Package software.amazon.awssdk.services.wafv2.model

Class ByteMatchStatement

java.lang.Object
software.amazon.awssdk.services.wafv2.model.ByteMatchStatement
All Implemented Interfaces:
Serializable, SdkPojo, ToCopyableBuilder<ByteMatchStatement.Builder,ByteMatchStatement>
@Generated("software.amazon.awssdk:codegen") public final class ByteMatchStatement extends Object implements SdkPojo, Serializable, ToCopyableBuilder<ByteMatchStatement.Builder,ByteMatchStatement>

A rule statement that defines a string match search for WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the WAF console and the developer guide, this is called a string match statement.

See Also:

  • Method Details

    • searchString

      public final SdkBytes searchString()

      A string value that you want WAF to search for. WAF searches only in the part of web requests that you designate for inspection in FieldToMatch. The maximum length of the value is 200 bytes.

      Valid values depend on the component that you specify for inspection in FieldToMatch:

      • Method: The HTTP method that you want WAF to search for. This indicates the type of operation specified in the request.

      • UriPath: The value that you want WAF to search for in the URI path, for example, /images/daily-ad.jpg.

      • JA3Fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.

        You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.

      • HeaderOrder: The list of header names to match for. WAF creates a string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.

      If SearchString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.

      If you're using the WAF API

      Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 200 bytes.

      For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64-encoding and include the resulting value, QmFkQm90, in the value of SearchString.

      If you're using the CLI or one of the Amazon Web Services SDKs

      The value that you want WAF to search for. The SDK automatically base64 encodes the value.

      Returns:
      A string value that you want WAF to search for. WAF searches only in the part of web requests that you designate for inspection in FieldToMatch. The maximum length of the value is 200 bytes.

      Valid values depend on the component that you specify for inspection in FieldToMatch:

      • Method: The HTTP method that you want WAF to search for. This indicates the type of operation specified in the request.

      • UriPath: The value that you want WAF to search for in the URI path, for example, /images/daily-ad.jpg.

      • JA3Fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.

        You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.

      • HeaderOrder: The list of header names to match for. WAF creates a string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.

      If SearchString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.

      If you're using the WAF API

      Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 200 bytes.

      For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64-encoding and include the resulting value, QmFkQm90, in the value of SearchString.

      If you're using the CLI or one of the Amazon Web Services SDKs

      The value that you want WAF to search for. The SDK automatically base64 encodes the value.

    • fieldToMatch

      public final FieldToMatch fieldToMatch()

      The part of the web request that you want WAF to inspect.

      Returns:
      The part of the web request that you want WAF to inspect.

    • hasTextTransformations

      public final boolean hasTextTransformations()
      For responses, this returns true if the service returned a value for the TextTransformations property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

    • textTransformations

      public final List<TextTransformation> textTransformations()

      Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.

      Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

      This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasTextTransformations() method.

      Returns:
      Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.

    • positionalConstraint

      public final PositionalConstraint positionalConstraint()

      The area within the portion of the web request that you want WAF to search for SearchString. Valid values include the following:

      CONTAINS

      The specified part of the web request must include the value of SearchString, but the location doesn't matter.

      CONTAINS_WORD

      The specified part of the web request must include the value of SearchString, and SearchString must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition, SearchString must be a word, which means that both of the following are true:

      • SearchString is at the beginning of the specified part of the web request or is preceded by a character other than an alphanumeric character or underscore (_). Examples include the value of a header and ;BadBot.

      • SearchString is at the end of the specified part of the web request or is followed by a character other than an alphanumeric character or underscore (_), for example, BadBot; and -BadBot;.

      EXACTLY

      The value of the specified part of the web request must exactly match the value of SearchString.

      STARTS_WITH

      The value of SearchString must appear at the beginning of the specified part of the web request.

      ENDS_WITH

      The value of SearchString must appear at the end of the specified part of the web request.

      If the service returns an enum value that is not available in the current SDK version, positionalConstraint will return PositionalConstraint.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from positionalConstraintAsString().

      Returns:
      The area within the portion of the web request that you want WAF to search for SearchString. Valid values include the following:

      CONTAINS

      The specified part of the web request must include the value of SearchString, but the location doesn't matter.

      CONTAINS_WORD

      The specified part of the web request must include the value of SearchString, and SearchString must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition, SearchString must be a word, which means that both of the following are true:

      • SearchString is at the beginning of the specified part of the web request or is preceded by a character other than an alphanumeric character or underscore (_). Examples include the value of a header and ;BadBot.

      • SearchString is at the end of the specified part of the web request or is followed by a character other than an alphanumeric character or underscore (_), for example, BadBot; and -BadBot;.

      EXACTLY

      The value of the specified part of the web request must exactly match the value of SearchString.

      STARTS_WITH

      The value of SearchString must appear at the beginning of the specified part of the web request.

      ENDS_WITH

      The value of SearchString must appear at the end of the specified part of the web request.

      See Also:

    • positionalConstraintAsString

      public final String positionalConstraintAsString()

      The area within the portion of the web request that you want WAF to search for SearchString. Valid values include the following:

      CONTAINS

      The specified part of the web request must include the value of SearchString, but the location doesn't matter.

      CONTAINS_WORD

      The specified part of the web request must include the value of SearchString, and SearchString must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition, SearchString must be a word, which means that both of the following are true:

      • SearchString is at the beginning of the specified part of the web request or is preceded by a character other than an alphanumeric character or underscore (_). Examples include the value of a header and ;BadBot.

      • SearchString is at the end of the specified part of the web request or is followed by a character other than an alphanumeric character or underscore (_), for example, BadBot; and -BadBot;.

      EXACTLY

      The value of the specified part of the web request must exactly match the value of SearchString.

      STARTS_WITH

      The value of SearchString must appear at the beginning of the specified part of the web request.

      ENDS_WITH

      The value of SearchString must appear at the end of the specified part of the web request.

      If the service returns an enum value that is not available in the current SDK version, positionalConstraint will return PositionalConstraint.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from positionalConstraintAsString().

      Returns:
      The area within the portion of the web request that you want WAF to search for SearchString. Valid values include the following:

      CONTAINS

      The specified part of the web request must include the value of SearchString, but the location doesn't matter.

      CONTAINS_WORD

      The specified part of the web request must include the value of SearchString, and SearchString must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition, SearchString must be a word, which means that both of the following are true:

      • SearchString is at the beginning of the specified part of the web request or is preceded by a character other than an alphanumeric character or underscore (_). Examples include the value of a header and ;BadBot.

      • SearchString is at the end of the specified part of the web request or is followed by a character other than an alphanumeric character or underscore (_), for example, BadBot; and -BadBot;.

      EXACTLY

      The value of the specified part of the web request must exactly match the value of SearchString.

      STARTS_WITH

      The value of SearchString must appear at the beginning of the specified part of the web request.

      ENDS_WITH

      The value of SearchString must appear at the end of the specified part of the web request.

      See Also:

    • toBuilder

      public ByteMatchStatement.Builder toBuilder()
      Description copied from interface: ToCopyableBuilder
      Take this object and create a builder that contains all of the current property values of this object.
      Specified by:
      toBuilder in interface ToCopyableBuilder<ByteMatchStatement.Builder,ByteMatchStatement>
      Returns:
      a builder for type T

    • builder

      public static ByteMatchStatement.Builder builder()

    • serializableBuilderClass

      public static Class<? extends ByteMatchStatement.Builder> serializableBuilderClass()

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object

    • equals

      public final boolean equals(Object obj)
      Overrides:
      equals in class Object

    • equalsBySdkFields

      public final boolean equalsBySdkFields(Object obj)
      Description copied from interface: SdkPojo
      Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

      If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

      Specified by:
      equalsBySdkFields in interface SdkPojo
      Parameters:
      obj - the object to be compared with
      Returns:
      true if the other object equals to this object by sdk fields, false otherwise.

    • toString

      public final String toString()
      Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.
      Overrides:
      toString in class Object

    • getValueForField

      public final <T> Optional<T> getValueForField(String fieldName, Class<T> clazz)

    • sdkFields

      public final List<SdkField<?>> sdkFields()
      Specified by:
      sdkFields in interface SdkPojo
      Returns:
      List of SdkField in this POJO. May be empty list but should never be null.