libZSservicesZSamazonka-wafZSamazonka-waf
Copyright(c) 2013-2021 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone

Amazonka.WAF.Lens

Contents

Description

 
Synopsis

Operations

ListActivatedRulesInRuleGroup

listActivatedRulesInRuleGroup_ruleGroupId :: Lens' ListActivatedRulesInRuleGroup (Maybe Text) Source #

The RuleGroupId of the RuleGroup for which you want to get a list of ActivatedRule objects.

listActivatedRulesInRuleGroup_nextMarker :: Lens' ListActivatedRulesInRuleGroup (Maybe Text) Source #

If you specify a value for Limit and you have more ActivatedRules than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of ActivatedRules. For the second and subsequent ListActivatedRulesInRuleGroup requests, specify the value of NextMarker from the previous response to get information about another batch of ActivatedRules.

listActivatedRulesInRuleGroup_limit :: Lens' ListActivatedRulesInRuleGroup (Maybe Natural) Source #

Specifies the number of ActivatedRules that you want AWS WAF to return for this request. If you have more ActivatedRules than the number that you specify for Limit, the response includes a NextMarker value that you can use to get another batch of ActivatedRules.

listActivatedRulesInRuleGroupResponse_nextMarker :: Lens' ListActivatedRulesInRuleGroupResponse (Maybe Text) Source #

If you have more ActivatedRules than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more ActivatedRules, submit another ListActivatedRulesInRuleGroup request, and specify the NextMarker value from the response in the NextMarker value in the next request.

ListRateBasedRules

listRateBasedRules_nextMarker :: Lens' ListRateBasedRules (Maybe Text) Source #

If you specify a value for Limit and you have more Rules than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of Rules. For the second and subsequent ListRateBasedRules requests, specify the value of NextMarker from the previous response to get information about another batch of Rules.

listRateBasedRules_limit :: Lens' ListRateBasedRules (Maybe Natural) Source #

Specifies the number of Rules that you want AWS WAF to return for this request. If you have more Rules than the number that you specify for Limit, the response includes a NextMarker value that you can use to get another batch of Rules.

listRateBasedRulesResponse_nextMarker :: Lens' ListRateBasedRulesResponse (Maybe Text) Source #

If you have more Rules than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more Rules, submit another ListRateBasedRules request, and specify the NextMarker value from the response in the NextMarker value in the next request.

GetSizeConstraintSet

getSizeConstraintSet_sizeConstraintSetId :: Lens' GetSizeConstraintSet Text Source #

The SizeConstraintSetId of the SizeConstraintSet that you want to get. SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets.

getSizeConstraintSetResponse_sizeConstraintSet :: Lens' GetSizeConstraintSetResponse (Maybe SizeConstraintSet) Source #

Information about the SizeConstraintSet that you specified in the GetSizeConstraintSet request. For more information, see the following topics:

  • SizeConstraintSet: Contains SizeConstraintSetId, SizeConstraints, and Name
  • SizeConstraints: Contains an array of SizeConstraint objects. Each SizeConstraint object contains FieldToMatch, TextTransformation, ComparisonOperator, and Size
  • FieldToMatch: Contains Data and Type

DeleteRateBasedRule

deleteRateBasedRule_ruleId :: Lens' DeleteRateBasedRule Text Source #

The RuleId of the RateBasedRule that you want to delete. RuleId is returned by CreateRateBasedRule and by ListRateBasedRules.

deleteRateBasedRule_changeToken :: Lens' DeleteRateBasedRule Text Source #

The value returned by the most recent call to GetChangeToken.

deleteRateBasedRuleResponse_changeToken :: Lens' DeleteRateBasedRuleResponse (Maybe Text) Source #

The ChangeToken that you used to submit the DeleteRateBasedRule request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

UpdateRateBasedRule

updateRateBasedRule_ruleId :: Lens' UpdateRateBasedRule Text Source #

The RuleId of the RateBasedRule that you want to update. RuleId is returned by CreateRateBasedRule and by ListRateBasedRules.

updateRateBasedRule_changeToken :: Lens' UpdateRateBasedRule Text Source #

The value returned by the most recent call to GetChangeToken.

updateRateBasedRule_updates :: Lens' UpdateRateBasedRule [RuleUpdate] Source #

An array of RuleUpdate objects that you want to insert into or delete from a RateBasedRule.

updateRateBasedRule_rateLimit :: Lens' UpdateRateBasedRule Natural Source #

The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. If the number of requests exceeds the RateLimit and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.

updateRateBasedRuleResponse_changeToken :: Lens' UpdateRateBasedRuleResponse (Maybe Text) Source #

The ChangeToken that you used to submit the UpdateRateBasedRule request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

UpdateRule

updateRule_ruleId :: Lens' UpdateRule Text Source #

The RuleId of the Rule that you want to update. RuleId is returned by CreateRule and by ListRules.

updateRule_changeToken :: Lens' UpdateRule Text Source #

The value returned by the most recent call to GetChangeToken.

updateRule_updates :: Lens' UpdateRule [RuleUpdate] Source #

An array of RuleUpdate objects that you want to insert into or delete from a Rule. For more information, see the applicable data types:

  • RuleUpdate: Contains Action and Predicate
  • Predicate: Contains DataId, Negated, and Type
  • FieldToMatch: Contains Data and Type

updateRuleResponse_changeToken :: Lens' UpdateRuleResponse (Maybe Text) Source #

The ChangeToken that you used to submit the UpdateRule request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

DeleteRule

deleteRule_ruleId :: Lens' DeleteRule Text Source #

The RuleId of the Rule that you want to delete. RuleId is returned by CreateRule and by ListRules.

deleteRule_changeToken :: Lens' DeleteRule Text Source #

The value returned by the most recent call to GetChangeToken.

deleteRuleResponse_changeToken :: Lens' DeleteRuleResponse (Maybe Text) Source #

The ChangeToken that you used to submit the DeleteRule request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

CreateIPSet

createIPSet_name :: Lens' CreateIPSet Text Source #

A friendly name or description of the IPSet. You can't change Name after you create the IPSet.

createIPSet_changeToken :: Lens' CreateIPSet Text Source #

The value returned by the most recent call to GetChangeToken.

createIPSetResponse_changeToken :: Lens' CreateIPSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the CreateIPSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

createIPSetResponse_iPSet :: Lens' CreateIPSetResponse (Maybe IPSet) Source #

The IPSet returned in the CreateIPSet response.

GetRuleGroup

getRuleGroup_ruleGroupId :: Lens' GetRuleGroup Text Source #

The RuleGroupId of the RuleGroup that you want to get. RuleGroupId is returned by CreateRuleGroup and by ListRuleGroups.

getRuleGroupResponse_ruleGroup :: Lens' GetRuleGroupResponse (Maybe RuleGroup) Source #

Information about the RuleGroup that you specified in the GetRuleGroup request.

GetChangeTokenStatus

getChangeTokenStatus_changeToken :: Lens' GetChangeTokenStatus Text Source #

The change token for which you want to get the status. This change token was previously returned in the GetChangeToken response.

DeleteWebACL

deleteWebACL_webACLId :: Lens' DeleteWebACL Text Source #

The WebACLId of the WebACL that you want to delete. WebACLId is returned by CreateWebACL and by ListWebACLs.

deleteWebACL_changeToken :: Lens' DeleteWebACL Text Source #

The value returned by the most recent call to GetChangeToken.

deleteWebACLResponse_changeToken :: Lens' DeleteWebACLResponse (Maybe Text) Source #

The ChangeToken that you used to submit the DeleteWebACL request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

UpdateWebACL

updateWebACL_updates :: Lens' UpdateWebACL (Maybe [WebACLUpdate]) Source #

An array of updates to make to the WebACL.

An array of WebACLUpdate objects that you want to insert into or delete from a WebACL. For more information, see the applicable data types:

  • WebACLUpdate: Contains Action and ActivatedRule
  • ActivatedRule: Contains Action, OverrideAction, Priority, RuleId, and Type. ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a WebACL. In this case, you do not use ActivatedRule|Action. For all other update requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.
  • WafAction: Contains Type

updateWebACL_defaultAction :: Lens' UpdateWebACL (Maybe WafAction) Source #

A default action for the web ACL, either ALLOW or BLOCK. AWS WAF performs the default action if a request doesn't match the criteria in any of the rules in a web ACL.

updateWebACL_webACLId :: Lens' UpdateWebACL Text Source #

The WebACLId of the WebACL that you want to update. WebACLId is returned by CreateWebACL and by ListWebACLs.

updateWebACL_changeToken :: Lens' UpdateWebACL Text Source #

The value returned by the most recent call to GetChangeToken.

updateWebACLResponse_changeToken :: Lens' UpdateWebACLResponse (Maybe Text) Source #

The ChangeToken that you used to submit the UpdateWebACL request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

ListWebACLs

listWebACLs_nextMarker :: Lens' ListWebACLs (Maybe Text) Source #

If you specify a value for Limit and you have more WebACL objects than the number that you specify for Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of WebACL objects. For the second and subsequent ListWebACLs requests, specify the value of NextMarker from the previous response to get information about another batch of WebACL objects.

listWebACLs_limit :: Lens' ListWebACLs (Maybe Natural) Source #

Specifies the number of WebACL objects that you want AWS WAF to return for this request. If you have more WebACL objects than the number that you specify for Limit, the response includes a NextMarker value that you can use to get another batch of WebACL objects.

listWebACLsResponse_nextMarker :: Lens' ListWebACLsResponse (Maybe Text) Source #

If you have more WebACL objects than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more WebACL objects, submit another ListWebACLs request, and specify the NextMarker value from the response in the NextMarker value in the next request.

ListRules

listRules_nextMarker :: Lens' ListRules (Maybe Text) Source #

If you specify a value for Limit and you have more Rules than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of Rules. For the second and subsequent ListRules requests, specify the value of NextMarker from the previous response to get information about another batch of Rules.

listRules_limit :: Lens' ListRules (Maybe Natural) Source #

Specifies the number of Rules that you want AWS WAF to return for this request. If you have more Rules than the number that you specify for Limit, the response includes a NextMarker value that you can use to get another batch of Rules.

listRulesResponse_nextMarker :: Lens' ListRulesResponse (Maybe Text) Source #

If you have more Rules than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more Rules, submit another ListRules request, and specify the NextMarker value from the response in the NextMarker value in the next request.

listRulesResponse_httpStatus :: Lens' ListRulesResponse Int Source #

The response's http status code.

CreateRule

createRule_name :: Lens' CreateRule Text Source #

A friendly name or description of the Rule. You can't change the name of a Rule after you create it.

createRule_metricName :: Lens' CreateRule Text Source #

A friendly name or description for the metrics for this Rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change the name of the metric after you create the Rule.

createRule_changeToken :: Lens' CreateRule Text Source #

The value returned by the most recent call to GetChangeToken.

createRuleResponse_rule :: Lens' CreateRuleResponse (Maybe Rule) Source #

The Rule returned in the CreateRule response.

createRuleResponse_changeToken :: Lens' CreateRuleResponse (Maybe Text) Source #

The ChangeToken that you used to submit the CreateRule request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

DeleteLoggingConfiguration

deleteLoggingConfiguration_resourceArn :: Lens' DeleteLoggingConfiguration Text Source #

The Amazon Resource Name (ARN) of the web ACL from which you want to delete the LoggingConfiguration.

CreateWebACL

createWebACL_name :: Lens' CreateWebACL Text Source #

A friendly name or description of the WebACL. You can't change Name after you create the WebACL.

createWebACL_metricName :: Lens' CreateWebACL Text Source #

A friendly name or description for the metrics for this WebACL.The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change MetricName after you create the WebACL.

createWebACL_defaultAction :: Lens' CreateWebACL WafAction Source #

The action that you want AWS WAF to take when a request doesn't match the criteria specified in any of the Rule objects that are associated with the WebACL.

createWebACL_changeToken :: Lens' CreateWebACL Text Source #

The value returned by the most recent call to GetChangeToken.

createWebACLResponse_webACL :: Lens' CreateWebACLResponse (Maybe WebACL) Source #

The WebACL returned in the CreateWebACL response.

createWebACLResponse_changeToken :: Lens' CreateWebACLResponse (Maybe Text) Source #

The ChangeToken that you used to submit the CreateWebACL request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

GetGeoMatchSet

getGeoMatchSet_geoMatchSetId :: Lens' GetGeoMatchSet Text Source #

The GeoMatchSetId of the GeoMatchSet that you want to get. GeoMatchSetId is returned by CreateGeoMatchSet and by ListGeoMatchSets.

getGeoMatchSetResponse_geoMatchSet :: Lens' GetGeoMatchSetResponse (Maybe GeoMatchSet) Source #

Information about the GeoMatchSet that you specified in the GetGeoMatchSet request. This includes the Type, which for a GeoMatchContraint is always Country, as well as the Value, which is the identifier for a specific country.

PutLoggingConfiguration

putLoggingConfiguration_loggingConfiguration :: Lens' PutLoggingConfiguration LoggingConfiguration Source #

The Amazon Kinesis Data Firehose that contains the inspected traffic information, the redacted fields details, and the Amazon Resource Name (ARN) of the web ACL to monitor.

When specifying Type in RedactedFields, you must use one of the following values: URI, QUERY_STRING, HEADER, or METHOD.

ListTagsForResource

ListByteMatchSets

listByteMatchSets_nextMarker :: Lens' ListByteMatchSets (Maybe Text) Source #

If you specify a value for Limit and you have more ByteMatchSets than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of ByteMatchSets. For the second and subsequent ListByteMatchSets requests, specify the value of NextMarker from the previous response to get information about another batch of ByteMatchSets.

listByteMatchSets_limit :: Lens' ListByteMatchSets (Maybe Natural) Source #

Specifies the number of ByteMatchSet objects that you want AWS WAF to return for this request. If you have more ByteMatchSets objects than the number you specify for Limit, the response includes a NextMarker value that you can use to get another batch of ByteMatchSet objects.

listByteMatchSetsResponse_nextMarker :: Lens' ListByteMatchSetsResponse (Maybe Text) Source #

If you have more ByteMatchSet objects than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more ByteMatchSet objects, submit another ListByteMatchSets request, and specify the NextMarker value from the response in the NextMarker value in the next request.

ListGeoMatchSets

listGeoMatchSets_nextMarker :: Lens' ListGeoMatchSets (Maybe Text) Source #

If you specify a value for Limit and you have more GeoMatchSets than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of GeoMatchSet objects. For the second and subsequent ListGeoMatchSets requests, specify the value of NextMarker from the previous response to get information about another batch of GeoMatchSet objects.

listGeoMatchSets_limit :: Lens' ListGeoMatchSets (Maybe Natural) Source #

Specifies the number of GeoMatchSet objects that you want AWS WAF to return for this request. If you have more GeoMatchSet objects than the number you specify for Limit, the response includes a NextMarker value that you can use to get another batch of GeoMatchSet objects.

listGeoMatchSetsResponse_nextMarker :: Lens' ListGeoMatchSetsResponse (Maybe Text) Source #

If you have more GeoMatchSet objects than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more GeoMatchSet objects, submit another ListGeoMatchSets request, and specify the NextMarker value from the response in the NextMarker value in the next request.

GetLoggingConfiguration

getLoggingConfiguration_resourceArn :: Lens' GetLoggingConfiguration Text Source #

The Amazon Resource Name (ARN) of the web ACL for which you want to get the LoggingConfiguration.

CreateRuleGroup

createRuleGroup_name :: Lens' CreateRuleGroup Text Source #

A friendly name or description of the RuleGroup. You can't change Name after you create a RuleGroup.

createRuleGroup_metricName :: Lens' CreateRuleGroup Text Source #

A friendly name or description for the metrics for this RuleGroup. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change the name of the metric after you create the RuleGroup.

createRuleGroup_changeToken :: Lens' CreateRuleGroup Text Source #

The value returned by the most recent call to GetChangeToken.

createRuleGroupResponse_changeToken :: Lens' CreateRuleGroupResponse (Maybe Text) Source #

The ChangeToken that you used to submit the CreateRuleGroup request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

DeleteRegexMatchSet

deleteRegexMatchSet_regexMatchSetId :: Lens' DeleteRegexMatchSet Text Source #

The RegexMatchSetId of the RegexMatchSet that you want to delete. RegexMatchSetId is returned by CreateRegexMatchSet and by ListRegexMatchSets.

deleteRegexMatchSet_changeToken :: Lens' DeleteRegexMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

deleteRegexMatchSetResponse_changeToken :: Lens' DeleteRegexMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the DeleteRegexMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

UpdateRegexMatchSet

updateRegexMatchSet_regexMatchSetId :: Lens' UpdateRegexMatchSet Text Source #

The RegexMatchSetId of the RegexMatchSet that you want to update. RegexMatchSetId is returned by CreateRegexMatchSet and by ListRegexMatchSets.

updateRegexMatchSet_updates :: Lens' UpdateRegexMatchSet (NonEmpty RegexMatchSetUpdate) Source #

An array of RegexMatchSetUpdate objects that you want to insert into or delete from a RegexMatchSet. For more information, see RegexMatchTuple.

updateRegexMatchSet_changeToken :: Lens' UpdateRegexMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

updateRegexMatchSetResponse_changeToken :: Lens' UpdateRegexMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the UpdateRegexMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

GetIPSet

getIPSet_iPSetId :: Lens' GetIPSet Text Source #

The IPSetId of the IPSet that you want to get. IPSetId is returned by CreateIPSet and by ListIPSets.

getIPSetResponse_iPSet :: Lens' GetIPSetResponse (Maybe IPSet) Source #

Information about the IPSet that you specified in the GetIPSet request. For more information, see the following topics:

  • IPSet: Contains IPSetDescriptors, IPSetId, and Name
  • IPSetDescriptors: Contains an array of IPSetDescriptor objects. Each IPSetDescriptor object contains Type and Value

getIPSetResponse_httpStatus :: Lens' GetIPSetResponse Int Source #

The response's http status code.

GetWebACL

getWebACL_webACLId :: Lens' GetWebACL Text Source #

The WebACLId of the WebACL that you want to get. WebACLId is returned by CreateWebACL and by ListWebACLs.

getWebACLResponse_webACL :: Lens' GetWebACLResponse (Maybe WebACL) Source #

Information about the WebACL that you specified in the GetWebACL request. For more information, see the following topics:

  • WebACL: Contains DefaultAction, MetricName, Name, an array of Rule objects, and WebACLId
  • DefaultAction (Data type is WafAction): Contains Type
  • Rules: Contains an array of ActivatedRule objects, which contain Action, Priority, and RuleId
  • Action: Contains Type

getWebACLResponse_httpStatus :: Lens' GetWebACLResponse Int Source #

The response's http status code.

GetRule

getRule_ruleId :: Lens' GetRule Text Source #

The RuleId of the Rule that you want to get. RuleId is returned by CreateRule and by ListRules.

getRuleResponse_rule :: Lens' GetRuleResponse (Maybe Rule) Source #

Information about the Rule that you specified in the GetRule request. For more information, see the following topics:

  • Rule: Contains MetricName, Name, an array of Predicate objects, and RuleId
  • Predicate: Each Predicate object contains DataId, Negated, and Type

getRuleResponse_httpStatus :: Lens' GetRuleResponse Int Source #

The response's http status code.

DeleteXssMatchSet

deleteXssMatchSet_xssMatchSetId :: Lens' DeleteXssMatchSet Text Source #

The XssMatchSetId of the XssMatchSet that you want to delete. XssMatchSetId is returned by CreateXssMatchSet and by ListXssMatchSets.

deleteXssMatchSet_changeToken :: Lens' DeleteXssMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

deleteXssMatchSetResponse_changeToken :: Lens' DeleteXssMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the DeleteXssMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

UpdateXssMatchSet

updateXssMatchSet_xssMatchSetId :: Lens' UpdateXssMatchSet Text Source #

The XssMatchSetId of the XssMatchSet that you want to update. XssMatchSetId is returned by CreateXssMatchSet and by ListXssMatchSets.

updateXssMatchSet_changeToken :: Lens' UpdateXssMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

updateXssMatchSet_updates :: Lens' UpdateXssMatchSet (NonEmpty XssMatchSetUpdate) Source #

An array of XssMatchSetUpdate objects that you want to insert into or delete from an XssMatchSet. For more information, see the applicable data types:

  • XssMatchSetUpdate: Contains Action and XssMatchTuple
  • XssMatchTuple: Contains FieldToMatch and TextTransformation
  • FieldToMatch: Contains Data and Type

updateXssMatchSetResponse_changeToken :: Lens' UpdateXssMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the UpdateXssMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

CreateWebACLMigrationStack

createWebACLMigrationStack_webACLId :: Lens' CreateWebACLMigrationStack Text Source #

The UUID of the WAF Classic web ACL that you want to migrate to WAF v2.

createWebACLMigrationStack_s3BucketName :: Lens' CreateWebACLMigrationStack Text Source #

The name of the Amazon S3 bucket to store the CloudFormation template in. The S3 bucket must be configured as follows for the migration:

  • The bucket name must start with aws-waf-migration-. For example, aws-waf-migration-my-web-acl.
  • The bucket must be in the Region where you are deploying the template. For example, for a web ACL in us-west-2, you must use an Amazon S3 bucket in us-west-2 and you must deploy the template stack to us-west-2.
  • The bucket policies must permit the migration process to write data. For listings of the bucket policies, see the Examples section.

createWebACLMigrationStack_ignoreUnsupportedType :: Lens' CreateWebACLMigrationStack Bool Source #

Indicates whether to exclude entities that can't be migrated or to stop the migration. Set this to true to ignore unsupported entities in the web ACL during the migration. Otherwise, if AWS WAF encounters unsupported entities, it stops the process and throws an exception.

ListXssMatchSets

listXssMatchSets_nextMarker :: Lens' ListXssMatchSets (Maybe Text) Source #

If you specify a value for Limit and you have more XssMatchSet objects than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of XssMatchSets. For the second and subsequent ListXssMatchSets requests, specify the value of NextMarker from the previous response to get information about another batch of XssMatchSets.

listXssMatchSets_limit :: Lens' ListXssMatchSets (Maybe Natural) Source #

Specifies the number of XssMatchSet objects that you want AWS WAF to return for this request. If you have more XssMatchSet objects than the number you specify for Limit, the response includes a NextMarker value that you can use to get another batch of Rules.

listXssMatchSetsResponse_nextMarker :: Lens' ListXssMatchSetsResponse (Maybe Text) Source #

If you have more XssMatchSet objects than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more XssMatchSet objects, submit another ListXssMatchSets request, and specify the NextMarker value from the response in the NextMarker value in the next request.

CreateGeoMatchSet

createGeoMatchSet_name :: Lens' CreateGeoMatchSet Text Source #

A friendly name or description of the GeoMatchSet. You can't change Name after you create the GeoMatchSet.

createGeoMatchSet_changeToken :: Lens' CreateGeoMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

createGeoMatchSetResponse_geoMatchSet :: Lens' CreateGeoMatchSetResponse (Maybe GeoMatchSet) Source #

The GeoMatchSet returned in the CreateGeoMatchSet response. The GeoMatchSet contains no GeoMatchConstraints.

createGeoMatchSetResponse_changeToken :: Lens' CreateGeoMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the CreateGeoMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

GetChangeToken

getChangeTokenResponse_changeToken :: Lens' GetChangeTokenResponse (Maybe Text) Source #

The ChangeToken that you used in the request. Use this value in a GetChangeTokenStatus request to get the current status of the request.

ListSizeConstraintSets

listSizeConstraintSets_nextMarker :: Lens' ListSizeConstraintSets (Maybe Text) Source #

If you specify a value for Limit and you have more SizeConstraintSets than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of SizeConstraintSets. For the second and subsequent ListSizeConstraintSets requests, specify the value of NextMarker from the previous response to get information about another batch of SizeConstraintSets.

listSizeConstraintSets_limit :: Lens' ListSizeConstraintSets (Maybe Natural) Source #

Specifies the number of SizeConstraintSet objects that you want AWS WAF to return for this request. If you have more SizeConstraintSets objects than the number you specify for Limit, the response includes a NextMarker value that you can use to get another batch of SizeConstraintSet objects.

listSizeConstraintSetsResponse_nextMarker :: Lens' ListSizeConstraintSetsResponse (Maybe Text) Source #

If you have more SizeConstraintSet objects than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more SizeConstraintSet objects, submit another ListSizeConstraintSets request, and specify the NextMarker value from the response in the NextMarker value in the next request.

GetSampledRequests

getSampledRequests_webAclId :: Lens' GetSampledRequests Text Source #

The WebACLId of the WebACL for which you want GetSampledRequests to return a sample of requests.

getSampledRequests_ruleId :: Lens' GetSampledRequests Text Source #

RuleId is one of three values:

  • The RuleId of the Rule or the RuleGroupId of the RuleGroup for which you want GetSampledRequests to return a sample of requests.
  • Default_Action, which causes GetSampledRequests to return a sample of the requests that didn't match any of the rules in the specified WebACL.

getSampledRequests_timeWindow :: Lens' GetSampledRequests TimeWindow Source #

The start date and time and the end date and time of the range for which you want GetSampledRequests to return a sample of requests. You must specify the times in Coordinated Universal Time (UTC) format. UTC format includes the special designator, Z. For example, "2016-09-27T14:50Z". You can specify any time range in the previous three hours.

getSampledRequests_maxItems :: Lens' GetSampledRequests Natural Source #

The number of requests that you want AWS WAF to return from among the first 5,000 requests that your AWS resource received during the time range. If your resource received fewer requests than the value of MaxItems, GetSampledRequests returns information about all of them.

getSampledRequestsResponse_sampledRequests :: Lens' GetSampledRequestsResponse (Maybe [SampledHTTPRequest]) Source #

A complex type that contains detailed information about each of the requests in the sample.

getSampledRequestsResponse_populationSize :: Lens' GetSampledRequestsResponse (Maybe Integer) Source #

The total number of requests from which GetSampledRequests got a sample of MaxItems requests. If PopulationSize is less than MaxItems, the sample includes every request that your AWS resource received during the specified time range.

getSampledRequestsResponse_timeWindow :: Lens' GetSampledRequestsResponse (Maybe TimeWindow) Source #

Usually, TimeWindow is the time range that you specified in the GetSampledRequests request. However, if your AWS resource received more than 5,000 requests during the time range that you specified in the request, GetSampledRequests returns the time range for the first 5,000 requests. Times are in Coordinated Universal Time (UTC) format.

GetSqlInjectionMatchSet

getSqlInjectionMatchSet_sqlInjectionMatchSetId :: Lens' GetSqlInjectionMatchSet Text Source #

The SqlInjectionMatchSetId of the SqlInjectionMatchSet that you want to get. SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.

getSqlInjectionMatchSetResponse_sqlInjectionMatchSet :: Lens' GetSqlInjectionMatchSetResponse (Maybe SqlInjectionMatchSet) Source #

Information about the SqlInjectionMatchSet that you specified in the GetSqlInjectionMatchSet request. For more information, see the following topics:

  • SqlInjectionMatchSet: Contains Name, SqlInjectionMatchSetId, and an array of SqlInjectionMatchTuple objects
  • SqlInjectionMatchTuple: Each SqlInjectionMatchTuple object contains FieldToMatch and TextTransformation
  • FieldToMatch: Contains Data and Type

ListSubscribedRuleGroups

listSubscribedRuleGroups_nextMarker :: Lens' ListSubscribedRuleGroups (Maybe Text) Source #

If you specify a value for Limit and you have more ByteMatchSetssubscribed rule groups than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of subscribed rule groups. For the second and subsequent ListSubscribedRuleGroupsRequest requests, specify the value of NextMarker from the previous response to get information about another batch of subscribed rule groups.

listSubscribedRuleGroups_limit :: Lens' ListSubscribedRuleGroups (Maybe Natural) Source #

Specifies the number of subscribed rule groups that you want AWS WAF to return for this request. If you have more objects than the number you specify for Limit, the response includes a NextMarker value that you can use to get another batch of objects.

listSubscribedRuleGroupsResponse_nextMarker :: Lens' ListSubscribedRuleGroupsResponse (Maybe Text) Source #

If you have more objects than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more objects, submit another ListSubscribedRuleGroups request, and specify the NextMarker value from the response in the NextMarker value in the next request.

CreateSqlInjectionMatchSet

createSqlInjectionMatchSet_name :: Lens' CreateSqlInjectionMatchSet Text Source #

A friendly name or description for the SqlInjectionMatchSet that you're creating. You can't change Name after you create the SqlInjectionMatchSet.

createSqlInjectionMatchSet_changeToken :: Lens' CreateSqlInjectionMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

createSqlInjectionMatchSetResponse_changeToken :: Lens' CreateSqlInjectionMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the CreateSqlInjectionMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

GetXssMatchSet

getXssMatchSet_xssMatchSetId :: Lens' GetXssMatchSet Text Source #

The XssMatchSetId of the XssMatchSet that you want to get. XssMatchSetId is returned by CreateXssMatchSet and by ListXssMatchSets.

getXssMatchSetResponse_xssMatchSet :: Lens' GetXssMatchSetResponse (Maybe XssMatchSet) Source #

Information about the XssMatchSet that you specified in the GetXssMatchSet request. For more information, see the following topics:

  • XssMatchSet: Contains Name, XssMatchSetId, and an array of XssMatchTuple objects
  • XssMatchTuple: Each XssMatchTuple object contains FieldToMatch and TextTransformation
  • FieldToMatch: Contains Data and Type

CreateByteMatchSet

createByteMatchSet_name :: Lens' CreateByteMatchSet Text Source #

A friendly name or description of the ByteMatchSet. You can't change Name after you create a ByteMatchSet.

createByteMatchSet_changeToken :: Lens' CreateByteMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

createByteMatchSetResponse_byteMatchSet :: Lens' CreateByteMatchSetResponse (Maybe ByteMatchSet) Source #

A ByteMatchSet that contains no ByteMatchTuple objects.

createByteMatchSetResponse_changeToken :: Lens' CreateByteMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the CreateByteMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

UpdateByteMatchSet

updateByteMatchSet_byteMatchSetId :: Lens' UpdateByteMatchSet Text Source #

The ByteMatchSetId of the ByteMatchSet that you want to update. ByteMatchSetId is returned by CreateByteMatchSet and by ListByteMatchSets.

updateByteMatchSet_changeToken :: Lens' UpdateByteMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

updateByteMatchSet_updates :: Lens' UpdateByteMatchSet (NonEmpty ByteMatchSetUpdate) Source #

An array of ByteMatchSetUpdate objects that you want to insert into or delete from a ByteMatchSet. For more information, see the applicable data types:

  • ByteMatchSetUpdate: Contains Action and ByteMatchTuple
  • ByteMatchTuple: Contains FieldToMatch, PositionalConstraint, TargetString, and TextTransformation
  • FieldToMatch: Contains Data and Type

updateByteMatchSetResponse_changeToken :: Lens' UpdateByteMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the UpdateByteMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

DeleteByteMatchSet

deleteByteMatchSet_byteMatchSetId :: Lens' DeleteByteMatchSet Text Source #

The ByteMatchSetId of the ByteMatchSet that you want to delete. ByteMatchSetId is returned by CreateByteMatchSet and by ListByteMatchSets.

deleteByteMatchSet_changeToken :: Lens' DeleteByteMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

deleteByteMatchSetResponse_changeToken :: Lens' DeleteByteMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the DeleteByteMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

PutPermissionPolicy

putPermissionPolicy_resourceArn :: Lens' PutPermissionPolicy Text Source #

The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.

putPermissionPolicy_policy :: Lens' PutPermissionPolicy Text Source #

The policy to attach to the specified RuleGroup.

ListLoggingConfigurations

listLoggingConfigurations_nextMarker :: Lens' ListLoggingConfigurations (Maybe Text) Source #

If you specify a value for Limit and you have more LoggingConfigurations than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of LoggingConfigurations. For the second and subsequent ListLoggingConfigurations requests, specify the value of NextMarker from the previous response to get information about another batch of ListLoggingConfigurations.

listLoggingConfigurations_limit :: Lens' ListLoggingConfigurations (Maybe Natural) Source #

Specifies the number of LoggingConfigurations that you want AWS WAF to return for this request. If you have more LoggingConfigurations than the number that you specify for Limit, the response includes a NextMarker value that you can use to get another batch of LoggingConfigurations.

listLoggingConfigurationsResponse_nextMarker :: Lens' ListLoggingConfigurationsResponse (Maybe Text) Source #

If you have more LoggingConfigurations than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more LoggingConfigurations, submit another ListLoggingConfigurations request, and specify the NextMarker value from the response in the NextMarker value in the next request.

GetRateBasedRuleManagedKeys

getRateBasedRuleManagedKeys_nextMarker :: Lens' GetRateBasedRuleManagedKeys (Maybe Text) Source #

A null value and not currently used. Do not include this in your request.

getRateBasedRuleManagedKeys_ruleId :: Lens' GetRateBasedRuleManagedKeys Text Source #

The RuleId of the RateBasedRule for which you want to get a list of ManagedKeys. RuleId is returned by CreateRateBasedRule and by ListRateBasedRules.

getRateBasedRuleManagedKeysResponse_managedKeys :: Lens' GetRateBasedRuleManagedKeysResponse (Maybe [Text]) Source #

An array of IP addresses that currently are blocked by the specified RateBasedRule.

DeletePermissionPolicy

deletePermissionPolicy_resourceArn :: Lens' DeletePermissionPolicy Text Source #

The Amazon Resource Name (ARN) of the RuleGroup from which you want to delete the policy.

The user making the request must be the owner of the RuleGroup.

GetRegexMatchSet

getRegexMatchSet_regexMatchSetId :: Lens' GetRegexMatchSet Text Source #

The RegexMatchSetId of the RegexMatchSet that you want to get. RegexMatchSetId is returned by CreateRegexMatchSet and by ListRegexMatchSets.

getRegexMatchSetResponse_regexMatchSet :: Lens' GetRegexMatchSetResponse (Maybe RegexMatchSet) Source #

Information about the RegexMatchSet that you specified in the GetRegexMatchSet request. For more information, see RegexMatchTuple.

DeleteIPSet

deleteIPSet_iPSetId :: Lens' DeleteIPSet Text Source #

The IPSetId of the IPSet that you want to delete. IPSetId is returned by CreateIPSet and by ListIPSets.

deleteIPSet_changeToken :: Lens' DeleteIPSet Text Source #

The value returned by the most recent call to GetChangeToken.

deleteIPSetResponse_changeToken :: Lens' DeleteIPSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the DeleteIPSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

UpdateIPSet

updateIPSet_iPSetId :: Lens' UpdateIPSet Text Source #

The IPSetId of the IPSet that you want to update. IPSetId is returned by CreateIPSet and by ListIPSets.

updateIPSet_changeToken :: Lens' UpdateIPSet Text Source #

The value returned by the most recent call to GetChangeToken.

updateIPSet_updates :: Lens' UpdateIPSet (NonEmpty IPSetUpdate) Source #

An array of IPSetUpdate objects that you want to insert into or delete from an IPSet. For more information, see the applicable data types:

  • IPSetUpdate: Contains Action and IPSetDescriptor
  • IPSetDescriptor: Contains Type and Value

You can insert a maximum of 1000 addresses in a single request.

updateIPSetResponse_changeToken :: Lens' UpdateIPSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the UpdateIPSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

ListIPSets

listIPSets_nextMarker :: Lens' ListIPSets (Maybe Text) Source #

AWS WAF returns a NextMarker value in the response that allows you to list another group of IPSets. For the second and subsequent ListIPSets requests, specify the value of NextMarker from the previous response to get information about another batch of IPSets.

listIPSets_limit :: Lens' ListIPSets (Maybe Natural) Source #

Specifies the number of IPSet objects that you want AWS WAF to return for this request. If you have more IPSet objects than the number you specify for Limit, the response includes a NextMarker value that you can use to get another batch of IPSet objects.

listIPSetsResponse_nextMarker :: Lens' ListIPSetsResponse (Maybe Text) Source #

To list more IPSet objects, submit another ListIPSets request, and in the next request use the NextMarker response value as the NextMarker value.

ListRegexMatchSets

listRegexMatchSets_nextMarker :: Lens' ListRegexMatchSets (Maybe Text) Source #

If you specify a value for Limit and you have more RegexMatchSet objects than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of ByteMatchSets. For the second and subsequent ListRegexMatchSets requests, specify the value of NextMarker from the previous response to get information about another batch of RegexMatchSet objects.

listRegexMatchSets_limit :: Lens' ListRegexMatchSets (Maybe Natural) Source #

Specifies the number of RegexMatchSet objects that you want AWS WAF to return for this request. If you have more RegexMatchSet objects than the number you specify for Limit, the response includes a NextMarker value that you can use to get another batch of RegexMatchSet objects.

listRegexMatchSetsResponse_nextMarker :: Lens' ListRegexMatchSetsResponse (Maybe Text) Source #

If you have more RegexMatchSet objects than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more RegexMatchSet objects, submit another ListRegexMatchSets request, and specify the NextMarker value from the response in the NextMarker value in the next request.

CreateXssMatchSet

createXssMatchSet_name :: Lens' CreateXssMatchSet Text Source #

A friendly name or description for the XssMatchSet that you're creating. You can't change Name after you create the XssMatchSet.

createXssMatchSet_changeToken :: Lens' CreateXssMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

createXssMatchSetResponse_changeToken :: Lens' CreateXssMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the CreateXssMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

DeleteGeoMatchSet

deleteGeoMatchSet_geoMatchSetId :: Lens' DeleteGeoMatchSet Text Source #

The GeoMatchSetID of the GeoMatchSet that you want to delete. GeoMatchSetId is returned by CreateGeoMatchSet and by ListGeoMatchSets.

deleteGeoMatchSet_changeToken :: Lens' DeleteGeoMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

deleteGeoMatchSetResponse_changeToken :: Lens' DeleteGeoMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the DeleteGeoMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

UpdateGeoMatchSet

updateGeoMatchSet_geoMatchSetId :: Lens' UpdateGeoMatchSet Text Source #

The GeoMatchSetId of the GeoMatchSet that you want to update. GeoMatchSetId is returned by CreateGeoMatchSet and by ListGeoMatchSets.

updateGeoMatchSet_changeToken :: Lens' UpdateGeoMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

updateGeoMatchSet_updates :: Lens' UpdateGeoMatchSet (NonEmpty GeoMatchSetUpdate) Source #

An array of GeoMatchSetUpdate objects that you want to insert into or delete from an GeoMatchSet. For more information, see the applicable data types:

  • GeoMatchSetUpdate: Contains Action and GeoMatchConstraint
  • GeoMatchConstraint: Contains Type and Value

    You can have only one Type and Value per GeoMatchConstraint. To add multiple countries, include multiple GeoMatchSetUpdate objects in your request.

updateGeoMatchSetResponse_changeToken :: Lens' UpdateGeoMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the UpdateGeoMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

GetByteMatchSet

getByteMatchSet_byteMatchSetId :: Lens' GetByteMatchSet Text Source #

The ByteMatchSetId of the ByteMatchSet that you want to get. ByteMatchSetId is returned by CreateByteMatchSet and by ListByteMatchSets.

getByteMatchSetResponse_byteMatchSet :: Lens' GetByteMatchSetResponse (Maybe ByteMatchSet) Source #

Information about the ByteMatchSet that you specified in the GetByteMatchSet request. For more information, see the following topics:

  • ByteMatchSet: Contains ByteMatchSetId, ByteMatchTuples, and Name
  • ByteMatchTuples: Contains an array of ByteMatchTuple objects. Each ByteMatchTuple object contains FieldToMatch, PositionalConstraint, TargetString, and TextTransformation
  • FieldToMatch: Contains Data and Type

GetPermissionPolicy

getPermissionPolicy_resourceArn :: Lens' GetPermissionPolicy Text Source #

The Amazon Resource Name (ARN) of the RuleGroup for which you want to get the policy.

getPermissionPolicyResponse_policy :: Lens' GetPermissionPolicyResponse (Maybe Text) Source #

The IAM policy attached to the specified RuleGroup.

ListRuleGroups

listRuleGroups_nextMarker :: Lens' ListRuleGroups (Maybe Text) Source #

If you specify a value for Limit and you have more RuleGroups than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of RuleGroups. For the second and subsequent ListRuleGroups requests, specify the value of NextMarker from the previous response to get information about another batch of RuleGroups.

listRuleGroups_limit :: Lens' ListRuleGroups (Maybe Natural) Source #

Specifies the number of RuleGroups that you want AWS WAF to return for this request. If you have more RuleGroups than the number that you specify for Limit, the response includes a NextMarker value that you can use to get another batch of RuleGroups.

listRuleGroupsResponse_nextMarker :: Lens' ListRuleGroupsResponse (Maybe Text) Source #

If you have more RuleGroups than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more RuleGroups, submit another ListRuleGroups request, and specify the NextMarker value from the response in the NextMarker value in the next request.

TagResource

DeleteRuleGroup

deleteRuleGroup_ruleGroupId :: Lens' DeleteRuleGroup Text Source #

The RuleGroupId of the RuleGroup that you want to delete. RuleGroupId is returned by CreateRuleGroup and by ListRuleGroups.

deleteRuleGroup_changeToken :: Lens' DeleteRuleGroup Text Source #

The value returned by the most recent call to GetChangeToken.

deleteRuleGroupResponse_changeToken :: Lens' DeleteRuleGroupResponse (Maybe Text) Source #

The ChangeToken that you used to submit the DeleteRuleGroup request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

UpdateRuleGroup

updateRuleGroup_ruleGroupId :: Lens' UpdateRuleGroup Text Source #

The RuleGroupId of the RuleGroup that you want to update. RuleGroupId is returned by CreateRuleGroup and by ListRuleGroups.

updateRuleGroup_updates :: Lens' UpdateRuleGroup (NonEmpty RuleGroupUpdate) Source #

An array of RuleGroupUpdate objects that you want to insert into or delete from a RuleGroup.

You can only insert REGULAR rules into a rule group.

ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a WebACL. In this case you do not use ActivatedRule|Action. For all other update requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.

updateRuleGroup_changeToken :: Lens' UpdateRuleGroup Text Source #

The value returned by the most recent call to GetChangeToken.

updateRuleGroupResponse_changeToken :: Lens' UpdateRuleGroupResponse (Maybe Text) Source #

The ChangeToken that you used to submit the UpdateRuleGroup request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

CreateRegexMatchSet

createRegexMatchSet_name :: Lens' CreateRegexMatchSet Text Source #

A friendly name or description of the RegexMatchSet. You can't change Name after you create a RegexMatchSet.

createRegexMatchSet_changeToken :: Lens' CreateRegexMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

createRegexMatchSetResponse_regexMatchSet :: Lens' CreateRegexMatchSetResponse (Maybe RegexMatchSet) Source #

A RegexMatchSet that contains no RegexMatchTuple objects.

createRegexMatchSetResponse_changeToken :: Lens' CreateRegexMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the CreateRegexMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

GetRateBasedRule

getRateBasedRule_ruleId :: Lens' GetRateBasedRule Text Source #

The RuleId of the RateBasedRule that you want to get. RuleId is returned by CreateRateBasedRule and by ListRateBasedRules.

getRateBasedRuleResponse_rule :: Lens' GetRateBasedRuleResponse (Maybe RateBasedRule) Source #

Information about the RateBasedRule that you specified in the GetRateBasedRule request.

CreateRegexPatternSet

createRegexPatternSet_name :: Lens' CreateRegexPatternSet Text Source #

A friendly name or description of the RegexPatternSet. You can't change Name after you create a RegexPatternSet.

createRegexPatternSet_changeToken :: Lens' CreateRegexPatternSet Text Source #

The value returned by the most recent call to GetChangeToken.

createRegexPatternSetResponse_changeToken :: Lens' CreateRegexPatternSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the CreateRegexPatternSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

DeleteSizeConstraintSet

deleteSizeConstraintSet_sizeConstraintSetId :: Lens' DeleteSizeConstraintSet Text Source #

The SizeConstraintSetId of the SizeConstraintSet that you want to delete. SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets.

deleteSizeConstraintSet_changeToken :: Lens' DeleteSizeConstraintSet Text Source #

The value returned by the most recent call to GetChangeToken.

deleteSizeConstraintSetResponse_changeToken :: Lens' DeleteSizeConstraintSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the DeleteSizeConstraintSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

UpdateSizeConstraintSet

updateSizeConstraintSet_sizeConstraintSetId :: Lens' UpdateSizeConstraintSet Text Source #

The SizeConstraintSetId of the SizeConstraintSet that you want to update. SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets.

updateSizeConstraintSet_changeToken :: Lens' UpdateSizeConstraintSet Text Source #

The value returned by the most recent call to GetChangeToken.

updateSizeConstraintSet_updates :: Lens' UpdateSizeConstraintSet (NonEmpty SizeConstraintSetUpdate) Source #

An array of SizeConstraintSetUpdate objects that you want to insert into or delete from a SizeConstraintSet. For more information, see the applicable data types:

  • SizeConstraintSetUpdate: Contains Action and SizeConstraint
  • SizeConstraint: Contains FieldToMatch, TextTransformation, ComparisonOperator, and Size
  • FieldToMatch: Contains Data and Type

updateSizeConstraintSetResponse_changeToken :: Lens' UpdateSizeConstraintSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the UpdateSizeConstraintSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

UntagResource

DeleteRegexPatternSet

deleteRegexPatternSet_regexPatternSetId :: Lens' DeleteRegexPatternSet Text Source #

The RegexPatternSetId of the RegexPatternSet that you want to delete. RegexPatternSetId is returned by CreateRegexPatternSet and by ListRegexPatternSets.

deleteRegexPatternSet_changeToken :: Lens' DeleteRegexPatternSet Text Source #

The value returned by the most recent call to GetChangeToken.

deleteRegexPatternSetResponse_changeToken :: Lens' DeleteRegexPatternSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the DeleteRegexPatternSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

UpdateRegexPatternSet

updateRegexPatternSet_regexPatternSetId :: Lens' UpdateRegexPatternSet Text Source #

The RegexPatternSetId of the RegexPatternSet that you want to update. RegexPatternSetId is returned by CreateRegexPatternSet and by ListRegexPatternSets.

updateRegexPatternSet_updates :: Lens' UpdateRegexPatternSet (NonEmpty RegexPatternSetUpdate) Source #

An array of RegexPatternSetUpdate objects that you want to insert into or delete from a RegexPatternSet.

updateRegexPatternSet_changeToken :: Lens' UpdateRegexPatternSet Text Source #

The value returned by the most recent call to GetChangeToken.

updateRegexPatternSetResponse_changeToken :: Lens' UpdateRegexPatternSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the UpdateRegexPatternSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

CreateSizeConstraintSet

createSizeConstraintSet_name :: Lens' CreateSizeConstraintSet Text Source #

A friendly name or description of the SizeConstraintSet. You can't change Name after you create a SizeConstraintSet.

createSizeConstraintSet_changeToken :: Lens' CreateSizeConstraintSet Text Source #

The value returned by the most recent call to GetChangeToken.

createSizeConstraintSetResponse_changeToken :: Lens' CreateSizeConstraintSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the CreateSizeConstraintSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

ListRegexPatternSets

listRegexPatternSets_nextMarker :: Lens' ListRegexPatternSets (Maybe Text) Source #

If you specify a value for Limit and you have more RegexPatternSet objects than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of RegexPatternSet objects. For the second and subsequent ListRegexPatternSets requests, specify the value of NextMarker from the previous response to get information about another batch of RegexPatternSet objects.

listRegexPatternSets_limit :: Lens' ListRegexPatternSets (Maybe Natural) Source #

Specifies the number of RegexPatternSet objects that you want AWS WAF to return for this request. If you have more RegexPatternSet objects than the number you specify for Limit, the response includes a NextMarker value that you can use to get another batch of RegexPatternSet objects.

listRegexPatternSetsResponse_nextMarker :: Lens' ListRegexPatternSetsResponse (Maybe Text) Source #

If you have more RegexPatternSet objects than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more RegexPatternSet objects, submit another ListRegexPatternSets request, and specify the NextMarker value from the response in the NextMarker value in the next request.

ListSqlInjectionMatchSets

listSqlInjectionMatchSets_nextMarker :: Lens' ListSqlInjectionMatchSets (Maybe Text) Source #

If you specify a value for Limit and you have more SqlInjectionMatchSet objects than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of SqlInjectionMatchSets. For the second and subsequent ListSqlInjectionMatchSets requests, specify the value of NextMarker from the previous response to get information about another batch of SqlInjectionMatchSets.

listSqlInjectionMatchSets_limit :: Lens' ListSqlInjectionMatchSets (Maybe Natural) Source #

Specifies the number of SqlInjectionMatchSet objects that you want AWS WAF to return for this request. If you have more SqlInjectionMatchSet objects than the number you specify for Limit, the response includes a NextMarker value that you can use to get another batch of Rules.

listSqlInjectionMatchSetsResponse_nextMarker :: Lens' ListSqlInjectionMatchSetsResponse (Maybe Text) Source #

If you have more SqlInjectionMatchSet objects than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more SqlInjectionMatchSet objects, submit another ListSqlInjectionMatchSets request, and specify the NextMarker value from the response in the NextMarker value in the next request.

GetRegexPatternSet

getRegexPatternSet_regexPatternSetId :: Lens' GetRegexPatternSet Text Source #

The RegexPatternSetId of the RegexPatternSet that you want to get. RegexPatternSetId is returned by CreateRegexPatternSet and by ListRegexPatternSets.

getRegexPatternSetResponse_regexPatternSet :: Lens' GetRegexPatternSetResponse (Maybe RegexPatternSet) Source #

Information about the RegexPatternSet that you specified in the GetRegexPatternSet request, including the identifier of the pattern set and the regular expression patterns you want AWS WAF to search for.

CreateRateBasedRule

createRateBasedRule_name :: Lens' CreateRateBasedRule Text Source #

A friendly name or description of the RateBasedRule. You can't change the name of a RateBasedRule after you create it.

createRateBasedRule_metricName :: Lens' CreateRateBasedRule Text Source #

A friendly name or description for the metrics for this RateBasedRule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change the name of the metric after you create the RateBasedRule.

createRateBasedRule_rateKey :: Lens' CreateRateBasedRule RateKey Source #

The field that AWS WAF uses to determine if requests are likely arriving from a single source and thus subject to rate monitoring. The only valid value for RateKey is IP. IP indicates that requests that arrive from the same IP address are subject to the RateLimit that is specified in the RateBasedRule.

createRateBasedRule_rateLimit :: Lens' CreateRateBasedRule Natural Source #

The maximum number of requests, which have an identical value in the field that is specified by RateKey, allowed in a five-minute period. If the number of requests exceeds the RateLimit and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.

createRateBasedRule_changeToken :: Lens' CreateRateBasedRule Text Source #

The ChangeToken that you used to submit the CreateRateBasedRule request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

createRateBasedRuleResponse_rule :: Lens' CreateRateBasedRuleResponse (Maybe RateBasedRule) Source #

The RateBasedRule that is returned in the CreateRateBasedRule response.

createRateBasedRuleResponse_changeToken :: Lens' CreateRateBasedRuleResponse (Maybe Text) Source #

The ChangeToken that you used to submit the CreateRateBasedRule request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

DeleteSqlInjectionMatchSet

deleteSqlInjectionMatchSet_sqlInjectionMatchSetId :: Lens' DeleteSqlInjectionMatchSet Text Source #

The SqlInjectionMatchSetId of the SqlInjectionMatchSet that you want to delete. SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.

deleteSqlInjectionMatchSet_changeToken :: Lens' DeleteSqlInjectionMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

deleteSqlInjectionMatchSetResponse_changeToken :: Lens' DeleteSqlInjectionMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the DeleteSqlInjectionMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

UpdateSqlInjectionMatchSet

updateSqlInjectionMatchSet_sqlInjectionMatchSetId :: Lens' UpdateSqlInjectionMatchSet Text Source #

The SqlInjectionMatchSetId of the SqlInjectionMatchSet that you want to update. SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.

updateSqlInjectionMatchSet_changeToken :: Lens' UpdateSqlInjectionMatchSet Text Source #

The value returned by the most recent call to GetChangeToken.

updateSqlInjectionMatchSet_updates :: Lens' UpdateSqlInjectionMatchSet (NonEmpty SqlInjectionMatchSetUpdate) Source #

An array of SqlInjectionMatchSetUpdate objects that you want to insert into or delete from a SqlInjectionMatchSet. For more information, see the applicable data types:

  • SqlInjectionMatchSetUpdate: Contains Action and SqlInjectionMatchTuple
  • SqlInjectionMatchTuple: Contains FieldToMatch and TextTransformation
  • FieldToMatch: Contains Data and Type

updateSqlInjectionMatchSetResponse_changeToken :: Lens' UpdateSqlInjectionMatchSetResponse (Maybe Text) Source #

The ChangeToken that you used to submit the UpdateSqlInjectionMatchSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

Types

ActivatedRule

activatedRule_overrideAction :: Lens' ActivatedRule (Maybe WafOverrideAction) Source #

Use the OverrideAction to test your RuleGroup.

Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction to None, the RuleGroup will block a request if any individual rule in the RuleGroup matches the request and is configured to block that request. However if you first want to test the RuleGroup, set the OverrideAction to Count. The RuleGroup will then override any block action specified by individual rules contained within the group. Instead of blocking matching requests, those requests will be counted. You can view a record of counted requests using GetSampledRequests.

ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a WebACL. In this case you do not use ActivatedRule|Action. For all other update requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.

activatedRule_action :: Lens' ActivatedRule (Maybe WafAction) Source #

Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the Rule. Valid values for Action include the following:

  • ALLOW: CloudFront responds with the requested object.
  • BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code.
  • COUNT: AWS WAF increments a counter of requests that match the conditions in the rule and then continues to inspect the web request based on the remaining rules in the web ACL.

ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a WebACL. In this case, you do not use ActivatedRule|Action. For all other update requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.

activatedRule_excludedRules :: Lens' ActivatedRule (Maybe [ExcludedRule]) Source #

An array of rules to exclude from a rule group. This is applicable only when the ActivatedRule refers to a RuleGroup.

Sometimes it is necessary to troubleshoot rule groups that are blocking traffic unexpectedly (false positives). One troubleshooting technique is to identify the specific rule within the rule group that is blocking the legitimate traffic and then disable (exclude) that particular rule. You can exclude rules from both your own rule groups and AWS Marketplace rule groups that have been associated with a web ACL.

Specifying ExcludedRules does not remove those rules from the rule group. Rather, it changes the action for the rules to COUNT. Therefore, requests that match an ExcludedRule are counted but not blocked. The RuleGroup owner will receive COUNT metrics for each ExcludedRule.

If you want to exclude rules from a rule group that is already associated with a web ACL, perform the following steps:

  1. Use the AWS WAF logs to identify the IDs of the rules that you want to exclude. For more information about the logs, see Logging Web ACL Traffic Information.
  2. Submit an UpdateWebACL request that has two actions:

    • The first action deletes the existing rule group from the web ACL. That is, in the UpdateWebACL request, the first Updates:Action should be DELETE and Updates:ActivatedRule:RuleId should be the rule group that contains the rules that you want to exclude.
    • The second action inserts the same rule group back in, but specifying the rules to exclude. That is, the second Updates:Action should be INSERT, Updates:ActivatedRule:RuleId should be the rule group that you just removed, and ExcludedRules should contain the rules that you want to exclude.

activatedRule_type :: Lens' ActivatedRule (Maybe WafRuleType) Source #

The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. Although this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without setting the type, the UpdateWebACL request will fail because the request tries to add a REGULAR rule with the specified ID, which does not exist.

activatedRule_priority :: Lens' ActivatedRule Int Source #

Specifies the order in which the Rules in a WebACL are evaluated. Rules with a lower value for Priority are evaluated before Rules with a higher value. The value must be a unique integer. If you add multiple Rules to a WebACL, the values don't need to be consecutive.

activatedRule_ruleId :: Lens' ActivatedRule Text Source #

The RuleId for a Rule. You use RuleId to get more information about a Rule (see GetRule), update a Rule (see UpdateRule), insert a Rule into a WebACL or delete a one from a WebACL (see UpdateWebACL), or delete a Rule from AWS WAF (see DeleteRule).

RuleId is returned by CreateRule and by ListRules.

ByteMatchSet

byteMatchSet_name :: Lens' ByteMatchSet (Maybe Text) Source #

A friendly name or description of the ByteMatchSet. You can't change Name after you create a ByteMatchSet.

byteMatchSet_byteMatchSetId :: Lens' ByteMatchSet Text Source #

The ByteMatchSetId for a ByteMatchSet. You use ByteMatchSetId to get information about a ByteMatchSet (see GetByteMatchSet), update a ByteMatchSet (see UpdateByteMatchSet), insert a ByteMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete a ByteMatchSet from AWS WAF (see DeleteByteMatchSet).

ByteMatchSetId is returned by CreateByteMatchSet and by ListByteMatchSets.

byteMatchSet_byteMatchTuples :: Lens' ByteMatchSet [ByteMatchTuple] Source #

Specifies the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.

ByteMatchSetSummary

byteMatchSetSummary_byteMatchSetId :: Lens' ByteMatchSetSummary Text Source #

The ByteMatchSetId for a ByteMatchSet. You use ByteMatchSetId to get information about a ByteMatchSet, update a ByteMatchSet, remove a ByteMatchSet from a Rule, and delete a ByteMatchSet from AWS WAF.

ByteMatchSetId is returned by CreateByteMatchSet and by ListByteMatchSets.

byteMatchSetSummary_name :: Lens' ByteMatchSetSummary Text Source #

A friendly name or description of the ByteMatchSet. You can't change Name after you create a ByteMatchSet.

ByteMatchSetUpdate

byteMatchSetUpdate_action :: Lens' ByteMatchSetUpdate ChangeAction Source #

Specifies whether to insert or delete a ByteMatchTuple.

byteMatchSetUpdate_byteMatchTuple :: Lens' ByteMatchSetUpdate ByteMatchTuple Source #

Information about the part of a web request that you want AWS WAF to inspect and the value that you want AWS WAF to search for. If you specify DELETE for the value of Action, the ByteMatchTuple values must exactly match the values in the ByteMatchTuple that you want to delete from the ByteMatchSet.

ByteMatchTuple

byteMatchTuple_fieldToMatch :: Lens' ByteMatchTuple FieldToMatch Source #

The part of a web request that you want AWS WAF to search, such as a specified header or a query string. For more information, see FieldToMatch.

byteMatchTuple_targetString :: Lens' ByteMatchTuple ByteString Source #

The value that you want AWS WAF to search for. AWS WAF searches for the specified string in the part of web requests that you specified in FieldToMatch. The maximum length of the value is 50 bytes.

Valid values depend on the values that you specified for FieldToMatch:

  • HEADER: The value that you want AWS WAF to search for in the request header that you specified in FieldToMatch, for example, the value of the User-Agent or Referer header.
  • METHOD: The HTTP method, which indicates the type of operation specified in the request. CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.
  • QUERY_STRING: The value that you want AWS WAF to search for in the query string, which is the part of a URL that appears after a ? character.
  • URI: The value that you want AWS WAF to search for in the part of a URL that identifies a resource, for example, /images/daily-ad.jpg.
  • BODY: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192 bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet.
  • SINGLE_QUERY_ARG: The parameter in the query string that you will inspect, such as UserName or SalesRegion. The maximum length for SINGLE_QUERY_ARG is 30 characters.
  • ALL_QUERY_ARGS: Similar to SINGLE_QUERY_ARG, but instead of inspecting a single parameter, AWS WAF inspects all parameters within the query string for the value or regex pattern that you specify in TargetString.

If TargetString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.

If you're using the AWS WAF API

Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 50 bytes.

For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64-encoding and include the resulting value, QmFkQm90, in the value of TargetString.

If you're using the AWS CLI or one of the AWS SDKs

The value that you want AWS WAF to search for. The SDK automatically base64 encodes the value.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

byteMatchTuple_textTransformation :: Lens' ByteMatchTuple TextTransformation Source #

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch before inspecting it for a match.

You can only specify a single type of TextTransformation.

CMD_LINE

When you're concerned that attackers are injecting an operating system command line command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

  • Delete the following characters: \ " ' ^
  • Delete spaces before the following characters: / (
  • Replace the following characters with a space: , ;
  • Replace multiple spaces with one space
  • Convert uppercase letters (A-Z) to lowercase (a-z)

COMPRESS_WHITE_SPACE

Use this option to replace the following characters with a space character (decimal 32):

  • \f, formfeed, decimal 12
  • \t, tab, decimal 9
  • \n, newline, decimal 10
  • \r, carriage return, decimal 13
  • \v, vertical tab, decimal 11
  • non-breaking space, decimal 160

COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

HTML_ENTITY_DECODE

Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

  • Replaces (ampersand)quot; with "
  • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
  • Replaces (ampersand)lt; with a "less than" symbol
  • Replaces (ampersand)gt; with >
  • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters
  • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

LOWERCASE

Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this option to decode a URL-encoded value.

NONE

Specify NONE if you don't want to perform any text transformations.

byteMatchTuple_positionalConstraint :: Lens' ByteMatchTuple PositionalConstraint Source #

Within the portion of a web request that you want to search (for example, in the query string, if any), specify where you want AWS WAF to search. Valid values include the following:

CONTAINS

The specified part of the web request must include the value of TargetString, but the location doesn't matter.

CONTAINS_WORD

The specified part of the web request must include the value of TargetString, and TargetString must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition, TargetString must be a word, which means one of the following:

  • TargetString exactly matches the value of the specified part of the web request, such as the value of a header.
  • TargetString is at the beginning of the specified part of the web request and is followed by a character other than an alphanumeric character or underscore (_), for example, BadBot;.
  • TargetString is at the end of the specified part of the web request and is preceded by a character other than an alphanumeric character or underscore (_), for example, ;BadBot.
  • TargetString is in the middle of the specified part of the web request and is preceded and followed by characters other than alphanumeric characters or underscore (_), for example, -BadBot;.

EXACTLY

The value of the specified part of the web request must exactly match the value of TargetString.

STARTS_WITH

The value of TargetString must appear at the beginning of the specified part of the web request.

ENDS_WITH

The value of TargetString must appear at the end of the specified part of the web request.

ExcludedRule

excludedRule_ruleId :: Lens' ExcludedRule Text Source #

The unique identifier for the rule to exclude from the rule group.

FieldToMatch

fieldToMatch_data :: Lens' FieldToMatch (Maybe Text) Source #

When the value of Type is HEADER, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. The name of the header is not case sensitive.

When the value of Type is SINGLE_QUERY_ARG, enter the name of the parameter that you want AWS WAF to search, for example, UserName or SalesRegion. The parameter name is not case sensitive.

If the value of Type is any other value, omit Data.

fieldToMatch_type :: Lens' FieldToMatch MatchFieldType Source #

The part of the web request that you want AWS WAF to search for a specified string. Parts of a request that you can search include the following:

  • HEADER: A specified request header, for example, the value of the User-Agent or Referer header. If you choose HEADER for the type, specify the name of the header in Data.
  • METHOD: The HTTP method, which indicated the type of operation that the request is asking the origin to perform. Amazon CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.
  • QUERY_STRING: A query string, which is the part of a URL that appears after a ? character, if any.
  • URI: The part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
  • BODY: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192 bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet.
  • SINGLE_QUERY_ARG: The parameter in the query string that you will inspect, such as UserName or SalesRegion. The maximum length for SINGLE_QUERY_ARG is 30 characters.
  • ALL_QUERY_ARGS: Similar to SINGLE_QUERY_ARG, but rather than inspecting a single parameter, AWS WAF will inspect all parameters within the query for the value or regex pattern that you specify in TargetString.

GeoMatchConstraint

geoMatchConstraint_type :: Lens' GeoMatchConstraint GeoMatchConstraintType Source #

The type of geographical area you want AWS WAF to search for. Currently Country is the only valid value.

geoMatchConstraint_value :: Lens' GeoMatchConstraint GeoMatchConstraintValue Source #

The country that you want AWS WAF to search for.

GeoMatchSet

geoMatchSet_name :: Lens' GeoMatchSet (Maybe Text) Source #

A friendly name or description of the GeoMatchSet. You can't change the name of an GeoMatchSet after you create it.

geoMatchSet_geoMatchSetId :: Lens' GeoMatchSet Text Source #

The GeoMatchSetId for an GeoMatchSet. You use GeoMatchSetId to get information about a GeoMatchSet (see GeoMatchSet), update a GeoMatchSet (see UpdateGeoMatchSet), insert a GeoMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete a GeoMatchSet from AWS WAF (see DeleteGeoMatchSet).

GeoMatchSetId is returned by CreateGeoMatchSet and by ListGeoMatchSets.

geoMatchSet_geoMatchConstraints :: Lens' GeoMatchSet [GeoMatchConstraint] Source #

An array of GeoMatchConstraint objects, which contain the country that you want AWS WAF to search for.

GeoMatchSetSummary

geoMatchSetSummary_geoMatchSetId :: Lens' GeoMatchSetSummary Text Source #

The GeoMatchSetId for an GeoMatchSet. You can use GeoMatchSetId in a GetGeoMatchSet request to get detailed information about an GeoMatchSet.

geoMatchSetSummary_name :: Lens' GeoMatchSetSummary Text Source #

A friendly name or description of the GeoMatchSet. You can't change the name of an GeoMatchSet after you create it.

GeoMatchSetUpdate

geoMatchSetUpdate_action :: Lens' GeoMatchSetUpdate ChangeAction Source #

Specifies whether to insert or delete a country with UpdateGeoMatchSet.

geoMatchSetUpdate_geoMatchConstraint :: Lens' GeoMatchSetUpdate GeoMatchConstraint Source #

The country from which web requests originate that you want AWS WAF to search for.

HTTPHeader

hTTPHeader_value :: Lens' HTTPHeader (Maybe Text) Source #

The value of one of the headers in the sampled web request.

hTTPHeader_name :: Lens' HTTPHeader (Maybe Text) Source #

The name of one of the headers in the sampled web request.

HTTPRequest

hTTPRequest_hTTPVersion :: Lens' HTTPRequest (Maybe Text) Source #

The HTTP version specified in the sampled web request, for example, HTTP/1.1.

hTTPRequest_country :: Lens' HTTPRequest (Maybe Text) Source #

The two-letter country code for the country that the request originated from. For a current list of country codes, see the Wikipedia entry ISO 3166-1 alpha-2.

hTTPRequest_uri :: Lens' HTTPRequest (Maybe Text) Source #

The part of a web request that identifies the resource, for example, /images/daily-ad.jpg.

hTTPRequest_headers :: Lens' HTTPRequest (Maybe [HTTPHeader]) Source #

A complex type that contains two values for each header in the sampled web request: the name of the header and the value of the header.

hTTPRequest_method :: Lens' HTTPRequest (Maybe Text) Source #

The HTTP method specified in the sampled web request. CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.

hTTPRequest_clientIP :: Lens' HTTPRequest (Maybe Text) Source #

The IP address that the request originated from. If the WebACL is associated with a CloudFront distribution, this is the value of one of the following fields in CloudFront access logs:

  • c-ip, if the viewer did not use an HTTP proxy or a load balancer to send the request
  • x-forwarded-for, if the viewer did use an HTTP proxy or a load balancer to send the request

IPSet

iPSet_name :: Lens' IPSet (Maybe Text) Source #

A friendly name or description of the IPSet. You can't change the name of an IPSet after you create it.

iPSet_iPSetId :: Lens' IPSet Text Source #

The IPSetId for an IPSet. You use IPSetId to get information about an IPSet (see GetIPSet), update an IPSet (see UpdateIPSet), insert an IPSet into a Rule or delete one from a Rule (see UpdateRule), and delete an IPSet from AWS WAF (see DeleteIPSet).

IPSetId is returned by CreateIPSet and by ListIPSets.

iPSet_iPSetDescriptors :: Lens' IPSet [IPSetDescriptor] Source #

The IP address type (IPV4 or IPV6) and the IP address range (in CIDR notation) that web requests originate from. If the WebACL is associated with a CloudFront distribution and the viewer did not use an HTTP proxy or a load balancer to send the request, this is the value of the c-ip field in the CloudFront access logs.

IPSetDescriptor

iPSetDescriptor_value :: Lens' IPSetDescriptor Text Source #

Specify an IPv4 address by using CIDR notation. For example:

  • To configure AWS WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32.
  • To configure AWS WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.

For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

Specify an IPv6 address by using CIDR notation. For example:

  • To configure AWS WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
  • To configure AWS WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.

IPSetSummary

iPSetSummary_iPSetId :: Lens' IPSetSummary Text Source #

The IPSetId for an IPSet. You can use IPSetId in a GetIPSet request to get detailed information about an IPSet.

iPSetSummary_name :: Lens' IPSetSummary Text Source #

A friendly name or description of the IPSet. You can't change the name of an IPSet after you create it.

IPSetUpdate

iPSetUpdate_action :: Lens' IPSetUpdate ChangeAction Source #

Specifies whether to insert or delete an IP address with UpdateIPSet.

iPSetUpdate_iPSetDescriptor :: Lens' IPSetUpdate IPSetDescriptor Source #

The IP address type (IPV4 or IPV6) and the IP address range (in CIDR notation) that web requests originate from.

LoggingConfiguration

loggingConfiguration_redactedFields :: Lens' LoggingConfiguration (Maybe [FieldToMatch]) Source #

The parts of the request that you want redacted from the logs. For example, if you redact the cookie field, the cookie field in the firehose will be xxx.

loggingConfiguration_resourceArn :: Lens' LoggingConfiguration Text Source #

The Amazon Resource Name (ARN) of the web ACL that you want to associate with LogDestinationConfigs.

Predicate

predicate_negated :: Lens' Predicate Bool Source #

Set Negated to False if you want AWS WAF to allow, block, or count requests based on the settings in the specified ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, or SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow or block requests based on that IP address.

Set Negated to True if you want AWS WAF to allow or block a request based on the negation of the settings in the ByteMatchSet, IPSet, SqlInjectionMatchSet, XssMatchSet, RegexMatchSet, GeoMatchSet, or SizeConstraintSet. For example, if an IPSet includes the IP address 192.0.2.44, AWS WAF will allow, block, or count requests based on all IP addresses except 192.0.2.44.

predicate_type :: Lens' Predicate PredicateType Source #

The type of predicate in a Rule, such as ByteMatch or IPSet.

predicate_dataId :: Lens' Predicate Text Source #

A unique identifier for a predicate in a Rule, such as ByteMatchSetId or IPSetId. The ID is returned by the corresponding Create or List command.

RateBasedRule

rateBasedRule_metricName :: Lens' RateBasedRule (Maybe Text) Source #

A friendly name or description for the metrics for a RateBasedRule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change the name of the metric after you create the RateBasedRule.

rateBasedRule_name :: Lens' RateBasedRule (Maybe Text) Source #

A friendly name or description for a RateBasedRule. You can't change the name of a RateBasedRule after you create it.

rateBasedRule_ruleId :: Lens' RateBasedRule Text Source #

A unique identifier for a RateBasedRule. You use RuleId to get more information about a RateBasedRule (see GetRateBasedRule), update a RateBasedRule (see UpdateRateBasedRule), insert a RateBasedRule into a WebACL or delete one from a WebACL (see UpdateWebACL), or delete a RateBasedRule from AWS WAF (see DeleteRateBasedRule).

rateBasedRule_matchPredicates :: Lens' RateBasedRule [Predicate] Source #

The Predicates object contains one Predicate element for each ByteMatchSet, IPSet, or SqlInjectionMatchSet object that you want to include in a RateBasedRule.

rateBasedRule_rateKey :: Lens' RateBasedRule RateKey Source #

The field that AWS WAF uses to determine if requests are likely arriving from single source and thus subject to rate monitoring. The only valid value for RateKey is IP. IP indicates that requests arriving from the same IP address are subject to the RateLimit that is specified in the RateBasedRule.

rateBasedRule_rateLimit :: Lens' RateBasedRule Natural Source #

The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. If the number of requests exceeds the RateLimit and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.

RegexMatchSet

regexMatchSet_name :: Lens' RegexMatchSet (Maybe Text) Source #

A friendly name or description of the RegexMatchSet. You can't change Name after you create a RegexMatchSet.

regexMatchSet_regexMatchTuples :: Lens' RegexMatchSet (Maybe [RegexMatchTuple]) Source #

Contains an array of RegexMatchTuple objects. Each RegexMatchTuple object contains:

  • The part of a web request that you want AWS WAF to inspect, such as a query string or the value of the User-Agent header.
  • The identifier of the pattern (a regular expression) that you want AWS WAF to look for. For more information, see RegexPatternSet.
  • Whether to perform any conversions on the request, such as converting it to lowercase, before inspecting it for the specified string.

regexMatchSet_regexMatchSetId :: Lens' RegexMatchSet (Maybe Text) Source #

The RegexMatchSetId for a RegexMatchSet. You use RegexMatchSetId to get information about a RegexMatchSet (see GetRegexMatchSet), update a RegexMatchSet (see UpdateRegexMatchSet), insert a RegexMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete a RegexMatchSet from AWS WAF (see DeleteRegexMatchSet).

RegexMatchSetId is returned by CreateRegexMatchSet and by ListRegexMatchSets.

RegexMatchSetSummary

regexMatchSetSummary_regexMatchSetId :: Lens' RegexMatchSetSummary Text Source #

The RegexMatchSetId for a RegexMatchSet. You use RegexMatchSetId to get information about a RegexMatchSet, update a RegexMatchSet, remove a RegexMatchSet from a Rule, and delete a RegexMatchSet from AWS WAF.

RegexMatchSetId is returned by CreateRegexMatchSet and by ListRegexMatchSets.

regexMatchSetSummary_name :: Lens' RegexMatchSetSummary Text Source #

A friendly name or description of the RegexMatchSet. You can't change Name after you create a RegexMatchSet.

RegexMatchSetUpdate

regexMatchSetUpdate_action :: Lens' RegexMatchSetUpdate ChangeAction Source #

Specifies whether to insert or delete a RegexMatchTuple.

regexMatchSetUpdate_regexMatchTuple :: Lens' RegexMatchSetUpdate RegexMatchTuple Source #

Information about the part of a web request that you want AWS WAF to inspect and the identifier of the regular expression (regex) pattern that you want AWS WAF to search for. If you specify DELETE for the value of Action, the RegexMatchTuple values must exactly match the values in the RegexMatchTuple that you want to delete from the RegexMatchSet.

RegexMatchTuple

regexMatchTuple_fieldToMatch :: Lens' RegexMatchTuple FieldToMatch Source #

Specifies where in a web request to look for the RegexPatternSet.

regexMatchTuple_textTransformation :: Lens' RegexMatchTuple TextTransformation Source #

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on RegexPatternSet before inspecting a request for a match.

You can only specify a single type of TextTransformation.

CMD_LINE

When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

  • Delete the following characters: \ " ' ^
  • Delete spaces before the following characters: / (
  • Replace the following characters with a space: , ;
  • Replace multiple spaces with one space
  • Convert uppercase letters (A-Z) to lowercase (a-z)

COMPRESS_WHITE_SPACE

Use this option to replace the following characters with a space character (decimal 32):

  • \f, formfeed, decimal 12
  • \t, tab, decimal 9
  • \n, newline, decimal 10
  • \r, carriage return, decimal 13
  • \v, vertical tab, decimal 11
  • non-breaking space, decimal 160

COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

HTML_ENTITY_DECODE

Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

  • Replaces (ampersand)quot; with "
  • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
  • Replaces (ampersand)lt; with a "less than" symbol
  • Replaces (ampersand)gt; with >
  • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters
  • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

LOWERCASE

Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this option to decode a URL-encoded value.

NONE

Specify NONE if you don't want to perform any text transformations.

regexMatchTuple_regexPatternSetId :: Lens' RegexMatchTuple Text Source #

The RegexPatternSetId for a RegexPatternSet. You use RegexPatternSetId to get information about a RegexPatternSet (see GetRegexPatternSet), update a RegexPatternSet (see UpdateRegexPatternSet), insert a RegexPatternSet into a RegexMatchSet or delete one from a RegexMatchSet (see UpdateRegexMatchSet), and delete an RegexPatternSet from AWS WAF (see DeleteRegexPatternSet).

RegexPatternSetId is returned by CreateRegexPatternSet and by ListRegexPatternSets.

RegexPatternSet

regexPatternSet_name :: Lens' RegexPatternSet (Maybe Text) Source #

A friendly name or description of the RegexPatternSet. You can't change Name after you create a RegexPatternSet.

regexPatternSet_regexPatternSetId :: Lens' RegexPatternSet Text Source #

The identifier for the RegexPatternSet. You use RegexPatternSetId to get information about a RegexPatternSet, update a RegexPatternSet, remove a RegexPatternSet from a RegexMatchSet, and delete a RegexPatternSet from AWS WAF.

RegexMatchSetId is returned by CreateRegexPatternSet and by ListRegexPatternSets.

regexPatternSet_regexPatternStrings :: Lens' RegexPatternSet [Text] Source #

Specifies the regular expression (regex) patterns that you want AWS WAF to search for, such as B[a@]dB[o0]t.

RegexPatternSetSummary

regexPatternSetSummary_regexPatternSetId :: Lens' RegexPatternSetSummary Text Source #

The RegexPatternSetId for a RegexPatternSet. You use RegexPatternSetId to get information about a RegexPatternSet, update a RegexPatternSet, remove a RegexPatternSet from a RegexMatchSet, and delete a RegexPatternSet from AWS WAF.

RegexPatternSetId is returned by CreateRegexPatternSet and by ListRegexPatternSets.

regexPatternSetSummary_name :: Lens' RegexPatternSetSummary Text Source #

A friendly name or description of the RegexPatternSet. You can't change Name after you create a RegexPatternSet.

RegexPatternSetUpdate

regexPatternSetUpdate_action :: Lens' RegexPatternSetUpdate ChangeAction Source #

Specifies whether to insert or delete a RegexPatternString.

regexPatternSetUpdate_regexPatternString :: Lens' RegexPatternSetUpdate Text Source #

Specifies the regular expression (regex) pattern that you want AWS WAF to search for, such as B[a@]dB[o0]t.

Rule

rule_metricName :: Lens' Rule (Maybe Text) Source #

A friendly name or description for the metrics for this Rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change MetricName after you create the Rule.

rule_name :: Lens' Rule (Maybe Text) Source #

The friendly name or description for the Rule. You can't change the name of a Rule after you create it.

rule_ruleId :: Lens' Rule Text Source #

A unique identifier for a Rule. You use RuleId to get more information about a Rule (see GetRule), update a Rule (see UpdateRule), insert a Rule into a WebACL or delete a one from a WebACL (see UpdateWebACL), or delete a Rule from AWS WAF (see DeleteRule).

RuleId is returned by CreateRule and by ListRules.

rule_predicates :: Lens' Rule [Predicate] Source #

The Predicates object contains one Predicate element for each ByteMatchSet, IPSet, or SqlInjectionMatchSet object that you want to include in a Rule.

RuleGroup

ruleGroup_metricName :: Lens' RuleGroup (Maybe Text) Source #

A friendly name or description for the metrics for this RuleGroup. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change the name of the metric after you create the RuleGroup.

ruleGroup_name :: Lens' RuleGroup (Maybe Text) Source #

The friendly name or description for the RuleGroup. You can't change the name of a RuleGroup after you create it.

ruleGroup_ruleGroupId :: Lens' RuleGroup Text Source #

A unique identifier for a RuleGroup. You use RuleGroupId to get more information about a RuleGroup (see GetRuleGroup), update a RuleGroup (see UpdateRuleGroup), insert a RuleGroup into a WebACL or delete a one from a WebACL (see UpdateWebACL), or delete a RuleGroup from AWS WAF (see DeleteRuleGroup).

RuleGroupId is returned by CreateRuleGroup and by ListRuleGroups.

RuleGroupSummary

ruleGroupSummary_ruleGroupId :: Lens' RuleGroupSummary Text Source #

A unique identifier for a RuleGroup. You use RuleGroupId to get more information about a RuleGroup (see GetRuleGroup), update a RuleGroup (see UpdateRuleGroup), insert a RuleGroup into a WebACL or delete one from a WebACL (see UpdateWebACL), or delete a RuleGroup from AWS WAF (see DeleteRuleGroup).

RuleGroupId is returned by CreateRuleGroup and by ListRuleGroups.

ruleGroupSummary_name :: Lens' RuleGroupSummary Text Source #

A friendly name or description of the RuleGroup. You can't change the name of a RuleGroup after you create it.

RuleGroupUpdate

ruleGroupUpdate_action :: Lens' RuleGroupUpdate ChangeAction Source #

Specify INSERT to add an ActivatedRule to a RuleGroup. Use DELETE to remove an ActivatedRule from a RuleGroup.

ruleGroupUpdate_activatedRule :: Lens' RuleGroupUpdate ActivatedRule Source #

The ActivatedRule object specifies a Rule that you want to insert or delete, the priority of the Rule in the WebACL, and the action that you want AWS WAF to take when a web request matches the Rule (ALLOW, BLOCK, or COUNT).

RuleSummary

ruleSummary_ruleId :: Lens' RuleSummary Text Source #

A unique identifier for a Rule. You use RuleId to get more information about a Rule (see GetRule), update a Rule (see UpdateRule), insert a Rule into a WebACL or delete one from a WebACL (see UpdateWebACL), or delete a Rule from AWS WAF (see DeleteRule).

RuleId is returned by CreateRule and by ListRules.

ruleSummary_name :: Lens' RuleSummary Text Source #

A friendly name or description of the Rule. You can't change the name of a Rule after you create it.

RuleUpdate

ruleUpdate_action :: Lens' RuleUpdate ChangeAction Source #

Specify INSERT to add a Predicate to a Rule. Use DELETE to remove a Predicate from a Rule.

ruleUpdate_predicate :: Lens' RuleUpdate Predicate Source #

The ID of the Predicate (such as an IPSet) that you want to add to a Rule.

SampledHTTPRequest

sampledHTTPRequest_ruleWithinRuleGroup :: Lens' SampledHTTPRequest (Maybe Text) Source #

This value is returned if the GetSampledRequests request specifies the ID of a RuleGroup rather than the ID of an individual rule. RuleWithinRuleGroup is the rule within the specified RuleGroup that matched the request listed in the response.

sampledHTTPRequest_action :: Lens' SampledHTTPRequest (Maybe Text) Source #

The action for the Rule that the request matched: ALLOW, BLOCK, or COUNT.

sampledHTTPRequest_timestamp :: Lens' SampledHTTPRequest (Maybe UTCTime) Source #

The time at which AWS WAF received the request from your AWS resource, in Unix time format (in seconds).

sampledHTTPRequest_request :: Lens' SampledHTTPRequest HTTPRequest Source #

A complex type that contains detailed information about the request.

sampledHTTPRequest_weight :: Lens' SampledHTTPRequest Natural Source #

A value that indicates how one result in the response relates proportionally to other results in the response. A result that has a weight of 2 represents roughly twice as many CloudFront web requests as a result that has a weight of 1.

SizeConstraint

sizeConstraint_fieldToMatch :: Lens' SizeConstraint FieldToMatch Source #

Specifies where in a web request to look for the size constraint.

sizeConstraint_textTransformation :: Lens' SizeConstraint TextTransformation Source #

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch before inspecting it for a match.

You can only specify a single type of TextTransformation.

Note that if you choose BODY for the value of Type, you must choose NONE for TextTransformation because CloudFront forwards only the first 8192 bytes for inspection.

NONE

Specify NONE if you don't want to perform any text transformations.

CMD_LINE

When you're concerned that attackers are injecting an operating system command line command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

  • Delete the following characters: \ " ' ^
  • Delete spaces before the following characters: / (
  • Replace the following characters with a space: , ;
  • Replace multiple spaces with one space
  • Convert uppercase letters (A-Z) to lowercase (a-z)

COMPRESS_WHITE_SPACE

Use this option to replace the following characters with a space character (decimal 32):

  • \f, formfeed, decimal 12
  • \t, tab, decimal 9
  • \n, newline, decimal 10
  • \r, carriage return, decimal 13
  • \v, vertical tab, decimal 11
  • non-breaking space, decimal 160

COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

HTML_ENTITY_DECODE

Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

  • Replaces (ampersand)quot; with "
  • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
  • Replaces (ampersand)lt; with a "less than" symbol
  • Replaces (ampersand)gt; with >
  • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters
  • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

LOWERCASE

Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this option to decode a URL-encoded value.

sizeConstraint_comparisonOperator :: Lens' SizeConstraint ComparisonOperator Source #

The type of comparison you want AWS WAF to perform. AWS WAF uses this in combination with the provided Size and FieldToMatch to build an expression in the form of "Size ComparisonOperator size in bytes of FieldToMatch". If that expression is true, the SizeConstraint is considered to match.

EQ: Used to test if the Size is equal to the size of the FieldToMatch

NE: Used to test if the Size is not equal to the size of the FieldToMatch

LE: Used to test if the Size is less than or equal to the size of the FieldToMatch

LT: Used to test if the Size is strictly less than the size of the FieldToMatch

GE: Used to test if the Size is greater than or equal to the size of the FieldToMatch

GT: Used to test if the Size is strictly greater than the size of the FieldToMatch

sizeConstraint_size :: Lens' SizeConstraint Natural Source #

The size in bytes that you want AWS WAF to compare against the size of the specified FieldToMatch. AWS WAF uses this in combination with ComparisonOperator and FieldToMatch to build an expression in the form of "Size ComparisonOperator size in bytes of FieldToMatch". If that expression is true, the SizeConstraint is considered to match.

Valid values for size are 0 - 21474836480 bytes (0 - 20 GB).

If you specify URI for the value of Type, the / in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

SizeConstraintSet

sizeConstraintSet_name :: Lens' SizeConstraintSet (Maybe Text) Source #

The name, if any, of the SizeConstraintSet.

sizeConstraintSet_sizeConstraintSetId :: Lens' SizeConstraintSet Text Source #

A unique identifier for a SizeConstraintSet. You use SizeConstraintSetId to get information about a SizeConstraintSet (see GetSizeConstraintSet), update a SizeConstraintSet (see UpdateSizeConstraintSet), insert a SizeConstraintSet into a Rule or delete one from a Rule (see UpdateRule), and delete a SizeConstraintSet from AWS WAF (see DeleteSizeConstraintSet).

SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets.

sizeConstraintSet_sizeConstraints :: Lens' SizeConstraintSet [SizeConstraint] Source #

Specifies the parts of web requests that you want to inspect the size of.

SizeConstraintSetSummary

sizeConstraintSetSummary_sizeConstraintSetId :: Lens' SizeConstraintSetSummary Text Source #

A unique identifier for a SizeConstraintSet. You use SizeConstraintSetId to get information about a SizeConstraintSet (see GetSizeConstraintSet), update a SizeConstraintSet (see UpdateSizeConstraintSet), insert a SizeConstraintSet into a Rule or delete one from a Rule (see UpdateRule), and delete a SizeConstraintSet from AWS WAF (see DeleteSizeConstraintSet).

SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets.

sizeConstraintSetSummary_name :: Lens' SizeConstraintSetSummary Text Source #

The name of the SizeConstraintSet, if any.

SizeConstraintSetUpdate

sizeConstraintSetUpdate_action :: Lens' SizeConstraintSetUpdate ChangeAction Source #

Specify INSERT to add a SizeConstraintSetUpdate to a SizeConstraintSet. Use DELETE to remove a SizeConstraintSetUpdate from a SizeConstraintSet.

sizeConstraintSetUpdate_sizeConstraint :: Lens' SizeConstraintSetUpdate SizeConstraint Source #

Specifies a constraint on the size of a part of the web request. AWS WAF uses the Size, ComparisonOperator, and FieldToMatch to build an expression in the form of "Size ComparisonOperator size in bytes of FieldToMatch". If that expression is true, the SizeConstraint is considered to match.

SqlInjectionMatchSet

sqlInjectionMatchSet_name :: Lens' SqlInjectionMatchSet (Maybe Text) Source #

The name, if any, of the SqlInjectionMatchSet.

sqlInjectionMatchSet_sqlInjectionMatchSetId :: Lens' SqlInjectionMatchSet Text Source #

A unique identifier for a SqlInjectionMatchSet. You use SqlInjectionMatchSetId to get information about a SqlInjectionMatchSet (see GetSqlInjectionMatchSet), update a SqlInjectionMatchSet (see UpdateSqlInjectionMatchSet), insert a SqlInjectionMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete a SqlInjectionMatchSet from AWS WAF (see DeleteSqlInjectionMatchSet).

SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.

sqlInjectionMatchSet_sqlInjectionMatchTuples :: Lens' SqlInjectionMatchSet [SqlInjectionMatchTuple] Source #

Specifies the parts of web requests that you want to inspect for snippets of malicious SQL code.

SqlInjectionMatchSetSummary

sqlInjectionMatchSetSummary_sqlInjectionMatchSetId :: Lens' SqlInjectionMatchSetSummary Text Source #

A unique identifier for a SqlInjectionMatchSet. You use SqlInjectionMatchSetId to get information about a SqlInjectionMatchSet (see GetSqlInjectionMatchSet), update a SqlInjectionMatchSet (see UpdateSqlInjectionMatchSet), insert a SqlInjectionMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete a SqlInjectionMatchSet from AWS WAF (see DeleteSqlInjectionMatchSet).

SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.

sqlInjectionMatchSetSummary_name :: Lens' SqlInjectionMatchSetSummary Text Source #

The name of the SqlInjectionMatchSet, if any, specified by Id.

SqlInjectionMatchSetUpdate

sqlInjectionMatchSetUpdate_action :: Lens' SqlInjectionMatchSetUpdate ChangeAction Source #

Specify INSERT to add a SqlInjectionMatchSetUpdate to a SqlInjectionMatchSet. Use DELETE to remove a SqlInjectionMatchSetUpdate from a SqlInjectionMatchSet.

sqlInjectionMatchSetUpdate_sqlInjectionMatchTuple :: Lens' SqlInjectionMatchSetUpdate SqlInjectionMatchTuple Source #

Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.

SqlInjectionMatchTuple

sqlInjectionMatchTuple_fieldToMatch :: Lens' SqlInjectionMatchTuple FieldToMatch Source #

Specifies where in a web request to look for snippets of malicious SQL code.

sqlInjectionMatchTuple_textTransformation :: Lens' SqlInjectionMatchTuple TextTransformation Source #

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch before inspecting it for a match.

You can only specify a single type of TextTransformation.

CMD_LINE

When you're concerned that attackers are injecting an operating system command line command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

  • Delete the following characters: \ " ' ^
  • Delete spaces before the following characters: / (
  • Replace the following characters with a space: , ;
  • Replace multiple spaces with one space
  • Convert uppercase letters (A-Z) to lowercase (a-z)

COMPRESS_WHITE_SPACE

Use this option to replace the following characters with a space character (decimal 32):

  • \f, formfeed, decimal 12
  • \t, tab, decimal 9
  • \n, newline, decimal 10
  • \r, carriage return, decimal 13
  • \v, vertical tab, decimal 11
  • non-breaking space, decimal 160

COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

HTML_ENTITY_DECODE

Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

  • Replaces (ampersand)quot; with "
  • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
  • Replaces (ampersand)lt; with a "less than" symbol
  • Replaces (ampersand)gt; with >
  • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters
  • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

LOWERCASE

Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this option to decode a URL-encoded value.

NONE

Specify NONE if you don't want to perform any text transformations.

SubscribedRuleGroupSummary

subscribedRuleGroupSummary_name :: Lens' SubscribedRuleGroupSummary Text Source #

A friendly name or description of the RuleGroup. You can't change the name of a RuleGroup after you create it.

subscribedRuleGroupSummary_metricName :: Lens' SubscribedRuleGroupSummary Text Source #

A friendly name or description for the metrics for this RuleGroup. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change the name of the metric after you create the RuleGroup.

Tag

TagInfoForResource

TimeWindow

timeWindow_startTime :: Lens' TimeWindow UTCTime Source #

The beginning of the time range from which you want GetSampledRequests to return a sample of the requests that your AWS resource received. You must specify the date and time in Coordinated Universal Time (UTC) format. UTC format includes the special designator, Z. For example, "2016-09-27T14:50Z". You can specify any time range in the previous three hours.

timeWindow_endTime :: Lens' TimeWindow UTCTime Source #

The end of the time range from which you want GetSampledRequests to return a sample of the requests that your AWS resource received. You must specify the date and time in Coordinated Universal Time (UTC) format. UTC format includes the special designator, Z. For example, "2016-09-27T14:50Z". You can specify any time range in the previous three hours.

WafAction

wafAction_type :: Lens' WafAction WafActionType Source #

Specifies how you want AWS WAF to respond to requests that match the settings in a Rule. Valid settings include the following:

  • ALLOW: AWS WAF allows requests
  • BLOCK: AWS WAF blocks requests
  • COUNT: AWS WAF increments a counter of the requests that match all of the conditions in the rule. AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specify COUNT for the default action for a WebACL.

WafOverrideAction

wafOverrideAction_type :: Lens' WafOverrideAction WafOverrideActionType Source #

COUNT overrides the action specified by the individual rule within a RuleGroup . If set to NONE, the rule's action will take place.

WebACL

webACL_metricName :: Lens' WebACL (Maybe Text) Source #

A friendly name or description for the metrics for this WebACL. The name can contain only alphanumeric characters (A-Z, a-z, 0-9), with maximum length 128 and minimum length one. It can't contain whitespace or metric names reserved for AWS WAF, including "All" and "Default_Action." You can't change MetricName after you create the WebACL.

webACL_name :: Lens' WebACL (Maybe Text) Source #

A friendly name or description of the WebACL. You can't change the name of a WebACL after you create it.

webACL_webACLArn :: Lens' WebACL (Maybe Text) Source #

Tha Amazon Resource Name (ARN) of the web ACL.

webACL_webACLId :: Lens' WebACL Text Source #

A unique identifier for a WebACL. You use WebACLId to get information about a WebACL (see GetWebACL), update a WebACL (see UpdateWebACL), and delete a WebACL from AWS WAF (see DeleteWebACL).

WebACLId is returned by CreateWebACL and by ListWebACLs.

webACL_defaultAction :: Lens' WebACL WafAction Source #

The action to perform if none of the Rules contained in the WebACL match. The action is specified by the WafAction object.

webACL_rules :: Lens' WebACL [ActivatedRule] Source #

An array that contains the action for each Rule in a WebACL, the priority of the Rule, and the ID of the Rule.

WebACLSummary

webACLSummary_webACLId :: Lens' WebACLSummary Text Source #

A unique identifier for a WebACL. You use WebACLId to get information about a WebACL (see GetWebACL), update a WebACL (see UpdateWebACL), and delete a WebACL from AWS WAF (see DeleteWebACL).

WebACLId is returned by CreateWebACL and by ListWebACLs.

webACLSummary_name :: Lens' WebACLSummary Text Source #

A friendly name or description of the WebACL. You can't change the name of a WebACL after you create it.

WebACLUpdate

webACLUpdate_action :: Lens' WebACLUpdate ChangeAction Source #

Specifies whether to insert a Rule into or delete a Rule from a WebACL.

webACLUpdate_activatedRule :: Lens' WebACLUpdate ActivatedRule Source #

The ActivatedRule object in an UpdateWebACL request specifies a Rule that you want to insert or delete, the priority of the Rule in the WebACL, and the action that you want AWS WAF to take when a web request matches the Rule (ALLOW, BLOCK, or COUNT).

XssMatchSet

xssMatchSet_name :: Lens' XssMatchSet (Maybe Text) Source #

The name, if any, of the XssMatchSet.

xssMatchSet_xssMatchSetId :: Lens' XssMatchSet Text Source #

A unique identifier for an XssMatchSet. You use XssMatchSetId to get information about an XssMatchSet (see GetXssMatchSet), update an XssMatchSet (see UpdateXssMatchSet), insert an XssMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete an XssMatchSet from AWS WAF (see DeleteXssMatchSet).

XssMatchSetId is returned by CreateXssMatchSet and by ListXssMatchSets.

xssMatchSet_xssMatchTuples :: Lens' XssMatchSet [XssMatchTuple] Source #

Specifies the parts of web requests that you want to inspect for cross-site scripting attacks.

XssMatchSetSummary

xssMatchSetSummary_xssMatchSetId :: Lens' XssMatchSetSummary Text Source #

A unique identifier for an XssMatchSet. You use XssMatchSetId to get information about a XssMatchSet (see GetXssMatchSet), update an XssMatchSet (see UpdateXssMatchSet), insert an XssMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete an XssMatchSet from AWS WAF (see DeleteXssMatchSet).

XssMatchSetId is returned by CreateXssMatchSet and by ListXssMatchSets.

xssMatchSetSummary_name :: Lens' XssMatchSetSummary Text Source #

The name of the XssMatchSet, if any, specified by Id.

XssMatchSetUpdate

xssMatchSetUpdate_action :: Lens' XssMatchSetUpdate ChangeAction Source #

Specify INSERT to add an XssMatchSetUpdate to an XssMatchSet. Use DELETE to remove an XssMatchSetUpdate from an XssMatchSet.

xssMatchSetUpdate_xssMatchTuple :: Lens' XssMatchSetUpdate XssMatchTuple Source #

Specifies the part of a web request that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header.

XssMatchTuple

xssMatchTuple_fieldToMatch :: Lens' XssMatchTuple FieldToMatch Source #

Specifies where in a web request to look for cross-site scripting attacks.

xssMatchTuple_textTransformation :: Lens' XssMatchTuple TextTransformation Source #

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch before inspecting it for a match.

You can only specify a single type of TextTransformation.

CMD_LINE

When you're concerned that attackers are injecting an operating system command line command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

  • Delete the following characters: \ " ' ^
  • Delete spaces before the following characters: / (
  • Replace the following characters with a space: , ;
  • Replace multiple spaces with one space
  • Convert uppercase letters (A-Z) to lowercase (a-z)

COMPRESS_WHITE_SPACE

Use this option to replace the following characters with a space character (decimal 32):

  • \f, formfeed, decimal 12
  • \t, tab, decimal 9
  • \n, newline, decimal 10
  • \r, carriage return, decimal 13
  • \v, vertical tab, decimal 11
  • non-breaking space, decimal 160

COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

HTML_ENTITY_DECODE

Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

  • Replaces (ampersand)quot; with "
  • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
  • Replaces (ampersand)lt; with a "less than" symbol
  • Replaces (ampersand)gt; with >
  • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters
  • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

LOWERCASE

Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this option to decode a URL-encoded value.

NONE

Specify NONE if you don't want to perform any text transformations.