WebAcl

AWS v7.28.0, Apr 30 26

Viewing docs for AWS v7.28.0
published on Thursday, Apr 30, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-aws

Viewing docs for AWS v7.28.0
published on Thursday, Apr 30, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-aws

Note: Inline rule blocks in this resource have several known limitations. Consider using aws.wafv2.WebAclRule to manage rules as separate resources instead. Limitations include: Deletion ordering errors: When removing a rule that references an IP set or rule group, AWS requires the rule to be detached before the referenced resource is deleted. Terraform’s dependency graph cannot model this correctly for inline rules, resulting in WAFAssociatedItemException errors. Spurious diffs: AWS returns rules in an unpredictable order, which can cause Terraform to detect changes even when the configuration has not changed. Coupled updates: Modifying one inline rule may cause all rules to be recreated, which can be disruptive.

!> Warning: If you use the aws.wafv2.WebAclRule or aws.wafv2.WebAclRuleGroupAssociation resources with this Web ACL, you must add lifecycle { ignoreChanges = [rule] } to this resource to prevent configuration drift. Those resources manage the Web ACL’s rules outside of this resource’s direct management.

Create WebAcl Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new WebAcl(name: string, args: WebAclArgs, opts?: CustomResourceOptions);

@overload
def WebAcl(resource_name: str,
           args: WebAclArgs,
           opts: Optional[ResourceOptions] = None)

@overload
def WebAcl(resource_name: str,
           opts: Optional[ResourceOptions] = None,
           association_config: Optional[WebAclAssociationConfigArgs] = None,
           captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
           challenge_config: Optional[WebAclChallengeConfigArgs] = None,
           custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
           data_protection_config: Optional[WebAclDataProtectionConfigArgs] = None,
           default_action: Optional[WebAclDefaultActionArgs] = None,
           description: Optional[str] = None,
           name: Optional[str] = None,
           name_prefix: Optional[str] = None,
           region: Optional[str] = None,
           rule_json: Optional[str] = None,
           rules: Optional[Sequence[WebAclRuleArgs]] = None,
           scope: Optional[str] = None,
           tags: Optional[Mapping[str, str]] = None,
           token_domains: Optional[Sequence[str]] = None,
           visibility_config: Optional[WebAclVisibilityConfigArgs] = None)

func NewWebAcl(ctx *Context, name string, args WebAclArgs, opts ...ResourceOption) (*WebAcl, error)

public WebAcl(string name, WebAclArgs args, CustomResourceOptions? opts = null)

public WebAcl(String name, WebAclArgs args)
public WebAcl(String name, WebAclArgs args, CustomResourceOptions options)

type: aws:wafv2:WebAcl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args WebAclArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args WebAclArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args WebAclArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args WebAclArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args WebAclArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

WebAcl Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The WebAcl resource accepts the following input properties:

DefaultAction WebAclDefaultAction: Action to perform if none of the rules contained in the WebACL match. See defaultAction below for details.
Scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
VisibilityConfig WebAclVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.
AssociationConfig WebAclAssociationConfig: Specifies custom configurations for the associations between the web ACL and protected resources. See associationConfig below for details.
CaptchaConfig WebAclCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captchaConfig below for details.
ChallengeConfig WebAclChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challengeConfig below for details.
CustomResponseBodies List<WebAclCustomResponseBody>: Defines custom response bodies that can be referenced by customResponse actions. See customResponseBody below for details.
DataProtectionConfig WebAclDataProtectionConfig: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. See dataProtectionConfig below for details.
Description string: Friendly description of the WebACL.
Name string: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with namePrefix.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
Region string: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
RuleJson string: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with ruleJson set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
Rules List<WebAclRule>: rule blocks in this resource have several known limitations. Consider using aws.wafv2.WebAclRule to manage rules as separate resources instead. Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
Tags Dictionary<string, string>: Map of key-value pairs to associate with the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TokenDomains List<string>: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

DefaultAction WebAclDefaultActionArgs: Action to perform if none of the rules contained in the WebACL match. See defaultAction below for details.
Scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
VisibilityConfig WebAclVisibilityConfigArgs: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.
AssociationConfig WebAclAssociationConfigArgs: Specifies custom configurations for the associations between the web ACL and protected resources. See associationConfig below for details.
CaptchaConfig WebAclCaptchaConfigArgs: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captchaConfig below for details.
ChallengeConfig WebAclChallengeConfigArgs: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challengeConfig below for details.
CustomResponseBodies []WebAclCustomResponseBodyArgs: Defines custom response bodies that can be referenced by customResponse actions. See customResponseBody below for details.
DataProtectionConfig WebAclDataProtectionConfigArgs: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. See dataProtectionConfig below for details.
Description string: Friendly description of the WebACL.
Name string: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with namePrefix.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
Region string: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
RuleJson string: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with ruleJson set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
Rules []WebAclRuleTypeArgs: rule blocks in this resource have several known limitations. Consider using aws.wafv2.WebAclRule to manage rules as separate resources instead. Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
Tags map[string]string: Map of key-value pairs to associate with the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TokenDomains []string: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

defaultAction WebAclDefaultAction: Action to perform if none of the rules contained in the WebACL match. See defaultAction below for details.
scope String: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
visibilityConfig WebAclVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.
associationConfig WebAclAssociationConfig: Specifies custom configurations for the associations between the web ACL and protected resources. See associationConfig below for details.
captchaConfig WebAclCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captchaConfig below for details.
challengeConfig WebAclChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challengeConfig below for details.
customResponseBodies List<WebAclCustomResponseBody>: Defines custom response bodies that can be referenced by customResponse actions. See customResponseBody below for details.
dataProtectionConfig WebAclDataProtectionConfig: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. See dataProtectionConfig below for details.
description String: Friendly description of the WebACL.
name String: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with namePrefix.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
region String: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
ruleJson String: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with ruleJson set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules List<WebAclRule>: rule blocks in this resource have several known limitations. Consider using aws.wafv2.WebAclRule to manage rules as separate resources instead. Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
tags Map<String,String>: Map of key-value pairs to associate with the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tokenDomains List<String>: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

defaultAction WebAclDefaultAction: Action to perform if none of the rules contained in the WebACL match. See defaultAction below for details.
scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
visibilityConfig WebAclVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.
associationConfig WebAclAssociationConfig: Specifies custom configurations for the associations between the web ACL and protected resources. See associationConfig below for details.
captchaConfig WebAclCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captchaConfig below for details.
challengeConfig WebAclChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challengeConfig below for details.
customResponseBodies WebAclCustomResponseBody[]: Defines custom response bodies that can be referenced by customResponse actions. See customResponseBody below for details.
dataProtectionConfig WebAclDataProtectionConfig: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. See dataProtectionConfig below for details.
description string: Friendly description of the WebACL.
name string: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with namePrefix.
namePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
region string: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
ruleJson string: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with ruleJson set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules WebAclRule[]: rule blocks in this resource have several known limitations. Consider using aws.wafv2.WebAclRule to manage rules as separate resources instead. Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
tags {[key: string]: string}: Map of key-value pairs to associate with the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tokenDomains string[]: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

default_action WebAclDefaultActionArgs: Action to perform if none of the rules contained in the WebACL match. See defaultAction below for details.
scope str: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
visibility_config WebAclVisibilityConfigArgs: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.
association_config WebAclAssociationConfigArgs: Specifies custom configurations for the associations between the web ACL and protected resources. See associationConfig below for details.
captcha_config WebAclCaptchaConfigArgs: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captchaConfig below for details.
challenge_config WebAclChallengeConfigArgs: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challengeConfig below for details.
custom_response_bodies Sequence[WebAclCustomResponseBodyArgs]: Defines custom response bodies that can be referenced by customResponse actions. See customResponseBody below for details.
data_protection_config WebAclDataProtectionConfigArgs: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. See dataProtectionConfig below for details.
description str: Friendly description of the WebACL.
name str: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with namePrefix.
name_prefix str: Creates a unique name beginning with the specified prefix. Conflicts with name.
region str: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
rule_json str: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with ruleJson set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules Sequence[WebAclRuleArgs]: rule blocks in this resource have several known limitations. Consider using aws.wafv2.WebAclRule to manage rules as separate resources instead. Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
tags Mapping[str, str]: Map of key-value pairs to associate with the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
token_domains Sequence[str]: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

defaultAction Property Map: Action to perform if none of the rules contained in the WebACL match. See defaultAction below for details.
scope String: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
visibilityConfig Property Map: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.
associationConfig Property Map: Specifies custom configurations for the associations between the web ACL and protected resources. See associationConfig below for details.
captchaConfig Property Map: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captchaConfig below for details.
challengeConfig Property Map: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challengeConfig below for details.
customResponseBodies List<Property Map>: Defines custom response bodies that can be referenced by customResponse actions. See customResponseBody below for details.
dataProtectionConfig Property Map: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. See dataProtectionConfig below for details.
description String: Friendly description of the WebACL.
name String: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with namePrefix.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
region String: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
ruleJson String: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with ruleJson set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules List<Property Map>: rule blocks in this resource have several known limitations. Consider using aws.wafv2.WebAclRule to manage rules as separate resources instead. Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
tags Map<String>: Map of key-value pairs to associate with the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tokenDomains List<String>: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.

Outputs

All input properties are implicitly available as output properties. Additionally, the WebAcl resource produces the following output properties:

ApplicationIntegrationUrl string: The URL to use in SDK integrations with managed rule groups.
Arn string: The ARN of the WAF WebACL.
Capacity int: Web ACL capacity units (WCUs) currently being used by this web ACL.
Id string: The provider-assigned unique ID for this managed resource.
LockToken string
TagsAll Dictionary<string, string>: Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

ApplicationIntegrationUrl string: The URL to use in SDK integrations with managed rule groups.
Arn string: The ARN of the WAF WebACL.
Capacity int: Web ACL capacity units (WCUs) currently being used by this web ACL.
Id string: The provider-assigned unique ID for this managed resource.
LockToken string
TagsAll map[string]string: Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

applicationIntegrationUrl String: The URL to use in SDK integrations with managed rule groups.
arn String: The ARN of the WAF WebACL.
capacity Integer: Web ACL capacity units (WCUs) currently being used by this web ACL.
id String: The provider-assigned unique ID for this managed resource.
lockToken String
tagsAll Map<String,String>: Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

applicationIntegrationUrl string: The URL to use in SDK integrations with managed rule groups.
arn string: The ARN of the WAF WebACL.
capacity number: Web ACL capacity units (WCUs) currently being used by this web ACL.
id string: The provider-assigned unique ID for this managed resource.
lockToken string
tagsAll {[key: string]: string}: Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

application_integration_url str: The URL to use in SDK integrations with managed rule groups.
arn str: The ARN of the WAF WebACL.
capacity int: Web ACL capacity units (WCUs) currently being used by this web ACL.
id str: The provider-assigned unique ID for this managed resource.
lock_token str
tags_all Mapping[str, str]: Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

applicationIntegrationUrl String: The URL to use in SDK integrations with managed rule groups.
arn String: The ARN of the WAF WebACL.
capacity Number: Web ACL capacity units (WCUs) currently being used by this web ACL.
id String: The provider-assigned unique ID for this managed resource.
lockToken String
tagsAll Map<String>: Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Look up Existing WebAcl Resource

Get an existing WebAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: WebAclState, opts?: CustomResourceOptions): WebAcl

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        application_integration_url: Optional[str] = None,
        arn: Optional[str] = None,
        association_config: Optional[WebAclAssociationConfigArgs] = None,
        capacity: Optional[int] = None,
        captcha_config: Optional[WebAclCaptchaConfigArgs] = None,
        challenge_config: Optional[WebAclChallengeConfigArgs] = None,
        custom_response_bodies: Optional[Sequence[WebAclCustomResponseBodyArgs]] = None,
        data_protection_config: Optional[WebAclDataProtectionConfigArgs] = None,
        default_action: Optional[WebAclDefaultActionArgs] = None,
        description: Optional[str] = None,
        lock_token: Optional[str] = None,
        name: Optional[str] = None,
        name_prefix: Optional[str] = None,
        region: Optional[str] = None,
        rule_json: Optional[str] = None,
        rules: Optional[Sequence[WebAclRuleArgs]] = None,
        scope: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        token_domains: Optional[Sequence[str]] = None,
        visibility_config: Optional[WebAclVisibilityConfigArgs] = None) -> WebAcl

func GetWebAcl(ctx *Context, name string, id IDInput, state *WebAclState, opts ...ResourceOption) (*WebAcl, error)

public static WebAcl Get(string name, Input<string> id, WebAclState? state, CustomResourceOptions? opts = null)

public static WebAcl get(String name, Output<String> id, WebAclState state, CustomResourceOptions options)

resources:  _:    type: aws:wafv2:WebAcl    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

ApplicationIntegrationUrl string: The URL to use in SDK integrations with managed rule groups.
Arn string: The ARN of the WAF WebACL.
AssociationConfig WebAclAssociationConfig: Specifies custom configurations for the associations between the web ACL and protected resources. See associationConfig below for details.
Capacity int: Web ACL capacity units (WCUs) currently being used by this web ACL.
CaptchaConfig WebAclCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captchaConfig below for details.
ChallengeConfig WebAclChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challengeConfig below for details.
CustomResponseBodies List<WebAclCustomResponseBody>: Defines custom response bodies that can be referenced by customResponse actions. See customResponseBody below for details.
DataProtectionConfig WebAclDataProtectionConfig: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. See dataProtectionConfig below for details.
DefaultAction WebAclDefaultAction: Action to perform if none of the rules contained in the WebACL match. See defaultAction below for details.
Description string: Friendly description of the WebACL.
LockToken string
Name string: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with namePrefix.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
Region string: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
RuleJson string: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with ruleJson set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
Rules List<WebAclRule>: rule blocks in this resource have several known limitations. Consider using aws.wafv2.WebAclRule to manage rules as separate resources instead. Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
Scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
Tags Dictionary<string, string>: Map of key-value pairs to associate with the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>: Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.
TokenDomains List<string>: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
VisibilityConfig WebAclVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.

ApplicationIntegrationUrl string: The URL to use in SDK integrations with managed rule groups.
Arn string: The ARN of the WAF WebACL.
AssociationConfig WebAclAssociationConfigArgs: Specifies custom configurations for the associations between the web ACL and protected resources. See associationConfig below for details.
Capacity int: Web ACL capacity units (WCUs) currently being used by this web ACL.
CaptchaConfig WebAclCaptchaConfigArgs: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captchaConfig below for details.
ChallengeConfig WebAclChallengeConfigArgs: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challengeConfig below for details.
CustomResponseBodies []WebAclCustomResponseBodyArgs: Defines custom response bodies that can be referenced by customResponse actions. See customResponseBody below for details.
DataProtectionConfig WebAclDataProtectionConfigArgs: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. See dataProtectionConfig below for details.
DefaultAction WebAclDefaultActionArgs: Action to perform if none of the rules contained in the WebACL match. See defaultAction below for details.
Description string: Friendly description of the WebACL.
LockToken string
Name string: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with namePrefix.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
Region string: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
RuleJson string: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with ruleJson set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
Rules []WebAclRuleTypeArgs: rule blocks in this resource have several known limitations. Consider using aws.wafv2.WebAclRule to manage rules as separate resources instead. Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
Scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
Tags map[string]string: Map of key-value pairs to associate with the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string: Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.
TokenDomains []string: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
VisibilityConfig WebAclVisibilityConfigArgs: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.

applicationIntegrationUrl String: The URL to use in SDK integrations with managed rule groups.
arn String: The ARN of the WAF WebACL.
associationConfig WebAclAssociationConfig: Specifies custom configurations for the associations between the web ACL and protected resources. See associationConfig below for details.
capacity Integer: Web ACL capacity units (WCUs) currently being used by this web ACL.
captchaConfig WebAclCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captchaConfig below for details.
challengeConfig WebAclChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challengeConfig below for details.
customResponseBodies List<WebAclCustomResponseBody>: Defines custom response bodies that can be referenced by customResponse actions. See customResponseBody below for details.
dataProtectionConfig WebAclDataProtectionConfig: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. See dataProtectionConfig below for details.
defaultAction WebAclDefaultAction: Action to perform if none of the rules contained in the WebACL match. See defaultAction below for details.
description String: Friendly description of the WebACL.
lockToken String
name String: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with namePrefix.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
region String: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
ruleJson String: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with ruleJson set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules List<WebAclRule>: rule blocks in this resource have several known limitations. Consider using aws.wafv2.WebAclRule to manage rules as separate resources instead. Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
scope String: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
tags Map<String,String>: Map of key-value pairs to associate with the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>: Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.
tokenDomains List<String>: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
visibilityConfig WebAclVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.

applicationIntegrationUrl string: The URL to use in SDK integrations with managed rule groups.
arn string: The ARN of the WAF WebACL.
associationConfig WebAclAssociationConfig: Specifies custom configurations for the associations between the web ACL and protected resources. See associationConfig below for details.
capacity number: Web ACL capacity units (WCUs) currently being used by this web ACL.
captchaConfig WebAclCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captchaConfig below for details.
challengeConfig WebAclChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challengeConfig below for details.
customResponseBodies WebAclCustomResponseBody[]: Defines custom response bodies that can be referenced by customResponse actions. See customResponseBody below for details.
dataProtectionConfig WebAclDataProtectionConfig: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. See dataProtectionConfig below for details.
defaultAction WebAclDefaultAction: Action to perform if none of the rules contained in the WebACL match. See defaultAction below for details.
description string: Friendly description of the WebACL.
lockToken string
name string: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with namePrefix.
namePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
region string: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
ruleJson string: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with ruleJson set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules WebAclRule[]: rule blocks in this resource have several known limitations. Consider using aws.wafv2.WebAclRule to manage rules as separate resources instead. Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
scope string: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
tags {[key: string]: string}: Map of key-value pairs to associate with the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}: Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.
tokenDomains string[]: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
visibilityConfig WebAclVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.

application_integration_url str: The URL to use in SDK integrations with managed rule groups.
arn str: The ARN of the WAF WebACL.
association_config WebAclAssociationConfigArgs: Specifies custom configurations for the associations between the web ACL and protected resources. See associationConfig below for details.
capacity int: Web ACL capacity units (WCUs) currently being used by this web ACL.
captcha_config WebAclCaptchaConfigArgs: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captchaConfig below for details.
challenge_config WebAclChallengeConfigArgs: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challengeConfig below for details.
custom_response_bodies Sequence[WebAclCustomResponseBodyArgs]: Defines custom response bodies that can be referenced by customResponse actions. See customResponseBody below for details.
data_protection_config WebAclDataProtectionConfigArgs: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. See dataProtectionConfig below for details.
default_action WebAclDefaultActionArgs: Action to perform if none of the rules contained in the WebACL match. See defaultAction below for details.
description str: Friendly description of the WebACL.
lock_token str
name str: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with namePrefix.
name_prefix str: Creates a unique name beginning with the specified prefix. Conflicts with name.
region str: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
rule_json str: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with ruleJson set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules Sequence[WebAclRuleArgs]: rule blocks in this resource have several known limitations. Consider using aws.wafv2.WebAclRule to manage rules as separate resources instead. Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
scope str: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
tags Mapping[str, str]: Map of key-value pairs to associate with the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]: Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.
token_domains Sequence[str]: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
visibility_config WebAclVisibilityConfigArgs: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.

applicationIntegrationUrl String: The URL to use in SDK integrations with managed rule groups.
arn String: The ARN of the WAF WebACL.
associationConfig Property Map: Specifies custom configurations for the associations between the web ACL and protected resources. See associationConfig below for details.
capacity Number: Web ACL capacity units (WCUs) currently being used by this web ACL.
captchaConfig Property Map: Specifies how AWS WAF should handle CAPTCHA evaluations on the ACL level (used by AWS Bot Control). See captchaConfig below for details.
challengeConfig Property Map: Specifies how AWS WAF should handle Challenge evaluations on the ACL level (used by AWS Bot Control). See challengeConfig below for details.
customResponseBodies List<Property Map>: Defines custom response bodies that can be referenced by customResponse actions. See customResponseBody below for details.
dataProtectionConfig Property Map: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. See dataProtectionConfig below for details.
defaultAction Property Map: Action to perform if none of the rules contained in the WebACL match. See defaultAction below for details.
description String: Friendly description of the WebACL.
lockToken String
name String: Friendly name of the WebACL. If omitted, the provider will assign a random, unique name. Conflicts with namePrefix.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
region String: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
ruleJson String: Raw JSON string to allow more than three nested statements. Conflicts with rule attribute. This is for advanced use cases where more than 3 levels of nested statements are required. There is no drift detection at this time. If you use this attribute instead of rule, you will be foregoing drift detection. Additionally, importing an existing web ACL into a configuration with ruleJson set will result in a one time in-place update as the remote rule configuration is initially written to the rule attribute. See the AWS documentation for the JSON structure.
rules List<Property Map>: rule blocks in this resource have several known limitations. Consider using aws.wafv2.WebAclRule to manage rules as separate resources instead. Rule blocks used to identify the web requests that you want to allow, block, or count. See rule below for details.
scope String: Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are CLOUDFRONT or REGIONAL. To work with CloudFront, you must also specify the region us-east-1 (N. Virginia) on the AWS provider.
tags Map<String>: Map of key-value pairs to associate with the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>: Map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.
tokenDomains List<String>: Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
visibilityConfig Property Map: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.

Supporting Types

Note: There are over 200 nested types for this resource. Only the first 200 types are included in this documentation.

WebAclAssociationConfig, WebAclAssociationConfigArgs

RequestBodies List<WebAclAssociationConfigRequestBody>: Customizes the request body that your protected resource forward to AWS WAF for inspection. See requestBody below for details.

RequestBodies []WebAclAssociationConfigRequestBody: Customizes the request body that your protected resource forward to AWS WAF for inspection. See requestBody below for details.

requestBodies List<WebAclAssociationConfigRequestBody>: Customizes the request body that your protected resource forward to AWS WAF for inspection. See requestBody below for details.

requestBodies WebAclAssociationConfigRequestBody[]: Customizes the request body that your protected resource forward to AWS WAF for inspection. See requestBody below for details.

request_bodies Sequence[WebAclAssociationConfigRequestBody]: Customizes the request body that your protected resource forward to AWS WAF for inspection. See requestBody below for details.

requestBodies List<Property Map>: Customizes the request body that your protected resource forward to AWS WAF for inspection. See requestBody below for details.

WebAclAssociationConfigRequestBody, WebAclAssociationConfigRequestBodyArgs

ApiGateway WebAclAssociationConfigRequestBodyApiGateway: Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See apiGateway below for details.
AppRunnerService WebAclAssociationConfigRequestBodyAppRunnerService: Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See appRunnerService below for details.
Cloudfront WebAclAssociationConfigRequestBodyCloudfront: Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
CognitoUserPool WebAclAssociationConfigRequestBodyCognitoUserPool: Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognitoUserPool below for details.
VerifiedAccessInstance WebAclAssociationConfigRequestBodyVerifiedAccessInstance: Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verifiedAccessInstance below for details.

ApiGateway WebAclAssociationConfigRequestBodyApiGateway: Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See apiGateway below for details.
AppRunnerService WebAclAssociationConfigRequestBodyAppRunnerService: Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See appRunnerService below for details.
Cloudfront WebAclAssociationConfigRequestBodyCloudfront: Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
CognitoUserPool WebAclAssociationConfigRequestBodyCognitoUserPool: Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognitoUserPool below for details.
VerifiedAccessInstance WebAclAssociationConfigRequestBodyVerifiedAccessInstance: Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verifiedAccessInstance below for details.

apiGateway WebAclAssociationConfigRequestBodyApiGateway: Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See apiGateway below for details.
appRunnerService WebAclAssociationConfigRequestBodyAppRunnerService: Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See appRunnerService below for details.
cloudfront WebAclAssociationConfigRequestBodyCloudfront: Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
cognitoUserPool WebAclAssociationConfigRequestBodyCognitoUserPool: Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognitoUserPool below for details.
verifiedAccessInstance WebAclAssociationConfigRequestBodyVerifiedAccessInstance: Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verifiedAccessInstance below for details.

apiGateway WebAclAssociationConfigRequestBodyApiGateway: Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See apiGateway below for details.
appRunnerService WebAclAssociationConfigRequestBodyAppRunnerService: Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See appRunnerService below for details.
cloudfront WebAclAssociationConfigRequestBodyCloudfront: Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
cognitoUserPool WebAclAssociationConfigRequestBodyCognitoUserPool: Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognitoUserPool below for details.
verifiedAccessInstance WebAclAssociationConfigRequestBodyVerifiedAccessInstance: Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verifiedAccessInstance below for details.

api_gateway WebAclAssociationConfigRequestBodyApiGateway: Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See apiGateway below for details.
app_runner_service WebAclAssociationConfigRequestBodyAppRunnerService: Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See appRunnerService below for details.
cloudfront WebAclAssociationConfigRequestBodyCloudfront: Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
cognito_user_pool WebAclAssociationConfigRequestBodyCognitoUserPool: Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognitoUserPool below for details.
verified_access_instance WebAclAssociationConfigRequestBodyVerifiedAccessInstance: Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verifiedAccessInstance below for details.

apiGateway Property Map: Customizes the request body that your protected Amazon API Gateway REST APIs forward to AWS WAF for inspection. Applicable only when scope is set to CLOUDFRONT. See apiGateway below for details.
appRunnerService Property Map: Customizes the request body that your protected Amazon App Runner services forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See appRunnerService below for details.
cloudfront Property Map: Customizes the request body that your protected Amazon CloudFront distributions forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cloudfront below for details.
cognitoUserPool Property Map: Customizes the request body that your protected Amazon Cognito user pools forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See cognitoUserPool below for details.
verifiedAccessInstance Property Map: Customizes the request body that your protected AWS Verfied Access instances forward to AWS WAF for inspection. Applicable only when scope is set to REGIONAL. See verifiedAccessInstance below for details.

WebAclAssociationConfigRequestBodyApiGateway, WebAclAssociationConfigRequestBodyApiGatewayArgs

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

default_size_inspection_limit str: Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon API Gateway REST APIs should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

WebAclAssociationConfigRequestBodyAppRunnerService, WebAclAssociationConfigRequestBodyAppRunnerServiceArgs

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

default_size_inspection_limit str: Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon App Runner services should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

WebAclAssociationConfigRequestBodyCloudfront, WebAclAssociationConfigRequestBodyCloudfrontArgs

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

default_size_inspection_limit str: Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon CloudFront distribution should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

WebAclAssociationConfigRequestBodyCognitoUserPool, WebAclAssociationConfigRequestBodyCognitoUserPoolArgs

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

default_size_inspection_limit str: Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated Amazon Cognito user pools should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

WebAclAssociationConfigRequestBodyVerifiedAccessInstance, WebAclAssociationConfigRequestBodyVerifiedAccessInstanceArgs

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

DefaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit string: Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

default_size_inspection_limit str: Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

defaultSizeInspectionLimit String: Specifies the maximum size of the web request body component that an associated AWS Verified Access instances should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Valid values are KB_16, KB_32, KB_48 and KB_64.

WebAclCaptchaConfig, WebAclCaptchaConfigArgs

ImmunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunityTimeProperty below for details.

ImmunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunityTimeProperty below for details.

immunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunityTimeProperty below for details.

immunityTimeProperty WebAclCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunityTimeProperty below for details.

immunity_time_property WebAclCaptchaConfigImmunityTimeProperty: Defines custom immunity time. See immunityTimeProperty below for details.

immunityTimeProperty Property Map: Defines custom immunity time. See immunityTimeProperty below for details.

WebAclCaptchaConfigImmunityTimeProperty, WebAclCaptchaConfigImmunityTimePropertyArgs

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Integer: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunity_time int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

WebAclChallengeConfig, WebAclChallengeConfigArgs

ImmunityTimeProperty WebAclChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunityTimeProperty below for details.

ImmunityTimeProperty WebAclChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunityTimeProperty below for details.

immunityTimeProperty WebAclChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunityTimeProperty below for details.

immunityTimeProperty WebAclChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunityTimeProperty below for details.

immunity_time_property WebAclChallengeConfigImmunityTimeProperty: Defines custom immunity time. See immunityTimeProperty below for details.

immunityTimeProperty Property Map: Defines custom immunity time. See immunityTimeProperty below for details.

WebAclChallengeConfigImmunityTimeProperty, WebAclChallengeConfigImmunityTimePropertyArgs

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

ImmunityTime int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Integer: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunity_time int: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

immunityTime Number: The amount of time, in seconds, that a CAPTCHA or challenge timestamp is considered valid by AWS WAF. The default setting is 300.

WebAclCustomResponseBody, WebAclCustomResponseBodyArgs

Content string: Payload of the custom response.
ContentType string: Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
Key string: Unique key identifying the custom response body. This is referenced by the customResponseBodyKey argument in the customResponse block.

Content string: Payload of the custom response.
ContentType string: Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
Key string: Unique key identifying the custom response body. This is referenced by the customResponseBodyKey argument in the customResponse block.

content String: Payload of the custom response.
contentType String: Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
key String: Unique key identifying the custom response body. This is referenced by the customResponseBodyKey argument in the customResponse block.

content string: Payload of the custom response.
contentType string: Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
key string: Unique key identifying the custom response body. This is referenced by the customResponseBodyKey argument in the customResponse block.

content str: Payload of the custom response.
content_type str: Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
key str: Unique key identifying the custom response body. This is referenced by the customResponseBodyKey argument in the customResponse block.

content String: Payload of the custom response.
contentType String: Type of content in the payload that you are defining in the content argument. Valid values are TEXT_PLAIN, TEXT_HTML, or APPLICATION_JSON.
key String: Unique key identifying the custom response body. This is referenced by the customResponseBodyKey argument in the customResponse block.

WebAclDataProtectionConfig, WebAclDataProtectionConfigArgs

DataProtections List<WebAclDataProtectionConfigDataProtection>: A block for data protection configurations for specific web request field types. See dataProtection block for details.

DataProtections []WebAclDataProtectionConfigDataProtection: A block for data protection configurations for specific web request field types. See dataProtection block for details.

dataProtections List<WebAclDataProtectionConfigDataProtection>: A block for data protection configurations for specific web request field types. See dataProtection block for details.

dataProtections WebAclDataProtectionConfigDataProtection[]: A block for data protection configurations for specific web request field types. See dataProtection block for details.

data_protections Sequence[WebAclDataProtectionConfigDataProtection]: A block for data protection configurations for specific web request field types. See dataProtection block for details.

dataProtections List<Property Map>: A block for data protection configurations for specific web request field types. See dataProtection block for details.

WebAclDataProtectionConfigDataProtection, WebAclDataProtectionConfigDataProtectionArgs

Action string: Specifies how to protect the field. Valid values are SUBSTITUTION or HASH.
Field WebAclDataProtectionConfigDataProtectionField: Specifies the field type and optional keys to apply the protection behavior to. See field block below for details.
ExcludeRateBasedDetails bool: Boolean to specify whether to also exclude any rate-based rule details from the data protection you have enabled for a given field.
ExcludeRuleMatchDetails bool: Boolean to specify whether to also exclude any rule match details from the data protection you have enabled for a given field. AWS WAF logs these details for non-terminating matching rules and for the terminating matching rule.

Action string: Specifies how to protect the field. Valid values are SUBSTITUTION or HASH.
Field WebAclDataProtectionConfigDataProtectionField: Specifies the field type and optional keys to apply the protection behavior to. See field block below for details.
ExcludeRateBasedDetails bool: Boolean to specify whether to also exclude any rate-based rule details from the data protection you have enabled for a given field.
ExcludeRuleMatchDetails bool: Boolean to specify whether to also exclude any rule match details from the data protection you have enabled for a given field. AWS WAF logs these details for non-terminating matching rules and for the terminating matching rule.

action String: Specifies how to protect the field. Valid values are SUBSTITUTION or HASH.
field WebAclDataProtectionConfigDataProtectionField: Specifies the field type and optional keys to apply the protection behavior to. See field block below for details.
excludeRateBasedDetails Boolean: Boolean to specify whether to also exclude any rate-based rule details from the data protection you have enabled for a given field.
excludeRuleMatchDetails Boolean: Boolean to specify whether to also exclude any rule match details from the data protection you have enabled for a given field. AWS WAF logs these details for non-terminating matching rules and for the terminating matching rule.

action string: Specifies how to protect the field. Valid values are SUBSTITUTION or HASH.
field WebAclDataProtectionConfigDataProtectionField: Specifies the field type and optional keys to apply the protection behavior to. See field block below for details.
excludeRateBasedDetails boolean: Boolean to specify whether to also exclude any rate-based rule details from the data protection you have enabled for a given field.
excludeRuleMatchDetails boolean: Boolean to specify whether to also exclude any rule match details from the data protection you have enabled for a given field. AWS WAF logs these details for non-terminating matching rules and for the terminating matching rule.

action str: Specifies how to protect the field. Valid values are SUBSTITUTION or HASH.
field WebAclDataProtectionConfigDataProtectionField: Specifies the field type and optional keys to apply the protection behavior to. See field block below for details.
exclude_rate_based_details bool: Boolean to specify whether to also exclude any rate-based rule details from the data protection you have enabled for a given field.
exclude_rule_match_details bool: Boolean to specify whether to also exclude any rule match details from the data protection you have enabled for a given field. AWS WAF logs these details for non-terminating matching rules and for the terminating matching rule.

action String: Specifies how to protect the field. Valid values are SUBSTITUTION or HASH.
field Property Map: Specifies the field type and optional keys to apply the protection behavior to. See field block below for details.
excludeRateBasedDetails Boolean: Boolean to specify whether to also exclude any rate-based rule details from the data protection you have enabled for a given field.
excludeRuleMatchDetails Boolean: Boolean to specify whether to also exclude any rule match details from the data protection you have enabled for a given field. AWS WAF logs these details for non-terminating matching rules and for the terminating matching rule.

WebAclDataProtectionConfigDataProtectionField, WebAclDataProtectionConfigDataProtectionFieldArgs

FieldType string: Specifies the web request component type to protect. Valid Values are SINGLE_HEADER, SINGLE_COOKIE, SINGLE_QUERY_ARGUMENT, QUERY_STRING, BODY.
FieldKeys List<string>: Array of strings to specify the keys to protect for the specified field type. If you don't specify any key, then all keys for the field type are protected.

FieldType string: Specifies the web request component type to protect. Valid Values are SINGLE_HEADER, SINGLE_COOKIE, SINGLE_QUERY_ARGUMENT, QUERY_STRING, BODY.
FieldKeys []string: Array of strings to specify the keys to protect for the specified field type. If you don't specify any key, then all keys for the field type are protected.

fieldType String: Specifies the web request component type to protect. Valid Values are SINGLE_HEADER, SINGLE_COOKIE, SINGLE_QUERY_ARGUMENT, QUERY_STRING, BODY.
fieldKeys List<String>: Array of strings to specify the keys to protect for the specified field type. If you don't specify any key, then all keys for the field type are protected.

fieldType string: Specifies the web request component type to protect. Valid Values are SINGLE_HEADER, SINGLE_COOKIE, SINGLE_QUERY_ARGUMENT, QUERY_STRING, BODY.
fieldKeys string[]: Array of strings to specify the keys to protect for the specified field type. If you don't specify any key, then all keys for the field type are protected.

field_type str: Specifies the web request component type to protect. Valid Values are SINGLE_HEADER, SINGLE_COOKIE, SINGLE_QUERY_ARGUMENT, QUERY_STRING, BODY.
field_keys Sequence[str]: Array of strings to specify the keys to protect for the specified field type. If you don't specify any key, then all keys for the field type are protected.

fieldType String: Specifies the web request component type to protect. Valid Values are SINGLE_HEADER, SINGLE_COOKIE, SINGLE_QUERY_ARGUMENT, QUERY_STRING, BODY.
fieldKeys List<String>: Array of strings to specify the keys to protect for the specified field type. If you don't specify any key, then all keys for the field type are protected.

WebAclDefaultAction, WebAclDefaultActionArgs

Allow WebAclDefaultActionAllow: Specifies that AWS WAF should allow requests by default. See allow below for details.
Block WebAclDefaultActionBlock: Specifies that AWS WAF should block requests by default. See block below for details.

Allow WebAclDefaultActionAllow: Specifies that AWS WAF should allow requests by default. See allow below for details.
Block WebAclDefaultActionBlock: Specifies that AWS WAF should block requests by default. See block below for details.

allow WebAclDefaultActionAllow: Specifies that AWS WAF should allow requests by default. See allow below for details.
block WebAclDefaultActionBlock: Specifies that AWS WAF should block requests by default. See block below for details.

allow WebAclDefaultActionAllow: Specifies that AWS WAF should allow requests by default. See allow below for details.
block WebAclDefaultActionBlock: Specifies that AWS WAF should block requests by default. See block below for details.

allow WebAclDefaultActionAllow: Specifies that AWS WAF should allow requests by default. See allow below for details.
block WebAclDefaultActionBlock: Specifies that AWS WAF should block requests by default. See block below for details.

allow Property Map: Specifies that AWS WAF should allow requests by default. See allow below for details.
block Property Map: Specifies that AWS WAF should block requests by default. See block below for details.

WebAclDefaultActionAllow, WebAclDefaultActionAllowArgs

CustomRequestHandling WebAclDefaultActionAllowCustomRequestHandling: Defines custom handling for the web request. See customRequestHandling below for details.

CustomRequestHandling WebAclDefaultActionAllowCustomRequestHandling: Defines custom handling for the web request. See customRequestHandling below for details.

customRequestHandling WebAclDefaultActionAllowCustomRequestHandling: Defines custom handling for the web request. See customRequestHandling below for details.

customRequestHandling WebAclDefaultActionAllowCustomRequestHandling: Defines custom handling for the web request. See customRequestHandling below for details.

custom_request_handling WebAclDefaultActionAllowCustomRequestHandling: Defines custom handling for the web request. See customRequestHandling below for details.

customRequestHandling Property Map: Defines custom handling for the web request. See customRequestHandling below for details.

WebAclDefaultActionAllowCustomRequestHandling, WebAclDefaultActionAllowCustomRequestHandlingArgs

InsertHeaders List<WebAclDefaultActionAllowCustomRequestHandlingInsertHeader>: The insertHeader blocks used to define HTTP headers added to the request. See insertHeader below for details.

InsertHeaders []WebAclDefaultActionAllowCustomRequestHandlingInsertHeader: The insertHeader blocks used to define HTTP headers added to the request. See insertHeader below for details.

insertHeaders List<WebAclDefaultActionAllowCustomRequestHandlingInsertHeader>: The insertHeader blocks used to define HTTP headers added to the request. See insertHeader below for details.

insertHeaders WebAclDefaultActionAllowCustomRequestHandlingInsertHeader[]: The insertHeader blocks used to define HTTP headers added to the request. See insertHeader below for details.

insert_headers Sequence[WebAclDefaultActionAllowCustomRequestHandlingInsertHeader]: The insertHeader blocks used to define HTTP headers added to the request. See insertHeader below for details.

insertHeaders List<Property Map>: The insertHeader blocks used to define HTTP headers added to the request. See insertHeader below for details.

WebAclDefaultActionAllowCustomRequestHandlingInsertHeader, WebAclDefaultActionAllowCustomRequestHandlingInsertHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclDefaultActionBlock, WebAclDefaultActionBlockArgs

CustomResponse WebAclDefaultActionBlockCustomResponse: Defines a custom response for the web request. See customResponse below for details.

CustomResponse WebAclDefaultActionBlockCustomResponse: Defines a custom response for the web request. See customResponse below for details.

customResponse WebAclDefaultActionBlockCustomResponse: Defines a custom response for the web request. See customResponse below for details.

customResponse WebAclDefaultActionBlockCustomResponse: Defines a custom response for the web request. See customResponse below for details.

custom_response WebAclDefaultActionBlockCustomResponse: Defines a custom response for the web request. See customResponse below for details.

customResponse Property Map: Defines a custom response for the web request. See customResponse below for details.

WebAclDefaultActionBlockCustomResponse, WebAclDefaultActionBlockCustomResponseArgs

ResponseCode int: The HTTP status code to return to the client.
CustomResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a customResponseBody block of this resource.
ResponseHeaders List<WebAclDefaultActionBlockCustomResponseResponseHeader>: The responseHeader blocks used to define the HTTP response headers added to the response. See responseHeader below for details.

ResponseCode int: The HTTP status code to return to the client.
CustomResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a customResponseBody block of this resource.
ResponseHeaders []WebAclDefaultActionBlockCustomResponseResponseHeader: The responseHeader blocks used to define the HTTP response headers added to the response. See responseHeader below for details.

responseCode Integer: The HTTP status code to return to the client.
customResponseBodyKey String: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a customResponseBody block of this resource.
responseHeaders List<WebAclDefaultActionBlockCustomResponseResponseHeader>: The responseHeader blocks used to define the HTTP response headers added to the response. See responseHeader below for details.

responseCode number: The HTTP status code to return to the client.
customResponseBodyKey string: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a customResponseBody block of this resource.
responseHeaders WebAclDefaultActionBlockCustomResponseResponseHeader[]: The responseHeader blocks used to define the HTTP response headers added to the response. See responseHeader below for details.

response_code int: The HTTP status code to return to the client.
custom_response_body_key str: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a customResponseBody block of this resource.
response_headers Sequence[WebAclDefaultActionBlockCustomResponseResponseHeader]: The responseHeader blocks used to define the HTTP response headers added to the response. See responseHeader below for details.

responseCode Number: The HTTP status code to return to the client.
customResponseBodyKey String: References the response body that you want AWS WAF to return to the web request client. This must reference a key defined in a customResponseBody block of this resource.
responseHeaders List<Property Map>: The responseHeader blocks used to define the HTTP response headers added to the response. See responseHeader below for details.

WebAclDefaultActionBlockCustomResponseResponseHeader, WebAclDefaultActionBlockCustomResponseResponseHeaderArgs

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

Name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
Value string: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

name string: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value string: Value of the custom header.

name str: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value str: Value of the custom header.

name String: Name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers that are already in the request. For example, for the header name sample, AWS WAF inserts the header x-amzn-waf-sample.
value String: Value of the custom header.

WebAclRule, WebAclRuleArgs

Name string: Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
Priority int: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
Statement WebAclRuleStatement: The AWS WAF processing statement for the rule, for example byteMatchStatement or geoMatchStatement. See statement below for details.
VisibilityConfig WebAclRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.
Action WebAclRuleAction: Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
CaptchaConfig WebAclRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See captchaConfig below for details.
ChallengeConfig WebAclRuleChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the rule level. See challengeConfig below for details.
OverrideAction WebAclRuleOverrideAction: Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like ruleGroupReferenceStatement and managedRuleGroupStatement. See overrideAction below for details.
RuleLabels List<WebAclRuleRuleLabel>: Labels to apply to web requests that match the rule match statement. See ruleLabel below for details.

Name string: Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
Priority int: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
Statement WebAclRuleStatement: The AWS WAF processing statement for the rule, for example byteMatchStatement or geoMatchStatement. See statement below for details.
VisibilityConfig WebAclRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.
Action WebAclRuleAction: Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
CaptchaConfig WebAclRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See captchaConfig below for details.
ChallengeConfig WebAclRuleChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the rule level. See challengeConfig below for details.
OverrideAction WebAclRuleOverrideAction: Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like ruleGroupReferenceStatement and managedRuleGroupStatement. See overrideAction below for details.
RuleLabels []WebAclRuleRuleLabel: Labels to apply to web requests that match the rule match statement. See ruleLabel below for details.

name String: Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
priority Integer: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
statement WebAclRuleStatement: The AWS WAF processing statement for the rule, for example byteMatchStatement or geoMatchStatement. See statement below for details.
visibilityConfig WebAclRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.
action WebAclRuleAction: Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
captchaConfig WebAclRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See captchaConfig below for details.
challengeConfig WebAclRuleChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the rule level. See challengeConfig below for details.
overrideAction WebAclRuleOverrideAction: Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like ruleGroupReferenceStatement and managedRuleGroupStatement. See overrideAction below for details.
ruleLabels List<WebAclRuleRuleLabel>: Labels to apply to web requests that match the rule match statement. See ruleLabel below for details.

name string: Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
priority number: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
statement WebAclRuleStatement: The AWS WAF processing statement for the rule, for example byteMatchStatement or geoMatchStatement. See statement below for details.
visibilityConfig WebAclRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.
action WebAclRuleAction: Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
captchaConfig WebAclRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See captchaConfig below for details.
challengeConfig WebAclRuleChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the rule level. See challengeConfig below for details.
overrideAction WebAclRuleOverrideAction: Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like ruleGroupReferenceStatement and managedRuleGroupStatement. See overrideAction below for details.
ruleLabels WebAclRuleRuleLabel[]: Labels to apply to web requests that match the rule match statement. See ruleLabel below for details.

name str: Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
priority int: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
statement WebAclRuleStatement: The AWS WAF processing statement for the rule, for example byteMatchStatement or geoMatchStatement. See statement below for details.
visibility_config WebAclRuleVisibilityConfig: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.
action WebAclRuleAction: Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
captcha_config WebAclRuleCaptchaConfig: Specifies how AWS WAF should handle CAPTCHA evaluations. See captchaConfig below for details.
challenge_config WebAclRuleChallengeConfig: Specifies how AWS WAF should handle Challenge evaluations on the rule level. See challengeConfig below for details.
override_action WebAclRuleOverrideAction: Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like ruleGroupReferenceStatement and managedRuleGroupStatement. See overrideAction below for details.
rule_labels Sequence[WebAclRuleRuleLabel]: Labels to apply to web requests that match the rule match statement. See ruleLabel below for details.

name String: Friendly name of the rule. Note that the provider assumes that rules with names matching this pattern, ^ShieldMitigationRuleGroup_<account-id>_<web-acl-guid>_.*, are AWS-added for automatic application layer DDoS mitigation activities. Such rules will be ignored by the provider unless you explicitly include them in your configuration (for example, by using the AWS CLI to discover their properties and creating matching configuration). However, since these rules are owned and managed by AWS, you may get permission errors.
priority Number: If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the rules in order based on the value of priority. AWS WAF processes rules with lower priority first.
statement Property Map: The AWS WAF processing statement for the rule, for example byteMatchStatement or geoMatchStatement. See statement below for details.
visibilityConfig Property Map: Defines and enables Amazon CloudWatch metrics and web request sample collection. See visibilityConfig below for details.
action Property Map: Action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose statements do not reference a rule group. See action for details.
captchaConfig Property Map: Specifies how AWS WAF should handle CAPTCHA evaluations. See captchaConfig below for details.
challengeConfig Property Map: Specifies how AWS WAF should handle Challenge evaluations on the rule level. See challengeConfig below for details.
overrideAction Property Map: Override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like ruleGroupReferenceStatement and managedRuleGroupStatement. See overrideAction below for details.
ruleLabels List<Property Map>: Labels to apply to web requests that match the rule match statement. See ruleLabel below for details.

WebAclRuleAction, WebAclRuleActionArgs

Allow WebAclRuleActionAllow: Allow the request. See Allow below.
Block WebAclRuleActionBlock: Block the request. See Block below.
Captcha WebAclRuleActionCaptcha: Present a CAPTCHA challenge. See Captcha below.
Challenge WebAclRuleActionChallenge: Present a silent challenge. See Challenge below.
Count WebAclRuleActionCount: Count the request without blocking. See Count below.

Allow WebAclRuleActionAllow: Allow the request. See Allow below.
Block WebAclRuleActionBlock: Block the request. See Block below.
Captcha WebAclRuleActionCaptcha: Present a CAPTCHA challenge. See Captcha below.
Challenge WebAclRuleActionChallenge: Present a silent challenge. See Challenge below.
Count WebAclRuleActionCount: Count the request without blocking. See Count below.

allow WebAclRuleActionAllow: Allow the request. See Allow below.
block WebAclRuleActionBlock: Block the request. See Block below.
captcha WebAclRuleActionCaptcha: Present a CAPTCHA challenge. See Captcha below.
challenge WebAclRuleActionChallenge: Present a silent challenge. See Challenge below.
count WebAclRuleActionCount: Count the request without blocking. See Count below.

allow WebAclRuleActionAllow: Allow the request. See Allow below.
block WebAclRuleActionBlock: Block the request. See Block below.
captcha WebAclRuleActionCaptcha: Present a CAPTCHA challenge. See Captcha below.
challenge WebAclRuleActionChallenge: Present a silent challenge. See Challenge below.
count WebAclRuleActionCount: Count the request without blocking. See Count below.

allow WebAclRuleActionAllow: Allow the request. See Allow below.
block WebAclRuleActionBlock: Block the request. See Block below.
captcha WebAclRuleActionCaptcha: Present a CAPTCHA challenge. See Captcha below.
challenge WebAclRuleActionChallenge: Present a silent challenge. See Challenge below.
count WebAclRuleActionCount: Count the request without blocking. See Count below.

allow Property Map: Allow the request. See Allow below.
block Property Map: Block the request. See Block below.
captcha Property Map: Present a CAPTCHA challenge. See Captcha below.
challenge Property Map: Present a silent challenge. See Challenge below.
count Property Map: Count the request without blocking. See Count below.

WebAclRuleActionAllow, WebAclRuleActionAllowArgs

CustomRequestHandling WebAclRuleActionAllowCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

CustomRequestHandling WebAclRuleActionAllowCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleActionAllowCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleActionAllowCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

custom_request_handling WebAclRuleActionAllowCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling Property Map: Custom request handling configuration. See Custom Request Handling below.

WebAclRuleActionAllowCustomRequestHandling, WebAclRuleActionAllowCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleActionAllowCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

InsertHeaders []WebAclRuleActionAllowCustomRequestHandlingInsertHeader: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<WebAclRuleActionAllowCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

insertHeaders WebAclRuleActionAllowCustomRequestHandlingInsertHeader[]: Custom headers to insert into the request. See Insert Header below.

insert_headers Sequence[WebAclRuleActionAllowCustomRequestHandlingInsertHeader]: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<Property Map>: Custom headers to insert into the request. See Insert Header below.

WebAclRuleActionAllowCustomRequestHandlingInsertHeader, WebAclRuleActionAllowCustomRequestHandlingInsertHeaderArgs

Name string: Header name.
Value string: Header value.

Name string: Header name.
Value string: Header value.

name String: Header name.
value String: Header value.

name string: Header name.
value string: Header value.

name str: Header name.
value str: Header value.

name String: Header name.
value String: Header value.

WebAclRuleActionBlock, WebAclRuleActionBlockArgs

CustomResponse WebAclRuleActionBlockCustomResponse: Custom response configuration. See Custom Response below.

CustomResponse WebAclRuleActionBlockCustomResponse: Custom response configuration. See Custom Response below.

customResponse WebAclRuleActionBlockCustomResponse: Custom response configuration. See Custom Response below.

customResponse WebAclRuleActionBlockCustomResponse: Custom response configuration. See Custom Response below.

custom_response WebAclRuleActionBlockCustomResponse: Custom response configuration. See Custom Response below.

customResponse Property Map: Custom response configuration. See Custom Response below.

WebAclRuleActionBlockCustomResponse, WebAclRuleActionBlockCustomResponseArgs

ResponseCode int: HTTP status code to return (200-599).
CustomResponseBodyKey string: Key of a custom response body defined in the Web ACL.
ResponseHeaders List<WebAclRuleActionBlockCustomResponseResponseHeader>: Custom headers to include in the response. See Response Header below.

ResponseCode int: HTTP status code to return (200-599).
CustomResponseBodyKey string: Key of a custom response body defined in the Web ACL.
ResponseHeaders []WebAclRuleActionBlockCustomResponseResponseHeader: Custom headers to include in the response. See Response Header below.

responseCode Integer: HTTP status code to return (200-599).
customResponseBodyKey String: Key of a custom response body defined in the Web ACL.
responseHeaders List<WebAclRuleActionBlockCustomResponseResponseHeader>: Custom headers to include in the response. See Response Header below.

responseCode number: HTTP status code to return (200-599).
customResponseBodyKey string: Key of a custom response body defined in the Web ACL.
responseHeaders WebAclRuleActionBlockCustomResponseResponseHeader[]: Custom headers to include in the response. See Response Header below.

response_code int: HTTP status code to return (200-599).
custom_response_body_key str: Key of a custom response body defined in the Web ACL.
response_headers Sequence[WebAclRuleActionBlockCustomResponseResponseHeader]: Custom headers to include in the response. See Response Header below.

responseCode Number: HTTP status code to return (200-599).
customResponseBodyKey String: Key of a custom response body defined in the Web ACL.
responseHeaders List<Property Map>: Custom headers to include in the response. See Response Header below.

WebAclRuleActionBlockCustomResponseResponseHeader, WebAclRuleActionBlockCustomResponseResponseHeaderArgs

Name string: Header name.
Value string: Header value.

Name string: Header name.
Value string: Header value.

name String: Header name.
value String: Header value.

name string: Header name.
value string: Header value.

name str: Header name.
value str: Header value.

name String: Header name.
value String: Header value.

WebAclRuleActionCaptcha, WebAclRuleActionCaptchaArgs

CustomRequestHandling WebAclRuleActionCaptchaCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

CustomRequestHandling WebAclRuleActionCaptchaCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleActionCaptchaCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleActionCaptchaCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

custom_request_handling WebAclRuleActionCaptchaCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling Property Map: Custom request handling configuration. See Custom Request Handling below.

WebAclRuleActionCaptchaCustomRequestHandling, WebAclRuleActionCaptchaCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

InsertHeaders []WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

insertHeaders WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader[]: Custom headers to insert into the request. See Insert Header below.

insert_headers Sequence[WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader]: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<Property Map>: Custom headers to insert into the request. See Insert Header below.

WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader, WebAclRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs

Name string: Header name.
Value string: Header value.

Name string: Header name.
Value string: Header value.

name String: Header name.
value String: Header value.

name string: Header name.
value string: Header value.

name str: Header name.
value str: Header value.

name String: Header name.
value String: Header value.

WebAclRuleActionChallenge, WebAclRuleActionChallengeArgs

CustomRequestHandling WebAclRuleActionChallengeCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

CustomRequestHandling WebAclRuleActionChallengeCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleActionChallengeCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleActionChallengeCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

custom_request_handling WebAclRuleActionChallengeCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling Property Map: Custom request handling configuration. See Custom Request Handling below.

WebAclRuleActionChallengeCustomRequestHandling, WebAclRuleActionChallengeCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleActionChallengeCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

InsertHeaders []WebAclRuleActionChallengeCustomRequestHandlingInsertHeader: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<WebAclRuleActionChallengeCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

insertHeaders WebAclRuleActionChallengeCustomRequestHandlingInsertHeader[]: Custom headers to insert into the request. See Insert Header below.

insert_headers Sequence[WebAclRuleActionChallengeCustomRequestHandlingInsertHeader]: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<Property Map>: Custom headers to insert into the request. See Insert Header below.

WebAclRuleActionChallengeCustomRequestHandlingInsertHeader, WebAclRuleActionChallengeCustomRequestHandlingInsertHeaderArgs

Name string: Header name.
Value string: Header value.

Name string: Header name.
Value string: Header value.

name String: Header name.
value String: Header value.

name string: Header name.
value string: Header value.

name str: Header name.
value str: Header value.

name String: Header name.
value String: Header value.

WebAclRuleActionCount, WebAclRuleActionCountArgs

CustomRequestHandling WebAclRuleActionCountCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

CustomRequestHandling WebAclRuleActionCountCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleActionCountCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleActionCountCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

custom_request_handling WebAclRuleActionCountCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling Property Map: Custom request handling configuration. See Custom Request Handling below.

WebAclRuleActionCountCustomRequestHandling, WebAclRuleActionCountCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleActionCountCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

InsertHeaders []WebAclRuleActionCountCustomRequestHandlingInsertHeader: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<WebAclRuleActionCountCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

insertHeaders WebAclRuleActionCountCustomRequestHandlingInsertHeader[]: Custom headers to insert into the request. See Insert Header below.

insert_headers Sequence[WebAclRuleActionCountCustomRequestHandlingInsertHeader]: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<Property Map>: Custom headers to insert into the request. See Insert Header below.

WebAclRuleActionCountCustomRequestHandlingInsertHeader, WebAclRuleActionCountCustomRequestHandlingInsertHeaderArgs

Name string: Header name.
Value string: Header value.

Name string: Header name.
Value string: Header value.

name String: Header name.
value String: Header value.

name string: Header name.
value string: Header value.

name str: Header name.
value str: Header value.

name String: Header name.
value String: Header value.

WebAclRuleCaptchaConfig, WebAclRuleCaptchaConfigArgs

ImmunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty: Immunity time configuration. See Immunity Time Property below.

ImmunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty: Immunity time configuration. See Immunity Time Property below.

immunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty: Immunity time configuration. See Immunity Time Property below.

immunityTimeProperty WebAclRuleCaptchaConfigImmunityTimeProperty: Immunity time configuration. See Immunity Time Property below.

immunity_time_property WebAclRuleCaptchaConfigImmunityTimeProperty: Immunity time configuration. See Immunity Time Property below.

immunityTimeProperty Property Map: Immunity time configuration. See Immunity Time Property below.

WebAclRuleCaptchaConfigImmunityTimeProperty, WebAclRuleCaptchaConfigImmunityTimePropertyArgs

ImmunityTime int: Immunity time in seconds (60-259200).

ImmunityTime int: Immunity time in seconds (60-259200).

immunityTime Integer: Immunity time in seconds (60-259200).

immunityTime number: Immunity time in seconds (60-259200).

immunity_time int: Immunity time in seconds (60-259200).

immunityTime Number: Immunity time in seconds (60-259200).

WebAclRuleChallengeConfig, WebAclRuleChallengeConfigArgs

ImmunityTimeProperty WebAclRuleChallengeConfigImmunityTimeProperty: Immunity time configuration. See Immunity Time Property below.

ImmunityTimeProperty WebAclRuleChallengeConfigImmunityTimeProperty: Immunity time configuration. See Immunity Time Property below.

immunityTimeProperty WebAclRuleChallengeConfigImmunityTimeProperty: Immunity time configuration. See Immunity Time Property below.

immunityTimeProperty WebAclRuleChallengeConfigImmunityTimeProperty: Immunity time configuration. See Immunity Time Property below.

immunity_time_property WebAclRuleChallengeConfigImmunityTimeProperty: Immunity time configuration. See Immunity Time Property below.

immunityTimeProperty Property Map: Immunity time configuration. See Immunity Time Property below.

WebAclRuleChallengeConfigImmunityTimeProperty, WebAclRuleChallengeConfigImmunityTimePropertyArgs

ImmunityTime int: Immunity time in seconds (60-259200).

ImmunityTime int: Immunity time in seconds (60-259200).

immunityTime Integer: Immunity time in seconds (60-259200).

immunityTime number: Immunity time in seconds (60-259200).

immunity_time int: Immunity time in seconds (60-259200).

immunityTime Number: Immunity time in seconds (60-259200).

WebAclRuleOverrideAction, WebAclRuleOverrideActionArgs

Count WebAclRuleOverrideActionCount: Override the rule action with count.
None WebAclRuleOverrideActionNone: Don't override the rule action.

Count WebAclRuleOverrideActionCount: Override the rule action with count.
None WebAclRuleOverrideActionNone: Don't override the rule action.

count WebAclRuleOverrideActionCount: Override the rule action with count.
none WebAclRuleOverrideActionNone: Don't override the rule action.

count WebAclRuleOverrideActionCount: Override the rule action with count.
none WebAclRuleOverrideActionNone: Don't override the rule action.

count WebAclRuleOverrideActionCount: Override the rule action with count.
none WebAclRuleOverrideActionNone: Don't override the rule action.

count Property Map: Override the rule action with count.
none Property Map: Don't override the rule action.

WebAclRuleRuleLabel, WebAclRuleRuleLabelArgs

Name string: Label string (1-1024 characters, alphanumeric, underscore, hyphen, and colon characters only).

Name string: Label string (1-1024 characters, alphanumeric, underscore, hyphen, and colon characters only).

name String: Label string (1-1024 characters, alphanumeric, underscore, hyphen, and colon characters only).

name string: Label string (1-1024 characters, alphanumeric, underscore, hyphen, and colon characters only).

name str: Label string (1-1024 characters, alphanumeric, underscore, hyphen, and colon characters only).

name String: Label string (1-1024 characters, alphanumeric, underscore, hyphen, and colon characters only).

WebAclRuleStatement, WebAclRuleStatementArgs

AndStatement WebAclRuleStatementAndStatement: Logical AND statement that combines multiple statements. See And Statement below.
AsnMatchStatement WebAclRuleStatementAsnMatchStatement: Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
ByteMatchStatement WebAclRuleStatementByteMatchStatement: Match requests based on byte patterns. See Byte Match Statement below.
GeoMatchStatement WebAclRuleStatementGeoMatchStatement: Match requests by geographic location. See Geo Match Statement below.
IpSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement: Reference to an IP set. See IP Set Reference Statement below.
LabelMatchStatement WebAclRuleStatementLabelMatchStatement: Match requests based on labels. See Label Match Statement below.
ManagedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement: Reference to a managed rule group. See Managed Rule Group Statement below.
NotStatement WebAclRuleStatementNotStatement: Logical NOT statement that negates a single statement. See Not Statement below.
OrStatement WebAclRuleStatementOrStatement: Logical OR statement that combines multiple statements. See Or Statement below.
RateBasedStatement WebAclRuleStatementRateBasedStatement: Rate-based rule to track request rates. See Rate Based Statement below.
RegexMatchStatement WebAclRuleStatementRegexMatchStatement: Match requests using regex patterns. See Regex Match Statement below.
RegexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement: Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
RuleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement: Reference to a rule group. See Rule Group Reference Statement below.
SizeConstraintStatement WebAclRuleStatementSizeConstraintStatement: Match requests based on size constraints. See Size Constraint Statement below.
SqliMatchStatement WebAclRuleStatementSqliMatchStatement: Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
XssMatchStatement WebAclRuleStatementXssMatchStatement: Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (andStatement, notStatement, orStatement) can be nested up to 3 levels deep. This matches the nesting limit of the aws.wafv2.WebAcl resource.

AndStatement WebAclRuleStatementAndStatement: Logical AND statement that combines multiple statements. See And Statement below.
AsnMatchStatement WebAclRuleStatementAsnMatchStatement: Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
ByteMatchStatement WebAclRuleStatementByteMatchStatement: Match requests based on byte patterns. See Byte Match Statement below.
GeoMatchStatement WebAclRuleStatementGeoMatchStatement: Match requests by geographic location. See Geo Match Statement below.
IpSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement: Reference to an IP set. See IP Set Reference Statement below.
LabelMatchStatement WebAclRuleStatementLabelMatchStatement: Match requests based on labels. See Label Match Statement below.
ManagedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement: Reference to a managed rule group. See Managed Rule Group Statement below.
NotStatement WebAclRuleStatementNotStatement: Logical NOT statement that negates a single statement. See Not Statement below.
OrStatement WebAclRuleStatementOrStatement: Logical OR statement that combines multiple statements. See Or Statement below.
RateBasedStatement WebAclRuleStatementRateBasedStatement: Rate-based rule to track request rates. See Rate Based Statement below.
RegexMatchStatement WebAclRuleStatementRegexMatchStatement: Match requests using regex patterns. See Regex Match Statement below.
RegexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement: Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
RuleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement: Reference to a rule group. See Rule Group Reference Statement below.
SizeConstraintStatement WebAclRuleStatementSizeConstraintStatement: Match requests based on size constraints. See Size Constraint Statement below.
SqliMatchStatement WebAclRuleStatementSqliMatchStatement: Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
XssMatchStatement WebAclRuleStatementXssMatchStatement: Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (andStatement, notStatement, orStatement) can be nested up to 3 levels deep. This matches the nesting limit of the aws.wafv2.WebAcl resource.

andStatement WebAclRuleStatementAndStatement: Logical AND statement that combines multiple statements. See And Statement below.
asnMatchStatement WebAclRuleStatementAsnMatchStatement: Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
byteMatchStatement WebAclRuleStatementByteMatchStatement: Match requests based on byte patterns. See Byte Match Statement below.
geoMatchStatement WebAclRuleStatementGeoMatchStatement: Match requests by geographic location. See Geo Match Statement below.
ipSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement: Reference to an IP set. See IP Set Reference Statement below.
labelMatchStatement WebAclRuleStatementLabelMatchStatement: Match requests based on labels. See Label Match Statement below.
managedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement: Reference to a managed rule group. See Managed Rule Group Statement below.
notStatement WebAclRuleStatementNotStatement: Logical NOT statement that negates a single statement. See Not Statement below.
orStatement WebAclRuleStatementOrStatement: Logical OR statement that combines multiple statements. See Or Statement below.
rateBasedStatement WebAclRuleStatementRateBasedStatement: Rate-based rule to track request rates. See Rate Based Statement below.
regexMatchStatement WebAclRuleStatementRegexMatchStatement: Match requests using regex patterns. See Regex Match Statement below.
regexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement: Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
ruleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement: Reference to a rule group. See Rule Group Reference Statement below.
sizeConstraintStatement WebAclRuleStatementSizeConstraintStatement: Match requests based on size constraints. See Size Constraint Statement below.
sqliMatchStatement WebAclRuleStatementSqliMatchStatement: Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
xssMatchStatement WebAclRuleStatementXssMatchStatement: Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (andStatement, notStatement, orStatement) can be nested up to 3 levels deep. This matches the nesting limit of the aws.wafv2.WebAcl resource.

andStatement WebAclRuleStatementAndStatement: Logical AND statement that combines multiple statements. See And Statement below.
asnMatchStatement WebAclRuleStatementAsnMatchStatement: Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
byteMatchStatement WebAclRuleStatementByteMatchStatement: Match requests based on byte patterns. See Byte Match Statement below.
geoMatchStatement WebAclRuleStatementGeoMatchStatement: Match requests by geographic location. See Geo Match Statement below.
ipSetReferenceStatement WebAclRuleStatementIpSetReferenceStatement: Reference to an IP set. See IP Set Reference Statement below.
labelMatchStatement WebAclRuleStatementLabelMatchStatement: Match requests based on labels. See Label Match Statement below.
managedRuleGroupStatement WebAclRuleStatementManagedRuleGroupStatement: Reference to a managed rule group. See Managed Rule Group Statement below.
notStatement WebAclRuleStatementNotStatement: Logical NOT statement that negates a single statement. See Not Statement below.
orStatement WebAclRuleStatementOrStatement: Logical OR statement that combines multiple statements. See Or Statement below.
rateBasedStatement WebAclRuleStatementRateBasedStatement: Rate-based rule to track request rates. See Rate Based Statement below.
regexMatchStatement WebAclRuleStatementRegexMatchStatement: Match requests using regex patterns. See Regex Match Statement below.
regexPatternSetReferenceStatement WebAclRuleStatementRegexPatternSetReferenceStatement: Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
ruleGroupReferenceStatement WebAclRuleStatementRuleGroupReferenceStatement: Reference to a rule group. See Rule Group Reference Statement below.
sizeConstraintStatement WebAclRuleStatementSizeConstraintStatement: Match requests based on size constraints. See Size Constraint Statement below.
sqliMatchStatement WebAclRuleStatementSqliMatchStatement: Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
xssMatchStatement WebAclRuleStatementXssMatchStatement: Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (andStatement, notStatement, orStatement) can be nested up to 3 levels deep. This matches the nesting limit of the aws.wafv2.WebAcl resource.

and_statement WebAclRuleStatementAndStatement: Logical AND statement that combines multiple statements. See And Statement below.
asn_match_statement WebAclRuleStatementAsnMatchStatement: Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
byte_match_statement WebAclRuleStatementByteMatchStatement: Match requests based on byte patterns. See Byte Match Statement below.
geo_match_statement WebAclRuleStatementGeoMatchStatement: Match requests by geographic location. See Geo Match Statement below.
ip_set_reference_statement WebAclRuleStatementIpSetReferenceStatement: Reference to an IP set. See IP Set Reference Statement below.
label_match_statement WebAclRuleStatementLabelMatchStatement: Match requests based on labels. See Label Match Statement below.
managed_rule_group_statement WebAclRuleStatementManagedRuleGroupStatement: Reference to a managed rule group. See Managed Rule Group Statement below.
not_statement WebAclRuleStatementNotStatement: Logical NOT statement that negates a single statement. See Not Statement below.
or_statement WebAclRuleStatementOrStatement: Logical OR statement that combines multiple statements. See Or Statement below.
rate_based_statement WebAclRuleStatementRateBasedStatement: Rate-based rule to track request rates. See Rate Based Statement below.
regex_match_statement WebAclRuleStatementRegexMatchStatement: Match requests using regex patterns. See Regex Match Statement below.
regex_pattern_set_reference_statement WebAclRuleStatementRegexPatternSetReferenceStatement: Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
rule_group_reference_statement WebAclRuleStatementRuleGroupReferenceStatement: Reference to a rule group. See Rule Group Reference Statement below.
size_constraint_statement WebAclRuleStatementSizeConstraintStatement: Match requests based on size constraints. See Size Constraint Statement below.
sqli_match_statement WebAclRuleStatementSqliMatchStatement: Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
xss_match_statement WebAclRuleStatementXssMatchStatement: Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (andStatement, notStatement, orStatement) can be nested up to 3 levels deep. This matches the nesting limit of the aws.wafv2.WebAcl resource.

andStatement Property Map: Logical AND statement that combines multiple statements. See And Statement below.
asnMatchStatement Property Map: Match requests based on Autonomous System Number (ASN). See ASN Match Statement below.
byteMatchStatement Property Map: Match requests based on byte patterns. See Byte Match Statement below.
geoMatchStatement Property Map: Match requests by geographic location. See Geo Match Statement below.
ipSetReferenceStatement Property Map: Reference to an IP set. See IP Set Reference Statement below.
labelMatchStatement Property Map: Match requests based on labels. See Label Match Statement below.
managedRuleGroupStatement Property Map: Reference to a managed rule group. See Managed Rule Group Statement below.
notStatement Property Map: Logical NOT statement that negates a single statement. See Not Statement below.
orStatement Property Map: Logical OR statement that combines multiple statements. See Or Statement below.
rateBasedStatement Property Map: Rate-based rule to track request rates. See Rate Based Statement below.
regexMatchStatement Property Map: Match requests using regex patterns. See Regex Match Statement below.
regexPatternSetReferenceStatement Property Map: Reference to a regex pattern set. See Regex Pattern Set Reference Statement below.
ruleGroupReferenceStatement Property Map: Reference to a rule group. See Rule Group Reference Statement below.
sizeConstraintStatement Property Map: Match requests based on size constraints. See Size Constraint Statement below.
sqliMatchStatement Property Map: Match requests that appear to contain SQL injection attacks. See SQL Injection Match Statement below.
xssMatchStatement Property Map: Match requests that appear to contain cross-site scripting attacks. See Cross-Site Scripting Match Statement below.
NOTE: Logical statements (andStatement, notStatement, orStatement) can be nested up to 3 levels deep. This matches the nesting limit of the aws.wafv2.WebAcl resource.

WebAclRuleStatementAndStatement, WebAclRuleStatementAndStatementArgs

Statements List<WebAclRuleStatement>: The statements to combine.

Statements []WebAclRuleStatement: The statements to combine.

statements List<WebAclRuleStatement>: The statements to combine.

statements WebAclRuleStatement[]: The statements to combine.

statements Sequence[WebAclRuleStatement]: The statements to combine.

statements List<Property Map>: The statements to combine.

WebAclRuleStatementAsnMatchStatement, WebAclRuleStatementAsnMatchStatementArgs

AsnLists List<int>: List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
ForwardedIpConfig WebAclRuleStatementAsnMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.

AsnLists []int: List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
ForwardedIpConfig WebAclRuleStatementAsnMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.

asnLists List<Integer>: List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
forwardedIpConfig WebAclRuleStatementAsnMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.

asnLists number[]: List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
forwardedIpConfig WebAclRuleStatementAsnMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.

asn_lists Sequence[int]: List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
forwarded_ip_config WebAclRuleStatementAsnMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.

asnLists List<Number>: List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
forwardedIpConfig Property Map: Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.

WebAclRuleStatementAsnMatchStatementForwardedIpConfig, WebAclRuleStatementAsnMatchStatementForwardedIpConfigArgs

FallbackBehavior string
HeaderName string: Name of the header containing the forwarded IP address.

FallbackBehavior string
HeaderName string: Name of the header containing the forwarded IP address.

fallbackBehavior String
headerName String: Name of the header containing the forwarded IP address.

fallbackBehavior string
headerName string: Name of the header containing the forwarded IP address.

fallback_behavior str
header_name str: Name of the header containing the forwarded IP address.

fallbackBehavior String
headerName String: Name of the header containing the forwarded IP address.

WebAclRuleStatementByteMatchStatement, WebAclRuleStatementByteMatchStatementArgs

PositionalConstraint string: Area within the portion of the web request that you want WAF to search for searchString. Valid values: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD.
SearchString string: String value to search for within the request (1-200 characters).
FieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
TextTransformations List<WebAclRuleStatementByteMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

PositionalConstraint string: Area within the portion of the web request that you want WAF to search for searchString. Valid values: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD.
SearchString string: String value to search for within the request (1-200 characters).
FieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
TextTransformations []WebAclRuleStatementByteMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

positionalConstraint String: Area within the portion of the web request that you want WAF to search for searchString. Valid values: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD.
searchString String: String value to search for within the request (1-200 characters).
fieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations List<WebAclRuleStatementByteMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

positionalConstraint string: Area within the portion of the web request that you want WAF to search for searchString. Valid values: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD.
searchString string: String value to search for within the request (1-200 characters).
fieldToMatch WebAclRuleStatementByteMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations WebAclRuleStatementByteMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

positional_constraint str: Area within the portion of the web request that you want WAF to search for searchString. Valid values: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD.
search_string str: String value to search for within the request (1-200 characters).
field_to_match WebAclRuleStatementByteMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
text_transformations Sequence[WebAclRuleStatementByteMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

positionalConstraint String: Area within the portion of the web request that you want WAF to search for searchString. Valid values: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD.
searchString String: String value to search for within the request (1-200 characters).
fieldToMatch Property Map: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

WebAclRuleStatementByteMatchStatementFieldToMatch, WebAclRuleStatementByteMatchStatementFieldToMatchArgs

AllQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
Cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
HeaderOrders List<WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
Headers List<WebAclRuleStatementByteMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below.
Ja3Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
Ja4Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
JsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
Method WebAclRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method.
QueryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string.
SingleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
SingleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
UriFragment WebAclRuleStatementByteMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
UriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path.

AllQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
Cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
HeaderOrders []WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
Headers []WebAclRuleStatementByteMatchStatementFieldToMatchHeader: Inspect the request headers. See Headers below.
Ja3Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
Ja4Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
JsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
Method WebAclRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method.
QueryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string.
SingleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
SingleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
UriFragment WebAclRuleStatementByteMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
UriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
headerOrders List<WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers List<WebAclRuleStatementByteMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below.
ja3Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method.
queryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string.
singleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
singleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uriFragment WebAclRuleStatementByteMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
headerOrders WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder[]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers WebAclRuleStatementByteMatchStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below.
ja3Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method.
queryString WebAclRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string.
singleHeader WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
singleQueryArgument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uriFragment WebAclRuleStatementByteMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uriPath WebAclRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path.

all_query_arguments WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementByteMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementByteMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
header_orders Sequence[WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers Sequence[WebAclRuleStatementByteMatchStatementFieldToMatchHeader]: Inspect the request headers. See Headers below.
ja3_fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4_fingerprint WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
json_body WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method.
query_string WebAclRuleStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string.
single_header WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
single_query_argument WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uri_fragment WebAclRuleStatementByteMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uri_path WebAclRuleStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body as plain text. See Body below.
cookies Property Map: Inspect the request cookies. See Cookies below.
headerOrders List<Property Map>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers List<Property Map>: Inspect the request headers. See Headers below.
ja3Fingerprint Property Map: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint Property Map: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body below.
method Property Map: Inspect the HTTP method.
queryString Property Map: Inspect the query string.
singleHeader Property Map: Inspect a single header. See Single Header below.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below.
uriFragment Property Map: Inspect fragments of the request URI. See URI Fragment below.
uriPath Property Map: Inspect the request URI path.

WebAclRuleStatementByteMatchStatementFieldToMatchBody, WebAclRuleStatementByteMatchStatementFieldToMatchBodyArgs

OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversize_handling str: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

WebAclRuleStatementByteMatchStatementFieldToMatchCookies, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesArgs

MatchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPatterns List<WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern>: Cookies to inspect. See Cookies Match Pattern below.

MatchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPatterns []WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern: Cookies to inspect. See Cookies Match Pattern below.

matchScope String: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns List<WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern>: Cookies to inspect. See Cookies Match Pattern below.

matchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]: Cookies to inspect. See Cookies Match Pattern below.

match_scope str: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversize_handling str: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
match_patterns Sequence[WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern]: Cookies to inspect. See Cookies Match Pattern below.

matchScope String: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns List<Property Map>: Cookies to inspect. See Cookies Match Pattern below.

WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

All WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
ExcludedCookies List<string>: List of cookie names to exclude from inspection.
IncludedCookies List<string>: List of cookie names to inspect.

All WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
ExcludedCookies []string: List of cookie names to exclude from inspection.
IncludedCookies []string: List of cookie names to inspect.

all WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
excludedCookies List<String>: List of cookie names to exclude from inspection.
includedCookies List<String>: List of cookie names to inspect.

all WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
excludedCookies string[]: List of cookie names to exclude from inspection.
includedCookies string[]: List of cookie names to inspect.

all WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
excluded_cookies Sequence[str]: List of cookie names to exclude from inspection.
included_cookies Sequence[str]: List of cookie names to inspect.

all Property Map
excludedCookies List<String>: List of cookie names to exclude from inspection.
includedCookies List<String>: List of cookie names to inspect.

WebAclRuleStatementByteMatchStatementFieldToMatchHeader, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderArgs

MatchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

MatchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope String: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

match_scope str: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversize_handling str: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
match_pattern WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope String: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern Property Map: Headers to inspect. See Headers Match Pattern below.

WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

All WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
ExcludedHeaders List<string>: List of header names to exclude from inspection.
IncludedHeaders List<string>: List of header names to inspect.

All WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
ExcludedHeaders []string: List of header names to exclude from inspection.
IncludedHeaders []string: List of header names to inspect.

all WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
excludedHeaders List<String>: List of header names to exclude from inspection.
includedHeaders List<String>: List of header names to inspect.

all WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
excludedHeaders string[]: List of header names to exclude from inspection.
includedHeaders string[]: List of header names to inspect.

all WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
excluded_headers Sequence[str]: List of header names to exclude from inspection.
included_headers Sequence[str]: List of header names to inspect.

all Property Map
excludedHeaders List<String>: List of header names to exclude from inspection.
includedHeaders List<String>: List of header names to inspect.

WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallback_behavior str: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementByteMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallback_behavior str: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyArgs

MatchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
InvalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

MatchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
InvalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope String: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior String: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

match_scope str: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalid_fallback_behavior str: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
match_pattern WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversize_handling str: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope String: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior String: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern Property Map: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

All WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
IncludedPaths List<string>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

All WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
IncludedPaths []string: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
includedPaths List<String>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
includedPaths string[]: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
included_paths Sequence[str]: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all Property Map
includedPaths List<String>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeaderArgs

Name string: Name of the header to inspect (case insensitive).

Name string: Name of the header to inspect (case insensitive).

name String: Name of the header to inspect (case insensitive).

name string: Name of the header to inspect (case insensitive).

name str: Name of the header to inspect (case insensitive).

name String: Name of the header to inspect (case insensitive).

WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

Name string: Name of the query argument to inspect.

Name string: Name of the query argument to inspect.

name String: Name of the query argument to inspect.

name string: Name of the query argument to inspect.

name str: Name of the query argument to inspect.

name String: Name of the query argument to inspect.

WebAclRuleStatementByteMatchStatementFieldToMatchUriFragment, WebAclRuleStatementByteMatchStatementFieldToMatchUriFragmentArgs

FallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallback_behavior str: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementByteMatchStatementTextTransformation, WebAclRuleStatementByteMatchStatementTextTransformationArgs

Priority int: Relative processing order for multiple transformations (0-based).
Type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

Priority int: Relative processing order for multiple transformations (0-based).
Type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority Integer: Relative processing order for multiple transformations (0-based).
type String: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority number: Relative processing order for multiple transformations (0-based).
type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority int: Relative processing order for multiple transformations (0-based).
type str: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority Number: Relative processing order for multiple transformations (0-based).
type String: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

WebAclRuleStatementGeoMatchStatement, WebAclRuleStatementGeoMatchStatementArgs

CountryCodes List<string>: List of two-character country codes (ISO 3166-1 alpha-2).
ForwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.

CountryCodes []string: List of two-character country codes (ISO 3166-1 alpha-2).
ForwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.

countryCodes List<String>: List of two-character country codes (ISO 3166-1 alpha-2).
forwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.

countryCodes string[]: List of two-character country codes (ISO 3166-1 alpha-2).
forwardedIpConfig WebAclRuleStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.

country_codes Sequence[str]: List of two-character country codes (ISO 3166-1 alpha-2).
forwarded_ip_config WebAclRuleStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.

countryCodes List<String>: List of two-character country codes (ISO 3166-1 alpha-2).
forwardedIpConfig Property Map: Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.

WebAclRuleStatementGeoMatchStatementForwardedIpConfig, WebAclRuleStatementGeoMatchStatementForwardedIpConfigArgs

FallbackBehavior string
HeaderName string: Name of the header containing the forwarded IP address.

FallbackBehavior string
HeaderName string: Name of the header containing the forwarded IP address.

fallbackBehavior String
headerName String: Name of the header containing the forwarded IP address.

fallbackBehavior string
headerName string: Name of the header containing the forwarded IP address.

fallback_behavior str
header_name str: Name of the header containing the forwarded IP address.

fallbackBehavior String
headerName String: Name of the header containing the forwarded IP address.

WebAclRuleStatementIpSetReferenceStatement, WebAclRuleStatementIpSetReferenceStatementArgs

Arn string: ARN of the IP set to reference.
IpSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.

Arn string: ARN of the IP set to reference.
IpSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.

arn String: ARN of the IP set to reference.
ipSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.

arn string: ARN of the IP set to reference.
ipSetForwardedIpConfig WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.

arn str: ARN of the IP set to reference.
ip_set_forwarded_ip_config WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.

arn String: ARN of the IP set to reference.
ipSetForwardedIpConfig Property Map: Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.

WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig, WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

FallbackBehavior string: Action to take when the IP address in the header is invalid. Valid values: MATCH, NO_MATCH.
HeaderName string: Name of the header containing the forwarded IP address.
Position string: Position in the header to use. Valid values: FIRST, LAST, ANY.

FallbackBehavior string: Action to take when the IP address in the header is invalid. Valid values: MATCH, NO_MATCH.
HeaderName string: Name of the header containing the forwarded IP address.
Position string: Position in the header to use. Valid values: FIRST, LAST, ANY.

fallbackBehavior String: Action to take when the IP address in the header is invalid. Valid values: MATCH, NO_MATCH.
headerName String: Name of the header containing the forwarded IP address.
position String: Position in the header to use. Valid values: FIRST, LAST, ANY.

fallbackBehavior string: Action to take when the IP address in the header is invalid. Valid values: MATCH, NO_MATCH.
headerName string: Name of the header containing the forwarded IP address.
position string: Position in the header to use. Valid values: FIRST, LAST, ANY.

fallback_behavior str: Action to take when the IP address in the header is invalid. Valid values: MATCH, NO_MATCH.
header_name str: Name of the header containing the forwarded IP address.
position str: Position in the header to use. Valid values: FIRST, LAST, ANY.

fallbackBehavior String: Action to take when the IP address in the header is invalid. Valid values: MATCH, NO_MATCH.
headerName String: Name of the header containing the forwarded IP address.
position String: Position in the header to use. Valid values: FIRST, LAST, ANY.

WebAclRuleStatementLabelMatchStatement, WebAclRuleStatementLabelMatchStatementArgs

Key string: String to match against. For LABEL scope, include the name and any preceding namespace specifications. For NAMESPACE scope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g., NS1:NS2:name).
Scope string: Whether to match using the label name or namespace. Valid values: LABEL, NAMESPACE.

Key string: String to match against. For LABEL scope, include the name and any preceding namespace specifications. For NAMESPACE scope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g., NS1:NS2:name).
Scope string: Whether to match using the label name or namespace. Valid values: LABEL, NAMESPACE.

key String: String to match against. For LABEL scope, include the name and any preceding namespace specifications. For NAMESPACE scope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g., NS1:NS2:name).
scope String: Whether to match using the label name or namespace. Valid values: LABEL, NAMESPACE.

key string: String to match against. For LABEL scope, include the name and any preceding namespace specifications. For NAMESPACE scope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g., NS1:NS2:name).
scope string: Whether to match using the label name or namespace. Valid values: LABEL, NAMESPACE.

key str: String to match against. For LABEL scope, include the name and any preceding namespace specifications. For NAMESPACE scope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g., NS1:NS2:name).
scope str: Whether to match using the label name or namespace. Valid values: LABEL, NAMESPACE.

key String: String to match against. For LABEL scope, include the name and any preceding namespace specifications. For NAMESPACE scope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g., NS1:NS2:name).
scope String: Whether to match using the label name or namespace. Valid values: LABEL, NAMESPACE.

WebAclRuleStatementManagedRuleGroupStatement, WebAclRuleStatementManagedRuleGroupStatementArgs

Name string: Name of the managed rule group.
VendorName string: Name of the managed rule group vendor (e.g., "AWS").
ManagedRuleGroupConfigs List<WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig>
RuleActionOverrides List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride>: Override actions for specific rules within the managed rule group. See Rule Action Override below.
ScopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement: Additional statement to narrow the scope of requests that the managed rule group evaluates. See Scope Down Statement below.
Version string: Version of the managed rule group.

Name string: Name of the managed rule group.
VendorName string: Name of the managed rule group vendor (e.g., "AWS").
ManagedRuleGroupConfigs []WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig
RuleActionOverrides []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride: Override actions for specific rules within the managed rule group. See Rule Action Override below.
ScopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement: Additional statement to narrow the scope of requests that the managed rule group evaluates. See Scope Down Statement below.
Version string: Version of the managed rule group.

name String: Name of the managed rule group.
vendorName String: Name of the managed rule group vendor (e.g., "AWS").
managedRuleGroupConfigs List<WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig>
ruleActionOverrides List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride>: Override actions for specific rules within the managed rule group. See Rule Action Override below.
scopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement: Additional statement to narrow the scope of requests that the managed rule group evaluates. See Scope Down Statement below.
version String: Version of the managed rule group.

name string: Name of the managed rule group.
vendorName string: Name of the managed rule group vendor (e.g., "AWS").
managedRuleGroupConfigs WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig[]
ruleActionOverrides WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride[]: Override actions for specific rules within the managed rule group. See Rule Action Override below.
scopeDownStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement: Additional statement to narrow the scope of requests that the managed rule group evaluates. See Scope Down Statement below.
version string: Version of the managed rule group.

name str: Name of the managed rule group.
vendor_name str: Name of the managed rule group vendor (e.g., "AWS").
managed_rule_group_configs Sequence[WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig]
rule_action_overrides Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride]: Override actions for specific rules within the managed rule group. See Rule Action Override below.
scope_down_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement: Additional statement to narrow the scope of requests that the managed rule group evaluates. See Scope Down Statement below.
version str: Version of the managed rule group.

name String: Name of the managed rule group.
vendorName String: Name of the managed rule group vendor (e.g., "AWS").
managedRuleGroupConfigs List<Property Map>
ruleActionOverrides List<Property Map>: Override actions for specific rules within the managed rule group. See Rule Action Override below.
scopeDownStatement Property Map: Additional statement to narrow the scope of requests that the managed rule group evaluates. See Scope Down Statement below.
version String: Version of the managed rule group.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfig, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs

AwsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet
AwsManagedRulesAntiDdosRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSet
AwsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet
AwsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet
LoginPath string: Deprecated: Use awsManagedRulesAtpRuleSet login_path
PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection password_field
PayloadType string: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection payload_type
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection username_field

AwsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet
AwsManagedRulesAntiDdosRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSet
AwsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet
AwsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet
LoginPath string: Deprecated: Use awsManagedRulesAtpRuleSet login_path
PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection password_field
PayloadType string: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection payload_type
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection username_field

awsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet
awsManagedRulesAntiDdosRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSet
awsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet
awsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet
loginPath String: Deprecated: Use awsManagedRulesAtpRuleSet login_path
passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection password_field
payloadType String: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection payload_type
usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection username_field

awsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet
awsManagedRulesAntiDdosRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSet
awsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet
awsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet
loginPath string: Deprecated: Use awsManagedRulesAtpRuleSet login_path
passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection password_field
payloadType string: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection payload_type
usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection username_field

aws_managed_rules_acfp_rule_set WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet
aws_managed_rules_anti_ddos_rule_set WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSet
aws_managed_rules_atp_rule_set WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet
aws_managed_rules_bot_control_rule_set WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet
login_path str: Deprecated: Use awsManagedRulesAtpRuleSet login_path
password_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection password_field
payload_type str: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection payload_type
username_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection username_field

awsManagedRulesAcfpRuleSet Property Map
awsManagedRulesAntiDdosRuleSet Property Map
awsManagedRulesAtpRuleSet Property Map
awsManagedRulesBotControlRuleSet Property Map
loginPath String: Deprecated: Use awsManagedRulesAtpRuleSet login_path
passwordField Property Map: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection password_field
payloadType String: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection payload_type
usernameField Property Map: Deprecated: Use awsManagedRulesAtpRuleSet request_inspection username_field

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetArgs

CreationPath string
RegistrationPagePath string
EnableRegexInPath bool
RequestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection
ResponseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection

CreationPath string
RegistrationPagePath string
EnableRegexInPath bool
RequestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection
ResponseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection

creationPath String
registrationPagePath String
enableRegexInPath Boolean
requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection
responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection

creationPath string
registrationPagePath string
enableRegexInPath boolean
requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection
responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection

creation_path str
registration_page_path str
enable_regex_in_path bool
request_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection
response_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection

creationPath String
registrationPagePath String
enableRegexInPath Boolean
requestInspection Property Map
responseInspection Property Map

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionArgs

PayloadType string
AddressFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields
EmailField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField
PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField
PhoneNumberFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField

PayloadType string
AddressFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields
EmailField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField
PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField
PhoneNumberFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField

payloadType String
addressFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields
emailField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField
passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField
phoneNumberFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields
usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField

payloadType string
addressFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields
emailField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField
passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField
phoneNumberFields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields
usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField

payload_type str
address_fields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields
email_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField
password_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField
phone_number_fields WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields
username_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField

payloadType String
addressFields Property Map
emailField Property Map
passwordField Property Map
phoneNumberFields Property Map
usernameField Property Map

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFields, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionAddressFieldsArgs

Identifiers List<string>

Identifiers []string

identifiers List<String>

identifiers string[]

identifiers Sequence[str]

identifiers List<String>

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionEmailFieldArgs

Identifier string

Identifier string

identifier String

identifier string

identifier str

identifier String

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPasswordFieldArgs

Identifier string

Identifier string

identifier String

identifier string

identifier str

identifier String

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFields, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionPhoneNumberFieldsArgs

Identifiers List<string>

Identifiers []string

identifiers List<String>

identifiers string[]

identifiers Sequence[str]

identifiers List<String>

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetRequestInspectionUsernameFieldArgs

Identifier string

Identifier string

identifier String

identifier string

identifier str

identifier String

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionArgs

BodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains
Header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader: Use a header as an aggregate key. See Custom Key Header below.
Json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson
StatusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode

BodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains
Header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader: Use a header as an aggregate key. See Custom Key Header below.
Json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson
StatusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode

bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains
header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader: Use a header as an aggregate key. See Custom Key Header below.
json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson
statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode

bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains
header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader: Use a header as an aggregate key. See Custom Key Header below.
json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson
statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode

body_contains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains
header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader: Use a header as an aggregate key. See Custom Key Header below.
json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson
status_code WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode

bodyContains Property Map
header Property Map: Use a header as an aggregate key. See Custom Key Header below.
json Property Map
statusCode Property Map

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContains, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionBodyContainsArgs

FailureStrings List<string>
SuccessStrings List<string>

FailureStrings []string
SuccessStrings []string

failureStrings List<String>
successStrings List<String>

failureStrings string[]
successStrings string[]

failure_strings Sequence[str]
success_strings Sequence[str]

failureStrings List<String>
successStrings List<String>

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeader, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionHeaderArgs

FailureValues List<string>
Name string: Name of the rule. Must be unique within the Web ACL.
SuccessValues List<string>

FailureValues []string
Name string: Name of the rule. Must be unique within the Web ACL.
SuccessValues []string

failureValues List<String>
name String: Name of the rule. Must be unique within the Web ACL.
successValues List<String>

failureValues string[]
name string: Name of the rule. Must be unique within the Web ACL.
successValues string[]

failure_values Sequence[str]
name str: Name of the rule. Must be unique within the Web ACL.
success_values Sequence[str]

failureValues List<String>
name String: Name of the rule. Must be unique within the Web ACL.
successValues List<String>

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJson, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionJsonArgs

FailureValues List<string>
Identifier string
SuccessValues List<string>

FailureValues []string
Identifier string
SuccessValues []string

failureValues List<String>
identifier String
successValues List<String>

failureValues string[]
identifier string
successValues string[]

failure_values Sequence[str]
identifier str
success_values Sequence[str]

failureValues List<String>
identifier String
successValues List<String>

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCode, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetResponseInspectionStatusCodeArgs

FailureCodes List<int>
SuccessCodes List<int>

FailureCodes []int
SuccessCodes []int

failureCodes List<Integer>
successCodes List<Integer>

failureCodes number[]
successCodes number[]

failure_codes Sequence[int]
success_codes Sequence[int]

failureCodes List<Number>
successCodes List<Number>

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetArgs

ClientSideActionConfig WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfig
SensitivityToBlock string

ClientSideActionConfig WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfig
SensitivityToBlock string

clientSideActionConfig WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfig
sensitivityToBlock String

clientSideActionConfig WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfig
sensitivityToBlock string

client_side_action_config WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfig
sensitivity_to_block str

clientSideActionConfig Property Map
sensitivityToBlock String

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfig, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigArgs

Challenge WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallenge: Present a silent challenge. See Challenge below.

Challenge WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallenge: Present a silent challenge. See Challenge below.

challenge WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallenge: Present a silent challenge. See Challenge below.

challenge WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallenge: Present a silent challenge. See Challenge below.

challenge WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallenge: Present a silent challenge. See Challenge below.

challenge Property Map: Present a silent challenge. See Challenge below.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallenge, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeArgs

UsageOfAction string
ExemptUriRegularExpressions List<WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpression>
Sensitivity string

UsageOfAction string
ExemptUriRegularExpressions []WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpression
Sensitivity string

usageOfAction String
exemptUriRegularExpressions List<WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpression>
sensitivity String

usageOfAction string
exemptUriRegularExpressions WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpression[]
sensitivity string

usage_of_action str
exempt_uri_regular_expressions Sequence[WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpression]
sensitivity str

usageOfAction String
exemptUriRegularExpressions List<Property Map>
sensitivity String

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpression, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAntiDdosRuleSetClientSideActionConfigChallengeExemptUriRegularExpressionArgs

RegexString string: Regular expression pattern to match against the web request component.

RegexString string: Regular expression pattern to match against the web request component.

regexString String: Regular expression pattern to match against the web request component.

regexString string: Regular expression pattern to match against the web request component.

regex_string str: Regular expression pattern to match against the web request component.

regexString String: Regular expression pattern to match against the web request component.

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetArgs

LoginPath string
EnableRegexInPath bool
RequestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection
ResponseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection

LoginPath string
EnableRegexInPath bool
RequestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection
ResponseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection

loginPath String
enableRegexInPath Boolean
requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection
responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection

loginPath string
enableRegexInPath boolean
requestInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection
responseInspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection

login_path str
enable_regex_in_path bool
request_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection
response_inspection WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection

loginPath String
enableRegexInPath Boolean
requestInspection Property Map
responseInspection Property Map

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionArgs

PayloadType string
PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField

PayloadType string
PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField

payloadType String
passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField
usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField

payloadType string
passwordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField
usernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField

payload_type str
password_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField
username_field WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField

payloadType String
passwordField Property Map
usernameField Property Map

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionPasswordFieldArgs

Identifier string

Identifier string

identifier String

identifier string

identifier str

identifier String

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetRequestInspectionUsernameFieldArgs

Identifier string

Identifier string

identifier String

identifier string

identifier str

identifier String

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspection, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionArgs

BodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains
Header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader: Use a header as an aggregate key. See Custom Key Header below.
Json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson
StatusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode

BodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains
Header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader: Use a header as an aggregate key. See Custom Key Header below.
Json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson
StatusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode

bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains
header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader: Use a header as an aggregate key. See Custom Key Header below.
json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson
statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode

bodyContains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains
header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader: Use a header as an aggregate key. See Custom Key Header below.
json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson
statusCode WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode

body_contains WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains
header WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader: Use a header as an aggregate key. See Custom Key Header below.
json WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson
status_code WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode

bodyContains Property Map
header Property Map: Use a header as an aggregate key. See Custom Key Header below.
json Property Map
statusCode Property Map

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContains, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionBodyContainsArgs

FailureStrings List<string>
SuccessStrings List<string>

FailureStrings []string
SuccessStrings []string

failureStrings List<String>
successStrings List<String>

failureStrings string[]
successStrings string[]

failure_strings Sequence[str]
success_strings Sequence[str]

failureStrings List<String>
successStrings List<String>

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeader, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionHeaderArgs

FailureValues List<string>
Name string: Name of the rule. Must be unique within the Web ACL.
SuccessValues List<string>

FailureValues []string
Name string: Name of the rule. Must be unique within the Web ACL.
SuccessValues []string

failureValues List<String>
name String: Name of the rule. Must be unique within the Web ACL.
successValues List<String>

failureValues string[]
name string: Name of the rule. Must be unique within the Web ACL.
successValues string[]

failure_values Sequence[str]
name str: Name of the rule. Must be unique within the Web ACL.
success_values Sequence[str]

failureValues List<String>
name String: Name of the rule. Must be unique within the Web ACL.
successValues List<String>

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJson, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionJsonArgs

FailureValues List<string>
Identifier string
SuccessValues List<string>

FailureValues []string
Identifier string
SuccessValues []string

failureValues List<String>
identifier String
successValues List<String>

failureValues string[]
identifier string
successValues string[]

failure_values Sequence[str]
identifier str
success_values Sequence[str]

failureValues List<String>
identifier String
successValues List<String>

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCode, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetResponseInspectionStatusCodeArgs

FailureCodes List<int>
SuccessCodes List<int>

FailureCodes []int
SuccessCodes []int

failureCodes List<Integer>
successCodes List<Integer>

failureCodes number[]
successCodes number[]

failure_codes Sequence[int]
success_codes Sequence[int]

failureCodes List<Number>
successCodes List<Number>

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSet, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSetArgs

InspectionLevel string
EnableMachineLearning bool

InspectionLevel string
EnableMachineLearning bool

inspectionLevel String
enableMachineLearning Boolean

inspectionLevel string
enableMachineLearning boolean

inspection_level str
enable_machine_learning bool

inspectionLevel String
enableMachineLearning Boolean

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordFieldArgs

Identifier string

Identifier string

identifier String

identifier string

identifier str

identifier String

WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameField, WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameFieldArgs

Identifier string

Identifier string

identifier String

identifier string

identifier str

identifier String

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverride, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideArgs

Name string: Name of the rule to override.
ActionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse: Override action to use for the rule. See Action below.

Name string: Name of the rule to override.
ActionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse: Override action to use for the rule. See Action below.

name String: Name of the rule to override.
actionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse: Override action to use for the rule. See Action below.

name string: Name of the rule to override.
actionToUse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse: Override action to use for the rule. See Action below.

name str: Name of the rule to override.
action_to_use WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse: Override action to use for the rule. See Action below.

name String: Name of the rule to override.
actionToUse Property Map: Override action to use for the rule. See Action below.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUse, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseArgs

Allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow: Allow the request. See Allow below.
Block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock: Block the request. See Block below.
Captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha: Present a CAPTCHA challenge. See Captcha below.
Challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge: Present a silent challenge. See Challenge below.
Count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

Allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow: Allow the request. See Allow below.
Block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock: Block the request. See Block below.
Captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha: Present a CAPTCHA challenge. See Captcha below.
Challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge: Present a silent challenge. See Challenge below.
Count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow: Allow the request. See Allow below.
block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock: Block the request. See Block below.
captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha: Present a CAPTCHA challenge. See Captcha below.
challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge: Present a silent challenge. See Challenge below.
count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow: Allow the request. See Allow below.
block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock: Block the request. See Block below.
captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha: Present a CAPTCHA challenge. See Captcha below.
challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge: Present a silent challenge. See Challenge below.
count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

allow WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow: Allow the request. See Allow below.
block WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock: Block the request. See Block below.
captcha WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha: Present a CAPTCHA challenge. See Captcha below.
challenge WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge: Present a silent challenge. See Challenge below.
count WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount

allow Property Map: Allow the request. See Allow below.
block Property Map: Block the request. See Block below.
captcha Property Map: Present a CAPTCHA challenge. See Captcha below.
challenge Property Map: Present a silent challenge. See Challenge below.
count Property Map

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllow, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowArgs

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling Property Map: Custom request handling configuration. See Custom Request Handling below.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader[]: Custom headers to insert into the request. See Insert Header below.

insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader]: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<Property Map>: Custom headers to insert into the request. See Insert Header below.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseAllowCustomRequestHandlingInsertHeaderArgs

Name string: Header name.
Value string: Header value.

Name string: Header name.
Value string: Header value.

name String: Header name.
value String: Header value.

name string: Header name.
value string: Header value.

name str: Header name.
value str: Header value.

name String: Header name.
value String: Header value.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlock, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockArgs

CustomResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse: Custom response configuration. See Custom Response below.

CustomResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse: Custom response configuration. See Custom Response below.

customResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse: Custom response configuration. See Custom Response below.

customResponse WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse: Custom response configuration. See Custom Response below.

custom_response WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse: Custom response configuration. See Custom Response below.

customResponse Property Map: Custom response configuration. See Custom Response below.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponse, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseArgs

ResponseCode int: HTTP status code to return (200-599).
CustomResponseBodyKey string: Key of a custom response body defined in the Web ACL.
ResponseHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader>: Custom headers to include in the response. See Response Header below.

ResponseCode int: HTTP status code to return (200-599).
CustomResponseBodyKey string: Key of a custom response body defined in the Web ACL.
ResponseHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader: Custom headers to include in the response. See Response Header below.

responseCode Integer: HTTP status code to return (200-599).
customResponseBodyKey String: Key of a custom response body defined in the Web ACL.
responseHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader>: Custom headers to include in the response. See Response Header below.

responseCode number: HTTP status code to return (200-599).
customResponseBodyKey string: Key of a custom response body defined in the Web ACL.
responseHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader[]: Custom headers to include in the response. See Response Header below.

response_code int: HTTP status code to return (200-599).
custom_response_body_key str: Key of a custom response body defined in the Web ACL.
response_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader]: Custom headers to include in the response. See Response Header below.

responseCode Number: HTTP status code to return (200-599).
customResponseBodyKey String: Key of a custom response body defined in the Web ACL.
responseHeaders List<Property Map>: Custom headers to include in the response. See Response Header below.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseBlockCustomResponseResponseHeaderArgs

Name string: Header name.
Value string: Header value.

Name string: Header name.
Value string: Header value.

name String: Header name.
value String: Header value.

name string: Header name.
value string: Header value.

name str: Header name.
value str: Header value.

name String: Header name.
value String: Header value.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptcha, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaArgs

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling Property Map: Custom request handling configuration. See Custom Request Handling below.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader[]: Custom headers to insert into the request. See Insert Header below.

insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader]: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<Property Map>: Custom headers to insert into the request. See Insert Header below.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCaptchaCustomRequestHandlingInsertHeaderArgs

Name string: Header name.
Value string: Header value.

Name string: Header name.
Value string: Header value.

name String: Header name.
value String: Header value.

name string: Header name.
value string: Header value.

name str: Header name.
value str: Header value.

name String: Header name.
value String: Header value.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallenge, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeArgs

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling Property Map: Custom request handling configuration. See Custom Request Handling below.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader[]: Custom headers to insert into the request. See Insert Header below.

insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader]: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<Property Map>: Custom headers to insert into the request. See Insert Header below.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseChallengeCustomRequestHandlingInsertHeaderArgs

Name string: Header name.
Value string: Header value.

Name string: Header name.
Value string: Header value.

name String: Header name.
value String: Header value.

name string: Header name.
value string: Header value.

name str: Header name.
value str: Header value.

name String: Header name.
value String: Header value.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCount, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountArgs

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

CustomRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

custom_request_handling WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling: Custom request handling configuration. See Custom Request Handling below.

customRequestHandling Property Map: Custom request handling configuration. See Custom Request Handling below.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandling, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingArgs

InsertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

InsertHeaders []WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader>: Custom headers to insert into the request. See Insert Header below.

insertHeaders WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader[]: Custom headers to insert into the request. See Insert Header below.

insert_headers Sequence[WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader]: Custom headers to insert into the request. See Insert Header below.

insertHeaders List<Property Map>: Custom headers to insert into the request. See Insert Header below.

WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeader, WebAclRuleStatementManagedRuleGroupStatementRuleActionOverrideActionToUseCountCustomRequestHandlingInsertHeaderArgs

Name string: Header name.
Value string: Header value.

Name string: Header name.
Value string: Header value.

name String: Header name.
value String: Header value.

name string: Header name.
value string: Header value.

name str: Header name.
value str: Header value.

name String: Header name.
value String: Header value.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs

AsnMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatement: Match requests based on Autonomous System Number (ASN). See ASN Match Statement above.
ByteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement: Match requests based on byte patterns. See Byte Match Statement above.
GeoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement: Match requests by geographic location. See Geo Match Statement above.
IpSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement: Reference to an IP set. See IP Set Reference Statement above.
LabelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement: Match requests based on labels. See Label Match Statement above.
RegexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement: Match requests using regex patterns. See Regex Match Statement above.
RegexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions from a RegexPatternSet.
SizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement: Match requests based on size constraints. See Size Constraint Statement above.
SqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement: Match requests that appear to contain SQL injection attacks.
XssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement: Match requests that appear to contain cross-site scripting attacks.

AsnMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatement: Match requests based on Autonomous System Number (ASN). See ASN Match Statement above.
ByteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement: Match requests based on byte patterns. See Byte Match Statement above.
GeoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement: Match requests by geographic location. See Geo Match Statement above.
IpSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement: Reference to an IP set. See IP Set Reference Statement above.
LabelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement: Match requests based on labels. See Label Match Statement above.
RegexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement: Match requests using regex patterns. See Regex Match Statement above.
RegexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions from a RegexPatternSet.
SizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement: Match requests based on size constraints. See Size Constraint Statement above.
SqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement: Match requests that appear to contain SQL injection attacks.
XssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement: Match requests that appear to contain cross-site scripting attacks.

asnMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatement: Match requests based on Autonomous System Number (ASN). See ASN Match Statement above.
byteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement: Match requests based on byte patterns. See Byte Match Statement above.
geoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement: Match requests by geographic location. See Geo Match Statement above.
ipSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement: Reference to an IP set. See IP Set Reference Statement above.
labelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement: Match requests based on labels. See Label Match Statement above.
regexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement: Match requests using regex patterns. See Regex Match Statement above.
regexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions from a RegexPatternSet.
sizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement: Match requests based on size constraints. See Size Constraint Statement above.
sqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement: Match requests that appear to contain SQL injection attacks.
xssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement: Match requests that appear to contain cross-site scripting attacks.

asnMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatement: Match requests based on Autonomous System Number (ASN). See ASN Match Statement above.
byteMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement: Match requests based on byte patterns. See Byte Match Statement above.
geoMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement: Match requests by geographic location. See Geo Match Statement above.
ipSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement: Reference to an IP set. See IP Set Reference Statement above.
labelMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement: Match requests based on labels. See Label Match Statement above.
regexMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement: Match requests using regex patterns. See Regex Match Statement above.
regexPatternSetReferenceStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions from a RegexPatternSet.
sizeConstraintStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement: Match requests based on size constraints. See Size Constraint Statement above.
sqliMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement: Match requests that appear to contain SQL injection attacks.
xssMatchStatement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement: Match requests that appear to contain cross-site scripting attacks.

asn_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatement: Match requests based on Autonomous System Number (ASN). See ASN Match Statement above.
byte_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement: Match requests based on byte patterns. See Byte Match Statement above.
geo_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement: Match requests by geographic location. See Geo Match Statement above.
ip_set_reference_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement: Reference to an IP set. See IP Set Reference Statement above.
label_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement: Match requests based on labels. See Label Match Statement above.
regex_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement: Match requests using regex patterns. See Regex Match Statement above.
regex_pattern_set_reference_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement: Rule statement used to search web request components for matches with regular expressions from a RegexPatternSet.
size_constraint_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement: Match requests based on size constraints. See Size Constraint Statement above.
sqli_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement: Match requests that appear to contain SQL injection attacks.
xss_match_statement WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement: Match requests that appear to contain cross-site scripting attacks.

asnMatchStatement Property Map: Match requests based on Autonomous System Number (ASN). See ASN Match Statement above.
byteMatchStatement Property Map: Match requests based on byte patterns. See Byte Match Statement above.
geoMatchStatement Property Map: Match requests by geographic location. See Geo Match Statement above.
ipSetReferenceStatement Property Map: Reference to an IP set. See IP Set Reference Statement above.
labelMatchStatement Property Map: Match requests based on labels. See Label Match Statement above.
regexMatchStatement Property Map: Match requests using regex patterns. See Regex Match Statement above.
regexPatternSetReferenceStatement Property Map: Rule statement used to search web request components for matches with regular expressions from a RegexPatternSet.
sizeConstraintStatement Property Map: Match requests based on size constraints. See Size Constraint Statement above.
sqliMatchStatement Property Map: Match requests that appear to contain SQL injection attacks.
xssMatchStatement Property Map: Match requests that appear to contain cross-site scripting attacks.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatementArgs

AsnLists List<int>: List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
ForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.

AsnLists []int: List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
ForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.

asnLists List<Integer>: List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
forwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.

asnLists number[]: List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
forwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.

asn_lists Sequence[int]: List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
forwarded_ip_config WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatementForwardedIpConfig: Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.

asnLists List<Number>: List of Autonomous System Numbers (ASNs) to match against. ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
forwardedIpConfig Property Map: Configuration for inspecting IP addresses in an HTTP header instead of using the web request origin. See Forwarded IP Config below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatementForwardedIpConfig, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAsnMatchStatementForwardedIpConfigArgs

FallbackBehavior string
HeaderName string: Name of the header containing the forwarded IP address.

FallbackBehavior string
HeaderName string: Name of the header containing the forwarded IP address.

fallbackBehavior String
headerName String: Name of the header containing the forwarded IP address.

fallbackBehavior string
headerName string: Name of the header containing the forwarded IP address.

fallback_behavior str
header_name str: Name of the header containing the forwarded IP address.

fallbackBehavior String
headerName String: Name of the header containing the forwarded IP address.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementArgs

PositionalConstraint string: Area within the portion of the web request that you want WAF to search for searchString. Valid values: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD.
SearchString string: String value to search for within the request (1-200 characters).
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

PositionalConstraint string: Area within the portion of the web request that you want WAF to search for searchString. Valid values: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD.
SearchString string: String value to search for within the request (1-200 characters).
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

positionalConstraint String: Area within the portion of the web request that you want WAF to search for searchString. Valid values: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD.
searchString String: String value to search for within the request (1-200 characters).
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

positionalConstraint string: Area within the portion of the web request that you want WAF to search for searchString. Valid values: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD.
searchString string: String value to search for within the request (1-200 characters).
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

positional_constraint str: Area within the portion of the web request that you want WAF to search for searchString. Valid values: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD.
search_string str: String value to search for within the request (1-200 characters).
field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

positionalConstraint String: Area within the portion of the web request that you want WAF to search for searchString. Valid values: EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD.
searchString String: String value to search for within the request (1-200 characters).
fieldToMatch Property Map: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchArgs

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
UriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path.

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader: Inspect the request headers. See Headers below.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
UriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder[]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path.

all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader]: Inspect the request headers. See Headers below.
ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod: Inspect the HTTP method.
query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString: Inspect the query string.
single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uri_fragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body as plain text. See Body below.
cookies Property Map: Inspect the request cookies. See Cookies below.
headerOrders List<Property Map>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers List<Property Map>: Inspect the request headers. See Headers below.
ja3Fingerprint Property Map: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint Property Map: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body below.
method Property Map: Inspect the HTTP method.
queryString Property Map: Inspect the query string.
singleHeader Property Map: Inspect a single header. See Single Header below.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below.
uriFragment Property Map: Inspect fragments of the request URI. See URI Fragment below.
uriPath Property Map: Inspect the request URI path.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBodyArgs

OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversize_handling str: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesArgs

MatchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern>: Cookies to inspect. See Cookies Match Pattern below.

MatchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern: Cookies to inspect. See Cookies Match Pattern below.

matchScope String: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern>: Cookies to inspect. See Cookies Match Pattern below.

matchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern[]: Cookies to inspect. See Cookies Match Pattern below.

match_scope str: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversize_handling str: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern]: Cookies to inspect. See Cookies Match Pattern below.

matchScope String: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns List<Property Map>: Cookies to inspect. See Cookies Match Pattern below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
ExcludedCookies List<string>: List of cookie names to exclude from inspection.
IncludedCookies List<string>: List of cookie names to inspect.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
ExcludedCookies []string: List of cookie names to exclude from inspection.
IncludedCookies []string: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
excludedCookies List<String>: List of cookie names to exclude from inspection.
includedCookies List<String>: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
excludedCookies string[]: List of cookie names to exclude from inspection.
includedCookies string[]: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchCookiesMatchPatternAll
excluded_cookies Sequence[str]: List of cookie names to exclude from inspection.
included_cookies Sequence[str]: List of cookie names to inspect.

all Property Map
excludedCookies List<String>: List of cookie names to exclude from inspection.
includedCookies List<String>: List of cookie names to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderArgs

MatchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

MatchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope String: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

match_scope str: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversize_handling str: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope String: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern Property Map: Headers to inspect. See Headers Match Pattern below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
ExcludedHeaders List<string>: List of header names to exclude from inspection.
IncludedHeaders List<string>: List of header names to inspect.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
ExcludedHeaders []string: List of header names to exclude from inspection.
IncludedHeaders []string: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
excludedHeaders List<String>: List of header names to exclude from inspection.
includedHeaders List<String>: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
excludedHeaders string[]: List of header names to exclude from inspection.
includedHeaders string[]: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderMatchPatternAll
excluded_headers Sequence[str]: List of header names to exclude from inspection.
included_headers Sequence[str]: List of header names to inspect.

all Property Map
excludedHeaders List<String>: List of header names to exclude from inspection.
includedHeaders List<String>: List of header names to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallback_behavior str: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallback_behavior str: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyArgs

MatchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
InvalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

MatchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
InvalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope String: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior String: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

match_scope str: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalid_fallback_behavior str: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversize_handling str: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope String: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior String: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern Property Map: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
IncludedPaths List<string>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
IncludedPaths []string: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
includedPaths List<String>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
includedPaths string[]: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternAll
included_paths Sequence[str]: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all Property Map
includedPaths List<String>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeaderArgs

Name string: Name of the header to inspect (case insensitive).

Name string: Name of the header to inspect (case insensitive).

name String: Name of the header to inspect (case insensitive).

name string: Name of the header to inspect (case insensitive).

name str: Name of the header to inspect (case insensitive).

name String: Name of the header to inspect (case insensitive).

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

Name string: Name of the query argument to inspect.

Name string: Name of the query argument to inspect.

name String: Name of the query argument to inspect.

name string: Name of the query argument to inspect.

name str: Name of the query argument to inspect.

name String: Name of the query argument to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragment, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriFragmentArgs

FallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallback_behavior str: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformationArgs

Priority int: Relative processing order for multiple transformations (0-based).
Type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

Priority int: Relative processing order for multiple transformations (0-based).
Type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority Integer: Relative processing order for multiple transformations (0-based).
type String: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority number: Relative processing order for multiple transformations (0-based).
type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority int: Relative processing order for multiple transformations (0-based).
type str: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority Number: Relative processing order for multiple transformations (0-based).
type String: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs

CountryCodes List<string>: List of two-character country codes (ISO 3166-1 alpha-2).
ForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.

CountryCodes []string: List of two-character country codes (ISO 3166-1 alpha-2).
ForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.

countryCodes List<String>: List of two-character country codes (ISO 3166-1 alpha-2).
forwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.

countryCodes string[]: List of two-character country codes (ISO 3166-1 alpha-2).
forwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.

country_codes Sequence[str]: List of two-character country codes (ISO 3166-1 alpha-2).
forwarded_ip_config WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig: Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.

countryCodes List<String>: List of two-character country codes (ISO 3166-1 alpha-2).
forwardedIpConfig Property Map: Configuration for inspecting forwarded IP headers. See Forwarded IP Config below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfigArgs

FallbackBehavior string
HeaderName string: Name of the header containing the forwarded IP address.

FallbackBehavior string
HeaderName string: Name of the header containing the forwarded IP address.

fallbackBehavior String
headerName String: Name of the header containing the forwarded IP address.

fallbackBehavior string
headerName string: Name of the header containing the forwarded IP address.

fallback_behavior str
header_name str: Name of the header containing the forwarded IP address.

fallbackBehavior String
headerName String: Name of the header containing the forwarded IP address.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementArgs

Arn string: ARN of the IP set to reference.
IpSetForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.

Arn string: ARN of the IP set to reference.
IpSetForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.

arn String: ARN of the IP set to reference.
ipSetForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.

arn string: ARN of the IP set to reference.
ipSetForwardedIpConfig WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.

arn str: ARN of the IP set to reference.
ip_set_forwarded_ip_config WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig: Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.

arn String: ARN of the IP set to reference.
ipSetForwardedIpConfig Property Map: Configuration for inspecting forwarded IP headers. See IP Set Forwarded IP Config below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs

FallbackBehavior string: Action to take when the IP address in the header is invalid. Valid values: MATCH, NO_MATCH.
HeaderName string: Name of the header containing the forwarded IP address.
Position string: Position in the header to use. Valid values: FIRST, LAST, ANY.

FallbackBehavior string: Action to take when the IP address in the header is invalid. Valid values: MATCH, NO_MATCH.
HeaderName string: Name of the header containing the forwarded IP address.
Position string: Position in the header to use. Valid values: FIRST, LAST, ANY.

fallbackBehavior String: Action to take when the IP address in the header is invalid. Valid values: MATCH, NO_MATCH.
headerName String: Name of the header containing the forwarded IP address.
position String: Position in the header to use. Valid values: FIRST, LAST, ANY.

fallbackBehavior string: Action to take when the IP address in the header is invalid. Valid values: MATCH, NO_MATCH.
headerName string: Name of the header containing the forwarded IP address.
position string: Position in the header to use. Valid values: FIRST, LAST, ANY.

fallback_behavior str: Action to take when the IP address in the header is invalid. Valid values: MATCH, NO_MATCH.
header_name str: Name of the header containing the forwarded IP address.
position str: Position in the header to use. Valid values: FIRST, LAST, ANY.

fallbackBehavior String: Action to take when the IP address in the header is invalid. Valid values: MATCH, NO_MATCH.
headerName String: Name of the header containing the forwarded IP address.
position String: Position in the header to use. Valid values: FIRST, LAST, ANY.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementLabelMatchStatementArgs

Key string: String to match against. For LABEL scope, include the name and any preceding namespace specifications. For NAMESPACE scope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g., NS1:NS2:name).
Scope string: Whether to match using the label name or namespace. Valid values: LABEL, NAMESPACE.

Key string: String to match against. For LABEL scope, include the name and any preceding namespace specifications. For NAMESPACE scope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g., NS1:NS2:name).
Scope string: Whether to match using the label name or namespace. Valid values: LABEL, NAMESPACE.

key String: String to match against. For LABEL scope, include the name and any preceding namespace specifications. For NAMESPACE scope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g., NS1:NS2:name).
scope String: Whether to match using the label name or namespace. Valid values: LABEL, NAMESPACE.

key string: String to match against. For LABEL scope, include the name and any preceding namespace specifications. For NAMESPACE scope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g., NS1:NS2:name).
scope string: Whether to match using the label name or namespace. Valid values: LABEL, NAMESPACE.

key str: String to match against. For LABEL scope, include the name and any preceding namespace specifications. For NAMESPACE scope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g., NS1:NS2:name).
scope str: Whether to match using the label name or namespace. Valid values: LABEL, NAMESPACE.

key String: String to match against. For LABEL scope, include the name and any preceding namespace specifications. For NAMESPACE scope, include namespace strings. Labels are case sensitive and components must be separated by colon (e.g., NS1:NS2:name).
scope String: Whether to match using the label name or namespace. Valid values: LABEL, NAMESPACE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementArgs

RegexString string: Regular expression pattern to match against the web request component.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

RegexString string: Regular expression pattern to match against the web request component.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

regexString String: Regular expression pattern to match against the web request component.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

regexString string: Regular expression pattern to match against the web request component.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

regex_string str: Regular expression pattern to match against the web request component.
field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

regexString String: Regular expression pattern to match against the web request component.
fieldToMatch Property Map: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchArgs

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
UriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path.

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader: Inspect the request headers. See Headers below.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
UriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder[]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path.

all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader]: Inspect the request headers. See Headers below.
ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchMethod: Inspect the HTTP method.
query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchQueryString: Inspect the query string.
single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uri_fragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body as plain text. See Body below.
cookies Property Map: Inspect the request cookies. See Cookies below.
headerOrders List<Property Map>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers List<Property Map>: Inspect the request headers. See Headers below.
ja3Fingerprint Property Map: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint Property Map: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body below.
method Property Map: Inspect the HTTP method.
queryString Property Map: Inspect the query string.
singleHeader Property Map: Inspect a single header. See Single Header below.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below.
uriFragment Property Map: Inspect fragments of the request URI. See URI Fragment below.
uriPath Property Map: Inspect the request URI path.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchBodyArgs

OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversize_handling str: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesArgs

MatchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>: Cookies to inspect. See Cookies Match Pattern below.

MatchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern: Cookies to inspect. See Cookies Match Pattern below.

matchScope String: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern>: Cookies to inspect. See Cookies Match Pattern below.

matchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern[]: Cookies to inspect. See Cookies Match Pattern below.

match_scope str: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversize_handling str: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern]: Cookies to inspect. See Cookies Match Pattern below.

matchScope String: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns List<Property Map>: Cookies to inspect. See Cookies Match Pattern below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll
ExcludedCookies List<string>: List of cookie names to exclude from inspection.
IncludedCookies List<string>: List of cookie names to inspect.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll
ExcludedCookies []string: List of cookie names to exclude from inspection.
IncludedCookies []string: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll
excludedCookies List<String>: List of cookie names to exclude from inspection.
includedCookies List<String>: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll
excludedCookies string[]: List of cookie names to exclude from inspection.
includedCookies string[]: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchCookiesMatchPatternAll
excluded_cookies Sequence[str]: List of cookie names to exclude from inspection.
included_cookies Sequence[str]: List of cookie names to inspect.

all Property Map
excludedCookies List<String>: List of cookie names to exclude from inspection.
includedCookies List<String>: List of cookie names to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderArgs

MatchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

MatchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope String: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

match_scope str: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversize_handling str: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope String: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern Property Map: Headers to inspect. See Headers Match Pattern below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
ExcludedHeaders List<string>: List of header names to exclude from inspection.
IncludedHeaders List<string>: List of header names to inspect.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
ExcludedHeaders []string: List of header names to exclude from inspection.
IncludedHeaders []string: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
excludedHeaders List<String>: List of header names to exclude from inspection.
includedHeaders List<String>: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
excludedHeaders string[]: List of header names to exclude from inspection.
includedHeaders string[]: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderMatchPatternAll
excluded_headers Sequence[str]: List of header names to exclude from inspection.
included_headers Sequence[str]: List of header names to inspect.

all Property Map
excludedHeaders List<String>: List of header names to exclude from inspection.
includedHeaders List<String>: List of header names to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallback_behavior str: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallback_behavior str: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyArgs

MatchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
InvalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

MatchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
InvalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope String: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior String: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

match_scope str: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalid_fallback_behavior str: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversize_handling str: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope String: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior String: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern Property Map: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll
IncludedPaths List<string>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll
IncludedPaths []string: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll
includedPaths List<String>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll
includedPaths string[]: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchJsonBodyMatchPatternAll
included_paths Sequence[str]: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all Property Map
includedPaths List<String>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleHeaderArgs

Name string: Name of the header to inspect (case insensitive).

Name string: Name of the header to inspect (case insensitive).

name String: Name of the header to inspect (case insensitive).

name string: Name of the header to inspect (case insensitive).

name str: Name of the header to inspect (case insensitive).

name String: Name of the header to inspect (case insensitive).

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchSingleQueryArgumentArgs

Name string: Name of the query argument to inspect.

Name string: Name of the query argument to inspect.

name String: Name of the query argument to inspect.

name string: Name of the query argument to inspect.

name str: Name of the query argument to inspect.

name String: Name of the query argument to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragment, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementFieldToMatchUriFragmentArgs

FallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallback_behavior str: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexMatchStatementTextTransformationArgs

Priority int: Relative processing order for multiple transformations (0-based).
Type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

Priority int: Relative processing order for multiple transformations (0-based).
Type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority Integer: Relative processing order for multiple transformations (0-based).
type String: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority number: Relative processing order for multiple transformations (0-based).
type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority int: Relative processing order for multiple transformations (0-based).
type str: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority Number: Relative processing order for multiple transformations (0-based).
type String: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementArgs

Arn string: ARN of the regex pattern set to reference.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

Arn string: ARN of the regex pattern set to reference.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

arn String: ARN of the regex pattern set to reference.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

arn string: ARN of the regex pattern set to reference.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

arn str: ARN of the regex pattern set to reference.
field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

arn String: ARN of the regex pattern set to reference.
fieldToMatch Property Map: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchArgs

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader>: Inspect the request headers. See Headers below.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
UriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path.

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader: Inspect the request headers. See Headers below.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
UriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader>: Inspect the request headers. See Headers below.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder[]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path.

all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader]: Inspect the request headers. See Headers below.
ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod: Inspect the HTTP method.
query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString: Inspect the query string.
single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uri_fragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body as plain text. See Body below.
cookies Property Map: Inspect the request cookies. See Cookies below.
headerOrders List<Property Map>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers List<Property Map>: Inspect the request headers. See Headers below.
ja3Fingerprint Property Map: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint Property Map: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body below.
method Property Map: Inspect the HTTP method.
queryString Property Map: Inspect the query string.
singleHeader Property Map: Inspect a single header. See Single Header below.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below.
uriFragment Property Map: Inspect fragments of the request URI. See URI Fragment below.
uriPath Property Map: Inspect the request URI path.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBodyArgs

OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversize_handling str: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesArgs

MatchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>: Cookies to inspect. See Cookies Match Pattern below.

MatchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern: Cookies to inspect. See Cookies Match Pattern below.

matchScope String: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern>: Cookies to inspect. See Cookies Match Pattern below.

matchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern[]: Cookies to inspect. See Cookies Match Pattern below.

match_scope str: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversize_handling str: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern]: Cookies to inspect. See Cookies Match Pattern below.

matchScope String: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns List<Property Map>: Cookies to inspect. See Cookies Match Pattern below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll
ExcludedCookies List<string>: List of cookie names to exclude from inspection.
IncludedCookies List<string>: List of cookie names to inspect.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll
ExcludedCookies []string: List of cookie names to exclude from inspection.
IncludedCookies []string: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll
excludedCookies List<String>: List of cookie names to exclude from inspection.
includedCookies List<String>: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll
excludedCookies string[]: List of cookie names to exclude from inspection.
includedCookies string[]: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchCookiesMatchPatternAll
excluded_cookies Sequence[str]: List of cookie names to exclude from inspection.
included_cookies Sequence[str]: List of cookie names to inspect.

all Property Map
excludedCookies List<String>: List of cookie names to exclude from inspection.
includedCookies List<String>: List of cookie names to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderArgs

MatchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

MatchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope String: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

match_scope str: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversize_handling str: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope String: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern Property Map: Headers to inspect. See Headers Match Pattern below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
ExcludedHeaders List<string>: List of header names to exclude from inspection.
IncludedHeaders List<string>: List of header names to inspect.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
ExcludedHeaders []string: List of header names to exclude from inspection.
IncludedHeaders []string: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
excludedHeaders List<String>: List of header names to exclude from inspection.
includedHeaders List<String>: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
excludedHeaders string[]: List of header names to exclude from inspection.
includedHeaders string[]: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderMatchPatternAll
excluded_headers Sequence[str]: List of header names to exclude from inspection.
included_headers Sequence[str]: List of header names to inspect.

all Property Map
excludedHeaders List<String>: List of header names to exclude from inspection.
includedHeaders List<String>: List of header names to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallback_behavior str: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallback_behavior str: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyArgs

MatchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
InvalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

MatchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
InvalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope String: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior String: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

match_scope str: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalid_fallback_behavior str: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversize_handling str: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope String: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior String: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern Property Map: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll
IncludedPaths List<string>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll
IncludedPaths []string: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll
includedPaths List<String>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll
includedPaths string[]: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchJsonBodyMatchPatternAll
included_paths Sequence[str]: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all Property Map
includedPaths List<String>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs

Name string: Name of the header to inspect (case insensitive).

Name string: Name of the header to inspect (case insensitive).

name String: Name of the header to inspect (case insensitive).

name string: Name of the header to inspect (case insensitive).

name str: Name of the header to inspect (case insensitive).

name String: Name of the header to inspect (case insensitive).

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgumentArgs

Name string: Name of the query argument to inspect.

Name string: Name of the query argument to inspect.

name String: Name of the query argument to inspect.

name string: Name of the query argument to inspect.

name str: Name of the query argument to inspect.

name String: Name of the query argument to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragment, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriFragmentArgs

FallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallback_behavior str: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformationArgs

Priority int: Relative processing order for multiple transformations (0-based).
Type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

Priority int: Relative processing order for multiple transformations (0-based).
Type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority Integer: Relative processing order for multiple transformations (0-based).
type String: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority number: Relative processing order for multiple transformations (0-based).
type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority int: Relative processing order for multiple transformations (0-based).
type str: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority Number: Relative processing order for multiple transformations (0-based).
type String: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementArgs

ComparisonOperator string: Operator to use to compare the request part to the size setting. Valid values: EQ, NE, LE, LT, GE, GT.
Size int: Size, in bytes, to compare to the request part, after any transformations.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

ComparisonOperator string: Operator to use to compare the request part to the size setting. Valid values: EQ, NE, LE, LT, GE, GT.
Size int: Size, in bytes, to compare to the request part, after any transformations.
FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

comparisonOperator String: Operator to use to compare the request part to the size setting. Valid values: EQ, NE, LE, LT, GE, GT.
size Integer: Size, in bytes, to compare to the request part, after any transformations.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

comparisonOperator string: Operator to use to compare the request part to the size setting. Valid values: EQ, NE, LE, LT, GE, GT.
size number: Size, in bytes, to compare to the request part, after any transformations.
fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation[]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

comparison_operator str: Operator to use to compare the request part to the size setting. Valid values: EQ, NE, LE, LT, GE, GT.
size int: Size, in bytes, to compare to the request part, after any transformations.
field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch: Part of the web request that you want WAF to inspect. See Field to Match below.
text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation]: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

comparisonOperator String: Operator to use to compare the request part to the size setting. Valid values: EQ, NE, LE, LT, GE, GT.
size Number: Size, in bytes, to compare to the request part, after any transformations.
fieldToMatch Property Map: Part of the web request that you want WAF to inspect. See Field to Match below.
textTransformations List<Property Map>: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchArgs

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader>: Inspect the request headers. See Headers below.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
UriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path.

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader: Inspect the request headers. See Headers below.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
UriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader>: Inspect the request headers. See Headers below.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder[]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path.

all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader]: Inspect the request headers. See Headers below.
ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod: Inspect the HTTP method.
query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString: Inspect the query string.
single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uri_fragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body as plain text. See Body below.
cookies Property Map: Inspect the request cookies. See Cookies below.
headerOrders List<Property Map>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers List<Property Map>: Inspect the request headers. See Headers below.
ja3Fingerprint Property Map: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint Property Map: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body below.
method Property Map: Inspect the HTTP method.
queryString Property Map: Inspect the query string.
singleHeader Property Map: Inspect a single header. See Single Header below.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below.
uriFragment Property Map: Inspect fragments of the request URI. See URI Fragment below.
uriPath Property Map: Inspect the request URI path.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBodyArgs

OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversize_handling str: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesArgs

MatchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>: Cookies to inspect. See Cookies Match Pattern below.

MatchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern: Cookies to inspect. See Cookies Match Pattern below.

matchScope String: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern>: Cookies to inspect. See Cookies Match Pattern below.

matchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern[]: Cookies to inspect. See Cookies Match Pattern below.

match_scope str: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversize_handling str: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern]: Cookies to inspect. See Cookies Match Pattern below.

matchScope String: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns List<Property Map>: Cookies to inspect. See Cookies Match Pattern below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll
ExcludedCookies List<string>: List of cookie names to exclude from inspection.
IncludedCookies List<string>: List of cookie names to inspect.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll
ExcludedCookies []string: List of cookie names to exclude from inspection.
IncludedCookies []string: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll
excludedCookies List<String>: List of cookie names to exclude from inspection.
includedCookies List<String>: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll
excludedCookies string[]: List of cookie names to exclude from inspection.
includedCookies string[]: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchCookiesMatchPatternAll
excluded_cookies Sequence[str]: List of cookie names to exclude from inspection.
included_cookies Sequence[str]: List of cookie names to inspect.

all Property Map
excludedCookies List<String>: List of cookie names to exclude from inspection.
includedCookies List<String>: List of cookie names to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderArgs

MatchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

MatchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope String: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

match_scope str: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversize_handling str: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope String: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern Property Map: Headers to inspect. See Headers Match Pattern below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
ExcludedHeaders List<string>: List of header names to exclude from inspection.
IncludedHeaders List<string>: List of header names to inspect.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
ExcludedHeaders []string: List of header names to exclude from inspection.
IncludedHeaders []string: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
excludedHeaders List<String>: List of header names to exclude from inspection.
includedHeaders List<String>: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
excludedHeaders string[]: List of header names to exclude from inspection.
includedHeaders string[]: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderMatchPatternAll
excluded_headers Sequence[str]: List of header names to exclude from inspection.
included_headers Sequence[str]: List of header names to inspect.

all Property Map
excludedHeaders List<String>: List of header names to exclude from inspection.
includedHeaders List<String>: List of header names to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallback_behavior str: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallback_behavior str: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyArgs

MatchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
InvalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

MatchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
InvalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope String: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior String: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

match_scope str: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalid_fallback_behavior str: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversize_handling str: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope String: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior String: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern Property Map: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll
IncludedPaths List<string>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll
IncludedPaths []string: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll
includedPaths List<String>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll
includedPaths string[]: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchJsonBodyMatchPatternAll
included_paths Sequence[str]: List of JSON pointer expressions to inspect (e.g., /foo/bar).

all Property Map
includedPaths List<String>: List of JSON pointer expressions to inspect (e.g., /foo/bar).

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeaderArgs

Name string: Name of the header to inspect (case insensitive).

Name string: Name of the header to inspect (case insensitive).

name String: Name of the header to inspect (case insensitive).

name string: Name of the header to inspect (case insensitive).

name str: Name of the header to inspect (case insensitive).

name String: Name of the header to inspect (case insensitive).

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs

Name string: Name of the query argument to inspect.

Name string: Name of the query argument to inspect.

name String: Name of the query argument to inspect.

name string: Name of the query argument to inspect.

name str: Name of the query argument to inspect.

name String: Name of the query argument to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragment, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriFragmentArgs

FallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallback_behavior str: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: How to handle requests with a URI fragment that is too large to inspect. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformationArgs

Priority int: Relative processing order for multiple transformations (0-based).
Type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

Priority int: Relative processing order for multiple transformations (0-based).
Type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority Integer: Relative processing order for multiple transformations (0-based).
type String: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority number: Relative processing order for multiple transformations (0-based).
type string: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority int: Relative processing order for multiple transformations (0-based).
type str: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

priority Number: Relative processing order for multiple transformations (0-based).
type String: Transformation to apply. Valid values: NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementArgs

FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch
SensitivityLevel string: Sensitivity level for detecting SQL injection attacks. Valid values: HIGH, LOW.
TextTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation>

FieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch
SensitivityLevel string: Sensitivity level for detecting SQL injection attacks. Valid values: HIGH, LOW.
TextTransformations []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation

fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch
sensitivityLevel String: Sensitivity level for detecting SQL injection attacks. Valid values: HIGH, LOW.
textTransformations List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation>

fieldToMatch WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch
sensitivityLevel string: Sensitivity level for detecting SQL injection attacks. Valid values: HIGH, LOW.
textTransformations WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation[]

field_to_match WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch
sensitivity_level str: Sensitivity level for detecting SQL injection attacks. Valid values: HIGH, LOW.
text_transformations Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation]

fieldToMatch Property Map
sensitivityLevel String: Sensitivity level for detecting SQL injection attacks. Valid values: HIGH, LOW.
textTransformations List<Property Map>

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchArgs

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
HeaderOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
Headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
UriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path.

AllQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
Body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
Cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
HeaderOrders []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
Headers []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader: Inspect the request headers. See Headers below.
Ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
Ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
JsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
Method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method.
QueryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string.
SingleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
SingleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
UriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
UriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
headerOrders List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader>: Inspect the request headers. See Headers below.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
headerOrders WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder[]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader[]: Inspect the request headers. See Headers below.
ja3Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method.
queryString WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string.
singleHeader WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
singleQueryArgument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uriFragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uriPath WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path.

all_query_arguments WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments: Inspect all query arguments.
body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody: Inspect the request body as plain text. See Body below.
cookies WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies: Inspect the request cookies. See Cookies below.
header_orders Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder]: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader]: Inspect the request headers. See Headers below.
ja3_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4_fingerprint WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
json_body WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody: Inspect the request body as JSON. See JSON Body below.
method WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod: Inspect the HTTP method.
query_string WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString: Inspect the query string.
single_header WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader: Inspect a single header. See Single Header below.
single_query_argument WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument: Inspect a single query argument. See Single Query Argument below.
uri_fragment WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriFragment: Inspect fragments of the request URI. See URI Fragment below.
uri_path WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath: Inspect the request URI path.

allQueryArguments Property Map: Inspect all query arguments.
body Property Map: Inspect the request body as plain text. See Body below.
cookies Property Map: Inspect the request cookies. See Cookies below.
headerOrders List<Property Map>: Inspect a string containing the list of the request's header names, ordered as they appear in the web request. See Header Order below.
headers List<Property Map>: Inspect the request headers. See Headers below.
ja3Fingerprint Property Map: Match against the request's JA3 fingerprint (CloudFront and ALB only). See JA3 Fingerprint below.
ja4Fingerprint Property Map: Match against the request's JA4 fingerprint (CloudFront and ALB only). See JA4 Fingerprint below.
jsonBody Property Map: Inspect the request body as JSON. See JSON Body below.
method Property Map: Inspect the HTTP method.
queryString Property Map: Inspect the query string.
singleHeader Property Map: Inspect a single header. See Single Header below.
singleQueryArgument Property Map: Inspect a single query argument. See Single Query Argument below.
uriFragment Property Map: Inspect fragments of the request URI. See URI Fragment below.
uriPath Property Map: Inspect the request URI path.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBodyArgs

OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversize_handling str: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookies, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesArgs

MatchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern>: Cookies to inspect. See Cookies Match Pattern below.

MatchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPatterns []WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern: Cookies to inspect. See Cookies Match Pattern below.

matchScope String: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns List<WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern>: Cookies to inspect. See Cookies Match Pattern below.

matchScope string: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling string: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern[]: Cookies to inspect. See Cookies Match Pattern below.

match_scope str: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversize_handling str: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
match_patterns Sequence[WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern]: Cookies to inspect. See Cookies Match Pattern below.

matchScope String: Parts of the cookies to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with cookies larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPatterns List<Property Map>: Cookies to inspect. See Cookies Match Pattern below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll
ExcludedCookies List<string>: List of cookie names to exclude from inspection.
IncludedCookies List<string>: List of cookie names to inspect.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll
ExcludedCookies []string: List of cookie names to exclude from inspection.
IncludedCookies []string: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll
excludedCookies List<String>: List of cookie names to exclude from inspection.
includedCookies List<String>: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll
excludedCookies string[]: List of cookie names to exclude from inspection.
includedCookies string[]: List of cookie names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchCookiesMatchPatternAll
excluded_cookies Sequence[str]: List of cookie names to exclude from inspection.
included_cookies Sequence[str]: List of cookie names to inspect.

all Property Map
excludedCookies List<String>: List of cookie names to exclude from inspection.
includedCookies List<String>: List of cookie names to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeader, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderArgs

MatchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

MatchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope String: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope string: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

match_scope str: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversize_handling str: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern: Headers to inspect. See Headers Match Pattern below.

matchScope String: Parts of the headers to inspect. Valid values: ALL, KEY, VALUE.
oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.
matchPattern Property Map: Headers to inspect. See Headers Match Pattern below.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternArgs

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
ExcludedHeaders List<string>: List of header names to exclude from inspection.
IncludedHeaders List<string>: List of header names to inspect.

All WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
ExcludedHeaders []string: List of header names to exclude from inspection.
IncludedHeaders []string: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
excludedHeaders List<String>: List of header names to exclude from inspection.
includedHeaders List<String>: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
excludedHeaders string[]: List of header names to exclude from inspection.
includedHeaders string[]: List of header names to inspect.

all WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderMatchPatternAll
excluded_headers Sequence[str]: List of header names to exclude from inspection.
included_headers Sequence[str]: List of header names to inspect.

all Property Map
excludedHeaders List<String>: List of header names to exclude from inspection.
includedHeaders List<String>: List of header names to inspect.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchHeaderOrderArgs

OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

OversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling string: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversize_handling str: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

oversizeHandling String: How to handle requests with headers larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa3FingerprintArgs

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallback_behavior str: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJa4FingerprintArgs

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

FallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior string: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallback_behavior str: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

fallbackBehavior String: Action to take if WAF cannot calculate the fingerprint. Valid values: MATCH, NO_MATCH.

WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBody, WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyArgs

MatchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
InvalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

MatchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
InvalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
MatchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
OversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope String: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior String: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope string: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior string: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling string: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

match_scope str: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalid_fallback_behavior str: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
match_pattern WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchJsonBodyMatchPattern: JSON content to inspect. See JSON Body Match Pattern below.
oversize_handling str: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

matchScope String: Parts of the JSON to inspect. Valid values: ALL, KEY, VALUE.
invalidFallbackBehavior String: How to handle requests with invalid JSON body. Valid values: EVALUATE_AS_STRING, MATCH, NO_MATCH.
matchPattern Property Map: JSON content to inspect. See JSON Body Match Pattern below.
oversizeHandling String: How to handle requests with a body larger than the inspection limit. Valid values: CONTINUE, MATCH, NO_MATCH. Defaults to CONTINUE.

Import

Using pulumi import, import WAFv2 Web ACLs using ID/Name/Scope. For example:

$ pulumi import aws:wafv2/webAcl:WebAcl example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc/example/REGIONAL

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

Viewing docs for AWS v7.28.0
published on Thursday, Apr 30, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-aws

aws.wafv2.WebAcl

On this page

On this page

Create WebAcl Resource

Constructor syntax

Parameters

WebAcl Resource Properties

Inputs

Outputs

Look up Existing WebAcl Resource

Supporting Types

WebAclAssociationConfig, WebAclAssociationConfigArgs

WebAclAssociationConfigRequestBody, WebAclAssociationConfigRequestBodyArgs

WebAclAssociationConfigRequestBodyApiGateway, WebAclAssociationConfigRequestBodyApiGatewayArgs

WebAclAssociationConfigRequestBodyAppRunnerService, WebAclAssociationConfigRequestBodyAppRunnerServiceArgs

WebAclAssociationConfigRequestBodyCloudfront, WebAclAssociationConfigRequestBodyCloudfrontArgs

WebAclAssociationConfigRequestBodyCognitoUserPool, WebAclAssociationConfigRequestBodyCognitoUserPoolArgs

WebAclAssociationConfigRequestBodyVerifiedAccessInstance, WebAclAssociationConfigRequestBodyVerifiedAccessInstanceArgs

WebAclCaptchaConfig, WebAclCaptchaConfigArgs

WebAclCaptchaConfigImmunityTimeProperty, WebAclCaptchaConfigImmunityTimePropertyArgs

WebAclChallengeConfig, WebAclChallengeConfigArgs

WebAclChallengeConfigImmunityTimeProperty, WebAclChallengeConfigImmunityTimePropertyArgs

WebAclCustomResponseBody, WebAclCustomResponseBodyArgs

WebAclDataProtectionConfig, WebAclDataProtectionConfigArgs

WebAclDataProtectionConfigDataProtection, WebAclDataProtectionConfigDataProtectionArgs

WebAclDataProtectionConfigDataProtectionField, WebAclDataProtectionConfigDataProtectionFieldArgs

WebAclDefaultAction, WebAclDefaultActionArgs

WebAclDefaultActionAllow, WebAclDefaultActionAllowArgs

WebAclDefaultActionAllowCustomRequestHandling, WebAclDefaultActionAllowCustomRequestHandlingArgs

WebAclDefaultActionAllowCustomRequestHandlingInsertHeader, WebAclDefaultActionAllowCustomRequestHandlingInsertHeaderArgs

WebAclDefaultActionBlock, WebAclDefaultActionBlockArgs

WebAclDefaultActionBlockCustomResponse, WebAclDefaultActionBlockCustomResponseArgs

WebAclDefaultActionBlockCustomResponseResponseHeader, WebAclDefaultActionBlockCustomResponseResponseHeaderArgs

WebAclRule, WebAclRuleArgs

WebAclRuleAction, WebAclRuleActionArgs

WebAclRuleActionAllow, WebAclRuleActionAllowArgs

WebAclRuleActionAllowCustomRequestHandling, WebAclRuleActionAllowCustomRequestHandlingArgs

WebAclRuleActionAllowCustomRequestHandlingInsertHeader, WebAclRuleActionAllowCustomRequestHandlingInsertHeaderArgs

WebAclRuleActionBlock, WebAclRuleActionBlockArgs

WebAclRuleActionBlockCustomResponse, WebAclRuleActionBlockCustomResponseArgs

WebAclRuleActionBlockCustomResponseResponseHeader, WebAclRuleActionBlockCustomResponseResponseHeaderArgs

WebAclRuleActionCaptcha, WebAclRuleActionCaptchaArgs

WebAclRuleActionCaptchaCustomRequestHandling, WebAclRuleActionCaptchaCustomRequestHandlingArgs

WebAclRuleActionCaptchaCustomRequestHandlingInsertHeader, WebAclRuleActionCaptchaCustomRequestHandlingInsertHeaderArgs

WebAclRuleActionChallenge, WebAclRuleActionChallengeArgs

WebAclRuleActionChallengeCustomRequestHandling, WebAclRuleActionChallengeCustomRequestHandlingArgs

WebAclRuleActionChallengeCustomRequestHandlingInsertHeader, WebAclRuleActionChallengeCustomRequestHandlingInsertHeaderArgs

WebAclRuleActionCount, WebAclRuleActionCountArgs

WebAclRuleActionCountCustomRequestHandling, WebAclRuleActionCountCustomRequestHandlingArgs

WebAclRuleActionCountCustomRequestHandlingInsertHeader, WebAclRuleActionCountCustomRequestHandlingInsertHeaderArgs

WebAclRuleCaptchaConfig, WebAclRuleCaptchaConfigArgs

WebAclRuleCaptchaConfigImmunityTimeProperty, WebAclRuleCaptchaConfigImmunityTimePropertyArgs

WebAclRuleChallengeConfig, WebAclRuleChallengeConfigArgs

WebAclRuleChallengeConfigImmunityTimeProperty, WebAclRuleChallengeConfigImmunityTimePropertyArgs

WebAclRuleOverrideAction, WebAclRuleOverrideActionArgs

WebAclRuleRuleLabel, WebAclRuleRuleLabelArgs

WebAclRuleStatement, WebAclRuleStatementArgs

WebAclRuleStatementAndStatement, WebAclRuleStatementAndStatementArgs

WebAclRuleStatementAsnMatchStatement, WebAclRuleStatementAsnMatchStatementArgs

WebAclRuleStatementAsnMatchStatementForwardedIpConfig, WebAclRuleStatementAsnMatchStatementForwardedIpConfigArgs

WebAclRuleStatementByteMatchStatement, WebAclRuleStatementByteMatchStatementArgs

WebAclRuleStatementByteMatchStatementFieldToMatch, WebAclRuleStatementByteMatchStatementFieldToMatchArgs

WebAclRuleStatementByteMatchStatementFieldToMatchBody, WebAclRuleStatementByteMatchStatementFieldToMatchBodyArgs

WebAclRuleStatementByteMatchStatementFieldToMatchCookies, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesArgs

WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchCookiesMatchPatternArgs

WebAclRuleStatementByteMatchStatementFieldToMatchHeader, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderArgs

WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderMatchPatternArgs

WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrder, WebAclRuleStatementByteMatchStatementFieldToMatchHeaderOrderArgs

WebAclRuleStatementByteMatchStatementFieldToMatchJa3Fingerprint, WebAclRuleStatementByteMatchStatementFieldToMatchJa3FingerprintArgs

WebAclRuleStatementByteMatchStatementFieldToMatchJa4Fingerprint, WebAclRuleStatementByteMatchStatementFieldToMatchJa4FingerprintArgs

WebAclRuleStatementByteMatchStatementFieldToMatchJsonBody, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyArgs

WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPattern, WebAclRuleStatementByteMatchStatementFieldToMatchJsonBodyMatchPatternArgs

WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader, WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeaderArgs

WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument, WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgumentArgs

WebAclRuleStatementByteMatchStatementFieldToMatchUriFragment, WebAclRuleStatementByteMatchStatementFieldToMatchUriFragmentArgs

WebAclRuleStatementByteMatchStatementTextTransformation, WebAclRuleStatementByteMatchStatementTextTransformationArgs

WebAclRuleStatementGeoMatchStatement, WebAclRuleStatementGeoMatchStatementArgs

WebAclRuleStatementGeoMatchStatementForwardedIpConfig, WebAclRuleStatementGeoMatchStatementForwardedIpConfigArgs

WebAclRuleStatementIpSetReferenceStatement, WebAclRuleStatementIpSetReferenceStatementArgs

WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig, WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfigArgs