AWS SDK for C++  1.9.153
AWS SDK for C++
Public Member Functions | List of all members
Aws::WAFV2::Model::Statement Class Reference

#include <Statement.h>

Public Member Functions

 Statement ()
 
 Statement (Aws::Utils::Json::JsonView jsonValue)
 
Statementoperator= (Aws::Utils::Json::JsonView jsonValue)
 
Aws::Utils::Json::JsonValue Jsonize () const
 
const ByteMatchStatementGetByteMatchStatement () const
 
bool ByteMatchStatementHasBeenSet () const
 
void SetByteMatchStatement (const ByteMatchStatement &value)
 
void SetByteMatchStatement (ByteMatchStatement &&value)
 
StatementWithByteMatchStatement (const ByteMatchStatement &value)
 
StatementWithByteMatchStatement (ByteMatchStatement &&value)
 
const SqliMatchStatementGetSqliMatchStatement () const
 
bool SqliMatchStatementHasBeenSet () const
 
void SetSqliMatchStatement (const SqliMatchStatement &value)
 
void SetSqliMatchStatement (SqliMatchStatement &&value)
 
StatementWithSqliMatchStatement (const SqliMatchStatement &value)
 
StatementWithSqliMatchStatement (SqliMatchStatement &&value)
 
const XssMatchStatementGetXssMatchStatement () const
 
bool XssMatchStatementHasBeenSet () const
 
void SetXssMatchStatement (const XssMatchStatement &value)
 
void SetXssMatchStatement (XssMatchStatement &&value)
 
StatementWithXssMatchStatement (const XssMatchStatement &value)
 
StatementWithXssMatchStatement (XssMatchStatement &&value)
 
const SizeConstraintStatementGetSizeConstraintStatement () const
 
bool SizeConstraintStatementHasBeenSet () const
 
void SetSizeConstraintStatement (const SizeConstraintStatement &value)
 
void SetSizeConstraintStatement (SizeConstraintStatement &&value)
 
StatementWithSizeConstraintStatement (const SizeConstraintStatement &value)
 
StatementWithSizeConstraintStatement (SizeConstraintStatement &&value)
 
const GeoMatchStatementGetGeoMatchStatement () const
 
bool GeoMatchStatementHasBeenSet () const
 
void SetGeoMatchStatement (const GeoMatchStatement &value)
 
void SetGeoMatchStatement (GeoMatchStatement &&value)
 
StatementWithGeoMatchStatement (const GeoMatchStatement &value)
 
StatementWithGeoMatchStatement (GeoMatchStatement &&value)
 
const RuleGroupReferenceStatementGetRuleGroupReferenceStatement () const
 
bool RuleGroupReferenceStatementHasBeenSet () const
 
void SetRuleGroupReferenceStatement (const RuleGroupReferenceStatement &value)
 
void SetRuleGroupReferenceStatement (RuleGroupReferenceStatement &&value)
 
StatementWithRuleGroupReferenceStatement (const RuleGroupReferenceStatement &value)
 
StatementWithRuleGroupReferenceStatement (RuleGroupReferenceStatement &&value)
 
const IPSetReferenceStatementGetIPSetReferenceStatement () const
 
bool IPSetReferenceStatementHasBeenSet () const
 
void SetIPSetReferenceStatement (const IPSetReferenceStatement &value)
 
void SetIPSetReferenceStatement (IPSetReferenceStatement &&value)
 
StatementWithIPSetReferenceStatement (const IPSetReferenceStatement &value)
 
StatementWithIPSetReferenceStatement (IPSetReferenceStatement &&value)
 
const RegexPatternSetReferenceStatementGetRegexPatternSetReferenceStatement () const
 
bool RegexPatternSetReferenceStatementHasBeenSet () const
 
void SetRegexPatternSetReferenceStatement (const RegexPatternSetReferenceStatement &value)
 
void SetRegexPatternSetReferenceStatement (RegexPatternSetReferenceStatement &&value)
 
StatementWithRegexPatternSetReferenceStatement (const RegexPatternSetReferenceStatement &value)
 
StatementWithRegexPatternSetReferenceStatement (RegexPatternSetReferenceStatement &&value)
 
const RateBasedStatementGetRateBasedStatement () const
 
bool RateBasedStatementHasBeenSet () const
 
void SetRateBasedStatement (const RateBasedStatement &value)
 
void SetRateBasedStatement (RateBasedStatement &&value)
 
StatementWithRateBasedStatement (const RateBasedStatement &value)
 
StatementWithRateBasedStatement (RateBasedStatement &&value)
 
const AndStatementGetAndStatement () const
 
bool AndStatementHasBeenSet () const
 
void SetAndStatement (const AndStatement &value)
 
void SetAndStatement (AndStatement &&value)
 
StatementWithAndStatement (const AndStatement &value)
 
StatementWithAndStatement (AndStatement &&value)
 
const OrStatementGetOrStatement () const
 
bool OrStatementHasBeenSet () const
 
void SetOrStatement (const OrStatement &value)
 
void SetOrStatement (OrStatement &&value)
 
StatementWithOrStatement (const OrStatement &value)
 
StatementWithOrStatement (OrStatement &&value)
 
const NotStatementGetNotStatement () const
 
bool NotStatementHasBeenSet () const
 
void SetNotStatement (const NotStatement &value)
 
void SetNotStatement (NotStatement &&value)
 
StatementWithNotStatement (const NotStatement &value)
 
StatementWithNotStatement (NotStatement &&value)
 
const ManagedRuleGroupStatementGetManagedRuleGroupStatement () const
 
bool ManagedRuleGroupStatementHasBeenSet () const
 
void SetManagedRuleGroupStatement (const ManagedRuleGroupStatement &value)
 
void SetManagedRuleGroupStatement (ManagedRuleGroupStatement &&value)
 
StatementWithManagedRuleGroupStatement (const ManagedRuleGroupStatement &value)
 
StatementWithManagedRuleGroupStatement (ManagedRuleGroupStatement &&value)
 
const LabelMatchStatementGetLabelMatchStatement () const
 
bool LabelMatchStatementHasBeenSet () const
 
void SetLabelMatchStatement (const LabelMatchStatement &value)
 
void SetLabelMatchStatement (LabelMatchStatement &&value)
 
StatementWithLabelMatchStatement (const LabelMatchStatement &value)
 
StatementWithLabelMatchStatement (LabelMatchStatement &&value)
 
const RegexMatchStatementGetRegexMatchStatement () const
 
bool RegexMatchStatementHasBeenSet () const
 
void SetRegexMatchStatement (const RegexMatchStatement &value)
 
void SetRegexMatchStatement (RegexMatchStatement &&value)
 
StatementWithRegexMatchStatement (const RegexMatchStatement &value)
 
StatementWithRegexMatchStatement (RegexMatchStatement &&value)
 

Detailed Description

The processing guidance for a Rule, used by WAF to determine whether a web request matches the rule.

See Also:

AWS API Reference

Definition at line 47 of file Statement.h.

Constructor & Destructor Documentation

◆ Statement() [1/2]

Aws::WAFV2::Model::Statement::Statement ( )

◆ Statement() [2/2]

Aws::WAFV2::Model::Statement::Statement ( Aws::Utils::Json::JsonView  jsonValue)

Member Function Documentation

◆ AndStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::AndStatementHasBeenSet ( ) const

A logical rule statement used to combine other rule statements with AND logic. You provide more than one Statement within the AndStatement.

◆ ByteMatchStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::ByteMatchStatementHasBeenSet ( ) const
inline

A rule statement that defines a string match search for WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the WAF console and the developer guide, this is refered to as a string match statement.

Definition at line 74 of file Statement.h.

◆ GeoMatchStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::GeoMatchStatementHasBeenSet ( ) const
inline

A rule statement used to identify web requests based on country of origin.

Definition at line 346 of file Statement.h.

◆ GetAndStatement()

const AndStatement& Aws::WAFV2::Model::Statement::GetAndStatement ( ) const

A logical rule statement used to combine other rule statements with AND logic. You provide more than one Statement within the AndStatement.

◆ GetByteMatchStatement()

const ByteMatchStatement& Aws::WAFV2::Model::Statement::GetByteMatchStatement ( ) const
inline

A rule statement that defines a string match search for WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the WAF console and the developer guide, this is refered to as a string match statement.

Definition at line 64 of file Statement.h.

◆ GetGeoMatchStatement()

const GeoMatchStatement& Aws::WAFV2::Model::Statement::GetGeoMatchStatement ( ) const
inline

A rule statement used to identify web requests based on country of origin.

Definition at line 340 of file Statement.h.

◆ GetIPSetReferenceStatement()

const IPSetReferenceStatement& Aws::WAFV2::Model::Statement::GetIPSetReferenceStatement ( ) const
inline

A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an IPSet that specifies the addresses you want to detect, then use the ARN of that set in this statement. To create an IP set, see CreateIPSet.

Each IP set rule statement references an IP set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

Definition at line 444 of file Statement.h.

◆ GetLabelMatchStatement()

const LabelMatchStatement& Aws::WAFV2::Model::Statement::GetLabelMatchStatement ( ) const
inline

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL.

The label match statement provides the label or namespace string to search for. The label string can represent a part or all of the fully qualified label name that had been added to the web request. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. If you do not provide the fully qualified name in your label match string, WAF performs the search for labels that were added in the same context as the label match statement.

Definition at line 998 of file Statement.h.

◆ GetManagedRuleGroupStatement()

const ManagedRuleGroupStatement& Aws::WAFV2::Model::Statement::GetManagedRuleGroupStatement ( ) const

A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.

You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.

◆ GetNotStatement()

const NotStatement& Aws::WAFV2::Model::Statement::GetNotStatement ( ) const

A logical rule statement used to negate the results of another rule statement. You provide one Statement within the NotStatement.

◆ GetOrStatement()

const OrStatement& Aws::WAFV2::Model::Statement::GetOrStatement ( ) const

A logical rule statement used to combine other rule statements with OR logic. You provide more than one Statement within the OrStatement.

◆ GetRateBasedStatement()

const RateBasedStatement& Aws::WAFV2::Model::Statement::GetRateBasedStatement ( ) const

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a temporary block on requests from an IP address that is sending excessive requests.

WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by WAF.

When the rule action triggers, WAF blocks additional requests from the IP address until the request rate falls below the limit.

You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts requests that match the nested statement. For example, based on recent requests that you have seen from an attacker, you might create a rate-based rule with a nested AND rule statement that contains the following nested statements:

  • An IP match statement with an IP set that specified the address 192.0.2.44.

  • A string match statement that searches in the User-Agent header for the string BadBot.

In this rate-based rule, you also define a rate limit. For this example, the rate limit is 1,000. Requests that meet both of the conditions in the statements are counted. If the count exceeds 1,000 requests per five minutes, the rule action triggers. Requests that do not meet both conditions are not counted towards the rate limit and are not affected by this rule.

You cannot nest a RateBasedStatement inside another statement, for example inside a NotStatement or OrStatement. You can define a RateBasedStatement inside a web ACL and inside a rule group.

◆ GetRegexMatchStatement()

const RegexMatchStatement& Aws::WAFV2::Model::Statement::GetRegexMatchStatement ( ) const
inline

A rule statement used to search web request components for a match against a single regular expression.

Definition at line 1070 of file Statement.h.

◆ GetRegexPatternSetReferenceStatement()

const RegexPatternSetReferenceStatement& Aws::WAFV2::Model::Statement::GetRegexPatternSetReferenceStatement ( ) const
inline

A rule statement used to search web request components for matches with regular expressions. To use this, create a RegexPatternSet that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set. To create a regex pattern set, see CreateRegexPatternSet.

Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

Definition at line 519 of file Statement.h.

◆ GetRuleGroupReferenceStatement()

const RuleGroupReferenceStatement& Aws::WAFV2::Model::Statement::GetRuleGroupReferenceStatement ( ) const
inline

A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.

You cannot nest a RuleGroupReferenceStatement, for example for use inside a NotStatement or OrStatement. You can only use a rule group reference statement at the top level inside a web ACL.

Definition at line 381 of file Statement.h.

◆ GetSizeConstraintStatement()

const SizeConstraintStatement& Aws::WAFV2::Model::Statement::GetSizeConstraintStatement ( ) const
inline

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you can create a size constraint condition and block requests that have a request body greater than 8192 bytes.

If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

Definition at line 263 of file Statement.h.

◆ GetSqliMatchStatement()

const SqliMatchStatement& Aws::WAFV2::Model::Statement::GetSqliMatchStatement ( ) const
inline

Attackers sometimes insert malicious SQL code into web requests in an effort to extract data from your database. To allow or block web requests that appear to contain malicious SQL code, create one or more SQL injection match conditions. An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want WAF to inspect. Later in the process, when you create a web ACL, you specify whether to allow or block requests that appear to contain malicious SQL code.

Definition at line 126 of file Statement.h.

◆ GetXssMatchStatement()

const XssMatchStatement& Aws::WAFV2::Model::Statement::GetXssMatchStatement ( ) const
inline

A rule statement that defines a cross-site scripting (XSS) match search for WAF to apply to web requests. XSS attacks are those where the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers. The XSS match statement provides the location in requests that you want WAF to search and text transformations to use on the search area before WAF searches for character sequences that are likely to be malicious strings.

Definition at line 193 of file Statement.h.

◆ IPSetReferenceStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::IPSetReferenceStatementHasBeenSet ( ) const
inline

A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an IPSet that specifies the addresses you want to detect, then use the ARN of that set in this statement. To create an IP set, see CreateIPSet.

Each IP set rule statement references an IP set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

Definition at line 456 of file Statement.h.

◆ Jsonize()

Aws::Utils::Json::JsonValue Aws::WAFV2::Model::Statement::Jsonize ( ) const

◆ LabelMatchStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::LabelMatchStatementHasBeenSet ( ) const
inline

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL.

The label match statement provides the label or namespace string to search for. The label string can represent a part or all of the fully qualified label name that had been added to the web request. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. If you do not provide the fully qualified name in your label match string, WAF performs the search for labels that were added in the same context as the label match statement.

Definition at line 1011 of file Statement.h.

◆ ManagedRuleGroupStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::ManagedRuleGroupStatementHasBeenSet ( ) const

A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.

You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.

◆ NotStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::NotStatementHasBeenSet ( ) const

A logical rule statement used to negate the results of another rule statement. You provide one Statement within the NotStatement.

◆ operator=()

Statement& Aws::WAFV2::Model::Statement::operator= ( Aws::Utils::Json::JsonView  jsonValue)

◆ OrStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::OrStatementHasBeenSet ( ) const

A logical rule statement used to combine other rule statements with OR logic. You provide more than one Statement within the OrStatement.

◆ RateBasedStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::RateBasedStatementHasBeenSet ( ) const

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a temporary block on requests from an IP address that is sending excessive requests.

WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by WAF.

When the rule action triggers, WAF blocks additional requests from the IP address until the request rate falls below the limit.

You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts requests that match the nested statement. For example, based on recent requests that you have seen from an attacker, you might create a rate-based rule with a nested AND rule statement that contains the following nested statements:

  • An IP match statement with an IP set that specified the address 192.0.2.44.

  • A string match statement that searches in the User-Agent header for the string BadBot.

In this rate-based rule, you also define a rate limit. For this example, the rate limit is 1,000. Requests that meet both of the conditions in the statements are counted. If the count exceeds 1,000 requests per five minutes, the rule action triggers. Requests that do not meet both conditions are not counted towards the rate limit and are not affected by this rule.

You cannot nest a RateBasedStatement inside another statement, for example inside a NotStatement or OrStatement. You can define a RateBasedStatement inside a web ACL and inside a rule group.

◆ RegexMatchStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::RegexMatchStatementHasBeenSet ( ) const
inline

A rule statement used to search web request components for a match against a single regular expression.

Definition at line 1076 of file Statement.h.

◆ RegexPatternSetReferenceStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::RegexPatternSetReferenceStatementHasBeenSet ( ) const
inline

A rule statement used to search web request components for matches with regular expressions. To use this, create a RegexPatternSet that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set. To create a regex pattern set, see CreateRegexPatternSet.

Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

Definition at line 533 of file Statement.h.

◆ RuleGroupReferenceStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::RuleGroupReferenceStatementHasBeenSet ( ) const
inline

A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.

You cannot nest a RuleGroupReferenceStatement, for example for use inside a NotStatement or OrStatement. You can only use a rule group reference statement at the top level inside a web ACL.

Definition at line 391 of file Statement.h.

◆ SetAndStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetAndStatement ( AndStatement &&  value)

A logical rule statement used to combine other rule statements with AND logic. You provide more than one Statement within the AndStatement.

◆ SetAndStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetAndStatement ( const AndStatement value)

A logical rule statement used to combine other rule statements with AND logic. You provide more than one Statement within the AndStatement.

◆ SetByteMatchStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetByteMatchStatement ( ByteMatchStatement &&  value)
inline

A rule statement that defines a string match search for WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the WAF console and the developer guide, this is refered to as a string match statement.

Definition at line 94 of file Statement.h.

◆ SetByteMatchStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetByteMatchStatement ( const ByteMatchStatement value)
inline

A rule statement that defines a string match search for WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the WAF console and the developer guide, this is refered to as a string match statement.

Definition at line 84 of file Statement.h.

◆ SetGeoMatchStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetGeoMatchStatement ( const GeoMatchStatement value)
inline

A rule statement used to identify web requests based on country of origin.

Definition at line 352 of file Statement.h.

◆ SetGeoMatchStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetGeoMatchStatement ( GeoMatchStatement &&  value)
inline

A rule statement used to identify web requests based on country of origin.

Definition at line 358 of file Statement.h.

◆ SetIPSetReferenceStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetIPSetReferenceStatement ( const IPSetReferenceStatement value)
inline

A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an IPSet that specifies the addresses you want to detect, then use the ARN of that set in this statement. To create an IP set, see CreateIPSet.

Each IP set rule statement references an IP set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

Definition at line 468 of file Statement.h.

◆ SetIPSetReferenceStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetIPSetReferenceStatement ( IPSetReferenceStatement &&  value)
inline

A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an IPSet that specifies the addresses you want to detect, then use the ARN of that set in this statement. To create an IP set, see CreateIPSet.

Each IP set rule statement references an IP set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

Definition at line 480 of file Statement.h.

◆ SetLabelMatchStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetLabelMatchStatement ( const LabelMatchStatement value)
inline

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL.

The label match statement provides the label or namespace string to search for. The label string can represent a part or all of the fully qualified label name that had been added to the web request. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. If you do not provide the fully qualified name in your label match string, WAF performs the search for labels that were added in the same context as the label match statement.

Definition at line 1024 of file Statement.h.

◆ SetLabelMatchStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetLabelMatchStatement ( LabelMatchStatement &&  value)
inline

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL.

The label match statement provides the label or namespace string to search for. The label string can represent a part or all of the fully qualified label name that had been added to the web request. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. If you do not provide the fully qualified name in your label match string, WAF performs the search for labels that were added in the same context as the label match statement.

Definition at line 1037 of file Statement.h.

◆ SetManagedRuleGroupStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetManagedRuleGroupStatement ( const ManagedRuleGroupStatement value)

A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.

You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.

◆ SetManagedRuleGroupStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetManagedRuleGroupStatement ( ManagedRuleGroupStatement &&  value)

A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.

You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.

◆ SetNotStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetNotStatement ( const NotStatement value)

A logical rule statement used to negate the results of another rule statement. You provide one Statement within the NotStatement.

◆ SetNotStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetNotStatement ( NotStatement &&  value)

A logical rule statement used to negate the results of another rule statement. You provide one Statement within the NotStatement.

◆ SetOrStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetOrStatement ( const OrStatement value)

A logical rule statement used to combine other rule statements with OR logic. You provide more than one Statement within the OrStatement.

◆ SetOrStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetOrStatement ( OrStatement &&  value)

A logical rule statement used to combine other rule statements with OR logic. You provide more than one Statement within the OrStatement.

◆ SetRateBasedStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetRateBasedStatement ( const RateBasedStatement value)

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a temporary block on requests from an IP address that is sending excessive requests.

WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by WAF.

When the rule action triggers, WAF blocks additional requests from the IP address until the request rate falls below the limit.

You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts requests that match the nested statement. For example, based on recent requests that you have seen from an attacker, you might create a rate-based rule with a nested AND rule statement that contains the following nested statements:

  • An IP match statement with an IP set that specified the address 192.0.2.44.

  • A string match statement that searches in the User-Agent header for the string BadBot.

In this rate-based rule, you also define a rate limit. For this example, the rate limit is 1,000. Requests that meet both of the conditions in the statements are counted. If the count exceeds 1,000 requests per five minutes, the rule action triggers. Requests that do not meet both conditions are not counted towards the rate limit and are not affected by this rule.

You cannot nest a RateBasedStatement inside another statement, for example inside a NotStatement or OrStatement. You can define a RateBasedStatement inside a web ACL and inside a rule group.

◆ SetRateBasedStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetRateBasedStatement ( RateBasedStatement &&  value)

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a temporary block on requests from an IP address that is sending excessive requests.

WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by WAF.

When the rule action triggers, WAF blocks additional requests from the IP address until the request rate falls below the limit.

You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts requests that match the nested statement. For example, based on recent requests that you have seen from an attacker, you might create a rate-based rule with a nested AND rule statement that contains the following nested statements:

  • An IP match statement with an IP set that specified the address 192.0.2.44.

  • A string match statement that searches in the User-Agent header for the string BadBot.

In this rate-based rule, you also define a rate limit. For this example, the rate limit is 1,000. Requests that meet both of the conditions in the statements are counted. If the count exceeds 1,000 requests per five minutes, the rule action triggers. Requests that do not meet both conditions are not counted towards the rate limit and are not affected by this rule.

You cannot nest a RateBasedStatement inside another statement, for example inside a NotStatement or OrStatement. You can define a RateBasedStatement inside a web ACL and inside a rule group.

◆ SetRegexMatchStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetRegexMatchStatement ( const RegexMatchStatement value)
inline

A rule statement used to search web request components for a match against a single regular expression.

Definition at line 1082 of file Statement.h.

◆ SetRegexMatchStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetRegexMatchStatement ( RegexMatchStatement &&  value)
inline

A rule statement used to search web request components for a match against a single regular expression.

Definition at line 1088 of file Statement.h.

◆ SetRegexPatternSetReferenceStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetRegexPatternSetReferenceStatement ( const RegexPatternSetReferenceStatement value)
inline

A rule statement used to search web request components for matches with regular expressions. To use this, create a RegexPatternSet that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set. To create a regex pattern set, see CreateRegexPatternSet.

Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

Definition at line 547 of file Statement.h.

◆ SetRegexPatternSetReferenceStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetRegexPatternSetReferenceStatement ( RegexPatternSetReferenceStatement &&  value)
inline

A rule statement used to search web request components for matches with regular expressions. To use this, create a RegexPatternSet that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set. To create a regex pattern set, see CreateRegexPatternSet.

Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

Definition at line 561 of file Statement.h.

◆ SetRuleGroupReferenceStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetRuleGroupReferenceStatement ( const RuleGroupReferenceStatement value)
inline

A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.

You cannot nest a RuleGroupReferenceStatement, for example for use inside a NotStatement or OrStatement. You can only use a rule group reference statement at the top level inside a web ACL.

Definition at line 401 of file Statement.h.

◆ SetRuleGroupReferenceStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetRuleGroupReferenceStatement ( RuleGroupReferenceStatement &&  value)
inline

A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.

You cannot nest a RuleGroupReferenceStatement, for example for use inside a NotStatement or OrStatement. You can only use a rule group reference statement at the top level inside a web ACL.

Definition at line 411 of file Statement.h.

◆ SetSizeConstraintStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetSizeConstraintStatement ( const SizeConstraintStatement value)
inline

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you can create a size constraint condition and block requests that have a request body greater than 8192 bytes.

If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

Definition at line 291 of file Statement.h.

◆ SetSizeConstraintStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetSizeConstraintStatement ( SizeConstraintStatement &&  value)
inline

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you can create a size constraint condition and block requests that have a request body greater than 8192 bytes.

If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

Definition at line 305 of file Statement.h.

◆ SetSqliMatchStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetSqliMatchStatement ( const SqliMatchStatement value)
inline

Attackers sometimes insert malicious SQL code into web requests in an effort to extract data from your database. To allow or block web requests that appear to contain malicious SQL code, create one or more SQL injection match conditions. An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want WAF to inspect. Later in the process, when you create a web ACL, you specify whether to allow or block requests that appear to contain malicious SQL code.

Definition at line 148 of file Statement.h.

◆ SetSqliMatchStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetSqliMatchStatement ( SqliMatchStatement &&  value)
inline

Attackers sometimes insert malicious SQL code into web requests in an effort to extract data from your database. To allow or block web requests that appear to contain malicious SQL code, create one or more SQL injection match conditions. An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want WAF to inspect. Later in the process, when you create a web ACL, you specify whether to allow or block requests that appear to contain malicious SQL code.

Definition at line 159 of file Statement.h.

◆ SetXssMatchStatement() [1/2]

void Aws::WAFV2::Model::Statement::SetXssMatchStatement ( const XssMatchStatement value)
inline

A rule statement that defines a cross-site scripting (XSS) match search for WAF to apply to web requests. XSS attacks are those where the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers. The XSS match statement provides the location in requests that you want WAF to search and text transformations to use on the search area before WAF searches for character sequences that are likely to be malicious strings.

Definition at line 215 of file Statement.h.

◆ SetXssMatchStatement() [2/2]

void Aws::WAFV2::Model::Statement::SetXssMatchStatement ( XssMatchStatement &&  value)
inline

A rule statement that defines a cross-site scripting (XSS) match search for WAF to apply to web requests. XSS attacks are those where the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers. The XSS match statement provides the location in requests that you want WAF to search and text transformations to use on the search area before WAF searches for character sequences that are likely to be malicious strings.

Definition at line 226 of file Statement.h.

◆ SizeConstraintStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::SizeConstraintStatementHasBeenSet ( ) const
inline

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you can create a size constraint condition and block requests that have a request body greater than 8192 bytes.

If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

Definition at line 277 of file Statement.h.

◆ SqliMatchStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::SqliMatchStatementHasBeenSet ( ) const
inline

Attackers sometimes insert malicious SQL code into web requests in an effort to extract data from your database. To allow or block web requests that appear to contain malicious SQL code, create one or more SQL injection match conditions. An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want WAF to inspect. Later in the process, when you create a web ACL, you specify whether to allow or block requests that appear to contain malicious SQL code.

Definition at line 137 of file Statement.h.

◆ WithAndStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithAndStatement ( AndStatement &&  value)

A logical rule statement used to combine other rule statements with AND logic. You provide more than one Statement within the AndStatement.

◆ WithAndStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithAndStatement ( const AndStatement value)

A logical rule statement used to combine other rule statements with AND logic. You provide more than one Statement within the AndStatement.

◆ WithByteMatchStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithByteMatchStatement ( ByteMatchStatement &&  value)
inline

A rule statement that defines a string match search for WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the WAF console and the developer guide, this is refered to as a string match statement.

Definition at line 114 of file Statement.h.

◆ WithByteMatchStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithByteMatchStatement ( const ByteMatchStatement value)
inline

A rule statement that defines a string match search for WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the WAF console and the developer guide, this is refered to as a string match statement.

Definition at line 104 of file Statement.h.

◆ WithGeoMatchStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithGeoMatchStatement ( const GeoMatchStatement value)
inline

A rule statement used to identify web requests based on country of origin.

Definition at line 364 of file Statement.h.

◆ WithGeoMatchStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithGeoMatchStatement ( GeoMatchStatement &&  value)
inline

A rule statement used to identify web requests based on country of origin.

Definition at line 370 of file Statement.h.

◆ WithIPSetReferenceStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithIPSetReferenceStatement ( const IPSetReferenceStatement value)
inline

A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an IPSet that specifies the addresses you want to detect, then use the ARN of that set in this statement. To create an IP set, see CreateIPSet.

Each IP set rule statement references an IP set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

Definition at line 492 of file Statement.h.

◆ WithIPSetReferenceStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithIPSetReferenceStatement ( IPSetReferenceStatement &&  value)
inline

A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an IPSet that specifies the addresses you want to detect, then use the ARN of that set in this statement. To create an IP set, see CreateIPSet.

Each IP set rule statement references an IP set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

Definition at line 504 of file Statement.h.

◆ WithLabelMatchStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithLabelMatchStatement ( const LabelMatchStatement value)
inline

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL.

The label match statement provides the label or namespace string to search for. The label string can represent a part or all of the fully qualified label name that had been added to the web request. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. If you do not provide the fully qualified name in your label match string, WAF performs the search for labels that were added in the same context as the label match statement.

Definition at line 1050 of file Statement.h.

◆ WithLabelMatchStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithLabelMatchStatement ( LabelMatchStatement &&  value)
inline

A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL.

The label match statement provides the label or namespace string to search for. The label string can represent a part or all of the fully qualified label name that had been added to the web request. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. If you do not provide the fully qualified name in your label match string, WAF performs the search for labels that were added in the same context as the label match statement.

Definition at line 1063 of file Statement.h.

◆ WithManagedRuleGroupStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithManagedRuleGroupStatement ( const ManagedRuleGroupStatement value)

A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.

You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.

◆ WithManagedRuleGroupStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithManagedRuleGroupStatement ( ManagedRuleGroupStatement &&  value)

A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.

You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.

◆ WithNotStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithNotStatement ( const NotStatement value)

A logical rule statement used to negate the results of another rule statement. You provide one Statement within the NotStatement.

◆ WithNotStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithNotStatement ( NotStatement &&  value)

A logical rule statement used to negate the results of another rule statement. You provide one Statement within the NotStatement.

◆ WithOrStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithOrStatement ( const OrStatement value)

A logical rule statement used to combine other rule statements with OR logic. You provide more than one Statement within the OrStatement.

◆ WithOrStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithOrStatement ( OrStatement &&  value)

A logical rule statement used to combine other rule statements with OR logic. You provide more than one Statement within the OrStatement.

◆ WithRateBasedStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithRateBasedStatement ( const RateBasedStatement value)

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a temporary block on requests from an IP address that is sending excessive requests.

WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by WAF.

When the rule action triggers, WAF blocks additional requests from the IP address until the request rate falls below the limit.

You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts requests that match the nested statement. For example, based on recent requests that you have seen from an attacker, you might create a rate-based rule with a nested AND rule statement that contains the following nested statements:

  • An IP match statement with an IP set that specified the address 192.0.2.44.

  • A string match statement that searches in the User-Agent header for the string BadBot.

In this rate-based rule, you also define a rate limit. For this example, the rate limit is 1,000. Requests that meet both of the conditions in the statements are counted. If the count exceeds 1,000 requests per five minutes, the rule action triggers. Requests that do not meet both conditions are not counted towards the rate limit and are not affected by this rule.

You cannot nest a RateBasedStatement inside another statement, for example inside a NotStatement or OrStatement. You can define a RateBasedStatement inside a web ACL and inside a rule group.

◆ WithRateBasedStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithRateBasedStatement ( RateBasedStatement &&  value)

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a temporary block on requests from an IP address that is sending excessive requests.

WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by WAF.

When the rule action triggers, WAF blocks additional requests from the IP address until the request rate falls below the limit.

You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts requests that match the nested statement. For example, based on recent requests that you have seen from an attacker, you might create a rate-based rule with a nested AND rule statement that contains the following nested statements:

  • An IP match statement with an IP set that specified the address 192.0.2.44.

  • A string match statement that searches in the User-Agent header for the string BadBot.

In this rate-based rule, you also define a rate limit. For this example, the rate limit is 1,000. Requests that meet both of the conditions in the statements are counted. If the count exceeds 1,000 requests per five minutes, the rule action triggers. Requests that do not meet both conditions are not counted towards the rate limit and are not affected by this rule.

You cannot nest a RateBasedStatement inside another statement, for example inside a NotStatement or OrStatement. You can define a RateBasedStatement inside a web ACL and inside a rule group.

◆ WithRegexMatchStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithRegexMatchStatement ( const RegexMatchStatement value)
inline

A rule statement used to search web request components for a match against a single regular expression.

Definition at line 1094 of file Statement.h.

◆ WithRegexMatchStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithRegexMatchStatement ( RegexMatchStatement &&  value)
inline

A rule statement used to search web request components for a match against a single regular expression.

Definition at line 1100 of file Statement.h.

◆ WithRegexPatternSetReferenceStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithRegexPatternSetReferenceStatement ( const RegexPatternSetReferenceStatement value)
inline

A rule statement used to search web request components for matches with regular expressions. To use this, create a RegexPatternSet that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set. To create a regex pattern set, see CreateRegexPatternSet.

Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

Definition at line 575 of file Statement.h.

◆ WithRegexPatternSetReferenceStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithRegexPatternSetReferenceStatement ( RegexPatternSetReferenceStatement &&  value)
inline

A rule statement used to search web request components for matches with regular expressions. To use this, create a RegexPatternSet that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set. To create a regex pattern set, see CreateRegexPatternSet.

Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.

Definition at line 589 of file Statement.h.

◆ WithRuleGroupReferenceStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithRuleGroupReferenceStatement ( const RuleGroupReferenceStatement value)
inline

A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.

You cannot nest a RuleGroupReferenceStatement, for example for use inside a NotStatement or OrStatement. You can only use a rule group reference statement at the top level inside a web ACL.

Definition at line 421 of file Statement.h.

◆ WithRuleGroupReferenceStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithRuleGroupReferenceStatement ( RuleGroupReferenceStatement &&  value)
inline

A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.

You cannot nest a RuleGroupReferenceStatement, for example for use inside a NotStatement or OrStatement. You can only use a rule group reference statement at the top level inside a web ACL.

Definition at line 431 of file Statement.h.

◆ WithSizeConstraintStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithSizeConstraintStatement ( const SizeConstraintStatement value)
inline

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you can create a size constraint condition and block requests that have a request body greater than 8192 bytes.

If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

Definition at line 319 of file Statement.h.

◆ WithSizeConstraintStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithSizeConstraintStatement ( SizeConstraintStatement &&  value)
inline

A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you can create a size constraint condition and block requests that have a request body greater than 8192 bytes.

If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

Definition at line 333 of file Statement.h.

◆ WithSqliMatchStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithSqliMatchStatement ( const SqliMatchStatement value)
inline

Attackers sometimes insert malicious SQL code into web requests in an effort to extract data from your database. To allow or block web requests that appear to contain malicious SQL code, create one or more SQL injection match conditions. An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want WAF to inspect. Later in the process, when you create a web ACL, you specify whether to allow or block requests that appear to contain malicious SQL code.

Definition at line 170 of file Statement.h.

◆ WithSqliMatchStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithSqliMatchStatement ( SqliMatchStatement &&  value)
inline

Attackers sometimes insert malicious SQL code into web requests in an effort to extract data from your database. To allow or block web requests that appear to contain malicious SQL code, create one or more SQL injection match conditions. An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want WAF to inspect. Later in the process, when you create a web ACL, you specify whether to allow or block requests that appear to contain malicious SQL code.

Definition at line 181 of file Statement.h.

◆ WithXssMatchStatement() [1/2]

Statement& Aws::WAFV2::Model::Statement::WithXssMatchStatement ( const XssMatchStatement value)
inline

A rule statement that defines a cross-site scripting (XSS) match search for WAF to apply to web requests. XSS attacks are those where the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers. The XSS match statement provides the location in requests that you want WAF to search and text transformations to use on the search area before WAF searches for character sequences that are likely to be malicious strings.

Definition at line 237 of file Statement.h.

◆ WithXssMatchStatement() [2/2]

Statement& Aws::WAFV2::Model::Statement::WithXssMatchStatement ( XssMatchStatement &&  value)
inline

A rule statement that defines a cross-site scripting (XSS) match search for WAF to apply to web requests. XSS attacks are those where the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers. The XSS match statement provides the location in requests that you want WAF to search and text transformations to use on the search area before WAF searches for character sequences that are likely to be malicious strings.

Definition at line 248 of file Statement.h.

◆ XssMatchStatementHasBeenSet()

bool Aws::WAFV2::Model::Statement::XssMatchStatementHasBeenSet ( ) const
inline

A rule statement that defines a cross-site scripting (XSS) match search for WAF to apply to web requests. XSS attacks are those where the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers. The XSS match statement provides the location in requests that you want WAF to search and text transformations to use on the search area before WAF searches for character sequences that are likely to be malicious strings.

Definition at line 204 of file Statement.h.


The documentation for this class was generated from the following file: