class Aws::WAFV2::Types::Rule

A single rule, which you can use in a WebACL or RuleGroup to identify web requests that you want to allow, block, or count. Each rule includes one top-level Statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.

@note When making an API call, you may pass Rule

data as a hash:

    {
      name: "EntityName", # required
      priority: 1, # required
      statement: { # required
        byte_match_statement: {
          search_string: "data", # required
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
            json_body: {
              match_pattern: { # required
                all: {
                },
                included_paths: ["JsonPointerPath"],
              },
              match_scope: "ALL", # required, accepts ALL, KEY, VALUE
              invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
            },
          ],
          positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
        },
        sqli_match_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
            json_body: {
              match_pattern: { # required
                all: {
                },
                included_paths: ["JsonPointerPath"],
              },
              match_scope: "ALL", # required, accepts ALL, KEY, VALUE
              invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
            },
          ],
        },
        xss_match_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
            json_body: {
              match_pattern: { # required
                all: {
                },
                included_paths: ["JsonPointerPath"],
              },
              match_scope: "ALL", # required, accepts ALL, KEY, VALUE
              invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
            },
          ],
        },
        size_constraint_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
            json_body: {
              match_pattern: { # required
                all: {
                },
                included_paths: ["JsonPointerPath"],
              },
              match_scope: "ALL", # required, accepts ALL, KEY, VALUE
              invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
            },
          },
          comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
          size: 1, # required
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
            },
          ],
        },
        geo_match_statement: {
          country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
          forwarded_ip_config: {
            header_name: "ForwardedIPHeaderName", # required
            fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
          },
        },
        rule_group_reference_statement: {
          arn: "ResourceArn", # required
          excluded_rules: [
            {
              name: "EntityName", # required
            },
          ],
        },
        ip_set_reference_statement: {
          arn: "ResourceArn", # required
          ip_set_forwarded_ip_config: {
            header_name: "ForwardedIPHeaderName", # required
            fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
            position: "FIRST", # required, accepts FIRST, LAST, ANY
          },
        },
        regex_pattern_set_reference_statement: {
          arn: "ResourceArn", # required
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
            json_body: {
              match_pattern: { # required
                all: {
                },
                included_paths: ["JsonPointerPath"],
              },
              match_scope: "ALL", # required, accepts ALL, KEY, VALUE
              invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
            },
          ],
        },
        rate_based_statement: {
          limit: 1, # required
          aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
          scope_down_statement: {
            # recursive Statement
          },
          forwarded_ip_config: {
            header_name: "ForwardedIPHeaderName", # required
            fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
          },
        },
        and_statement: {
          statements: [ # required
            {
              # recursive Statement
            },
          ],
        },
        or_statement: {
          statements: [ # required
            {
              # recursive Statement
            },
          ],
        },
        not_statement: {
          statement: { # required
            # recursive Statement
          },
        },
        managed_rule_group_statement: {
          vendor_name: "VendorName", # required
          name: "EntityName", # required
          version: "VersionKeyString",
          excluded_rules: [
            {
              name: "EntityName", # required
            },
          ],
          scope_down_statement: {
            # recursive Statement
          },
        },
        label_match_statement: {
          scope: "LABEL", # required, accepts LABEL, NAMESPACE
          key: "LabelMatchKey", # required
        },
      },
      action: {
        block: {
          custom_response: {
            response_code: 1, # required
            custom_response_body_key: "EntityName",
            response_headers: [
              {
                name: "CustomHTTPHeaderName", # required
                value: "CustomHTTPHeaderValue", # required
              },
            ],
          },
        },
        allow: {
          custom_request_handling: {
            insert_headers: [ # required
              {
                name: "CustomHTTPHeaderName", # required
                value: "CustomHTTPHeaderValue", # required
              },
            ],
          },
        },
        count: {
          custom_request_handling: {
            insert_headers: [ # required
              {
                name: "CustomHTTPHeaderName", # required
                value: "CustomHTTPHeaderValue", # required
              },
            ],
          },
        },
      },
      override_action: {
        count: {
          custom_request_handling: {
            insert_headers: [ # required
              {
                name: "CustomHTTPHeaderName", # required
                value: "CustomHTTPHeaderValue", # required
              },
            ],
          },
        },
        none: {
        },
      },
      rule_labels: [
        {
          name: "LabelName", # required
        },
      ],
      visibility_config: { # required
        sampled_requests_enabled: false, # required
        cloud_watch_metrics_enabled: false, # required
        metric_name: "MetricName", # required
      },
    }

@!attribute [rw] name

The name of the rule. You can't change the name of a `Rule` after
you create it.
@return [String]

@!attribute [rw] priority

If you define more than one `Rule` in a `WebACL`, WAF evaluates each
request against the `Rules` in order based on the value of
`Priority`. WAF processes rules with lower priority first. The
priorities don't need to be consecutive, but they must all be
different.
@return [Integer]

@!attribute [rw] statement

The WAF processing statement for the rule, for example
ByteMatchStatement or SizeConstraintStatement.
@return [Types::Statement]

@!attribute [rw] action

The action that WAF should take on a web request when it matches the
rule statement. Settings at the web ACL level can override the rule
action setting.

This is used only for rules whose statements do not reference a rule
group. Rule statements that reference a rule group include
`RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.

You must specify either this `Action` setting or the rule
`OverrideAction` setting, but not both:

* If the rule statement does not reference a rule group, use this
  rule action setting and not the rule override action setting.

* If the rule statement references a rule group, use the override
  action setting and not this action setting.
@return [Types::RuleAction]

@!attribute [rw] override_action

The override action to apply to the rules in a rule group. Used only
for rule statements that reference a rule group, like
`RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.

Set the override action to none to leave the rule actions in effect.
Set it to count to only count matches, regardless of the rule action
settings.

In a Rule, you must specify either this `OverrideAction` setting or
the rule `Action` setting, but not both:

* If the rule statement references a rule group, use this override
  action setting and not the action setting.

* If the rule statement does not reference a rule group, use the
  rule action setting and not this rule override action setting.
@return [Types::OverrideAction]

@!attribute [rw] rule_labels

Labels to apply to web requests that match the rule match statement.
WAF applies fully qualified labels to matching web requests. A fully
qualified label is the concatenation of a label namespace and a rule
label. The rule's rule group or web ACL defines the label
namespace.

Rules that run after this rule in the web ACL can match against
these labels using a `LabelMatchStatement`.

For each label, provide a case-sensitive string containing optional
namespaces and a label name, according to the following guidelines:

* Separate each component of the label with a colon.

* Each namespace or name can have up to 128 characters.

* You can specify up to 5 namespaces in a label.

* Don't use the following reserved words in your label
  specification: `aws`, `waf`, `managed`, `rulegroup`, `webacl`,
  `regexpatternset`, or `ipset`.

For example, `myLabelName` or `nameSpace1:nameSpace2:myLabelName`.
@return [Array<Types::Label>]

@!attribute [rw] visibility_config

Defines and enables Amazon CloudWatch metrics and web request sample
collection.
@return [Types::VisibilityConfig]

@see docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Rule AWS API Documentation

Constants

SENSITIVE