Class ClientSideAction

java.lang.Object

software.amazon.awssdk.services.wafv2.model.ClientSideAction

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<ClientSideAction.Builder,ClientSideAction>

@Generated("software.amazon.awssdk:codegen")
public final class ClientSideAction
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<ClientSideAction.Builder,ClientSideAction>

This is part of the AWSManagedRulesAntiDDoSRuleSet ClientSideActionConfig configuration in ManagedRuleGroupConfig.

See Also:

• Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	ClientSideAction.Builder

Method Summary

Modifier and Type	Method	Description
static ClientSideAction.Builder	builder()
final boolean	equals(Object obj)
final boolean	equalsBySdkFields(Object obj)	Indicates whether some other object is "equal to" this one by SDK fields.
final List<Regex>	exemptUriRegularExpressions()	The regular expression to match against the web request URI, used to identify requests that can't handle a silent browser challenge.
final <T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
final boolean	hasExemptUriRegularExpressions()	For responses, this returns true if the service returned a value for the ExemptUriRegularExpressions property.
final int	hashCode()
final Map<String,SdkField<?>>	sdkFieldNameToField()
final List<SdkField<?>>	sdkFields()
final SensitivityToAct	sensitivity()	The sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request.
final String	sensitivityAsString()	The sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request.
static Class<? extends ClientSideAction.Builder>	serializableBuilderClass()
ClientSideAction.Builder	toBuilder()	Take this object and create a builder that contains all of the current property values of this object.
final String	toString()	Returns a string representation of this object.
final UsageOfAction	usageOfAction()	Determines whether to use the AWSManagedRulesAntiDDoSRuleSet rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the rule group evaluation and the related label awswaf:managed:aws:anti-ddos:challengeable-request.
final String	usageOfActionAsString()	Determines whether to use the AWSManagedRulesAntiDDoSRuleSet rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the rule group evaluation and the related label awswaf:managed:aws:anti-ddos:challengeable-request.

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Details

usageOfAction

public final UsageOfAction usageOfAction()

Determines whether to use the AWSManagedRulesAntiDDoSRuleSet rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the rule group evaluation and the related label awswaf:managed:aws:anti-ddos:challengeable-request.

• If usage is enabled:

  • The managed rule group adds the label awswaf:managed:aws:anti-ddos:challengeable-request to any web request whose URL does NOT match the regular expressions provided in the ClientSideAction setting ExemptUriRegularExpressions.

  • The two rules are evaluated against web requests for protected resources that are experiencing a DDoS attack. The two rules only apply their action to matching requests that have the label awswaf:managed:aws:anti-ddos:challengeable-request.

• If usage is disabled:

  • The managed rule group doesn't add the label awswaf:managed:aws:anti-ddos:challengeable-request to any web requests.

  • The two rules are not evaluated.

  • None of the other ClientSideAction settings have any effect.

This setting only enables or disables the use of the two anti-DDOS rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the anti-DDoS managed rule group.

This setting doesn't alter the action setting in the two rules. To override the actions used by the rules ChallengeAllDuringEvent and ChallengeDDoSRequests, enable this setting, and then override the rule actions in the usual way, in your managed rule group configuration.

If the service returns an enum value that is not available in the current SDK version, usageOfAction will return UsageOfAction.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from usageOfActionAsString().

Returns:

Determines whether to use the AWSManagedRulesAntiDDoSRuleSet rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the rule group evaluation and the related label awswaf:managed:aws:anti-ddos:challengeable-request.

• If usage is enabled:

  • The managed rule group adds the label awswaf:managed:aws:anti-ddos:challengeable-request to any web request whose URL does NOT match the regular expressions provided in the ClientSideAction setting ExemptUriRegularExpressions.

  • The two rules are evaluated against web requests for protected resources that are experiencing a DDoS attack. The two rules only apply their action to matching requests that have the label awswaf:managed:aws:anti-ddos:challengeable-request.

• If usage is disabled:

  • The managed rule group doesn't add the label awswaf:managed:aws:anti-ddos:challengeable-request to any web requests.

  • The two rules are not evaluated.

  • None of the other ClientSideAction settings have any effect.

This setting only enables or disables the use of the two anti-DDOS rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the anti-DDoS managed rule group.

This setting doesn't alter the action setting in the two rules. To override the actions used by the rules ChallengeAllDuringEvent and ChallengeDDoSRequests, enable this setting, and then override the rule actions in the usual way, in your managed rule group configuration.

See Also:

• UsageOfAction

usageOfActionAsString

public final String usageOfActionAsString()

Determines whether to use the AWSManagedRulesAntiDDoSRuleSet rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the rule group evaluation and the related label awswaf:managed:aws:anti-ddos:challengeable-request.

• If usage is enabled:

  • The managed rule group adds the label awswaf:managed:aws:anti-ddos:challengeable-request to any web request whose URL does NOT match the regular expressions provided in the ClientSideAction setting ExemptUriRegularExpressions.

  • The two rules are evaluated against web requests for protected resources that are experiencing a DDoS attack. The two rules only apply their action to matching requests that have the label awswaf:managed:aws:anti-ddos:challengeable-request.

• If usage is disabled:

  • The managed rule group doesn't add the label awswaf:managed:aws:anti-ddos:challengeable-request to any web requests.

  • The two rules are not evaluated.

  • None of the other ClientSideAction settings have any effect.

This setting only enables or disables the use of the two anti-DDOS rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the anti-DDoS managed rule group.

This setting doesn't alter the action setting in the two rules. To override the actions used by the rules ChallengeAllDuringEvent and ChallengeDDoSRequests, enable this setting, and then override the rule actions in the usual way, in your managed rule group configuration.

If the service returns an enum value that is not available in the current SDK version, usageOfAction will return UsageOfAction.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from usageOfActionAsString().

Returns:

Determines whether to use the AWSManagedRulesAntiDDoSRuleSet rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the rule group evaluation and the related label awswaf:managed:aws:anti-ddos:challengeable-request.

• If usage is enabled:

  • The managed rule group adds the label awswaf:managed:aws:anti-ddos:challengeable-request to any web request whose URL does NOT match the regular expressions provided in the ClientSideAction setting ExemptUriRegularExpressions.

  • The two rules are evaluated against web requests for protected resources that are experiencing a DDoS attack. The two rules only apply their action to matching requests that have the label awswaf:managed:aws:anti-ddos:challengeable-request.

• If usage is disabled:

  • The managed rule group doesn't add the label awswaf:managed:aws:anti-ddos:challengeable-request to any web requests.

  • The two rules are not evaluated.

  • None of the other ClientSideAction settings have any effect.

This setting only enables or disables the use of the two anti-DDOS rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the anti-DDoS managed rule group.

This setting doesn't alter the action setting in the two rules. To override the actions used by the rules ChallengeAllDuringEvent and ChallengeDDoSRequests, enable this setting, and then override the rule actions in the usual way, in your managed rule group configuration.

See Also:

• UsageOfAction

sensitivity

public final SensitivityToAct sensitivity()

The sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the ChallengeDDoSRequests rule runs.

The higher the sensitivity, the more levels of labeling that the rule matches:

• Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request.

• Medium sensitivity causes the rule to match on the medium and high suspicion labels.

• High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.

Default: HIGH

If the service returns an enum value that is not available in the current SDK version, sensitivity will return SensitivityToAct.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from sensitivityAsString().

Returns:

The sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the ChallengeDDoSRequests rule runs.

The higher the sensitivity, the more levels of labeling that the rule matches:

• Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request.

• Medium sensitivity causes the rule to match on the medium and high suspicion labels.

• High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.

Default: HIGH

See Also:

• SensitivityToAct

sensitivityAsString

public final String sensitivityAsString()

The sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the ChallengeDDoSRequests rule runs.

The higher the sensitivity, the more levels of labeling that the rule matches:

• Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request.

• Medium sensitivity causes the rule to match on the medium and high suspicion labels.

• High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.

Default: HIGH

If the service returns an enum value that is not available in the current SDK version, sensitivity will return SensitivityToAct.UNKNOWN_TO_SDK_VERSION. The raw value returned by the service is available from sensitivityAsString().

Returns:

The sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the ChallengeDDoSRequests rule runs.

The higher the sensitivity, the more levels of labeling that the rule matches:

• Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request.

• Medium sensitivity causes the rule to match on the medium and high suspicion labels.

• High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.

Default: HIGH

See Also:

• SensitivityToAct

hasExemptUriRegularExpressions

public final boolean hasExemptUriRegularExpressions()

For responses, this returns true if the service returned a value for the ExemptUriRegularExpressions property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

exemptUriRegularExpressions

public final List<Regex> exemptUriRegularExpressions()

The regular expression to match against the web request URI, used to identify requests that can't handle a silent browser challenge. When the ClientSideAction setting UsageOfAction is enabled, the managed rule group uses this setting to determine which requests to label with awswaf:managed:aws:anti-ddos:challengeable-request. If UsageOfAction is disabled, this setting has no effect and the managed rule group doesn't add the label to any requests.

The anti-DDoS managed rule group doesn't evaluate the rules ChallengeDDoSRequests or ChallengeAllDuringEvent for web requests whose URIs match this regex. This is true regardless of whether you override the rule action for either of the rules in your web ACL configuration.

Amazon Web Services recommends using a regular expression.

This setting is required if UsageOfAction is set to ENABLED. If required, you can provide between 1 and 5 regex objects in the array of settings.

Amazon Web Services recommends starting with the following setting. Review and update it for your application's needs:

\/api\/|\.(acc|avi|css|gif|jpe?g|js|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?)$

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasExemptUriRegularExpressions() method.

Returns:

The regular expression to match against the web request URI, used to identify requests that can't handle a silent browser challenge. When the ClientSideAction setting UsageOfAction is enabled, the managed rule group uses this setting to determine which requests to label with awswaf:managed:aws:anti-ddos:challengeable-request. If UsageOfAction is disabled, this setting has no effect and the managed rule group doesn't add the label to any requests.

The anti-DDoS managed rule group doesn't evaluate the rules ChallengeDDoSRequests or ChallengeAllDuringEvent for web requests whose URIs match this regex. This is true regardless of whether you override the rule action for either of the rules in your web ACL configuration.

Amazon Web Services recommends using a regular expression.

This setting is required if UsageOfAction is set to ENABLED. If required, you can provide between 1 and 5 regex objects in the array of settings.

Amazon Web Services recommends starting with the following setting. Review and update it for your application's needs:

\/api\/|\.(acc|avi|css|gif|jpe?g|js|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?)$

toBuilder

public ClientSideAction.Builder toBuilder()

Description copied from interface: ToCopyableBuilder

Take this object and create a builder that contains all of the current property values of this object.

Specified by:

toBuilder in interface ToCopyableBuilder<ClientSideAction.Builder,ClientSideAction>

Returns:

a builder for type T

builder

public static ClientSideAction.Builder builder()

serializableBuilderClass

public static Class<? extends ClientSideAction.Builder> serializableBuilderClass()

hashCode

public final int hashCode()

Overrides:

hashCode in class Object

equals

public final boolean equals(Object obj)

Overrides:

equals in class Object

equalsBySdkFields

public final boolean equalsBySdkFields(Object obj)

Description copied from interface: SdkPojo

Indicates whether some other object is "equal to" this one by SDK fields. An SDK field is a modeled, non-inherited field in an SdkPojo class, and is generated based on a service model.

If an SdkPojo class does not have any inherited fields, equalsBySdkFields and equals are essentially the same.

Specified by:

equalsBySdkFields in interface SdkPojo

Parameters:

obj - the object to be compared with

Returns:

true if the other object equals to this object by sdk fields, false otherwise.

toString

public final String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

getValueForField

public final <T> Optional<T> getValueForField(String fieldName,
 Class<T> clazz)

sdkFields

public final List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo

Returns:

List of SdkField in this POJO. May be empty list but should never be null.

sdkFieldNameToField

public final Map<String,SdkField<?>> sdkFieldNameToField()

Specified by:

sdkFieldNameToField in interface SdkPojo

Returns:

The mapping between the field name and its corresponding field.