Interface AWSWAF
-
- All Known Subinterfaces:
AWSWAFAsync
- All Known Implementing Classes:
AbstractAWSWAF
,AbstractAWSWAFAsync
,AWSWAFAsyncClient
,AWSWAFClient
public interface AWSWAF
Interface for accessing WAF.This is the AWS WAF API Reference. This guide is for developers who need detailed information about the AWS WAF API actions, data types, and errors. For detailed information about AWS WAF features and an overview of how to use the AWS WAF API, see the AWS WAF Developer Guide.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description CreateByteMatchSetResult
createByteMatchSet(CreateByteMatchSetRequest createByteMatchSetRequest)
Creates aByteMatchSet
.CreateIPSetResult
createIPSet(CreateIPSetRequest createIPSetRequest)
Creates an IPSet, which you use to specify which web requests you want to allow or block based on the IP addresses that the requests originate from.CreateRuleResult
createRule(CreateRuleRequest createRuleRequest)
Creates aRule
, which contains theIPSet
objects,ByteMatchSet
objects, and other predicates that identify the requests that you want to block.CreateSizeConstraintSetResult
createSizeConstraintSet(CreateSizeConstraintSetRequest createSizeConstraintSetRequest)
Creates aSizeConstraintSet
.CreateSqlInjectionMatchSetResult
createSqlInjectionMatchSet(CreateSqlInjectionMatchSetRequest createSqlInjectionMatchSetRequest)
Creates a SqlInjectionMatchSet, which you use to allow, block, or count requests that contain snippets of SQL code in a specified part of web requests.CreateWebACLResult
createWebACL(CreateWebACLRequest createWebACLRequest)
Creates aWebACL
, which contains theRules
that identify the CloudFront web requests that you want to allow, block, or count.CreateXssMatchSetResult
createXssMatchSet(CreateXssMatchSetRequest createXssMatchSetRequest)
Creates an XssMatchSet, which you use to allow, block, or count requests that contain cross-site scripting attacks in the specified part of web requests.DeleteByteMatchSetResult
deleteByteMatchSet(DeleteByteMatchSetRequest deleteByteMatchSetRequest)
Permanently deletes a ByteMatchSet.DeleteIPSetResult
deleteIPSet(DeleteIPSetRequest deleteIPSetRequest)
Permanently deletes an IPSet.DeleteRuleResult
deleteRule(DeleteRuleRequest deleteRuleRequest)
Permanently deletes a Rule.DeleteSizeConstraintSetResult
deleteSizeConstraintSet(DeleteSizeConstraintSetRequest deleteSizeConstraintSetRequest)
Permanently deletes a SizeConstraintSet.DeleteSqlInjectionMatchSetResult
deleteSqlInjectionMatchSet(DeleteSqlInjectionMatchSetRequest deleteSqlInjectionMatchSetRequest)
Permanently deletes a SqlInjectionMatchSet.DeleteWebACLResult
deleteWebACL(DeleteWebACLRequest deleteWebACLRequest)
Permanently deletes a WebACL.DeleteXssMatchSetResult
deleteXssMatchSet(DeleteXssMatchSetRequest deleteXssMatchSetRequest)
Permanently deletes an XssMatchSet.GetByteMatchSetResult
getByteMatchSet(GetByteMatchSetRequest getByteMatchSetRequest)
Returns the ByteMatchSet specified byByteMatchSetId
.ResponseMetadata
getCachedResponseMetadata(AmazonWebServiceRequest request)
Returns additional metadata for a previously executed successful request, typically used for debugging issues where a service isn't acting as expected.GetChangeTokenResult
getChangeToken(GetChangeTokenRequest getChangeTokenRequest)
When you want to create, update, or delete AWS WAF objects, get a change token and include the change token in the create, update, or delete request.GetChangeTokenStatusResult
getChangeTokenStatus(GetChangeTokenStatusRequest getChangeTokenStatusRequest)
Returns the status of aChangeToken
that you got by calling GetChangeToken.GetIPSetResult
getIPSet(GetIPSetRequest getIPSetRequest)
Returns the IPSet that is specified byIPSetId
.GetRuleResult
getRule(GetRuleRequest getRuleRequest)
GetSampledRequestsResult
getSampledRequests(GetSampledRequestsRequest getSampledRequestsRequest)
Gets detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received during a time range that you choose.GetSizeConstraintSetResult
getSizeConstraintSet(GetSizeConstraintSetRequest getSizeConstraintSetRequest)
Returns the SizeConstraintSet specified bySizeConstraintSetId
.GetSqlInjectionMatchSetResult
getSqlInjectionMatchSet(GetSqlInjectionMatchSetRequest getSqlInjectionMatchSetRequest)
Returns the SqlInjectionMatchSet that is specified bySqlInjectionMatchSetId
.GetWebACLResult
getWebACL(GetWebACLRequest getWebACLRequest)
Returns the WebACL that is specified byWebACLId
.GetXssMatchSetResult
getXssMatchSet(GetXssMatchSetRequest getXssMatchSetRequest)
Returns the XssMatchSet that is specified byXssMatchSetId
.ListByteMatchSetsResult
listByteMatchSets(ListByteMatchSetsRequest listByteMatchSetsRequest)
Returns an array of ByteMatchSetSummary objects.ListIPSetsResult
listIPSets(ListIPSetsRequest listIPSetsRequest)
Returns an array of IPSetSummary objects in the response.ListRulesResult
listRules(ListRulesRequest listRulesRequest)
Returns an array of RuleSummary objects.ListSizeConstraintSetsResult
listSizeConstraintSets(ListSizeConstraintSetsRequest listSizeConstraintSetsRequest)
Returns an array of SizeConstraintSetSummary objects.ListSqlInjectionMatchSetsResult
listSqlInjectionMatchSets(ListSqlInjectionMatchSetsRequest listSqlInjectionMatchSetsRequest)
Returns an array of SqlInjectionMatchSet objects.ListWebACLsResult
listWebACLs(ListWebACLsRequest listWebACLsRequest)
Returns an array of WebACLSummary objects in the response.ListXssMatchSetsResult
listXssMatchSets(ListXssMatchSetsRequest listXssMatchSetsRequest)
Returns an array of XssMatchSet objects.void
setEndpoint(String endpoint)
Overrides the default endpoint for this client ("https://waf.amazonaws.com/").void
setRegion(Region region)
An alternative tosetEndpoint(String)
, sets the regional endpoint for this client's service calls.void
shutdown()
Shuts down this client object, releasing any resources that might be held open.UpdateByteMatchSetResult
updateByteMatchSet(UpdateByteMatchSetRequest updateByteMatchSetRequest)
Inserts or deletes ByteMatchTuple objects (filters) in a ByteMatchSet.UpdateIPSetResult
updateIPSet(UpdateIPSetRequest updateIPSetRequest)
Inserts or deletes IPSetDescriptor objects in anIPSet
.UpdateRuleResult
updateRule(UpdateRuleRequest updateRuleRequest)
Inserts or deletes Predicate objects in aRule
.UpdateSizeConstraintSetResult
updateSizeConstraintSet(UpdateSizeConstraintSetRequest updateSizeConstraintSetRequest)
Inserts or deletes SizeConstraint objects (filters) in a SizeConstraintSet.UpdateSqlInjectionMatchSetResult
updateSqlInjectionMatchSet(UpdateSqlInjectionMatchSetRequest updateSqlInjectionMatchSetRequest)
Inserts or deletes SqlInjectionMatchTuple objects (filters) in a SqlInjectionMatchSet.UpdateWebACLResult
updateWebACL(UpdateWebACLRequest updateWebACLRequest)
Inserts or deletes ActivatedRule objects in aWebACL
.UpdateXssMatchSetResult
updateXssMatchSet(UpdateXssMatchSetRequest updateXssMatchSetRequest)
Inserts or deletes XssMatchTuple objects (filters) in an XssMatchSet.
-
-
-
Method Detail
-
setEndpoint
void setEndpoint(String endpoint)
Overrides the default endpoint for this client ("https://waf.amazonaws.com/"). Callers can use this method to control which AWS region they want to work with.Callers can pass in just the endpoint (ex: "waf.amazonaws.com/") or a full URL, including the protocol (ex: "https://waf.amazonaws.com/"). If the protocol is not specified here, the default protocol from this client's
ClientConfiguration
will be used, which by default is HTTPS.For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available endpoints for all AWS services, see: http://developer.amazonwebservices.com/connect/entry.jspa?externalID= 3912
This method is not threadsafe. An endpoint should be configured when the client is created and before any service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit or retrying.
- Parameters:
endpoint
- The endpoint (ex: "waf.amazonaws.com/") or a full URL, including the protocol (ex: "https://waf.amazonaws.com/") of the region specific AWS endpoint this client will communicate with.
-
setRegion
void setRegion(Region region)
An alternative tosetEndpoint(String)
, sets the regional endpoint for this client's service calls. Callers can use this method to control which AWS region they want to work with.By default, all service endpoints in all regions use the https protocol. To use http instead, specify it in the
ClientConfiguration
supplied at construction.This method is not threadsafe. A region should be configured when the client is created and before any service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit or retrying.
- Parameters:
region
- The region this client will communicate with. SeeRegion.getRegion(com.amazonaws.regions.Regions)
for accessing a given region. Must not be null and must be a region where the service is available.- See Also:
Region.getRegion(com.amazonaws.regions.Regions)
,Region.createClient(Class, com.amazonaws.auth.AWSCredentialsProvider, ClientConfiguration)
,Region.isServiceSupported(String)
-
createByteMatchSet
CreateByteMatchSetResult createByteMatchSet(CreateByteMatchSetRequest createByteMatchSetRequest)
Creates a
ByteMatchSet
. You then use UpdateByteMatchSet to identify the part of a web request that you want AWS WAF to inspect, such as the values of theUser-Agent
header or the query string. For example, you can create aByteMatchSet
that matches any requests withUser-Agent
headers that contain the stringBadBot
. You can then configure AWS WAF to reject those requests.To create and configure a
ByteMatchSet
, perform the following steps:- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateByteMatchSet
request. - Submit a
CreateByteMatchSet
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of anUpdateByteMatchSet
request. - Submit an UpdateByteMatchSet request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Parameters:
createByteMatchSetRequest
-- Returns:
- Result of the CreateByteMatchSet operation returned by the service.
- Throws:
WAFDisallowedNameException
- The name specified is invalid.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Use GetChangeToken to get the change token that you provide in
the
-
createIPSet
CreateIPSetResult createIPSet(CreateIPSetRequest createIPSetRequest)
Creates an IPSet, which you use to specify which web requests you want to allow or block based on the IP addresses that the requests originate from. For example, if you're receiving a lot of requests from one or more individual IP addresses or one or more ranges of IP addresses and you want to block the requests, you can create an
IPSet
that contains those IP addresses and then configure AWS WAF to block the requests.To create and configure an
IPSet
, perform the following steps:- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateIPSet
request. - Submit a
CreateIPSet
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateIPSet request. - Submit an
UpdateIPSet
request to specify the IP addresses that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Parameters:
createIPSetRequest
-- Returns:
- Result of the CreateIPSet operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFDisallowedNameException
- The name specified is invalid.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Use GetChangeToken to get the change token that you provide in
the
-
createRule
CreateRuleResult createRule(CreateRuleRequest createRuleRequest)
Creates a
Rule
, which contains theIPSet
objects,ByteMatchSet
objects, and other predicates that identify the requests that you want to block. If you add more than one predicate to aRule
, a request must match all of the specifications to be allowed or blocked. For example, suppose you add the following to aRule
:- An
IPSet
that matches the IP address192.0.2.44/32
- A
ByteMatchSet
that matchesBadBot
in theUser-Agent
header
You then add the
Rule
to aWebACL
and specify that you want to blocks requests that satisfy theRule
. For a request to be blocked, it must come from the IP address 192.0.2.44 and theUser-Agent
header in the request must contain the valueBadBot
.To create and configure a
Rule
, perform the following steps:- Create and update the predicates that you want to include in the
Rule
. For more information, see CreateByteMatchSet, CreateIPSet, and CreateSqlInjectionMatchSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateRule
request. - Submit a
CreateRule
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateRule request. - Submit an
UpdateRule
request to specify the predicates that you want to include in theRule
. - Create and update a
WebACL
that contains theRule
. For more information, see CreateWebACL.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Parameters:
createRuleRequest
-- Returns:
- Result of the CreateRule operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFDisallowedNameException
- The name specified is invalid.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- An
-
createSizeConstraintSet
CreateSizeConstraintSetResult createSizeConstraintSet(CreateSizeConstraintSetRequest createSizeConstraintSetRequest)
Creates a
SizeConstraintSet
. You then use UpdateSizeConstraintSet to identify the part of a web request that you want AWS WAF to check for length, such as the length of theUser-Agent
header or the length of the query string. For example, you can create aSizeConstraintSet
that matches any requests that have a query string that is longer than 100 bytes. You can then configure AWS WAF to reject those requests.To create and configure a
SizeConstraintSet
, perform the following steps:- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateSizeConstraintSet
request. - Submit a
CreateSizeConstraintSet
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of anUpdateSizeConstraintSet
request. - Submit an UpdateSizeConstraintSet request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Parameters:
createSizeConstraintSetRequest
-- Returns:
- Result of the CreateSizeConstraintSet operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFDisallowedNameException
- The name specified is invalid.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Use GetChangeToken to get the change token that you provide in
the
-
createSqlInjectionMatchSet
CreateSqlInjectionMatchSetResult createSqlInjectionMatchSet(CreateSqlInjectionMatchSetRequest createSqlInjectionMatchSetRequest)
Creates a SqlInjectionMatchSet, which you use to allow, block, or count requests that contain snippets of SQL code in a specified part of web requests. AWS WAF searches for character sequences that are likely to be malicious strings.
To create and configure a
SqlInjectionMatchSet
, perform the following steps:- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateSqlInjectionMatchSet
request. - Submit a
CreateSqlInjectionMatchSet
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateSqlInjectionMatchSet request. - Submit an UpdateSqlInjectionMatchSet request to specify the parts of web requests in which you want to allow, block, or count malicious SQL code.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Parameters:
createSqlInjectionMatchSetRequest
- A request to create a SqlInjectionMatchSet.- Returns:
- Result of the CreateSqlInjectionMatchSet operation returned by the service.
- Throws:
WAFDisallowedNameException
- The name specified is invalid.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Use GetChangeToken to get the change token that you provide in
the
-
createWebACL
CreateWebACLResult createWebACL(CreateWebACLRequest createWebACLRequest)
Creates a
WebACL
, which contains theRules
that identify the CloudFront web requests that you want to allow, block, or count. AWS WAF evaluatesRules
in order based on the value ofPriority
for eachRule
.You also specify a default action, either
ALLOW
orBLOCK
. If a web request doesn't match any of theRules
in aWebACL
, AWS WAF responds to the request with the default action.To create and configure a
WebACL
, perform the following steps:- Create and update the
ByteMatchSet
objects and other predicates that you want to include inRules
. For more information, see CreateByteMatchSet, UpdateByteMatchSet, CreateIPSet, UpdateIPSet, CreateSqlInjectionMatchSet, and UpdateSqlInjectionMatchSet. - Create and update the
Rules
that you want to include in theWebACL
. For more information, see CreateRule and UpdateRule. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateWebACL
request. - Submit a
CreateWebACL
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateWebACL request. - Submit an UpdateWebACL request to specify the
Rules
that you want to include in theWebACL
, to specify the default action, and to associate theWebACL
with a CloudFront distribution.
For more information about how to use the AWS WAF API, see the AWS WAF Developer Guide.
- Parameters:
createWebACLRequest
-- Returns:
- Result of the CreateWebACL operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFDisallowedNameException
- The name specified is invalid.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Create and update the
-
createXssMatchSet
CreateXssMatchSetResult createXssMatchSet(CreateXssMatchSetRequest createXssMatchSetRequest)
Creates an XssMatchSet, which you use to allow, block, or count requests that contain cross-site scripting attacks in the specified part of web requests. AWS WAF searches for character sequences that are likely to be malicious strings.
To create and configure an
XssMatchSet
, perform the following steps:- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateXssMatchSet
request. - Submit a
CreateXssMatchSet
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateXssMatchSet request. - Submit an UpdateXssMatchSet request to specify the parts of web requests in which you want to allow, block, or count cross-site scripting attacks.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Parameters:
createXssMatchSetRequest
- A request to create an XssMatchSet.- Returns:
- Result of the CreateXssMatchSet operation returned by the service.
- Throws:
WAFDisallowedNameException
- The name specified is invalid.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Use GetChangeToken to get the change token that you provide in
the
-
deleteByteMatchSet
DeleteByteMatchSetResult deleteByteMatchSet(DeleteByteMatchSetRequest deleteByteMatchSetRequest)
Permanently deletes a ByteMatchSet. You can't delete a
ByteMatchSet
if it's still used in anyRules
or if it still includes any ByteMatchTuple objects (any filters).If you just want to remove a
ByteMatchSet
from aRule
, use UpdateRule.To permanently delete a
ByteMatchSet
, perform the following steps:- Update the
ByteMatchSet
to remove filters, if any. For more information, see UpdateByteMatchSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteByteMatchSet
request. - Submit a
DeleteByteMatchSet
request.
- Parameters:
deleteByteMatchSetRequest
-- Returns:
- Result of the DeleteByteMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
deleteIPSet
DeleteIPSetResult deleteIPSet(DeleteIPSetRequest deleteIPSetRequest)
Permanently deletes an IPSet. You can't delete an
IPSet
if it's still used in anyRules
or if it still includes any IP addresses.If you just want to remove an
IPSet
from aRule
, use UpdateRule.To permanently delete an
IPSet
from AWS WAF, perform the following steps:- Update the
IPSet
to remove IP address ranges, if any. For more information, see UpdateIPSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteIPSet
request. - Submit a
DeleteIPSet
request.
- Parameters:
deleteIPSetRequest
-- Returns:
- Result of the DeleteIPSet operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
deleteRule
DeleteRuleResult deleteRule(DeleteRuleRequest deleteRuleRequest)
Permanently deletes a Rule. You can't delete a
Rule
if it's still used in anyWebACL
objects or if it still includes any predicates, such asByteMatchSet
objects.If you just want to remove a
Rule
from aWebACL
, use UpdateWebACL.To permanently delete a
Rule
from AWS WAF, perform the following steps:- Update the
Rule
to remove predicates, if any. For more information, see UpdateRule. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteRule
request. - Submit a
DeleteRule
request.
- Parameters:
deleteRuleRequest
-- Returns:
- Result of the DeleteRule operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
deleteSizeConstraintSet
DeleteSizeConstraintSetResult deleteSizeConstraintSet(DeleteSizeConstraintSetRequest deleteSizeConstraintSetRequest)
Permanently deletes a SizeConstraintSet. You can't delete a
SizeConstraintSet
if it's still used in anyRules
or if it still includes any SizeConstraint objects (any filters).If you just want to remove a
SizeConstraintSet
from aRule
, use UpdateRule.To permanently delete a
SizeConstraintSet
, perform the following steps:- Update the
SizeConstraintSet
to remove filters, if any. For more information, see UpdateSizeConstraintSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteSizeConstraintSet
request. - Submit a
DeleteSizeConstraintSet
request.
- Parameters:
deleteSizeConstraintSetRequest
-- Returns:
- Result of the DeleteSizeConstraintSet operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
deleteSqlInjectionMatchSet
DeleteSqlInjectionMatchSetResult deleteSqlInjectionMatchSet(DeleteSqlInjectionMatchSetRequest deleteSqlInjectionMatchSetRequest)
Permanently deletes a SqlInjectionMatchSet. You can't delete a
SqlInjectionMatchSet
if it's still used in anyRules
or if it still contains any SqlInjectionMatchTuple objects.If you just want to remove a
SqlInjectionMatchSet
from aRule
, use UpdateRule.To permanently delete a
SqlInjectionMatchSet
from AWS WAF, perform the following steps:- Update the
SqlInjectionMatchSet
to remove filters, if any. For more information, see UpdateSqlInjectionMatchSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteSqlInjectionMatchSet
request. - Submit a
DeleteSqlInjectionMatchSet
request.
- Parameters:
deleteSqlInjectionMatchSetRequest
- A request to delete a SqlInjectionMatchSet from AWS WAF.- Returns:
- Result of the DeleteSqlInjectionMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
deleteWebACL
DeleteWebACLResult deleteWebACL(DeleteWebACLRequest deleteWebACLRequest)
Permanently deletes a WebACL. You can't delete a
WebACL
if it still contains anyRules
.To delete a
WebACL
, perform the following steps:- Update the
WebACL
to removeRules
, if any. For more information, see UpdateWebACL. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteWebACL
request. - Submit a
DeleteWebACL
request.
- Parameters:
deleteWebACLRequest
-- Returns:
- Result of the DeleteWebACL operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
deleteXssMatchSet
DeleteXssMatchSetResult deleteXssMatchSet(DeleteXssMatchSetRequest deleteXssMatchSetRequest)
Permanently deletes an XssMatchSet. You can't delete an
XssMatchSet
if it's still used in anyRules
or if it still contains any XssMatchTuple objects.If you just want to remove an
XssMatchSet
from aRule
, use UpdateRule.To permanently delete an
XssMatchSet
from AWS WAF, perform the following steps:- Update the
XssMatchSet
to remove filters, if any. For more information, see UpdateXssMatchSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteXssMatchSet
request. - Submit a
DeleteXssMatchSet
request.
- Parameters:
deleteXssMatchSetRequest
- A request to delete an XssMatchSet from AWS WAF.- Returns:
- Result of the DeleteXssMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
getByteMatchSet
GetByteMatchSetResult getByteMatchSet(GetByteMatchSetRequest getByteMatchSetRequest)
Returns the ByteMatchSet specified by
ByteMatchSetId
.- Parameters:
getByteMatchSetRequest
-- Returns:
- Result of the GetByteMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
getChangeToken
GetChangeTokenResult getChangeToken(GetChangeTokenRequest getChangeTokenRequest)
When you want to create, update, or delete AWS WAF objects, get a change token and include the change token in the create, update, or delete request. Change tokens ensure that your application doesn't submit conflicting requests to AWS WAF.
Each create, update, or delete request must use a unique change token. If your application submits a
GetChangeToken
request and then submits a secondGetChangeToken
request before submitting a create, update, or delete request, the secondGetChangeToken
request returns the same value as the firstGetChangeToken
request.When you use a change token in a create, update, or delete request, the status of the change token changes to
PENDING
, which indicates that AWS WAF is propagating the change to all AWS WAF servers. UseGetChangeTokenStatus
to determine the status of your change token.- Parameters:
getChangeTokenRequest
-- Returns:
- Result of the GetChangeToken operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.
-
getChangeTokenStatus
GetChangeTokenStatusResult getChangeTokenStatus(GetChangeTokenStatusRequest getChangeTokenStatusRequest)
Returns the status of a
ChangeToken
that you got by calling GetChangeToken.ChangeTokenStatus
is one of the following values:PROVISIONED
: You requested the change token by callingGetChangeToken
, but you haven't used it yet in a call to create, update, or delete an AWS WAF object.PENDING
: AWS WAF is propagating the create, update, or delete request to all AWS WAF servers.IN_SYNC
: Propagation is complete.
- Parameters:
getChangeTokenStatusRequest
-- Returns:
- Result of the GetChangeTokenStatus operation returned by the service.
- Throws:
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.
-
getIPSet
GetIPSetResult getIPSet(GetIPSetRequest getIPSetRequest)
Returns the IPSet that is specified by
IPSetId
.- Parameters:
getIPSetRequest
-- Returns:
- Result of the GetIPSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
getRule
GetRuleResult getRule(GetRuleRequest getRuleRequest)
Returns the Rule that is specified by the
RuleId
that you included in theGetRule
request.- Parameters:
getRuleRequest
-- Returns:
- Result of the GetRule operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
getSampledRequests
GetSampledRequestsResult getSampledRequests(GetSampledRequestsRequest getSampledRequestsRequest)
Gets detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received during a time range that you choose. You can specify a sample size of up to 100 requests, and you can specify any time range in the previous three hours.
GetSampledRequests
returns a time range, which is usually the time range that you specified. However, if your resource (such as a CloudFront distribution) received 5,000 requests before the specified time range elapsed,GetSampledRequests
returns an updated time range. This new time range indicates the actual period during which AWS WAF selected the requests in the sample.- Parameters:
getSampledRequestsRequest
-- Returns:
- Result of the GetSampledRequests operation returned by the service.
- Throws:
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.
-
getSizeConstraintSet
GetSizeConstraintSetResult getSizeConstraintSet(GetSizeConstraintSetRequest getSizeConstraintSetRequest)
Returns the SizeConstraintSet specified by
SizeConstraintSetId
.- Parameters:
getSizeConstraintSetRequest
-- Returns:
- Result of the GetSizeConstraintSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
getSqlInjectionMatchSet
GetSqlInjectionMatchSetResult getSqlInjectionMatchSet(GetSqlInjectionMatchSetRequest getSqlInjectionMatchSetRequest)
Returns the SqlInjectionMatchSet that is specified by
SqlInjectionMatchSetId
.- Parameters:
getSqlInjectionMatchSetRequest
- A request to get a SqlInjectionMatchSet.- Returns:
- Result of the GetSqlInjectionMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
getWebACL
GetWebACLResult getWebACL(GetWebACLRequest getWebACLRequest)
Returns the WebACL that is specified by
WebACLId
.- Parameters:
getWebACLRequest
-- Returns:
- Result of the GetWebACL operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
getXssMatchSet
GetXssMatchSetResult getXssMatchSet(GetXssMatchSetRequest getXssMatchSetRequest)
Returns the XssMatchSet that is specified by
XssMatchSetId
.- Parameters:
getXssMatchSetRequest
- A request to get an XssMatchSet.- Returns:
- Result of the GetXssMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
listByteMatchSets
ListByteMatchSetsResult listByteMatchSets(ListByteMatchSetsRequest listByteMatchSetsRequest)
Returns an array of ByteMatchSetSummary objects.
- Parameters:
listByteMatchSetsRequest
-- Returns:
- Result of the ListByteMatchSets operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
listIPSets
ListIPSetsResult listIPSets(ListIPSetsRequest listIPSetsRequest)
Returns an array of IPSetSummary objects in the response.
- Parameters:
listIPSetsRequest
-- Returns:
- Result of the ListIPSets operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
listRules
ListRulesResult listRules(ListRulesRequest listRulesRequest)
Returns an array of RuleSummary objects.
- Parameters:
listRulesRequest
-- Returns:
- Result of the ListRules operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
listSizeConstraintSets
ListSizeConstraintSetsResult listSizeConstraintSets(ListSizeConstraintSetsRequest listSizeConstraintSetsRequest)
Returns an array of SizeConstraintSetSummary objects.
- Parameters:
listSizeConstraintSetsRequest
-- Returns:
- Result of the ListSizeConstraintSets operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
listSqlInjectionMatchSets
ListSqlInjectionMatchSetsResult listSqlInjectionMatchSets(ListSqlInjectionMatchSetsRequest listSqlInjectionMatchSetsRequest)
Returns an array of SqlInjectionMatchSet objects.
- Parameters:
listSqlInjectionMatchSetsRequest
- A request to list the SqlInjectionMatchSet objects created by the current AWS account.- Returns:
- Result of the ListSqlInjectionMatchSets operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
listWebACLs
ListWebACLsResult listWebACLs(ListWebACLsRequest listWebACLsRequest)
Returns an array of WebACLSummary objects in the response.
- Parameters:
listWebACLsRequest
-- Returns:
- Result of the ListWebACLs operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
listXssMatchSets
ListXssMatchSetsResult listXssMatchSets(ListXssMatchSetsRequest listXssMatchSetsRequest)
Returns an array of XssMatchSet objects.
- Parameters:
listXssMatchSetsRequest
- A request to list the XssMatchSet objects created by the current AWS account.- Returns:
- Result of the ListXssMatchSets operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
updateByteMatchSet
UpdateByteMatchSetResult updateByteMatchSet(UpdateByteMatchSetRequest updateByteMatchSetRequest)
Inserts or deletes ByteMatchTuple objects (filters) in a ByteMatchSet. For each
ByteMatchTuple
object, you specify the following values:- Whether to insert or delete the object from the array. If you want to
change a
ByteMatchSetUpdate
object, you delete the existing object and add a new one. - The part of a web request that you want AWS WAF to inspect, such as a
query string or the value of the
User-Agent
header. - The bytes (typically a string that corresponds with ASCII characters)
that you want AWS WAF to look for. For more information, including how
you specify the values for the AWS WAF API and the AWS CLI or SDKs, see
TargetString
in the ByteMatchTuple data type. - Where to look, such as at the beginning or the end of a query string.
- Whether to perform any conversions on the request, such as converting it to lowercase, before inspecting it for the specified string.
For example, you can add a
ByteMatchSetUpdate
object that matches web requests in whichUser-Agent
headers contain the stringBadBot
. You can then configure AWS WAF to block those requests.To create and configure a
ByteMatchSet
, perform the following steps:- Create a
ByteMatchSet.
For more information, see CreateByteMatchSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of anUpdateByteMatchSet
request. - Submit an
UpdateByteMatchSet
request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Parameters:
updateByteMatchSetRequest
-- Returns:
- Result of the UpdateByteMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Whether to insert or delete the object from the array. If you want to
change a
-
updateIPSet
UpdateIPSetResult updateIPSet(UpdateIPSetRequest updateIPSetRequest)
Inserts or deletes IPSetDescriptor objects in an
IPSet
. For eachIPSetDescriptor
object, you specify the following values:- Whether to insert or delete the object from the array. If you want to
change an
IPSetDescriptor
object, you delete the existing object and add a new one. - The IP address version,
IPv4
. - The IP address in CIDR notation, for example,
192.0.2.0/24
(for the range of IP addresses from192.0.2.0
to192.0.2.255
) or192.0.2.44/32
(for the individual IP address192.0.2.44
).
AWS WAF supports /8, /16, /24, and /32 IP address ranges. For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.
You use an
IPSet
to specify which web requests you want to allow or block based on the IP addresses that the requests originated from. For example, if you're receiving a lot of requests from one or a small number of IP addresses and you want to block the requests, you can create anIPSet
that specifies those IP addresses, and then configure AWS WAF to block the requests.To create and configure an
IPSet
, perform the following steps:- Submit a CreateIPSet request.
- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of an UpdateIPSet request. - Submit an
UpdateIPSet
request to specify the IP addresses that you want AWS WAF to watch for.
When you update an
IPSet
, you specify the IP addresses that you want to add and/or the IP addresses that you want to delete. If you want to change an IP address, you delete the existing IP address and add the new one.For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Parameters:
updateIPSetRequest
-- Returns:
- Result of the UpdateIPSet operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Whether to insert or delete the object from the array. If you want to
change an
-
updateRule
UpdateRuleResult updateRule(UpdateRuleRequest updateRuleRequest)
Inserts or deletes Predicate objects in a
Rule
. EachPredicate
object identifies a predicate, such as a ByteMatchSet or an IPSet, that specifies the web requests that you want to allow, block, or count. If you add more than one predicate to aRule
, a request must match all of the specifications to be allowed, blocked, or counted. For example, suppose you add the following to aRule
:- A
ByteMatchSet
that matches the valueBadBot
in theUser-Agent
header - An
IPSet
that matches the IP address192.0.2.44
You then add the
Rule
to aWebACL
and specify that you want to block requests that satisfy theRule
. For a request to be blocked, theUser-Agent
header in the request must contain the valueBadBot
and the request must originate from the IP address 192.0.2.44.To create and configure a
Rule
, perform the following steps:- Create and update the predicates that you want to include in the
Rule
. - Create the
Rule
. See CreateRule. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateRule request. - Submit an
UpdateRule
request to add predicates to theRule
. - Create and update a
WebACL
that contains theRule
. See CreateWebACL.
If you want to replace one
ByteMatchSet
orIPSet
with another, you delete the existing one and add the new one.For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Parameters:
updateRuleRequest
-- Returns:
- Result of the UpdateRule operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- A
-
updateSizeConstraintSet
UpdateSizeConstraintSetResult updateSizeConstraintSet(UpdateSizeConstraintSetRequest updateSizeConstraintSetRequest)
Inserts or deletes SizeConstraint objects (filters) in a SizeConstraintSet. For each
SizeConstraint
object, you specify the following values:- Whether to insert or delete the object from the array. If you want to
change a
SizeConstraintSetUpdate
object, you delete the existing object and add a new one. - The part of a web request that you want AWS WAF to evaluate, such as
the length of a query string or the length of the
User-Agent
header. - Whether to perform any transformations on the request, such as
converting it to lowercase, before checking its length. Note that
transformations of the request body are not supported because the AWS
resource forwards only the first
8192
bytes of your request to AWS WAF. - A
ComparisonOperator
used for evaluating the selected part of the request against the specifiedSize
, such as equals, greater than, less than, and so on. - The length, in bytes, that you want AWS WAF to watch for in selected part of the request. The length is computed after applying the transformation.
For example, you can add a
SizeConstraintSetUpdate
object that matches web requests in which the length of theUser-Agent
header is greater than 100 bytes. You can then configure AWS WAF to block those requests.To create and configure a
SizeConstraintSet
, perform the following steps:- Create a
SizeConstraintSet.
For more information, see CreateSizeConstraintSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of anUpdateSizeConstraintSet
request. - Submit an
UpdateSizeConstraintSet
request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Parameters:
updateSizeConstraintSetRequest
-- Returns:
- Result of the UpdateSizeConstraintSet operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Whether to insert or delete the object from the array. If you want to
change a
-
updateSqlInjectionMatchSet
UpdateSqlInjectionMatchSetResult updateSqlInjectionMatchSet(UpdateSqlInjectionMatchSetRequest updateSqlInjectionMatchSetRequest)
Inserts or deletes SqlInjectionMatchTuple objects (filters) in a SqlInjectionMatchSet. For each
SqlInjectionMatchTuple
object, you specify the following values:Action
: Whether to insert the object into or delete the object from the array. To change aSqlInjectionMatchTuple
, you delete the existing object and add a new one.FieldToMatch
: The part of web requests that you want AWS WAF to inspect and, if you want AWS WAF to inspect a header, the name of the header.TextTransformation
: Which text transformation, if any, to perform on the web request before inspecting the request for snippets of malicious SQL code.
You use
SqlInjectionMatchSet
objects to specify which CloudFront requests you want to allow, block, or count. For example, if you're receiving requests that contain snippets of SQL code in the query string and you want to block the requests, you can create aSqlInjectionMatchSet
with the applicable settings, and then configure AWS WAF to block the requests.To create and configure a
SqlInjectionMatchSet
, perform the following steps:- Submit a CreateSqlInjectionMatchSet request.
- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of an UpdateIPSet request. - Submit an
UpdateSqlInjectionMatchSet
request to specify the parts of web requests that you want AWS WAF to inspect for snippets of SQL code.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Parameters:
updateSqlInjectionMatchSetRequest
- A request to update a SqlInjectionMatchSet.- Returns:
- Result of the UpdateSqlInjectionMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
-
updateWebACL
UpdateWebACLResult updateWebACL(UpdateWebACLRequest updateWebACLRequest)
Inserts or deletes ActivatedRule objects in a
WebACL
. EachRule
identifies web requests that you want to allow, block, or count. When you update aWebACL
, you specify the following values:- A default action for the
WebACL
, eitherALLOW
orBLOCK
. AWS WAF performs the default action if a request doesn't match the criteria in any of theRules
in aWebACL
. - The
Rules
that you want to add and/or delete. If you want to replace oneRule
with another, you delete the existingRule
and add the new one. - For each
Rule
, whether you want AWS WAF to allow requests, block requests, or count requests that match the conditions in theRule
. - The order in which you want AWS WAF to evaluate the
Rules
in aWebACL
. If you add more than oneRule
to aWebACL
, AWS WAF evaluates each request against theRules
in order based on the value ofPriority
. (TheRule
that has the lowest value forPriority
is evaluated first.) When a web request matches all of the predicates (such asByteMatchSets
andIPSets
) in aRule
, AWS WAF immediately takes the corresponding action, allow or block, and doesn't evaluate the request against the remainingRules
in theWebACL
, if any. - The CloudFront distribution that you want to associate with the
WebACL
.
To create and configure a
WebACL
, perform the following steps:- Create and update the predicates that you want to include in
Rules
. For more information, see CreateByteMatchSet, UpdateByteMatchSet, CreateIPSet, UpdateIPSet, CreateSqlInjectionMatchSet, and UpdateSqlInjectionMatchSet. - Create and update the
Rules
that you want to include in theWebACL
. For more information, see CreateRule and UpdateRule. - Create a
WebACL
. See CreateWebACL. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateWebACL request. - Submit an
UpdateWebACL
request to specify theRules
that you want to include in theWebACL
, to specify the default action, and to associate theWebACL
with a CloudFront distribution.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Parameters:
updateWebACLRequest
-- Returns:
- Result of the UpdateWebACL operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- A default action for the
-
updateXssMatchSet
UpdateXssMatchSetResult updateXssMatchSet(UpdateXssMatchSetRequest updateXssMatchSetRequest)
Inserts or deletes XssMatchTuple objects (filters) in an XssMatchSet. For each
XssMatchTuple
object, you specify the following values:Action
: Whether to insert the object into or delete the object from the array. To change aXssMatchTuple
, you delete the existing object and add a new one.FieldToMatch
: The part of web requests that you want AWS WAF to inspect and, if you want AWS WAF to inspect a header, the name of the header.TextTransformation
: Which text transformation, if any, to perform on the web request before inspecting the request for cross-site scripting attacks.
You use
XssMatchSet
objects to specify which CloudFront requests you want to allow, block, or count. For example, if you're receiving requests that contain cross-site scripting attacks in the request body and you want to block the requests, you can create anXssMatchSet
with the applicable settings, and then configure AWS WAF to block the requests.To create and configure an
XssMatchSet
, perform the following steps:- Submit a CreateXssMatchSet request.
- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of an UpdateIPSet request. - Submit an
UpdateXssMatchSet
request to specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Parameters:
updateXssMatchSetRequest
- A request to update an XssMatchSet.- Returns:
- Result of the UpdateXssMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
-
shutdown
void shutdown()
Shuts down this client object, releasing any resources that might be held open. This is an optional method, and callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client has been shutdown, it should not be used to make any more requests.
-
getCachedResponseMetadata
ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)
Returns additional metadata for a previously executed successful request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing a request.
- Parameters:
request
- The originally executed request.- Returns:
- The response metadata for the specified request, or null if none is available.
-
-