@Generated(value="com.amazonaws:aws-java-sdk-code-generator") public class AbstractAWSWAFRegional extends Object implements AWSWAFRegional
AWSWAFRegional. Convenient method forms pass through to the corresponding overload
that takes a request object, which throws an UnsupportedOperationException.ENDPOINT_PREFIXpublic void setEndpoint(String endpoint)
AWSWAFRegional
Callers can pass in just the endpoint (ex: "waf-regional.us-east-1.amazonaws.com/") or a full URL, including the
protocol (ex: "https://waf-regional.us-east-1.amazonaws.com/"). If the protocol is not specified here, the
default protocol from this client's ClientConfiguration will be used, which by default is HTTPS.
For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available endpoints for all AWS services, see: http://developer.amazonwebservices.com/connect/entry.jspa?externalID=3912
This method is not threadsafe. An endpoint should be configured when the client is created and before any service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit or retrying.
setEndpoint in interface AWSWAFRegionalendpoint - The endpoint (ex: "waf-regional.us-east-1.amazonaws.com/") or a full URL, including the protocol (ex:
"https://waf-regional.us-east-1.amazonaws.com/") of the region specific AWS endpoint this client will
communicate with.public void setRegion(Region region)
AWSWAFRegionalAWSWAFRegional.setEndpoint(String), sets the regional endpoint for this client's
service calls. Callers can use this method to control which AWS region they want to work with.
By default, all service endpoints in all regions use the https protocol. To use http instead, specify it in the
ClientConfiguration supplied at construction.
This method is not threadsafe. A region should be configured when the client is created and before any service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit or retrying.
setRegion in interface AWSWAFRegionalregion - The region this client will communicate with. See Region.getRegion(com.amazonaws.regions.Regions)
for accessing a given region. Must not be null and must be a region where the service is available.Region.getRegion(com.amazonaws.regions.Regions),
Region.createClient(Class, com.amazonaws.auth.AWSCredentialsProvider, ClientConfiguration),
Region.isServiceSupported(String)public AssociateWebACLResult associateWebACL(AssociateWebACLRequest request)
AWSWAFRegionalAssociates a web ACL with a resource.
associateWebACL in interface AWSWAFRegionalpublic CreateByteMatchSetResult createByteMatchSet(CreateByteMatchSetRequest request)
AWSWAFRegional
Creates a ByteMatchSet. You then use UpdateByteMatchSet to identify the part of a web request
that you want AWS WAF to inspect, such as the values of the User-Agent header or the query string.
For example, you can create a ByteMatchSet that matches any requests with User-Agent
headers that contain the string BadBot. You can then configure AWS WAF to reject those requests.
To create and configure a ByteMatchSet, perform the following steps:
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
CreateByteMatchSet request.
Submit a CreateByteMatchSet request.
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of an UpdateByteMatchSet request.
Submit an UpdateByteMatchSet request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
createByteMatchSet in interface AWSWAFRegionalpublic CreateGeoMatchSetResult createGeoMatchSet(CreateGeoMatchSetRequest request)
AWSWAFRegional
Creates an GeoMatchSet, which you use to specify which web requests you want to allow or block based on
the country that the requests originate from. For example, if you're receiving a lot of requests from one or more
countries and you want to block the requests, you can create an GeoMatchSet that contains those
countries and then configure AWS WAF to block the requests.
To create and configure a GeoMatchSet, perform the following steps:
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
CreateGeoMatchSet request.
Submit a CreateGeoMatchSet request.
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of an UpdateGeoMatchSet request.
Submit an UpdateGeoMatchSetSet request to specify the countries that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
createGeoMatchSet in interface AWSWAFRegionalpublic CreateIPSetResult createIPSet(CreateIPSetRequest request)
AWSWAFRegional
Creates an IPSet, which you use to specify which web requests you want to allow or block based on the IP
addresses that the requests originate from. For example, if you're receiving a lot of requests from one or more
individual IP addresses or one or more ranges of IP addresses and you want to block the requests, you can create
an IPSet that contains those IP addresses and then configure AWS WAF to block the requests.
To create and configure an IPSet, perform the following steps:
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
CreateIPSet request.
Submit a CreateIPSet request.
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of an UpdateIPSet request.
Submit an UpdateIPSet request to specify the IP addresses that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
createIPSet in interface AWSWAFRegionalpublic CreateRateBasedRuleResult createRateBasedRule(CreateRateBasedRuleRequest request)
AWSWAFRegional
Creates a RateBasedRule. The RateBasedRule contains a RateLimit, which specifies
the maximum number of requests that AWS WAF allows from a specified IP address in a five-minute period. The
RateBasedRule also contains the IPSet objects, ByteMatchSet objects, and
other predicates that identify the requests that you want to count or block if these requests exceed the
RateLimit.
If you add more than one predicate to a RateBasedRule, a request not only must exceed the
RateLimit, but it also must match all the specifications to be counted or blocked. For example,
suppose you add the following to a RateBasedRule:
An IPSet that matches the IP address 192.0.2.44/32
A ByteMatchSet that matches BadBot in the User-Agent header
Further, you specify a RateLimit of 15,000.
You then add the RateBasedRule to a WebACL and specify that you want to block requests
that meet the conditions in the rule. For a request to be blocked, it must come from the IP address 192.0.2.44
and the User-Agent header in the request must contain the value BadBot. Further,
requests that match these two conditions must be received at a rate of more than 15,000 requests every five
minutes. If both conditions are met and the rate is exceeded, AWS WAF blocks the requests. If the rate drops
below 15,000 for a five-minute period, AWS WAF no longer blocks the requests.
As a second example, suppose you want to limit requests to a particular page on your site. To do this, you could
add the following to a RateBasedRule:
A ByteMatchSet with FieldToMatch of URI
A PositionalConstraint of STARTS_WITH
A TargetString of login
Further, you specify a RateLimit of 15,000.
By adding this RateBasedRule to a WebACL, you could limit requests to your login page
without affecting the rest of your site.
To create and configure a RateBasedRule, perform the following steps:
Create and update the predicates that you want to include in the rule. For more information, see CreateByteMatchSet, CreateIPSet, and CreateSqlInjectionMatchSet.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
CreateRule request.
Submit a CreateRateBasedRule request.
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of an UpdateRule request.
Submit an UpdateRateBasedRule request to specify the predicates that you want to include in the
rule.
Create and update a WebACL that contains the RateBasedRule. For more information, see
CreateWebACL.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
createRateBasedRule in interface AWSWAFRegionalpublic CreateRegexMatchSetResult createRegexMatchSet(CreateRegexMatchSetRequest request)
AWSWAFRegional
Creates a RegexMatchSet. You then use UpdateRegexMatchSet to identify the part of a web request
that you want AWS WAF to inspect, such as the values of the User-Agent header or the query string.
For example, you can create a RegexMatchSet that contains a RegexMatchTuple that looks
for any requests with User-Agent headers that match a RegexPatternSet with pattern
B[a@]dB[o0]t. You can then configure AWS WAF to reject those requests.
To create and configure a RegexMatchSet, perform the following steps:
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
CreateRegexMatchSet request.
Submit a CreateRegexMatchSet request.
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of an UpdateRegexMatchSet request.
Submit an UpdateRegexMatchSet request to specify the part of the request that you want AWS WAF to inspect
(for example, the header or the URI) and the value, using a RegexPatternSet, that you want AWS WAF
to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
createRegexMatchSet in interface AWSWAFRegionalpublic CreateRegexPatternSetResult createRegexPatternSet(CreateRegexPatternSetRequest request)
AWSWAFRegional
Creates a RegexPatternSet. You then use UpdateRegexPatternSet to specify the regular
expression (regex) pattern that you want AWS WAF to search for, such as B[a@]dB[o0]t. You can then
configure AWS WAF to reject those requests.
To create and configure a RegexPatternSet, perform the following steps:
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
CreateRegexPatternSet request.
Submit a CreateRegexPatternSet request.
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of an UpdateRegexPatternSet request.
Submit an UpdateRegexPatternSet request to specify the string that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
createRegexPatternSet in interface AWSWAFRegionalpublic CreateRuleResult createRule(CreateRuleRequest request)
AWSWAFRegional
Creates a Rule, which contains the IPSet objects, ByteMatchSet objects,
and other predicates that identify the requests that you want to block. If you add more than one predicate to a
Rule, a request must match all of the specifications to be allowed or blocked. For example, suppose
you add the following to a Rule:
An IPSet that matches the IP address 192.0.2.44/32
A ByteMatchSet that matches BadBot in the User-Agent header
You then add the Rule to a WebACL and specify that you want to blocks requests that
satisfy the Rule. For a request to be blocked, it must come from the IP address 192.0.2.44
and the User-Agent header in the request must contain the value BadBot.
To create and configure a Rule, perform the following steps:
Create and update the predicates that you want to include in the Rule. For more information, see
CreateByteMatchSet, CreateIPSet, and CreateSqlInjectionMatchSet.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
CreateRule request.
Submit a CreateRule request.
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of an UpdateRule request.
Submit an UpdateRule request to specify the predicates that you want to include in the
Rule.
Create and update a WebACL that contains the Rule. For more information, see
CreateWebACL.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
createRule in interface AWSWAFRegionalpublic CreateSizeConstraintSetResult createSizeConstraintSet(CreateSizeConstraintSetRequest request)
AWSWAFRegional
Creates a SizeConstraintSet. You then use UpdateSizeConstraintSet to identify the part of a
web request that you want AWS WAF to check for length, such as the length of the User-Agent header
or the length of the query string. For example, you can create a SizeConstraintSet that matches any
requests that have a query string that is longer than 100 bytes. You can then configure AWS WAF to reject those
requests.
To create and configure a SizeConstraintSet, perform the following steps:
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
CreateSizeConstraintSet request.
Submit a CreateSizeConstraintSet request.
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of an UpdateSizeConstraintSet request.
Submit an UpdateSizeConstraintSet request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
createSizeConstraintSet in interface AWSWAFRegionalpublic CreateSqlInjectionMatchSetResult createSqlInjectionMatchSet(CreateSqlInjectionMatchSetRequest request)
AWSWAFRegionalCreates a SqlInjectionMatchSet, which you use to allow, block, or count requests that contain snippets of SQL code in a specified part of web requests. AWS WAF searches for character sequences that are likely to be malicious strings.
To create and configure a SqlInjectionMatchSet, perform the following steps:
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
CreateSqlInjectionMatchSet request.
Submit a CreateSqlInjectionMatchSet request.
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of an UpdateSqlInjectionMatchSet request.
Submit an UpdateSqlInjectionMatchSet request to specify the parts of web requests in which you want to allow, block, or count malicious SQL code.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
createSqlInjectionMatchSet in interface AWSWAFRegionalrequest - A request to create a SqlInjectionMatchSet.public CreateWebACLResult createWebACL(CreateWebACLRequest request)
AWSWAFRegional
Creates a WebACL, which contains the Rules that identify the CloudFront web requests
that you want to allow, block, or count. AWS WAF evaluates Rules in order based on the value of
Priority for each Rule.
You also specify a default action, either ALLOW or BLOCK. If a web request doesn't
match any of the Rules in a WebACL, AWS WAF responds to the request with the default
action.
To create and configure a WebACL, perform the following steps:
Create and update the ByteMatchSet objects and other predicates that you want to include in
Rules. For more information, see CreateByteMatchSet, UpdateByteMatchSet,
CreateIPSet, UpdateIPSet, CreateSqlInjectionMatchSet, and UpdateSqlInjectionMatchSet.
Create and update the Rules that you want to include in the WebACL. For more
information, see CreateRule and UpdateRule.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
CreateWebACL request.
Submit a CreateWebACL request.
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of an UpdateWebACL request.
Submit an UpdateWebACL request to specify the Rules that you want to include in the
WebACL, to specify the default action, and to associate the WebACL with a CloudFront
distribution.
For more information about how to use the AWS WAF API, see the AWS WAF Developer Guide.
createWebACL in interface AWSWAFRegionalpublic CreateXssMatchSetResult createXssMatchSet(CreateXssMatchSetRequest request)
AWSWAFRegionalCreates an XssMatchSet, which you use to allow, block, or count requests that contain cross-site scripting attacks in the specified part of web requests. AWS WAF searches for character sequences that are likely to be malicious strings.
To create and configure an XssMatchSet, perform the following steps:
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
CreateXssMatchSet request.
Submit a CreateXssMatchSet request.
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of an UpdateXssMatchSet request.
Submit an UpdateXssMatchSet request to specify the parts of web requests in which you want to allow, block, or count cross-site scripting attacks.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
createXssMatchSet in interface AWSWAFRegionalrequest - A request to create an XssMatchSet.public DeleteByteMatchSetResult deleteByteMatchSet(DeleteByteMatchSetRequest request)
AWSWAFRegional
Permanently deletes a ByteMatchSet. You can't delete a ByteMatchSet if it's still used in any
Rules or if it still includes any ByteMatchTuple objects (any filters).
If you just want to remove a ByteMatchSet from a Rule, use UpdateRule.
To permanently delete a ByteMatchSet, perform the following steps:
Update the ByteMatchSet to remove filters, if any. For more information, see
UpdateByteMatchSet.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
DeleteByteMatchSet request.
Submit a DeleteByteMatchSet request.
deleteByteMatchSet in interface AWSWAFRegionalpublic DeleteGeoMatchSetResult deleteGeoMatchSet(DeleteGeoMatchSetRequest request)
AWSWAFRegional
Permanently deletes a GeoMatchSet. You can't delete a GeoMatchSet if it's still used in any
Rules or if it still includes any countries.
If you just want to remove a GeoMatchSet from a Rule, use UpdateRule.
To permanently delete a GeoMatchSet from AWS WAF, perform the following steps:
Update the GeoMatchSet to remove any countries. For more information, see UpdateGeoMatchSet.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
DeleteGeoMatchSet request.
Submit a DeleteGeoMatchSet request.
deleteGeoMatchSet in interface AWSWAFRegionalpublic DeleteIPSetResult deleteIPSet(DeleteIPSetRequest request)
AWSWAFRegional
Permanently deletes an IPSet. You can't delete an IPSet if it's still used in any
Rules or if it still includes any IP addresses.
If you just want to remove an IPSet from a Rule, use UpdateRule.
To permanently delete an IPSet from AWS WAF, perform the following steps:
Update the IPSet to remove IP address ranges, if any. For more information, see UpdateIPSet.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
DeleteIPSet request.
Submit a DeleteIPSet request.
deleteIPSet in interface AWSWAFRegionalpublic DeleteRateBasedRuleResult deleteRateBasedRule(DeleteRateBasedRuleRequest request)
AWSWAFRegional
Permanently deletes a RateBasedRule. You can't delete a rule if it's still used in any WebACL
objects or if it still includes any predicates, such as ByteMatchSet objects.
If you just want to remove a rule from a WebACL, use UpdateWebACL.
To permanently delete a RateBasedRule from AWS WAF, perform the following steps:
Update the RateBasedRule to remove predicates, if any. For more information, see
UpdateRateBasedRule.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
DeleteRateBasedRule request.
Submit a DeleteRateBasedRule request.
deleteRateBasedRule in interface AWSWAFRegionalpublic DeleteRegexMatchSetResult deleteRegexMatchSet(DeleteRegexMatchSetRequest request)
AWSWAFRegional
Permanently deletes a RegexMatchSet. You can't delete a RegexMatchSet if it's still used in
any Rules or if it still includes any RegexMatchTuples objects (any filters).
If you just want to remove a RegexMatchSet from a Rule, use UpdateRule.
To permanently delete a RegexMatchSet, perform the following steps:
Update the RegexMatchSet to remove filters, if any. For more information, see
UpdateRegexMatchSet.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
DeleteRegexMatchSet request.
Submit a DeleteRegexMatchSet request.
deleteRegexMatchSet in interface AWSWAFRegionalpublic DeleteRegexPatternSetResult deleteRegexPatternSet(DeleteRegexPatternSetRequest request)
AWSWAFRegional
Permanently deletes a RegexPatternSet. You can't delete a RegexPatternSet if it's still used
in any RegexMatchSet or if the RegexPatternSet is not empty.
deleteRegexPatternSet in interface AWSWAFRegionalpublic DeleteRuleResult deleteRule(DeleteRuleRequest request)
AWSWAFRegional
Permanently deletes a Rule. You can't delete a Rule if it's still used in any
WebACL objects or if it still includes any predicates, such as ByteMatchSet objects.
If you just want to remove a Rule from a WebACL, use UpdateWebACL.
To permanently delete a Rule from AWS WAF, perform the following steps:
Update the Rule to remove predicates, if any. For more information, see UpdateRule.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
DeleteRule request.
Submit a DeleteRule request.
deleteRule in interface AWSWAFRegionalpublic DeleteSizeConstraintSetResult deleteSizeConstraintSet(DeleteSizeConstraintSetRequest request)
AWSWAFRegional
Permanently deletes a SizeConstraintSet. You can't delete a SizeConstraintSet if it's still
used in any Rules or if it still includes any SizeConstraint objects (any filters).
If you just want to remove a SizeConstraintSet from a Rule, use UpdateRule.
To permanently delete a SizeConstraintSet, perform the following steps:
Update the SizeConstraintSet to remove filters, if any. For more information, see
UpdateSizeConstraintSet.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
DeleteSizeConstraintSet request.
Submit a DeleteSizeConstraintSet request.
deleteSizeConstraintSet in interface AWSWAFRegionalpublic DeleteSqlInjectionMatchSetResult deleteSqlInjectionMatchSet(DeleteSqlInjectionMatchSetRequest request)
AWSWAFRegional
Permanently deletes a SqlInjectionMatchSet. You can't delete a SqlInjectionMatchSet if it's
still used in any Rules or if it still contains any SqlInjectionMatchTuple objects.
If you just want to remove a SqlInjectionMatchSet from a Rule, use UpdateRule.
To permanently delete a SqlInjectionMatchSet from AWS WAF, perform the following steps:
Update the SqlInjectionMatchSet to remove filters, if any. For more information, see
UpdateSqlInjectionMatchSet.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
DeleteSqlInjectionMatchSet request.
Submit a DeleteSqlInjectionMatchSet request.
deleteSqlInjectionMatchSet in interface AWSWAFRegionalrequest - A request to delete a SqlInjectionMatchSet from AWS WAF.public DeleteWebACLResult deleteWebACL(DeleteWebACLRequest request)
AWSWAFRegional
Permanently deletes a WebACL. You can't delete a WebACL if it still contains any
Rules.
To delete a WebACL, perform the following steps:
Update the WebACL to remove Rules, if any. For more information, see
UpdateWebACL.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
DeleteWebACL request.
Submit a DeleteWebACL request.
deleteWebACL in interface AWSWAFRegionalpublic DeleteXssMatchSetResult deleteXssMatchSet(DeleteXssMatchSetRequest request)
AWSWAFRegional
Permanently deletes an XssMatchSet. You can't delete an XssMatchSet if it's still used in any
Rules or if it still contains any XssMatchTuple objects.
If you just want to remove an XssMatchSet from a Rule, use UpdateRule.
To permanently delete an XssMatchSet from AWS WAF, perform the following steps:
Update the XssMatchSet to remove filters, if any. For more information, see
UpdateXssMatchSet.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a
DeleteXssMatchSet request.
Submit a DeleteXssMatchSet request.
deleteXssMatchSet in interface AWSWAFRegionalrequest - A request to delete an XssMatchSet from AWS WAF.public DisassociateWebACLResult disassociateWebACL(DisassociateWebACLRequest request)
AWSWAFRegionalRemoves a web ACL from the specified resource.
disassociateWebACL in interface AWSWAFRegionalpublic GetByteMatchSetResult getByteMatchSet(GetByteMatchSetRequest request)
AWSWAFRegional
Returns the ByteMatchSet specified by ByteMatchSetId.
getByteMatchSet in interface AWSWAFRegionalpublic GetChangeTokenResult getChangeToken(GetChangeTokenRequest request)
AWSWAFRegionalWhen you want to create, update, or delete AWS WAF objects, get a change token and include the change token in the create, update, or delete request. Change tokens ensure that your application doesn't submit conflicting requests to AWS WAF.
Each create, update, or delete request must use a unique change token. If your application submits a
GetChangeToken request and then submits a second GetChangeToken request before
submitting a create, update, or delete request, the second GetChangeToken request returns the same
value as the first GetChangeToken request.
When you use a change token in a create, update, or delete request, the status of the change token changes to
PENDING, which indicates that AWS WAF is propagating the change to all AWS WAF servers. Use
GetChangeTokenStatus to determine the status of your change token.
getChangeToken in interface AWSWAFRegionalpublic GetChangeTokenStatusResult getChangeTokenStatus(GetChangeTokenStatusRequest request)
AWSWAFRegional
Returns the status of a ChangeToken that you got by calling GetChangeToken.
ChangeTokenStatus is one of the following values:
PROVISIONED: You requested the change token by calling GetChangeToken, but you haven't
used it yet in a call to create, update, or delete an AWS WAF object.
PENDING: AWS WAF is propagating the create, update, or delete request to all AWS WAF servers.
IN_SYNC: Propagation is complete.
getChangeTokenStatus in interface AWSWAFRegionalpublic GetGeoMatchSetResult getGeoMatchSet(GetGeoMatchSetRequest request)
AWSWAFRegional
Returns the GeoMatchSet that is specified by GeoMatchSetId.
getGeoMatchSet in interface AWSWAFRegionalpublic GetIPSetResult getIPSet(GetIPSetRequest request)
AWSWAFRegional
Returns the IPSet that is specified by IPSetId.
getIPSet in interface AWSWAFRegionalpublic GetRateBasedRuleResult getRateBasedRule(GetRateBasedRuleRequest request)
AWSWAFRegional
Returns the RateBasedRule that is specified by the RuleId that you included in the
GetRateBasedRule request.
getRateBasedRule in interface AWSWAFRegionalpublic GetRateBasedRuleManagedKeysResult getRateBasedRuleManagedKeys(GetRateBasedRuleManagedKeysRequest request)
AWSWAFRegional
Returns an array of IP addresses currently being blocked by the RateBasedRule that is specified by the
RuleId. The maximum number of managed keys that will be blocked is 10,000. If more than 10,000
addresses exceed the rate limit, the 10,000 addresses with the highest rates will be blocked.
getRateBasedRuleManagedKeys in interface AWSWAFRegionalpublic GetRegexMatchSetResult getRegexMatchSet(GetRegexMatchSetRequest request)
AWSWAFRegional
Returns the RegexMatchSet specified by RegexMatchSetId.
getRegexMatchSet in interface AWSWAFRegionalpublic GetRegexPatternSetResult getRegexPatternSet(GetRegexPatternSetRequest request)
AWSWAFRegional
Returns the RegexPatternSet specified by RegexPatternSetId.
getRegexPatternSet in interface AWSWAFRegionalpublic GetRuleResult getRule(GetRuleRequest request)
AWSWAFRegional
Returns the Rule that is specified by the RuleId that you included in the
GetRule request.
getRule in interface AWSWAFRegionalpublic GetSampledRequestsResult getSampledRequests(GetSampledRequestsRequest request)
AWSWAFRegionalGets detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received during a time range that you choose. You can specify a sample size of up to 500 requests, and you can specify any time range in the previous three hours.
GetSampledRequests returns a time range, which is usually the time range that you specified.
However, if your resource (such as a CloudFront distribution) received 5,000 requests before the specified time
range elapsed, GetSampledRequests returns an updated time range. This new time range indicates the
actual period during which AWS WAF selected the requests in the sample.
getSampledRequests in interface AWSWAFRegionalpublic GetSizeConstraintSetResult getSizeConstraintSet(GetSizeConstraintSetRequest request)
AWSWAFRegional
Returns the SizeConstraintSet specified by SizeConstraintSetId.
getSizeConstraintSet in interface AWSWAFRegionalpublic GetSqlInjectionMatchSetResult getSqlInjectionMatchSet(GetSqlInjectionMatchSetRequest request)
AWSWAFRegional
Returns the SqlInjectionMatchSet that is specified by SqlInjectionMatchSetId.
getSqlInjectionMatchSet in interface AWSWAFRegionalrequest - A request to get a SqlInjectionMatchSet.public GetWebACLResult getWebACL(GetWebACLRequest request)
AWSWAFRegional
Returns the WebACL that is specified by WebACLId.
getWebACL in interface AWSWAFRegionalpublic GetWebACLForResourceResult getWebACLForResource(GetWebACLForResourceRequest request)
AWSWAFRegionalReturns the web ACL for the specified resource.
getWebACLForResource in interface AWSWAFRegionalpublic GetXssMatchSetResult getXssMatchSet(GetXssMatchSetRequest request)
AWSWAFRegional
Returns the XssMatchSet that is specified by XssMatchSetId.
getXssMatchSet in interface AWSWAFRegionalrequest - A request to get an XssMatchSet.public ListByteMatchSetsResult listByteMatchSets(ListByteMatchSetsRequest request)
AWSWAFRegionalReturns an array of ByteMatchSetSummary objects.
listByteMatchSets in interface AWSWAFRegionalpublic ListGeoMatchSetsResult listGeoMatchSets(ListGeoMatchSetsRequest request)
AWSWAFRegionalReturns an array of GeoMatchSetSummary objects in the response.
listGeoMatchSets in interface AWSWAFRegionalpublic ListIPSetsResult listIPSets(ListIPSetsRequest request)
AWSWAFRegionalReturns an array of IPSetSummary objects in the response.
listIPSets in interface AWSWAFRegionalpublic ListRateBasedRulesResult listRateBasedRules(ListRateBasedRulesRequest request)
AWSWAFRegionalReturns an array of RuleSummary objects.
listRateBasedRules in interface AWSWAFRegionalpublic ListRegexMatchSetsResult listRegexMatchSets(ListRegexMatchSetsRequest request)
AWSWAFRegionalReturns an array of RegexMatchSetSummary objects.
listRegexMatchSets in interface AWSWAFRegionalpublic ListRegexPatternSetsResult listRegexPatternSets(ListRegexPatternSetsRequest request)
AWSWAFRegionalReturns an array of RegexPatternSetSummary objects.
listRegexPatternSets in interface AWSWAFRegionalpublic ListResourcesForWebACLResult listResourcesForWebACL(ListResourcesForWebACLRequest request)
AWSWAFRegionalReturns an array of resources associated with the specified web ACL.
listResourcesForWebACL in interface AWSWAFRegionalpublic ListRulesResult listRules(ListRulesRequest request)
AWSWAFRegionalReturns an array of RuleSummary objects.
listRules in interface AWSWAFRegionalpublic ListSizeConstraintSetsResult listSizeConstraintSets(ListSizeConstraintSetsRequest request)
AWSWAFRegionalReturns an array of SizeConstraintSetSummary objects.
listSizeConstraintSets in interface AWSWAFRegionalpublic ListSqlInjectionMatchSetsResult listSqlInjectionMatchSets(ListSqlInjectionMatchSetsRequest request)
AWSWAFRegionalReturns an array of SqlInjectionMatchSet objects.
listSqlInjectionMatchSets in interface AWSWAFRegionalrequest - A request to list the SqlInjectionMatchSet objects created by the current AWS account.public ListWebACLsResult listWebACLs(ListWebACLsRequest request)
AWSWAFRegionalReturns an array of WebACLSummary objects in the response.
listWebACLs in interface AWSWAFRegionalpublic ListXssMatchSetsResult listXssMatchSets(ListXssMatchSetsRequest request)
AWSWAFRegionalReturns an array of XssMatchSet objects.
listXssMatchSets in interface AWSWAFRegionalrequest - A request to list the XssMatchSet objects created by the current AWS account.public UpdateByteMatchSetResult updateByteMatchSet(UpdateByteMatchSetRequest request)
AWSWAFRegional
Inserts or deletes ByteMatchTuple objects (filters) in a ByteMatchSet. For each
ByteMatchTuple object, you specify the following values:
Whether to insert or delete the object from the array. If you want to change a ByteMatchSetUpdate
object, you delete the existing object and add a new one.
The part of a web request that you want AWS WAF to inspect, such as a query string or the value of the
User-Agent header.
The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to look for. For more
information, including how you specify the values for the AWS WAF API and the AWS CLI or SDKs, see
TargetString in the ByteMatchTuple data type.
Where to look, such as at the beginning or the end of a query string.
Whether to perform any conversions on the request, such as converting it to lowercase, before inspecting it for the specified string.
For example, you can add a ByteMatchSetUpdate object that matches web requests in which
User-Agent headers contain the string BadBot. You can then configure AWS WAF to block
those requests.
To create and configure a ByteMatchSet, perform the following steps:
Create a ByteMatchSet. For more information, see CreateByteMatchSet.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of
an UpdateByteMatchSet request.
Submit an UpdateByteMatchSet request to specify the part of the request that you want AWS WAF to
inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
updateByteMatchSet in interface AWSWAFRegionalpublic UpdateGeoMatchSetResult updateGeoMatchSet(UpdateGeoMatchSetRequest request)
AWSWAFRegional
Inserts or deletes GeoMatchConstraint objects in an GeoMatchSet. For each
GeoMatchConstraint object, you specify the following values:
Whether to insert or delete the object from the array. If you want to change an GeoMatchConstraint
object, you delete the existing object and add a new one.
The Type. The only valid value for Type is Country.
The Value, which is a two character code for the country to add to the
GeoMatchConstraint object. Valid codes are listed in GeoMatchConstraint$Value.
To create and configure an GeoMatchSet, perform the following steps:
Submit a CreateGeoMatchSet request.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of
an UpdateGeoMatchSet request.
Submit an UpdateGeoMatchSet request to specify the country that you want AWS WAF to watch for.
When you update an GeoMatchSet, you specify the country that you want to add and/or the country that
you want to delete. If you want to change a country, you delete the existing country and add the new one.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
updateGeoMatchSet in interface AWSWAFRegionalpublic UpdateIPSetResult updateIPSet(UpdateIPSetRequest request)
AWSWAFRegional
Inserts or deletes IPSetDescriptor objects in an IPSet. For each IPSetDescriptor
object, you specify the following values:
Whether to insert or delete the object from the array. If you want to change an IPSetDescriptor
object, you delete the existing object and add a new one.
The IP address version, IPv4 or IPv6.
The IP address in CIDR notation, for example, 192.0.2.0/24 (for the range of IP addresses from
192.0.2.0 to 192.0.2.255) or 192.0.2.44/32 (for the individual IP address
192.0.2.44).
AWS WAF supports /8, /16, /24, and /32 IP address ranges for IPv4, and /24, /32, /48, /56, /64 and /128 for IPv6. For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.
IPv6 addresses can be represented using any of the following formats:
1111:0000:0000:0000:0000:0000:0000:0111/128
1111:0:0:0:0:0:0:0111/128
1111::0111/128
1111::111/128
You use an IPSet to specify which web requests you want to allow or block based on the IP addresses
that the requests originated from. For example, if you're receiving a lot of requests from one or a small number
of IP addresses and you want to block the requests, you can create an IPSet that specifies those IP
addresses, and then configure AWS WAF to block the requests.
To create and configure an IPSet, perform the following steps:
Submit a CreateIPSet request.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of
an UpdateIPSet request.
Submit an UpdateIPSet request to specify the IP addresses that you want AWS WAF to watch for.
When you update an IPSet, you specify the IP addresses that you want to add and/or the IP addresses
that you want to delete. If you want to change an IP address, you delete the existing IP address and add the new
one.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
updateIPSet in interface AWSWAFRegionalpublic UpdateRateBasedRuleResult updateRateBasedRule(UpdateRateBasedRuleRequest request)
AWSWAFRegional
Inserts or deletes Predicate objects in a rule and updates the RateLimit in the rule.
Each Predicate object identifies a predicate, such as a ByteMatchSet or an IPSet, that
specifies the web requests that you want to block or count. The RateLimit specifies the number of
requests every five minutes that triggers the rule.
If you add more than one predicate to a RateBasedRule, a request must match all the predicates and
exceed the RateLimit to be counted or blocked. For example, suppose you add the following to a
RateBasedRule:
An IPSet that matches the IP address 192.0.2.44/32
A ByteMatchSet that matches BadBot in the User-Agent header
Further, you specify a RateLimit of 15,000.
You then add the RateBasedRule to a WebACL and specify that you want to block requests
that satisfy the rule. For a request to be blocked, it must come from the IP address 192.0.2.44 and the
User-Agent header in the request must contain the value BadBot. Further, requests that
match these two conditions much be received at a rate of more than 15,000 every five minutes. If the rate drops
below this limit, AWS WAF no longer blocks the requests.
As a second example, suppose you want to limit requests to a particular page on your site. To do this, you could
add the following to a RateBasedRule:
A ByteMatchSet with FieldToMatch of URI
A PositionalConstraint of STARTS_WITH
A TargetString of login
Further, you specify a RateLimit of 15,000.
By adding this RateBasedRule to a WebACL, you could limit requests to your login page
without affecting the rest of your site.
updateRateBasedRule in interface AWSWAFRegionalpublic UpdateRegexMatchSetResult updateRegexMatchSet(UpdateRegexMatchSetRequest request)
AWSWAFRegional
Inserts or deletes RegexMatchSetUpdate objects (filters) in a RegexMatchSet. For each
RegexMatchSetUpdate object, you specify the following values:
Whether to insert or delete the object from the array. If you want to change a RegexMatchSetUpdate
object, you delete the existing object and add a new one.
The part of a web request that you want AWS WAF to inspect, such as a query string or the value of the
User-Agent header.
The identifier of the pattern (a regular expression) that you want AWS WAF to look for. For more information, see RegexPatternSet.
Whether to perform any conversions on the request, such as converting it to lowercase, before inspecting it for the specified string.
For example, you can create a RegexPatternSet that matches any requests with User-Agent
headers that contain the string B[a@]dB[o0]t. You can then configure AWS WAF to reject those
requests.
To create and configure a RegexMatchSet, perform the following steps:
Create a RegexMatchSet. For more information, see CreateRegexMatchSet.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of
an UpdateRegexMatchSet request.
Submit an UpdateRegexMatchSet request to specify the part of the request that you want AWS WAF to
inspect (for example, the header or the URI) and the identifier of the RegexPatternSet that contain
the regular expression patters you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
updateRegexMatchSet in interface AWSWAFRegionalpublic UpdateRegexPatternSetResult updateRegexPatternSet(UpdateRegexPatternSetRequest request)
AWSWAFRegional
Inserts or deletes RegexMatchSetUpdate objects (filters) in a RegexPatternSet. For each
RegexPatternSet object, you specify the following values:
Whether to insert or delete the object from the array. If you want to change a RegexPatternSet
object, you delete the existing object and add a new one.
The regular expression pattern that you want AWS WAF to look for. For more information, see RegexPatternSet.
For example, you can create a RegexPatternString such as B[a@]dB[o0]t. AWS WAF will
match this RegexPatternString to:
BadBot
BadB0t
B@dBot
B@dB0t
To create and configure a RegexPatternSet, perform the following steps:
Create a RegexPatternSet. For more information, see CreateRegexPatternSet.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of
an UpdateRegexPatternSet request.
Submit an UpdateRegexPatternSet request to specify the regular expression pattern that you want AWS
WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
updateRegexPatternSet in interface AWSWAFRegionalpublic UpdateRuleResult updateRule(UpdateRuleRequest request)
AWSWAFRegional
Inserts or deletes Predicate objects in a Rule. Each Predicate object identifies
a predicate, such as a ByteMatchSet or an IPSet, that specifies the web requests that you want to
allow, block, or count. If you add more than one predicate to a Rule, a request must match all of
the specifications to be allowed, blocked, or counted. For example, suppose you add the following to a
Rule:
A ByteMatchSet that matches the value BadBot in the User-Agent header
An IPSet that matches the IP address 192.0.2.44
You then add the Rule to a WebACL and specify that you want to block requests that
satisfy the Rule. For a request to be blocked, the User-Agent header in the request
must contain the value BadBot and the request must originate from the IP address 192.0.2.44.
To create and configure a Rule, perform the following steps:
Create and update the predicates that you want to include in the Rule.
Create the Rule. See CreateRule.
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of an UpdateRule request.
Submit an UpdateRule request to add predicates to the Rule.
Create and update a WebACL that contains the Rule. See CreateWebACL.
If you want to replace one ByteMatchSet or IPSet with another, you delete the existing
one and add the new one.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
updateRule in interface AWSWAFRegionalpublic UpdateSizeConstraintSetResult updateSizeConstraintSet(UpdateSizeConstraintSetRequest request)
AWSWAFRegional
Inserts or deletes SizeConstraint objects (filters) in a SizeConstraintSet. For each
SizeConstraint object, you specify the following values:
Whether to insert or delete the object from the array. If you want to change a
SizeConstraintSetUpdate object, you delete the existing object and add a new one.
The part of a web request that you want AWS WAF to evaluate, such as the length of a query string or the length
of the User-Agent header.
Whether to perform any transformations on the request, such as converting it to lowercase, before checking its
length. Note that transformations of the request body are not supported because the AWS resource forwards only
the first 8192 bytes of your request to AWS WAF.
A ComparisonOperator used for evaluating the selected part of the request against the specified
Size, such as equals, greater than, less than, and so on.
The length, in bytes, that you want AWS WAF to watch for in selected part of the request. The length is computed after applying the transformation.
For example, you can add a SizeConstraintSetUpdate object that matches web requests in which the
length of the User-Agent header is greater than 100 bytes. You can then configure AWS WAF to block
those requests.
To create and configure a SizeConstraintSet, perform the following steps:
Create a SizeConstraintSet. For more information, see CreateSizeConstraintSet.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of
an UpdateSizeConstraintSet request.
Submit an UpdateSizeConstraintSet request to specify the part of the request that you want AWS WAF
to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
updateSizeConstraintSet in interface AWSWAFRegionalpublic UpdateSqlInjectionMatchSetResult updateSqlInjectionMatchSet(UpdateSqlInjectionMatchSetRequest request)
AWSWAFRegional
Inserts or deletes SqlInjectionMatchTuple objects (filters) in a SqlInjectionMatchSet. For each
SqlInjectionMatchTuple object, you specify the following values:
Action: Whether to insert the object into or delete the object from the array. To change a
SqlInjectionMatchTuple, you delete the existing object and add a new one.
FieldToMatch: The part of web requests that you want AWS WAF to inspect and, if you want AWS WAF to
inspect a header, the name of the header.
TextTransformation: Which text transformation, if any, to perform on the web request before
inspecting the request for snippets of malicious SQL code.
You use SqlInjectionMatchSet objects to specify which CloudFront requests you want to allow, block,
or count. For example, if you're receiving requests that contain snippets of SQL code in the query string and you
want to block the requests, you can create a SqlInjectionMatchSet with the applicable settings, and
then configure AWS WAF to block the requests.
To create and configure a SqlInjectionMatchSet, perform the following steps:
Submit a CreateSqlInjectionMatchSet request.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of
an UpdateIPSet request.
Submit an UpdateSqlInjectionMatchSet request to specify the parts of web requests that you want AWS
WAF to inspect for snippets of SQL code.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
updateSqlInjectionMatchSet in interface AWSWAFRegionalrequest - A request to update a SqlInjectionMatchSet.public UpdateWebACLResult updateWebACL(UpdateWebACLRequest request)
AWSWAFRegional
Inserts or deletes ActivatedRule objects in a WebACL. Each Rule identifies web
requests that you want to allow, block, or count. When you update a WebACL, you specify the
following values:
A default action for the WebACL, either ALLOW or BLOCK. AWS WAF performs
the default action if a request doesn't match the criteria in any of the Rules in a
WebACL.
The Rules that you want to add and/or delete. If you want to replace one Rule with
another, you delete the existing Rule and add the new one.
For each Rule, whether you want AWS WAF to allow requests, block requests, or count requests that
match the conditions in the Rule.
The order in which you want AWS WAF to evaluate the Rules in a WebACL. If you add more
than one Rule to a WebACL, AWS WAF evaluates each request against the
Rules in order based on the value of Priority. (The Rule that has the
lowest value for Priority is evaluated first.) When a web request matches all of the predicates
(such as ByteMatchSets and IPSets) in a Rule, AWS WAF immediately takes
the corresponding action, allow or block, and doesn't evaluate the request against the remaining
Rules in the WebACL, if any.
To create and configure a WebACL, perform the following steps:
Create and update the predicates that you want to include in Rules. For more information, see
CreateByteMatchSet, UpdateByteMatchSet, CreateIPSet, UpdateIPSet,
CreateSqlInjectionMatchSet, and UpdateSqlInjectionMatchSet.
Create and update the Rules that you want to include in the WebACL. For more
information, see CreateRule and UpdateRule.
Create a WebACL. See CreateWebACL.
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of an UpdateWebACL request.
Submit an UpdateWebACL request to specify the Rules that you want to include in the
WebACL, to specify the default action, and to associate the WebACL with a CloudFront
distribution.
Be aware that if you try to add a RATE_BASED rule to a web ACL without setting the rule type when first creating the rule, the UpdateWebACL request will fail because the request tries to add a REGULAR rule (the default rule type) with the specified ID, which does not exist.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
updateWebACL in interface AWSWAFRegionalpublic UpdateXssMatchSetResult updateXssMatchSet(UpdateXssMatchSetRequest request)
AWSWAFRegional
Inserts or deletes XssMatchTuple objects (filters) in an XssMatchSet. For each
XssMatchTuple object, you specify the following values:
Action: Whether to insert the object into or delete the object from the array. To change a
XssMatchTuple, you delete the existing object and add a new one.
FieldToMatch: The part of web requests that you want AWS WAF to inspect and, if you want AWS WAF to
inspect a header, the name of the header.
TextTransformation: Which text transformation, if any, to perform on the web request before
inspecting the request for cross-site scripting attacks.
You use XssMatchSet objects to specify which CloudFront requests you want to allow, block, or count.
For example, if you're receiving requests that contain cross-site scripting attacks in the request body and you
want to block the requests, you can create an XssMatchSet with the applicable settings, and then
configure AWS WAF to block the requests.
To create and configure an XssMatchSet, perform the following steps:
Submit a CreateXssMatchSet request.
Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of
an UpdateIPSet request.
Submit an UpdateXssMatchSet request to specify the parts of web requests that you want AWS WAF to
inspect for cross-site scripting attacks.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
updateXssMatchSet in interface AWSWAFRegionalrequest - A request to update an XssMatchSet.public void shutdown()
AWSWAFRegionalshutdown in interface AWSWAFRegionalpublic ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)
AWSWAFRegionalResponse metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing a request.
getCachedResponseMetadata in interface AWSWAFRegionalrequest - The originally executed request.Copyright © 2013 Amazon Web Services, Inc. All Rights Reserved.