class Aws::WAFV2::Types::IPSetForwardedIPConfig

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

<note markdown=“1”> If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

</note>

This configuration is used only for IPSetReferenceStatement. For GeoMatchStatement and RateBasedStatement, use ForwardedIPConfig instead.

@note When making an API call, you may pass IPSetForwardedIPConfig

data as a hash:

    {
      header_name: "ForwardedIPHeaderName", # required
      fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
      position: "FIRST", # required, accepts FIRST, LAST, ANY
    }

@!attribute [rw] header_name

The name of the HTTP header to use for the IP address. For example,
to use the X-Forwarded-For (XFF) header, set this to
`X-Forwarded-For`.

<note markdown="1"> If the specified header isn't present in the request, WAF doesn't
apply the rule to the web request at all.

 </note>
@return [String]

@!attribute [rw] fallback_behavior

The match status to assign to the web request if the request
doesn't have a valid IP address in the specified position.

<note markdown="1"> If the specified header isn't present in the request, WAF doesn't
apply the rule to the web request at all.

 </note>

You can specify the following fallback behaviors:

* `MATCH` - Treat the web request as matching the rule statement.
  WAF applies the rule action to the request.

* `NO_MATCH` - Treat the web request as not matching the rule
  statement.
@return [String]

@!attribute [rw] position

The position in the header to search for the IP address. The header
can contain IP addresses of the original client and also of proxies.
For example, the header value could be `10.1.1.1, 127.0.0.0,
10.10.10.10` where the first IP address identifies the original
client and the rest identify proxies that the request went through.

The options for this setting are the following:

* FIRST - Inspect the first IP address in the list of IP addresses
  in the header. This is usually the client's original IP.

* LAST - Inspect the last IP address in the list of IP addresses in
  the header.

* ANY - Inspect all IP addresses in the header for a match. If the
  header contains more than 10 IP addresses, WAF inspects the last
  10.
@return [String]

@see docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/IPSetForwardedIPConfig AWS API Documentation

Constants

SENSITIVE