Class: Aws::WAFV2::Types::ManagedRuleGroupStatement
- Inherits:
-
Struct
- Object
- Struct
- Aws::WAFV2::Types::ManagedRuleGroupStatement
- Includes:
- Structure
- Defined in:
- lib/aws-sdk-wafv2/types.rb
Overview
A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
You cannot nest a ‘ManagedRuleGroupStatement`, for example for use inside a `NotStatement` or `OrStatement`. You cannot use a managed rule group inside another rule group. You can only reference a managed rule group as a top-level statement within a rule that you define in a web ACL.
<note markdown=“1”> You are charged additional fees when you use the WAF Bot Control managed rule group ‘AWSManagedRulesBotControlRuleSet`, the WAF Fraud Control account takeover prevention (ATP) managed rule group `AWSManagedRulesATPRuleSet`, or the WAF Fraud Control account creation fraud prevention (ACFP) managed rule group `AWSManagedRulesACFPRuleSet`. For more information, see [WAF Pricing].
</note>
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#excluded_rules ⇒ Array<Types::ExcludedRule>
Rules in the referenced rule group whose actions are set to ‘Count`.
-
#managed_rule_group_configs ⇒ Array<Types::ManagedRuleGroupConfig>
Additional information that’s used by a managed rule group.
-
#name ⇒ String
The name of the managed rule group.
-
#rule_action_overrides ⇒ Array<Types::RuleActionOverride>
Action settings to use in the place of the rule actions that are configured inside the rule group.
-
#scope_down_statement ⇒ Types::Statement
An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group.
-
#vendor_name ⇒ String
The name of the managed rule group vendor.
-
#version ⇒ String
The version of the managed rule group to use.
Instance Attribute Details
#excluded_rules ⇒ Array<Types::ExcludedRule>
Rules in the referenced rule group whose actions are set to ‘Count`.
<note markdown=“1”> Instead of this option, use ‘RuleActionOverrides`. It accepts any valid action setting, including `Count`.
</note>
5535 5536 5537 5538 5539 5540 5541 5542 5543 5544 5545 |
# File 'lib/aws-sdk-wafv2/types.rb', line 5535 class ManagedRuleGroupStatement < Struct.new( :vendor_name, :name, :version, :excluded_rules, :scope_down_statement, :managed_rule_group_configs, :rule_action_overrides) SENSITIVE = [] include Aws::Structure end |
#managed_rule_group_configs ⇒ Array<Types::ManagedRuleGroupConfig>
Additional information that’s used by a managed rule group. Many managed rule groups don’t require this.
The rule groups used for intelligent threat mitigation require additional configuration:
-
Use the ‘AWSManagedRulesACFPRuleSet` configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.
-
Use the ‘AWSManagedRulesATPRuleSet` configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.
-
Use the ‘AWSManagedRulesBotControlRuleSet` configuration object to configure the protection level that you want the Bot Control rule group to use.
5535 5536 5537 5538 5539 5540 5541 5542 5543 5544 5545 |
# File 'lib/aws-sdk-wafv2/types.rb', line 5535 class ManagedRuleGroupStatement < Struct.new( :vendor_name, :name, :version, :excluded_rules, :scope_down_statement, :managed_rule_group_configs, :rule_action_overrides) SENSITIVE = [] include Aws::Structure end |
#name ⇒ String
The name of the managed rule group. You use this, along with the vendor name, to identify the rule group.
5535 5536 5537 5538 5539 5540 5541 5542 5543 5544 5545 |
# File 'lib/aws-sdk-wafv2/types.rb', line 5535 class ManagedRuleGroupStatement < Struct.new( :vendor_name, :name, :version, :excluded_rules, :scope_down_statement, :managed_rule_group_configs, :rule_action_overrides) SENSITIVE = [] include Aws::Structure end |
#rule_action_overrides ⇒ Array<Types::RuleActionOverride>
Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.
You can use overrides for testing, for example you can override all of rule actions to ‘Count` and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.
5535 5536 5537 5538 5539 5540 5541 5542 5543 5544 5545 |
# File 'lib/aws-sdk-wafv2/types.rb', line 5535 class ManagedRuleGroupStatement < Struct.new( :vendor_name, :name, :version, :excluded_rules, :scope_down_statement, :managed_rule_group_configs, :rule_action_overrides) SENSITIVE = [] include Aws::Structure end |
#scope_down_statement ⇒ Types::Statement
An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group. Requests are only evaluated by the rule group if they match the scope-down statement. You can use any nestable Statement in the scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.
5535 5536 5537 5538 5539 5540 5541 5542 5543 5544 5545 |
# File 'lib/aws-sdk-wafv2/types.rb', line 5535 class ManagedRuleGroupStatement < Struct.new( :vendor_name, :name, :version, :excluded_rules, :scope_down_statement, :managed_rule_group_configs, :rule_action_overrides) SENSITIVE = [] include Aws::Structure end |
#vendor_name ⇒ String
The name of the managed rule group vendor. You use this, along with the rule group name, to identify a rule group.
5535 5536 5537 5538 5539 5540 5541 5542 5543 5544 5545 |
# File 'lib/aws-sdk-wafv2/types.rb', line 5535 class ManagedRuleGroupStatement < Struct.new( :vendor_name, :name, :version, :excluded_rules, :scope_down_statement, :managed_rule_group_configs, :rule_action_overrides) SENSITIVE = [] include Aws::Structure end |
#version ⇒ String
The version of the managed rule group to use. If you specify this, the version setting is fixed until you change it. If you don’t specify this, WAF uses the vendor’s default version, and then keeps the version at the vendor’s default when the vendor updates the managed rule group settings.
5535 5536 5537 5538 5539 5540 5541 5542 5543 5544 5545 |
# File 'lib/aws-sdk-wafv2/types.rb', line 5535 class ManagedRuleGroupStatement < Struct.new( :vendor_name, :name, :version, :excluded_rules, :scope_down_statement, :managed_rule_group_configs, :rule_action_overrides) SENSITIVE = [] include Aws::Structure end |