer Guide 939// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 940// the latest version, AWS WAF has a single set of endpoints for regional and 941// global use. In an UpdateRegexMatchSet request, RegexMatchSetUpdate specifies 942// whether to insert or delete a RegexMatchTuple and includes the settings for the 943// RegexMatchTuple. 944type RegexMatchSetUpdate struct { 945 946 // Specifies whether to insert or delete a RegexMatchTuple. 947 // 948 // This member is required. 949 Action ChangeAction 950 951 // Information about the part of a web request that you want AWS WAF to inspect and 952 // the identifier of the regular expression (regex) pattern that you want AWS WAF 953 // to search for. If you specify DELETE for the value of Action, the 954 // RegexMatchTuple values must exactly match the values in the RegexMatchTuple that 955 // you want to delete from the RegexMatchSet. 956 // 957 // This member is required. 958 RegexMatchTuple *RegexMatchTuple 959} 960 961// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 962// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 963// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 964// and see the AWS WAF Developer Guide 965// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 966// the latest version, AWS WAF has a single set of endpoints for regional and 967// global use. The regular expression pattern that you want AWS WAF to search for 968// in web requests, the location in requests that you want AWS WAF to search, and 969// other settings. Each RegexMatchTuple object contains: 970// 971// * The part of a web 972// request that you want AWS WAF to inspect, such as a query string or the value of 973// the User-Agent header. 974// 975// * The identifier of the pattern (a regular expression) 976// that you want AWS WAF to look for. For more information, see RegexPatternSet. 977// 978// * 979// Whether to perform any conversions on the request, such as converting it to 980// lowercase, before inspecting it for the specified string. 981type RegexMatchTuple struct { 982 983 // Specifies where in a web request to look for the RegexPatternSet. 984 // 985 // This member is required. 986 FieldToMatch *FieldToMatch 987 988 // The RegexPatternSetId for a RegexPatternSet. You use RegexPatternSetId to get 989 // information about a RegexPatternSet (see GetRegexPatternSet), update a 990 // RegexPatternSet (see UpdateRegexPatternSet), insert a RegexPatternSet into a 991 // RegexMatchSet or delete one from a RegexMatchSet (see UpdateRegexMatchSet), and 992 // delete an RegexPatternSet from AWS WAF (see DeleteRegexPatternSet). 993 // RegexPatternSetId is returned by CreateRegexPatternSet and by 994 // ListRegexPatternSets. 995 // 996 // This member is required. 997 RegexPatternSetId *string 998 999 // Text transformations eliminate some of the unusual formatting that attackers use 1000 // in web requests in an effort to bypass AWS WAF. If you specify a transformation, 1001 // AWS WAF performs the transformation on RegexPatternSet before inspecting a 1002 // request for a match. You can only specify a single type of TextTransformation. 1003 // CMD_LINE When you're concerned that attackers are injecting an operating system 1004 // commandline command and using unusual formatting to disguise some or all of the 1005 // command, use this option to perform the following transformations: 1006 // 1007 // * Delete the 1008 // following characters: \ " ' ^ 1009 // 1010 // * Delete spaces before the following characters: 1011 // / ( 1012 // 1013 // * Replace the following characters with a space: , ; 1014 // 1015 // * Replace multiple 1016 // spaces with one space 1017 // 1018 // * Convert uppercase letters (A-Z) to lowercase 1019 // (a-z) 1020 // 1021 // COMPRESS_WHITE_SPACE Use this option to replace the following characters 1022 // with a space character (decimal 32): 1023 // 1024 // * \f, formfeed, decimal 12 1025 // 1026 // * \t, tab, 1027 // decimal 9 1028 // 1029 // * \n, newline, decimal 10 1030 // 1031 // * \r, carriage return, decimal 13 1032 // 1033 // * \v, 1034 // vertical tab, decimal 11 1035 // 1036 // * non-breaking space, decimal 1037 // 160 1038 // 1039 // COMPRESS_WHITE_SPACE also replaces multiple spaces with one space. 1040 // HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with 1041 // unencoded characters. HTML_ENTITY_DECODE performs the following operations: 1042 // 1043 // * 1044 // Replaces (ampersand)quot; with " 1045 // 1046 // * Replaces (ampersand)nbsp; with a 1047 // non-breaking space, decimal 160 1048 // 1049 // * Replaces (ampersand)lt; with a "less than" 1050 // symbol 1051 // 1052 // * Replaces (ampersand)gt; with > 1053 // 1054 // * Replaces characters that are 1055 // represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding 1056 // characters 1057 // 1058 // * Replaces characters that are represented in decimal format, 1059 // (ampersand)#nnnn;, with the corresponding characters 1060 // 1061 // LOWERCASE Use this option 1062 // to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this 1063 // option to decode a URL-encoded value. NONE Specify NONE if you don't want to 1064 // perform any text transformations. 1065 // 1066 // This member is required. 1067 TextTransformation TextTransformation 1068} 1069 1070// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1071// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1072// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1073// and see the AWS WAF Developer Guide 1074// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1075// the latest version, AWS WAF has a single set of endpoints for regional and 1076// global use. The RegexPatternSet specifies the regular expression (regex) pattern 1077// that you want AWS WAF to search for, such as B[a@]dB[o0]t. You can then 1078// configure AWS WAF to reject those requests. 1079type RegexPatternSet struct { 1080 1081 // The identifier for the RegexPatternSet. You use RegexPatternSetId to get 1082 // information about a RegexPatternSet, update a RegexPatternSet, remove a 1083 // RegexPatternSet from a RegexMatchSet, and delete a RegexPatternSet from AWS WAF. 1084 // RegexMatchSetId is returned by CreateRegexPatternSet and by 1085 // ListRegexPatternSets. 1086 // 1087 // This member is required. 1088 RegexPatternSetId *string 1089 1090 // Specifies the regular expression (regex) patterns that you want AWS WAF to 1091 // search for, such as B[a@]dB[o0]t. 1092 // 1093 // This member is required. 1094 RegexPatternStrings []string 1095 1096 // A friendly name or description of the RegexPatternSet. You can't change Name 1097 // after you create a RegexPatternSet. 1098 Name *string 1099} 1100 1101// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1102// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1103// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1104// and see the AWS WAF Developer Guide 1105// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1106// the latest version, AWS WAF has a single set of endpoints for regional and 1107// global use. Returned by ListRegexPatternSets. Each RegexPatternSetSummary object 1108// includes the Name and RegexPatternSetId for one RegexPatternSet. 1109type RegexPatternSetSummary struct { 1110 1111 // A friendly name or description of the RegexPatternSet. You can't change Name 1112 // after you create a RegexPatternSet. 1113 // 1114 // This member is required. 1115 Name *string 1116 1117 // The RegexPatternSetId for a RegexPatternSet. You use RegexPatternSetId to get 1118 // information about a RegexPatternSet, update a RegexPatternSet, remove a 1119 // RegexPatternSet from a RegexMatchSet, and delete a RegexPatternSet from AWS WAF. 1120 // RegexPatternSetId is returned by CreateRegexPatternSet and by 1121 // ListRegexPatternSets. 1122 // 1123 // This member is required. 1124 RegexPatternSetId *string 1125} 1126 1127// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1128// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1129// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1130// and see the AWS WAF Developer Guide 1131// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1132// the latest version, AWS WAF has a single set of endpoints for regional and 1133// global use. In an UpdateRegexPatternSet request, RegexPatternSetUpdate specifies 1134// whether to insert or delete a RegexPatternString and includes the settings for 1135// the RegexPatternString. 1136type RegexPatternSetUpdate struct { 1137 1138 // Specifies whether to insert or delete a RegexPatternString. 1139 // 1140 // This member is required. 1141 Action ChangeAction 1142 1143 // Specifies the regular expression (regex) pattern that you want AWS WAF to search 1144 // for, such as B[a@]dB[o0]t. 1145 // 1146 // This member is required. 1147 RegexPatternString *string 1148} 1149 1150// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1151// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1152// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1153// and see the AWS WAF Developer Guide 1154// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1155// the latest version, AWS WAF has a single set of endpoints for regional and 1156// global use. A combination of ByteMatchSet, IPSet, and/or SqlInjectionMatchSet 1157// objects that identify the web requests that you want to allow, block, or count. 1158// For example, you might create a Rule that includes the following predicates: 1159// 1160// * 1161// An IPSet that causes AWS WAF to search for web requests that originate from the 1162// IP address 192.0.2.44 1163// 1164// * A ByteMatchSet that causes AWS WAF to search for web 1165// requests for which the value of the User-Agent header is BadBot. 1166// 1167// To match the 1168// settings in this Rule, a request must originate from 192.0.2.44 AND include a 1169// User-Agent header for which the value is BadBot. 1170type Rule struct { 1171 1172 // The Predicates object contains one Predicate element for each ByteMatchSet, 1173 // IPSet, or SqlInjectionMatchSet object that you want to include in a Rule. 1174 // 1175 // This member is required. 1176 Predicates []Predicate 1177 1178 // A unique identifier for a Rule. You use RuleId to get more information about a 1179 // Rule (see GetRule), update a Rule (see UpdateRule), insert a Rule into a WebACL 1180 // or delete a one from a WebACL (see UpdateWebACL), or delete a Rule from AWS WAF 1181 // (see DeleteRule). RuleId is returned by CreateRule and by ListRules. 1182 // 1183 // This member is required. 1184 RuleId *string 1185 1186 // A friendly name or description for the metrics for this Rule. The name can 1187 // contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 1188 // and minimum length one. It can't contain whitespace or metric names reserved for 1189 // AWS WAF, including "All" and "Default_Action." You can't change MetricName after 1190 // you create the Rule. 1191 MetricName *string 1192 1193 // The friendly name or description for the Rule. You can't change the name of a 1194 // Rule after you create it. 1195 Name *string 1196} 1197 1198// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1199// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1200// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1201// and see the AWS WAF Developer Guide 1202// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1203// the latest version, AWS WAF has a single set of endpoints for regional and 1204// global use. A collection of predefined rules that you can add to a web ACL. Rule 1205// groups are subject to the following limits: 1206// 1207// * Three rule groups per account. 1208// You can request an increase to this limit by contacting customer support. 1209// 1210// * One 1211// rule group per web ACL. 1212// 1213// * Ten rules per rule group. 1214type RuleGroup struct { 1215 1216 // A unique identifier for a RuleGroup. You use RuleGroupId to get more information 1217 // about a RuleGroup (see GetRuleGroup), update a RuleGroup (see UpdateRuleGroup), 1218 // insert a RuleGroup into a WebACL or delete a one from a WebACL (see 1219 // UpdateWebACL), or delete a RuleGroup from AWS WAF (see DeleteRuleGroup). 1220 // RuleGroupId is returned by CreateRuleGroup and by ListRuleGroups. 1221 // 1222 // This member is required. 1223 RuleGroupId *string 1224 1225 // A friendly name or description for the metrics for this RuleGroup. The name can 1226 // contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 1227 // and minimum length one. It can't contain whitespace or metric names reserved for 1228 // AWS WAF, including "All" and "Default_Action." You can't change the name of the 1229 // metric after you create the RuleGroup. 1230 MetricName *string 1231 1232 // The friendly name or description for the RuleGroup. You can't change the name of 1233 // a RuleGroup after you create it. 1234 Name *string 1235} 1236 1237// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1238// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1239// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1240// and see the AWS WAF Developer Guide 1241// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1242// the latest version, AWS WAF has a single set of endpoints for regional and 1243// global use. Contains the identifier and the friendly name or description of the 1244// RuleGroup. 1245type RuleGroupSummary struct { 1246 1247 // A friendly name or description of the RuleGroup. You can't change the name of a 1248 // RuleGroup after you create it. 1249 // 1250 // This member is required. 1251 Name *string 1252 1253 // A unique identifier for a RuleGroup. You use RuleGroupId to get more information 1254 // about a RuleGroup (see GetRuleGroup), update a RuleGroup (see UpdateRuleGroup), 1255 // insert a RuleGroup into a WebACL or delete one from a WebACL (see UpdateWebACL), 1256 // or delete a RuleGroup from AWS WAF (see DeleteRuleGroup). RuleGroupId is 1257 // returned by CreateRuleGroup and by ListRuleGroups. 1258 // 1259 // This member is required. 1260 RuleGroupId *string 1261} 1262 1263// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1264// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1265// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1266// and see the AWS WAF Developer Guide 1267// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1268// the latest version, AWS WAF has a single set of endpoints for regional and 1269// global use. Specifies an ActivatedRule and indicates whether you want to add it 1270// to a RuleGroup or delete it from a RuleGroup. 1271type RuleGroupUpdate struct { 1272 1273 // Specify INSERT to add an ActivatedRule to a RuleGroup. Use DELETE to remove an 1274 // ActivatedRule from a RuleGroup. 1275 // 1276 // This member is required. 1277 Action ChangeAction 1278 1279 // The ActivatedRule object specifies a Rule that you want to insert or delete, the 1280 // priority of the Rule in the WebACL, and the action that you want AWS WAF to take 1281 // when a web request matches the Rule (ALLOW, BLOCK, or COUNT). 1282 // 1283 // This member is required. 1284 ActivatedRule *ActivatedRule 1285} 1286 1287// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1288// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1289// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1290// and see the AWS WAF Developer Guide 1291// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1292// the latest version, AWS WAF has a single set of endpoints for regional and 1293// global use. Contains the identifier and the friendly name or description of the 1294// Rule. 1295type RuleSummary struct { 1296 1297 // A friendly name or description of the Rule. You can't change the name of a Rule 1298 // after you create it. 1299 // 1300 // This member is required. 1301 Name *string 1302 1303 // A unique identifier for a Rule. You use RuleId to get more information about a 1304 // Rule (see GetRule), update a Rule (see UpdateRule), insert a Rule into a WebACL 1305 // or delete one from a WebACL (see UpdateWebACL), or delete a Rule from AWS WAF 1306 // (see DeleteRule). RuleId is returned by CreateRule and by ListRules. 1307 // 1308 // This member is required. 1309 RuleId *string 1310} 1311 1312// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1313// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1314// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1315// and see the AWS WAF Developer Guide 1316// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1317// the latest version, AWS WAF has a single set of endpoints for regional and 1318// global use. Specifies a Predicate (such as an IPSet) and indicates whether you 1319// want to add it to a Rule or delete it from a Rule. 1320type RuleUpdate struct { 1321 1322 // Specify INSERT to add a Predicate to a Rule. Use DELETE to remove a Predicate 1323 // from a Rule. 1324 // 1325 // This member is required. 1326 Action ChangeAction 1327 1328 // The ID of the Predicate (such as an IPSet) that you want to add to a Rule. 1329 // 1330 // This member is required. 1331 Predicate *Predicate 1332} 1333 1334// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1335// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1336// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1337// and see the AWS WAF Developer Guide 1338// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1339// the latest version, AWS WAF has a single set of endpoints for regional and 1340// global use. The response from a GetSampledRequests request includes a 1341// SampledHTTPRequests complex type that appears as SampledRequests in the response 1342// syntax. SampledHTTPRequests contains one SampledHTTPRequest object for each web 1343// request that is returned by GetSampledRequests. 1344type SampledHTTPRequest struct { 1345 1346 // A complex type that contains detailed information about the request. 1347 // 1348 // This member is required. 1349 Request *HTTPRequest 1350 1351 // A value that indicates how one result in the response relates proportionally to 1352 // other results in the response. A result that has a weight of 2 represents 1353 // roughly twice as many CloudFront web requests as a result that has a weight of 1354 // 1. 1355 // 1356 // This member is required. 1357 Weight int64 1358 1359 // The action for the Rule that the request matched: ALLOW, BLOCK, or COUNT. 1360 Action *string 1361 1362 // This value is returned if the GetSampledRequests request specifies the ID of a 1363 // RuleGroup rather than the ID of an individual rule. RuleWithinRuleGroup is the 1364 // rule within the specified RuleGroup that matched the request listed in the 1365 // response. 1366 RuleWithinRuleGroup *string 1367 1368 // The time at which AWS WAF received the request from your AWS resource, in Unix 1369 // time format (in seconds). 1370 Timestamp *time.Time 1371} 1372 1373// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1374// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1375// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1376// and see the AWS WAF Developer Guide 1377// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1378// the latest version, AWS WAF has a single set of endpoints for regional and 1379// global use. Specifies a constraint on the size of a part of the web request. AWS 1380// WAF uses the Size, ComparisonOperator, and FieldToMatch to build an expression 1381// in the form of "SizeComparisonOperator size in bytes of FieldToMatch". If that 1382// expression is true, the SizeConstraint is considered to match. 1383type SizeConstraint struct { 1384 1385 // The type of comparison you want AWS WAF to perform. AWS WAF uses this in 1386 // combination with the provided Size and FieldToMatch to build an expression in 1387 // the form of "SizeComparisonOperator size in bytes of FieldToMatch". If that 1388 // expression is true, the SizeConstraint is considered to match. EQ: Used to test 1389 // if the Size is equal to the size of the FieldToMatch NE: Used to test if the 1390 // Size is not equal to the size of the FieldToMatch LE: Used to test if the Size 1391 // is less than or equal to the size of the FieldToMatch LT: Used to test if the 1392 // Size is strictly less than the size of the FieldToMatch GE: Used to test if the 1393 // Size is greater than or equal to the size of the FieldToMatch GT: Used to test 1394 // if the Size is strictly greater than the size of the FieldToMatch 1395 // 1396 // This member is required. 1397 ComparisonOperator ComparisonOperator 1398 1399 // Specifies where in a web request to look for the size constraint. 1400 // 1401 // This member is required. 1402 FieldToMatch *FieldToMatch 1403 1404 // The size in bytes that you want AWS WAF to compare against the size of the 1405 // specified FieldToMatch. AWS WAF uses this in combination with ComparisonOperator 1406 // and FieldToMatch to build an expression in the form of "SizeComparisonOperator 1407 // size in bytes of FieldToMatch". If that expression is true, the SizeConstraint 1408 // is considered to match. Valid values for size are 0 - 21474836480 bytes (0 - 20 1409 // GB). If you specify URI for the value of Type, the / in the URI counts as one 1410 // character. For example, the URI /logo.jpg is nine characters long. 1411 // 1412 // This member is required. 1413 Size int64 1414 1415 // Text transformations eliminate some of the unusual formatting that attackers use 1416 // in web requests in an effort to bypass AWS WAF. If you specify a transformation, 1417 // AWS WAF performs the transformation on FieldToMatch before inspecting it for a 1418 // match. You can only specify a single type of TextTransformation. Note that if 1419 // you choose BODY for the value of Type, you must choose NONE for 1420 // TextTransformation because CloudFront forwards only the first 8192 bytes for 1421 // inspection. NONE Specify NONE if you don't want to perform any text 1422 // transformations. CMD_LINE When you're concerned that attackers are injecting an 1423 // operating system command line command and using unusual formatting to disguise 1424 // some or all of the command, use this option to perform the following 1425 // transformations: 1426 // 1427 // * Delete the following characters: \ " ' ^ 1428 // 1429 // * Delete spaces 1430 // before the following characters: / ( 1431 // 1432 // * Replace the following characters with a 1433 // space: , ; 1434 // 1435 // * Replace multiple spaces with one space 1436 // 1437 // * Convert uppercase 1438 // letters (A-Z) to lowercase (a-z) 1439 // 1440 // COMPRESS_WHITE_SPACE Use this option to 1441 // replace the following characters with a space character (decimal 32): 1442 // 1443 // * \f, 1444 // formfeed, decimal 12 1445 // 1446 // * \t, tab, decimal 9 1447 // 1448 // * \n, newline, decimal 10 1449 // 1450 // * \r, 1451 // carriage return, decimal 13 1452 // 1453 // * \v, vertical tab, decimal 11 1454 // 1455 // * non-breaking 1456 // space, decimal 160 1457 // 1458 // COMPRESS_WHITE_SPACE also replaces multiple spaces with one 1459 // space. HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters 1460 // with unencoded characters. HTML_ENTITY_DECODE performs the following 1461 // operations: 1462 // 1463 // * Replaces (ampersand)quot; with " 1464 // 1465 // * Replaces (ampersand)nbsp; 1466 // with a non-breaking space, decimal 160 1467 // 1468 // * Replaces (ampersand)lt; with a "less 1469 // than" symbol 1470 // 1471 // * Replaces (ampersand)gt; with > 1472 // 1473 // * Replaces characters that are 1474 // represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding 1475 // characters 1476 // 1477 // * Replaces characters that are represented in decimal format, 1478 // (ampersand)#nnnn;, with the corresponding characters 1479 // 1480 // LOWERCASE Use this option 1481 // to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this 1482 // option to decode a URL-encoded value. 1483 // 1484 // This member is required. 1485 TextTransformation TextTransformation 1486} 1487 1488// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1489// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1490// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1491// and see the AWS WAF Developer Guide 1492// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1493// the latest version, AWS WAF has a single set of endpoints for regional and 1494// global use. A complex type that contains SizeConstraint objects, which specify 1495// the parts of web requests that you want AWS WAF to inspect the size of. If a 1496// SizeConstraintSet contains more than one SizeConstraint object, a request only 1497// needs to match one constraint to be considered a match. 1498type SizeConstraintSet struct { 1499 1500 // A unique identifier for a SizeConstraintSet. You use SizeConstraintSetId to get 1501 // information about a SizeConstraintSet (see GetSizeConstraintSet), update a 1502 // SizeConstraintSet (see UpdateSizeConstraintSet), insert a SizeConstraintSet into 1503 // a Rule or delete one from a Rule (see UpdateRule), and delete a 1504 // SizeConstraintSet from AWS WAF (see DeleteSizeConstraintSet). 1505 // SizeConstraintSetId is returned by CreateSizeConstraintSet and by 1506 // ListSizeConstraintSets. 1507 // 1508 // This member is required. 1509 SizeConstraintSetId *string 1510 1511 // Specifies the parts of web requests that you want to inspect the size of. 1512 // 1513 // This member is required. 1514 SizeConstraints []SizeConstraint 1515 1516 // The name, if any, of the SizeConstraintSet. 1517 Name *string 1518} 1519 1520// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1521// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1522// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1523// and see the AWS WAF Developer Guide 1524// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1525// the latest version, AWS WAF has a single set of endpoints for regional and 1526// global use. The Id and Name of a SizeConstraintSet. 1527type SizeConstraintSetSummary struct { 1528 1529 // The name of the SizeConstraintSet, if any. 1530 // 1531 // This member is required. 1532 Name *string 1533 1534 // A unique identifier for a SizeConstraintSet. You use SizeConstraintSetId to get 1535 // information about a SizeConstraintSet (see GetSizeConstraintSet), update a 1536 // SizeConstraintSet (see UpdateSizeConstraintSet), insert a SizeConstraintSet into 1537 // a Rule or delete one from a Rule (see UpdateRule), and delete a 1538 // SizeConstraintSet from AWS WAF (see DeleteSizeConstraintSet). 1539 // SizeConstraintSetId is returned by CreateSizeConstraintSet and by 1540 // ListSizeConstraintSets. 1541 // 1542 // This member is required. 1543 SizeConstraintSetId *string 1544} 1545 1546// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1547// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1548// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1549// and see the AWS WAF Developer Guide 1550// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1551// the latest version, AWS WAF has a single set of endpoints for regional and 1552// global use. Specifies the part of a web request that you want to inspect the 1553// size of and indicates whether you want to add the specification to a 1554// SizeConstraintSet or delete it from a SizeConstraintSet. 1555type SizeConstraintSetUpdate struct { 1556 1557 // Specify INSERT to add a SizeConstraintSetUpdate to a SizeConstraintSet. Use 1558 // DELETE to remove a SizeConstraintSetUpdate from a SizeConstraintSet. 1559 // 1560 // This member is required. 1561 Action ChangeAction 1562 1563 // Specifies a constraint on the size of a part of the web request. AWS WAF uses 1564 // the Size, ComparisonOperator, and FieldToMatch to build an expression in the 1565 // form of "SizeComparisonOperator size in bytes of FieldToMatch". If that 1566 // expression is true, the SizeConstraint is considered to match. 1567 // 1568 // This member is required. 1569 SizeConstraint *SizeConstraint 1570} 1571 1572// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1573// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1574// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1575// and see the AWS WAF Developer Guide 1576// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1577// the latest version, AWS WAF has a single set of endpoints for regional and 1578// global use. A complex type that contains SqlInjectionMatchTuple objects, which 1579// specify the parts of web requests that you want AWS WAF to inspect for snippets 1580// of malicious SQL code and, if you want AWS WAF to inspect a header, the name of 1581// the header. If a SqlInjectionMatchSet contains more than one 1582// SqlInjectionMatchTuple object, a request needs to include snippets of SQL code 1583// in only one of the specified parts of the request to be considered a match. 1584type SqlInjectionMatchSet struct { 1585 1586 // A unique identifier for a SqlInjectionMatchSet. You use SqlInjectionMatchSetId 1587 // to get information about a SqlInjectionMatchSet (see GetSqlInjectionMatchSet), 1588 // update a SqlInjectionMatchSet (see UpdateSqlInjectionMatchSet), insert a 1589 // SqlInjectionMatchSet into a Rule or delete one from a Rule (see UpdateRule), and 1590 // delete a SqlInjectionMatchSet from AWS WAF (see DeleteSqlInjectionMatchSet). 1591 // SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by 1592 // ListSqlInjectionMatchSets. 1593 // 1594 // This member is required. 1595 SqlInjectionMatchSetId *string 1596 1597 // Specifies the parts of web requests that you want to inspect for snippets of 1598 // malicious SQL code. 1599 // 1600 // This member is required. 1601 SqlInjectionMatchTuples []SqlInjectionMatchTuple 1602 1603 // The name, if any, of the SqlInjectionMatchSet. 1604 Name *string 1605} 1606 1607// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1608// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1609// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1610// and see the AWS WAF Developer Guide 1611// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1612// the latest version, AWS WAF has a single set of endpoints for regional and 1613// global use. The Id and Name of a SqlInjectionMatchSet. 1614type SqlInjectionMatchSetSummary struct { 1615 1616 // The name of the SqlInjectionMatchSet, if any, specified by Id. 1617 // 1618 // This member is required. 1619 Name *string 1620 1621 // A unique identifier for a SqlInjectionMatchSet. You use SqlInjectionMatchSetId 1622 // to get information about a SqlInjectionMatchSet (see GetSqlInjectionMatchSet), 1623 // update a SqlInjectionMatchSet (see UpdateSqlInjectionMatchSet), insert a 1624 // SqlInjectionMatchSet into a Rule or delete one from a Rule (see UpdateRule), and 1625 // delete a SqlInjectionMatchSet from AWS WAF (see DeleteSqlInjectionMatchSet). 1626 // SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by 1627 // ListSqlInjectionMatchSets. 1628 // 1629 // This member is required. 1630 SqlInjectionMatchSetId *string 1631} 1632 1633// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1634// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1635// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1636// and see the AWS WAF Developer Guide 1637// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1638// the latest version, AWS WAF has a single set of endpoints for regional and 1639// global use. Specifies the part of a web request that you want to inspect for 1640// snippets of malicious SQL code and indicates whether you want to add the 1641// specification to a SqlInjectionMatchSet or delete it from a 1642// SqlInjectionMatchSet. 1643type SqlInjectionMatchSetUpdate struct { 1644 1645 // Specify INSERT to add a SqlInjectionMatchSetUpdate to a SqlInjectionMatchSet. 1646 // Use DELETE to remove a SqlInjectionMatchSetUpdate from a SqlInjectionMatchSet. 1647 // 1648 // This member is required. 1649 Action ChangeAction 1650 1651 // Specifies the part of a web request that you want AWS WAF to inspect for 1652 // snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the 1653 // name of the header. 1654 // 1655 // This member is required. 1656 SqlInjectionMatchTuple *SqlInjectionMatchTuple 1657} 1658 1659// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1660// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1661// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1662// and see the AWS WAF Developer Guide 1663// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1664// the latest version, AWS WAF has a single set of endpoints for regional and 1665// global use. Specifies the part of a web request that you want AWS WAF to inspect 1666// for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, 1667// the name of the header. 1668type SqlInjectionMatchTuple struct { 1669 1670 // Specifies where in a web request to look for snippets of malicious SQL code. 1671 // 1672 // This member is required. 1673 FieldToMatch *FieldToMatch 1674 1675 // Text transformations eliminate some of the unusual formatting that attackers use 1676 // in web requests in an effort to bypass AWS WAF. If you specify a transformation, 1677 // AWS WAF performs the transformation on FieldToMatch before inspecting it for a 1678 // match. You can only specify a single type of TextTransformation. CMD_LINE When 1679 // you're concerned that attackers are injecting an operating system command line 1680 // command and using unusual formatting to disguise some or all of the command, use 1681 // this option to perform the following transformations: 1682 // 1683 // * Delete the following 1684 // characters: \ " ' ^ 1685 // 1686 // * Delete spaces before the following characters: / ( 1687 // 1688 // * 1689 // Replace the following characters with a space: , ; 1690 // 1691 // * Replace multiple spaces 1692 // with one space 1693 // 1694 // * Convert uppercase letters (A-Z) to lowercase 1695 // (a-z) 1696 // 1697 // COMPRESS_WHITE_SPACE Use this option to replace the following characters 1698 // with a space character (decimal 32): 1699 // 1700 // * \f, formfeed, decimal 12 1701 // 1702 // * \t, tab, 1703 // decimal 9 1704 // 1705 // * \n, newline, decimal 10 1706 // 1707 // * \r, carriage return, decimal 13 1708 // 1709 // * \v, 1710 // vertical tab, decimal 11 1711 // 1712 // * non-breaking space, decimal 1713 // 160 1714 // 1715 // COMPRESS_WHITE_SPACE also replaces multiple spaces with one space. 1716 // HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with 1717 // unencoded characters. HTML_ENTITY_DECODE performs the following operations: 1718 // 1719 // * 1720 // Replaces (ampersand)quot; with " 1721 // 1722 // * Replaces (ampersand)nbsp; with a 1723 // non-breaking space, decimal 160 1724 // 1725 // * Replaces (ampersand)lt; with a "less than" 1726 // symbol 1727 // 1728 // * Replaces (ampersand)gt; with > 1729 // 1730 // * Replaces characters that are 1731 // represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding 1732 // characters 1733 // 1734 // * Replaces characters that are represented in decimal format, 1735 // (ampersand)#nnnn;, with the corresponding characters 1736 // 1737 // LOWERCASE Use this option 1738 // to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this 1739 // option to decode a URL-encoded value. NONE Specify NONE if you don't want to 1740 // perform any text transformations. 1741 // 1742 // This member is required. 1743 TextTransformation TextTransformation 1744} 1745 1746// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1747// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1748// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1749// and see the AWS WAF Developer Guide 1750// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1751// the latest version, AWS WAF has a single set of endpoints for regional and 1752// global use. A summary of the rule groups you are subscribed to. 1753type SubscribedRuleGroupSummary struct { 1754 1755 // A friendly name or description for the metrics for this RuleGroup. The name can 1756 // contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 1757 // and minimum length one. It can't contain whitespace or metric names reserved for 1758 // AWS WAF, including "All" and "Default_Action." You can't change the name of the 1759 // metric after you create the RuleGroup. 1760 // 1761 // This member is required. 1762 MetricName *string 1763 1764 // A friendly name or description of the RuleGroup. You can't change the name of a 1765 // RuleGroup after you create it. 1766 // 1767 // This member is required. 1768 Name *string 1769 1770 // A unique identifier for a RuleGroup. 1771 // 1772 // This member is required. 1773 RuleGroupId *string 1774} 1775 1776// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1777// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1778// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1779// and see the AWS WAF Developer Guide 1780// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1781// the latest version, AWS WAF has a single set of endpoints for regional and 1782// global use. A tag associated with an AWS resource. Tags are key:value pairs that 1783// you can use to categorize and manage your resources, for purposes like billing. 1784// For example, you might set the tag key to "customer" and the value to the 1785// customer name or ID. You can specify one or more tags to add to each AWS 1786// resource, up to 50 tags for a resource. Tagging is only available through the 1787// API, SDKs, and CLI. You can't manage or view tags through the AWS WAF Classic 1788// console. You can tag the AWS resources that you manage through AWS WAF Classic: 1789// web ACLs, rule groups, and rules. 1790type Tag struct { 1791 1792 // 1793 // 1794 // This member is required. 1795 Key *string 1796 1797 // 1798 // 1799 // This member is required. 1800 Value *string 1801} 1802 1803// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1804// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1805// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1806// and see the AWS WAF Developer Guide 1807// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1808// the latest version, AWS WAF has a single set of endpoints for regional and 1809// global use. Information for a tag associated with an AWS resource. Tags are 1810// key:value pairs that you can use to categorize and manage your resources, for 1811// purposes like billing. For example, you might set the tag key to "customer" and 1812// the value to the customer name or ID. You can specify one or more tags to add to 1813// each AWS resource, up to 50 tags for a resource. Tagging is only available 1814// through the API, SDKs, and CLI. You can't manage or view tags through the AWS 1815// WAF Classic console. You can tag the AWS resources that you manage through AWS 1816// WAF Classic: web ACLs, rule groups, and rules. 1817type TagInfoForResource struct { 1818 1819 // 1820 ResourceARN *string 1821 1822 // 1823 TagList []Tag 1824} 1825 1826// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1827// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1828// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1829// and see the AWS WAF Developer Guide 1830// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1831// the latest version, AWS WAF has a single set of endpoints for regional and 1832// global use. In a GetSampledRequests request, the StartTime and EndTime objects 1833// specify the time range for which you want AWS WAF to return a sample of web 1834// requests. You must specify the times in Coordinated Universal Time (UTC) format. 1835// UTC format includes the special designator, Z. For example, "2016-09-27T14:50Z". 1836// In a GetSampledRequests response, the StartTime and EndTime objects specify the 1837// time range for which AWS WAF actually returned a sample of web requests. AWS WAF 1838// gets the specified number of requests from among the first 5,000 requests that 1839// your AWS resource receives during the specified time period. If your resource 1840// receives more than 5,000 requests during that period, AWS WAF stops sampling 1841// after the 5,000th request. In that case, EndTime is the time that AWS WAF 1842// received the 5,000th request. 1843type TimeWindow struct { 1844 1845 // The end of the time range from which you want GetSampledRequests to return a 1846 // sample of the requests that your AWS resource received. You must specify the 1847 // date and time in Coordinated Universal Time (UTC) format. UTC format includes 1848 // the special designator, Z. For example, "2016-09-27T14:50Z". You can specify any 1849 // time range in the previous three hours. 1850 // 1851 // This member is required. 1852 EndTime *time.Time 1853 1854 // The beginning of the time range from which you want GetSampledRequests to return 1855 // a sample of the requests that your AWS resource received. You must specify the 1856 // date and time in Coordinated Universal Time (UTC) format. UTC format includes 1857 // the special designator, Z. For example, "2016-09-27T14:50Z". You can specify any 1858 // time range in the previous three hours. 1859 // 1860 // This member is required. 1861 StartTime *time.Time 1862} 1863 1864// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1865// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1866// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1867// and see the AWS WAF Developer Guide 1868// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1869// the latest version, AWS WAF has a single set of endpoints for regional and 1870// global use. For the action that is associated with a rule in a WebACL, specifies 1871// the action that you want AWS WAF to perform when a web request matches all of 1872// the conditions in a rule. For the default action in a WebACL, specifies the 1873// action that you want AWS WAF to take when a web request doesn't match all of the 1874// conditions in any of the rules in a WebACL. 1875type WafAction struct { 1876 1877 // Specifies how you want AWS WAF to respond to requests that match the settings in 1878 // a Rule. Valid settings include the following: 1879 // 1880 // * ALLOW: AWS WAF allows 1881 // requests 1882 // 1883 // * BLOCK: AWS WAF blocks requests 1884 // 1885 // * COUNT: AWS WAF increments a 1886 // counter of the requests that match all of the conditions in the rule. AWS WAF 1887 // then continues to inspect the web request based on the remaining rules in the 1888 // web ACL. You can't specify COUNT for the default action for a WebACL. 1889 // 1890 // This member is required. 1891 Type WafActionType 1892} 1893 1894// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1895// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1896// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1897// and see the AWS WAF Developer Guide 1898// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1899// the latest version, AWS WAF has a single set of endpoints for regional and 1900// global use. The action to take if any rule within the RuleGroup matches a 1901// request. 1902type WafOverrideAction struct { 1903 1904 // COUNT overrides the action specified by the individual rule within a RuleGroup . 1905 // If set to NONE, the rule's action will take place. 1906 // 1907 // This member is required. 1908 Type WafOverrideActionType 1909} 1910 1911// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1912// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1913// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1914// and see the AWS WAF Developer Guide 1915// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1916// the latest version, AWS WAF has a single set of endpoints for regional and 1917// global use. Contains the Rules that identify the requests that you want to 1918// allow, block, or count. In a WebACL, you also specify a default action (ALLOW or 1919// BLOCK), and the action for each Rule that you add to a WebACL, for example, 1920// block requests from specified IP addresses or block requests from specified 1921// referrers. You also associate the WebACL with a CloudFront distribution to 1922// identify the requests that you want AWS WAF to filter. If you add more than one 1923// Rule to a WebACL, a request needs to match only one of the specifications to be 1924// allowed, blocked, or counted. For more information, see UpdateWebACL. 1925type WebACL struct { 1926 1927 // The action to perform if none of the Rules contained in the WebACL match. The 1928 // action is specified by the WafAction object. 1929 // 1930 // This member is required. 1931 DefaultAction *WafAction 1932 1933 // An array that contains the action for each Rule in a WebACL, the priority of the 1934 // Rule, and the ID of the Rule. 1935 // 1936 // This member is required. 1937 Rules []ActivatedRule 1938 1939 // A unique identifier for a WebACL. You use WebACLId to get information about a 1940 // WebACL (see GetWebACL), update a WebACL (see UpdateWebACL), and delete a WebACL 1941 // from AWS WAF (see DeleteWebACL). WebACLId is returned by CreateWebACL and by 1942 // ListWebACLs. 1943 // 1944 // This member is required. 1945 WebACLId *string 1946 1947 // A friendly name or description for the metrics for this WebACL. The name can 1948 // contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 1949 // and minimum length one. It can't contain whitespace or metric names reserved for 1950 // AWS WAF, including "All" and "Default_Action." You can't change MetricName after 1951 // you create the WebACL. 1952 MetricName *string 1953 1954 // A friendly name or description of the WebACL. You can't change the name of a 1955 // WebACL after you create it. 1956 Name *string 1957 1958 // Tha Amazon Resource Name (ARN) of the web ACL. 1959 WebACLArn *string 1960} 1961 1962// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1963// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1964// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1965// and see the AWS WAF Developer Guide 1966// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1967// the latest version, AWS WAF has a single set of endpoints for regional and 1968// global use. Contains the identifier and the name or description of the WebACL. 1969type WebACLSummary struct { 1970 1971 // A friendly name or description of the WebACL. You can't change the name of a 1972 // WebACL after you create it. 1973 // 1974 // This member is required. 1975 Name *string 1976 1977 // A unique identifier for a WebACL. You use WebACLId to get information about a 1978 // WebACL (see GetWebACL), update a WebACL (see UpdateWebACL), and delete a WebACL 1979 // from AWS WAF (see DeleteWebACL). WebACLId is returned by CreateWebACL and by 1980 // ListWebACLs. 1981 // 1982 // This member is required. 1983 WebACLId *string 1984} 1985 1986// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 1987// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 1988// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 1989// and see the AWS WAF Developer Guide 1990// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 1991// the latest version, AWS WAF has a single set of endpoints for regional and 1992// global use. Specifies whether to insert a Rule into or delete a Rule from a 1993// WebACL. 1994type WebACLUpdate struct { 1995 1996 // Specifies whether to insert a Rule into or delete a Rule from a WebACL. 1997 // 1998 // This member is required. 1999 Action ChangeAction 2000 2001 // The ActivatedRule object in an UpdateWebACL request specifies a Rule that you 2002 // want to insert or delete, the priority of the Rule in the WebACL, and the action 2003 // that you want AWS WAF to take when a web request matches the Rule (ALLOW, BLOCK, 2004 // or COUNT). 2005 // 2006 // This member is required. 2007 ActivatedRule *ActivatedRule 2008} 2009 2010// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 2011// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 2012// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 2013// and see the AWS WAF Developer Guide 2014// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 2015// the latest version, AWS WAF has a single set of endpoints for regional and 2016// global use. A complex type that contains XssMatchTuple objects, which specify 2017// the parts of web requests that you want AWS WAF to inspect for cross-site 2018// scripting attacks and, if you want AWS WAF to inspect a header, the name of the 2019// header. If a XssMatchSet contains more than one XssMatchTuple object, a request 2020// needs to include cross-site scripting attacks in only one of the specified parts 2021// of the request to be considered a match. 2022type XssMatchSet struct { 2023 2024 // A unique identifier for an XssMatchSet. You use XssMatchSetId to get information 2025 // about an XssMatchSet (see GetXssMatchSet), update an XssMatchSet (see 2026 // UpdateXssMatchSet), insert an XssMatchSet into a Rule or delete one from a Rule 2027 // (see UpdateRule), and delete an XssMatchSet from AWS WAF (see 2028 // DeleteXssMatchSet). XssMatchSetId is returned by CreateXssMatchSet and by 2029 // ListXssMatchSets. 2030 // 2031 // This member is required. 2032 XssMatchSetId *string 2033 2034 // Specifies the parts of web requests that you want to inspect for cross-site 2035 // scripting attacks. 2036 // 2037 // This member is required. 2038 XssMatchTuples []XssMatchTuple 2039 2040 // The name, if any, of the XssMatchSet. 2041 Name *string 2042} 2043 2044// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 2045// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 2046// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 2047// and see the AWS WAF Developer Guide 2048// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 2049// the latest version, AWS WAF has a single set of endpoints for regional and 2050// global use. The Id and Name of an XssMatchSet. 2051type XssMatchSetSummary struct { 2052 2053 // The name of the XssMatchSet, if any, specified by Id. 2054 // 2055 // This member is required. 2056 Name *string 2057 2058 // A unique identifier for an XssMatchSet. You use XssMatchSetId to get information 2059 // about a XssMatchSet (see GetXssMatchSet), update an XssMatchSet (see 2060 // UpdateXssMatchSet), insert an XssMatchSet into a Rule or delete one from a Rule 2061 // (see UpdateRule), and delete an XssMatchSet from AWS WAF (see 2062 // DeleteXssMatchSet). XssMatchSetId is returned by CreateXssMatchSet and by 2063 // ListXssMatchSets. 2064 // 2065 // This member is required. 2066 XssMatchSetId *string 2067} 2068 2069// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 2070// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 2071// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 2072// and see the AWS WAF Developer Guide 2073// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 2074// the latest version, AWS WAF has a single set of endpoints for regional and 2075// global use. Specifies the part of a web request that you want to inspect for 2076// cross-site scripting attacks and indicates whether you want to add the 2077// specification to an XssMatchSet or delete it from an XssMatchSet. 2078type XssMatchSetUpdate struct { 2079 2080 // Specify INSERT to add an XssMatchSetUpdate to an XssMatchSet. Use DELETE to 2081 // remove an XssMatchSetUpdate from an XssMatchSet. 2082 // 2083 // This member is required. 2084 Action ChangeAction 2085 2086 // Specifies the part of a web request that you want AWS WAF to inspect for 2087 // cross-site scripting attacks and, if you want AWS WAF to inspect a header, the 2088 // name of the header. 2089 // 2090 // This member is required. 2091 XssMatchTuple *XssMatchTuple 2092} 2093 2094// This is AWS WAF Classic documentation. For more information, see AWS WAF Classic 2095// (https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html) 2096// in the developer guide. For the latest version of AWS WAF, use the AWS WAFV2 API 2097// and see the AWS WAF Developer Guide 2098// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). With 2099// the latest version, AWS WAF has a single set of endpoints for regional and 2100// global use. Specifies the part of a web request that you want AWS WAF to inspect 2101// for cross-site scripting attacks and, if you want AWS WAF to inspect a header, 2102// the name of the header. 2103type XssMatchTuple struct { 2104 2105 // Specifies where in a web request to look for cross-site scripting attacks. 2106 // 2107 // This member is required. 2108 FieldToMatch *FieldToMatch 2109 2110 // Text transformations eliminate some of the unusual formatting that attackers use 2111 // in web requests in an effort to bypass AWS WAF. If you specify a transformation, 2112 // AWS WAF performs the transformation on FieldToMatch before inspecting it for a 2113 // match. You can only specify a single type of TextTransformation. CMD_LINE When 2114 // you're concerned that attackers are injecting an operating system command line 2115 // command and using unusual formatting to disguise some or all of the command, use 2116 // this option to perform the following transformations: 2117 // 2118 // * Delete the following 2119 // characters: \ " ' ^ 2120 // 2121 // * Delete spaces before the following characters: / ( 2122 // 2123 // * 2124 // Replace the following characters with a space: , ; 2125 // 2126 // * Replace multiple spaces 2127 // with one space 2128 // 2129 // * Convert uppercase letters (A-Z) to lowercase 2130 // (a-z) 2131 // 2132 // COMPRESS_WHITE_SPACE Use this option to replace the following characters 2133 // with a space character (decimal 32): 2134 // 2135 // * \f, formfeed, decimal 12 2136 // 2137 // * \t, tab, 2138 // decimal 9 2139 // 2140 // * \n, newline, decimal 10 2141 // 2142 // * \r, carriage return, decimal 13 2143 // 2144 // * \v, 2145 // vertical tab, decimal 11 2146 // 2147 // * non-breaking space, decimal 2148 // 160 2149 // 2150 // COMPRESS_WHITE_SPACE also replaces multiple spaces with one space. 2151 // HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with 2152 // unencoded characters. HTML_ENTITY_DECODE performs the following operations: 2153 // 2154 // * 2155 // Replaces (ampersand)quot; with " 2156 // 2157 // * Replaces (ampersand)nbsp; with a 2158 // non-breaking space, decimal 160 2159 // 2160 // * Replaces (ampersand)lt; with a "less than" 2161 // symbol 2162 // 2163 // * Replaces (ampersand)gt; with > 2164 // 2165 // * Replaces characters that are 2166 // represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding 2167 // characters 2168 // 2169 // * Replaces characters that are represented in decimal format, 2170 // (ampersand)#nnnn;, with the corresponding characters 2171 // 2172 // LOWERCASE Use this option 2173 // to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this 2174 // option to decode a URL-encoded value. NONE Specify NONE if you don't want to 2175 // perform any text transformations. 2176 // 2177 // This member is required. 2178 TextTransformation TextTransformation 2179} 2180