Interface ByteMatchStatement.Builder
- All Superinterfaces:
Buildable
,CopyableBuilder<ByteMatchStatement.Builder,
,ByteMatchStatement> SdkBuilder<ByteMatchStatement.Builder,
,ByteMatchStatement> SdkPojo
- Enclosing class:
ByteMatchStatement
-
Method Summary
Modifier and TypeMethodDescriptiondefault ByteMatchStatement.Builder
fieldToMatch
(Consumer<FieldToMatch.Builder> fieldToMatch) The part of the web request that you want WAF to inspect.fieldToMatch
(FieldToMatch fieldToMatch) The part of the web request that you want WAF to inspect.positionalConstraint
(String positionalConstraint) The area within the portion of the web request that you want WAF to search forSearchString
.positionalConstraint
(PositionalConstraint positionalConstraint) The area within the portion of the web request that you want WAF to search forSearchString
.searchString
(SdkBytes searchString) A string value that you want WAF to search for.textTransformations
(Collection<TextTransformation> textTransformations) Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.textTransformations
(Consumer<TextTransformation.Builder>... textTransformations) Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.textTransformations
(TextTransformation... textTransformations) Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.Methods inherited from interface software.amazon.awssdk.utils.builder.CopyableBuilder
copy
Methods inherited from interface software.amazon.awssdk.utils.builder.SdkBuilder
applyMutation, build
Methods inherited from interface software.amazon.awssdk.core.SdkPojo
equalsBySdkFields, sdkFields
-
Method Details
-
searchString
A string value that you want WAF to search for. WAF searches only in the part of web requests that you designate for inspection in FieldToMatch. The maximum length of the value is 200 bytes.
Valid values depend on the component that you specify for inspection in
FieldToMatch
:-
Method
: The HTTP method that you want WAF to search for. This indicates the type of operation specified in the request. -
UriPath
: The value that you want WAF to search for in the URI path, for example,/images/daily-ad.jpg
. -
JA3Fingerprint
: Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string matchByteMatchStatement
with thePositionalConstraint
set toEXACTLY
.You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.
-
HeaderOrder
: The list of header names to match for. WAF creates a string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.
If
SearchString
includes alphabetic characters A-Z and a-z, note that the value is case sensitive.If you're using the WAF API
Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 200 bytes.
For example, suppose the value of
Type
isHEADER
and the value ofData
isUser-Agent
. If you want to search theUser-Agent
header for the valueBadBot
, you base64-encodeBadBot
using MIME base64-encoding and include the resulting value,QmFkQm90
, in the value ofSearchString
.If you're using the CLI or one of the Amazon Web Services SDKs
The value that you want WAF to search for. The SDK automatically base64 encodes the value.
- Parameters:
searchString
- A string value that you want WAF to search for. WAF searches only in the part of web requests that you designate for inspection in FieldToMatch. The maximum length of the value is 200 bytes.Valid values depend on the component that you specify for inspection in
FieldToMatch
:-
Method
: The HTTP method that you want WAF to search for. This indicates the type of operation specified in the request. -
UriPath
: The value that you want WAF to search for in the URI path, for example,/images/daily-ad.jpg
. -
JA3Fingerprint
: Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string matchByteMatchStatement
with thePositionalConstraint
set toEXACTLY
.You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.
-
HeaderOrder
: The list of header names to match for. WAF creates a string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.
If
SearchString
includes alphabetic characters A-Z and a-z, note that the value is case sensitive.If you're using the WAF API
Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 200 bytes.
For example, suppose the value of
Type
isHEADER
and the value ofData
isUser-Agent
. If you want to search theUser-Agent
header for the valueBadBot
, you base64-encodeBadBot
using MIME base64-encoding and include the resulting value,QmFkQm90
, in the value ofSearchString
.If you're using the CLI or one of the Amazon Web Services SDKs
The value that you want WAF to search for. The SDK automatically base64 encodes the value.
-
- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
-
fieldToMatch
The part of the web request that you want WAF to inspect.
- Parameters:
fieldToMatch
- The part of the web request that you want WAF to inspect.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
fieldToMatch
The part of the web request that you want WAF to inspect.
This is a convenience method that creates an instance of theFieldToMatch.Builder
avoiding the need to create one manually viaFieldToMatch.builder()
.When the
Consumer
completes,SdkBuilder.build()
is called immediately and its result is passed tofieldToMatch(FieldToMatch)
.- Parameters:
fieldToMatch
- a consumer that will call methods onFieldToMatch.Builder
- Returns:
- Returns a reference to this object so that method calls can be chained together.
- See Also:
-
textTransformations
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the
FieldToMatch
request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.- Parameters:
textTransformations
- Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform theFieldToMatch
request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
textTransformations
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the
FieldToMatch
request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.- Parameters:
textTransformations
- Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform theFieldToMatch
request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.- Returns:
- Returns a reference to this object so that method calls can be chained together.
-
textTransformations
ByteMatchStatement.Builder textTransformations(Consumer<TextTransformation.Builder>... textTransformations) Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the
This is a convenience method that creates an instance of theFieldToMatch
request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.TextTransformation.Builder
avoiding the need to create one manually viaTextTransformation.builder()
.When the
Consumer
completes,SdkBuilder.build()
is called immediately and its result is passed totextTransformations(List<TextTransformation>)
.- Parameters:
textTransformations
- a consumer that will call methods onTextTransformation.Builder
- Returns:
- Returns a reference to this object so that method calls can be chained together.
- See Also:
-
positionalConstraint
The area within the portion of the web request that you want WAF to search for
SearchString
. Valid values include the following:CONTAINS
The specified part of the web request must include the value of
SearchString
, but the location doesn't matter.CONTAINS_WORD
The specified part of the web request must include the value of
SearchString
, andSearchString
must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition,SearchString
must be a word, which means that both of the following are true:-
SearchString
is at the beginning of the specified part of the web request or is preceded by a character other than an alphanumeric character or underscore (_). Examples include the value of a header and;BadBot
. -
SearchString
is at the end of the specified part of the web request or is followed by a character other than an alphanumeric character or underscore (_), for example,BadBot;
and-BadBot;
.
EXACTLY
The value of the specified part of the web request must exactly match the value of
SearchString
.STARTS_WITH
The value of
SearchString
must appear at the beginning of the specified part of the web request.ENDS_WITH
The value of
SearchString
must appear at the end of the specified part of the web request.- Parameters:
positionalConstraint
- The area within the portion of the web request that you want WAF to search forSearchString
. Valid values include the following:CONTAINS
The specified part of the web request must include the value of
SearchString
, but the location doesn't matter.CONTAINS_WORD
The specified part of the web request must include the value of
SearchString
, andSearchString
must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition,SearchString
must be a word, which means that both of the following are true:-
SearchString
is at the beginning of the specified part of the web request or is preceded by a character other than an alphanumeric character or underscore (_). Examples include the value of a header and;BadBot
. -
SearchString
is at the end of the specified part of the web request or is followed by a character other than an alphanumeric character or underscore (_), for example,BadBot;
and-BadBot;
.
EXACTLY
The value of the specified part of the web request must exactly match the value of
SearchString
.STARTS_WITH
The value of
SearchString
must appear at the beginning of the specified part of the web request.ENDS_WITH
The value of
SearchString
must appear at the end of the specified part of the web request.-
- Returns:
- Returns a reference to this object so that method calls can be chained together.
- See Also:
-
-
positionalConstraint
The area within the portion of the web request that you want WAF to search for
SearchString
. Valid values include the following:CONTAINS
The specified part of the web request must include the value of
SearchString
, but the location doesn't matter.CONTAINS_WORD
The specified part of the web request must include the value of
SearchString
, andSearchString
must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition,SearchString
must be a word, which means that both of the following are true:-
SearchString
is at the beginning of the specified part of the web request or is preceded by a character other than an alphanumeric character or underscore (_). Examples include the value of a header and;BadBot
. -
SearchString
is at the end of the specified part of the web request or is followed by a character other than an alphanumeric character or underscore (_), for example,BadBot;
and-BadBot;
.
EXACTLY
The value of the specified part of the web request must exactly match the value of
SearchString
.STARTS_WITH
The value of
SearchString
must appear at the beginning of the specified part of the web request.ENDS_WITH
The value of
SearchString
must appear at the end of the specified part of the web request.- Parameters:
positionalConstraint
- The area within the portion of the web request that you want WAF to search forSearchString
. Valid values include the following:CONTAINS
The specified part of the web request must include the value of
SearchString
, but the location doesn't matter.CONTAINS_WORD
The specified part of the web request must include the value of
SearchString
, andSearchString
must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition,SearchString
must be a word, which means that both of the following are true:-
SearchString
is at the beginning of the specified part of the web request or is preceded by a character other than an alphanumeric character or underscore (_). Examples include the value of a header and;BadBot
. -
SearchString
is at the end of the specified part of the web request or is followed by a character other than an alphanumeric character or underscore (_), for example,BadBot;
and-BadBot;
.
EXACTLY
The value of the specified part of the web request must exactly match the value of
SearchString
.STARTS_WITH
The value of
SearchString
must appear at the beginning of the specified part of the web request.ENDS_WITH
The value of
SearchString
must appear at the end of the specified part of the web request.-
- Returns:
- Returns a reference to this object so that method calls can be chained together.
- See Also:
-
-