/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace WAFV2 { namespace Model { /** *

A rule statement that labels web requests by country and region and that * matches against web requests based on country code. A geo match rule labels * every request that it inspects regardless of whether it finds a match.

    *

  • To manage requests only by country, you can use this statement by itself * and specify the countries that you want to match against in the * CountryCodes array.

  • Otherwise, configure your * geo match rule with Count action so that it only labels requests. Then, add one * or more label match rules to run after the geo match rule and configure them to * match against the geographic labels and handle the requests as needed.

    *

WAF labels requests using the alpha-2 country and region codes * from the International Organization for Standardization (ISO) 3166 standard. WAF * determines the codes using either the IP address in the web request origin or, * if you specify it, the address in the geo match ForwardedIPConfig. *

If you use the web request origin, the label formats are * awswaf:clientip:geo:region:<ISO country code>-<ISO region * code> and awswaf:clientip:geo:country:<ISO country * code>.

If you use a forwarded IP address, the label formats are * awswaf:forwardedip:geo:region:<ISO country code>-<ISO region * code> and awswaf:forwardedip:geo:country:<ISO country * code>.

For additional details, see Geographic * match rule statement in the WAF * Developer Guide.

See Also:

AWS * API Reference

*/ class GeoMatchStatement { public: AWS_WAFV2_API GeoMatchStatement(); AWS_WAFV2_API GeoMatchStatement(Aws::Utils::Json::JsonView jsonValue); AWS_WAFV2_API GeoMatchStatement& operator=(Aws::Utils::Json::JsonView jsonValue); AWS_WAFV2_API Aws::Utils::Json::JsonValue Jsonize() const; /** *

An array of two-character country codes that you want to match against, for * example, [ "US", "CN" ], from the alpha-2 country ISO codes of the * ISO 3166 international standard.

When you use a geo match statement just * for the region and country labels that it adds to requests, you still have to * supply a country code for the rule to evaluate. In this case, you configure the * rule to only count matching requests, but it will still generate logging and * count metrics for any matches. You can reduce the logging and metrics that the * rule produces by specifying a country that's unlikely to be a source of traffic * to your site.

*/ inline const Aws::Vector& GetCountryCodes() const{ return m_countryCodes; } /** *

An array of two-character country codes that you want to match against, for * example, [ "US", "CN" ], from the alpha-2 country ISO codes of the * ISO 3166 international standard.

When you use a geo match statement just * for the region and country labels that it adds to requests, you still have to * supply a country code for the rule to evaluate. In this case, you configure the * rule to only count matching requests, but it will still generate logging and * count metrics for any matches. You can reduce the logging and metrics that the * rule produces by specifying a country that's unlikely to be a source of traffic * to your site.

*/ inline bool CountryCodesHasBeenSet() const { return m_countryCodesHasBeenSet; } /** *

An array of two-character country codes that you want to match against, for * example, [ "US", "CN" ], from the alpha-2 country ISO codes of the * ISO 3166 international standard.

When you use a geo match statement just * for the region and country labels that it adds to requests, you still have to * supply a country code for the rule to evaluate. In this case, you configure the * rule to only count matching requests, but it will still generate logging and * count metrics for any matches. You can reduce the logging and metrics that the * rule produces by specifying a country that's unlikely to be a source of traffic * to your site.

*/ inline void SetCountryCodes(const Aws::Vector& value) { m_countryCodesHasBeenSet = true; m_countryCodes = value; } /** *

An array of two-character country codes that you want to match against, for * example, [ "US", "CN" ], from the alpha-2 country ISO codes of the * ISO 3166 international standard.

When you use a geo match statement just * for the region and country labels that it adds to requests, you still have to * supply a country code for the rule to evaluate. In this case, you configure the * rule to only count matching requests, but it will still generate logging and * count metrics for any matches. You can reduce the logging and metrics that the * rule produces by specifying a country that's unlikely to be a source of traffic * to your site.

*/ inline void SetCountryCodes(Aws::Vector&& value) { m_countryCodesHasBeenSet = true; m_countryCodes = std::move(value); } /** *

An array of two-character country codes that you want to match against, for * example, [ "US", "CN" ], from the alpha-2 country ISO codes of the * ISO 3166 international standard.

When you use a geo match statement just * for the region and country labels that it adds to requests, you still have to * supply a country code for the rule to evaluate. In this case, you configure the * rule to only count matching requests, but it will still generate logging and * count metrics for any matches. You can reduce the logging and metrics that the * rule produces by specifying a country that's unlikely to be a source of traffic * to your site.

*/ inline GeoMatchStatement& WithCountryCodes(const Aws::Vector& value) { SetCountryCodes(value); return *this;} /** *

An array of two-character country codes that you want to match against, for * example, [ "US", "CN" ], from the alpha-2 country ISO codes of the * ISO 3166 international standard.

When you use a geo match statement just * for the region and country labels that it adds to requests, you still have to * supply a country code for the rule to evaluate. In this case, you configure the * rule to only count matching requests, but it will still generate logging and * count metrics for any matches. You can reduce the logging and metrics that the * rule produces by specifying a country that's unlikely to be a source of traffic * to your site.

*/ inline GeoMatchStatement& WithCountryCodes(Aws::Vector&& value) { SetCountryCodes(std::move(value)); return *this;} /** *

An array of two-character country codes that you want to match against, for * example, [ "US", "CN" ], from the alpha-2 country ISO codes of the * ISO 3166 international standard.

When you use a geo match statement just * for the region and country labels that it adds to requests, you still have to * supply a country code for the rule to evaluate. In this case, you configure the * rule to only count matching requests, but it will still generate logging and * count metrics for any matches. You can reduce the logging and metrics that the * rule produces by specifying a country that's unlikely to be a source of traffic * to your site.

*/ inline GeoMatchStatement& AddCountryCodes(const CountryCode& value) { m_countryCodesHasBeenSet = true; m_countryCodes.push_back(value); return *this; } /** *

An array of two-character country codes that you want to match against, for * example, [ "US", "CN" ], from the alpha-2 country ISO codes of the * ISO 3166 international standard.

When you use a geo match statement just * for the region and country labels that it adds to requests, you still have to * supply a country code for the rule to evaluate. In this case, you configure the * rule to only count matching requests, but it will still generate logging and * count metrics for any matches. You can reduce the logging and metrics that the * rule produces by specifying a country that's unlikely to be a source of traffic * to your site.

*/ inline GeoMatchStatement& AddCountryCodes(CountryCode&& value) { m_countryCodesHasBeenSet = true; m_countryCodes.push_back(std::move(value)); return *this; } /** *

The configuration for inspecting IP addresses in an HTTP header that you * specify, instead of using the IP address that's reported by the web request * origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify * any header name.

If the specified header isn't present in the * request, WAF doesn't apply the rule to the web request at all.

*/ inline const ForwardedIPConfig& GetForwardedIPConfig() const{ return m_forwardedIPConfig; } /** *

The configuration for inspecting IP addresses in an HTTP header that you * specify, instead of using the IP address that's reported by the web request * origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify * any header name.

If the specified header isn't present in the * request, WAF doesn't apply the rule to the web request at all.

*/ inline bool ForwardedIPConfigHasBeenSet() const { return m_forwardedIPConfigHasBeenSet; } /** *

The configuration for inspecting IP addresses in an HTTP header that you * specify, instead of using the IP address that's reported by the web request * origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify * any header name.

If the specified header isn't present in the * request, WAF doesn't apply the rule to the web request at all.

*/ inline void SetForwardedIPConfig(const ForwardedIPConfig& value) { m_forwardedIPConfigHasBeenSet = true; m_forwardedIPConfig = value; } /** *

The configuration for inspecting IP addresses in an HTTP header that you * specify, instead of using the IP address that's reported by the web request * origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify * any header name.

If the specified header isn't present in the * request, WAF doesn't apply the rule to the web request at all.

*/ inline void SetForwardedIPConfig(ForwardedIPConfig&& value) { m_forwardedIPConfigHasBeenSet = true; m_forwardedIPConfig = std::move(value); } /** *

The configuration for inspecting IP addresses in an HTTP header that you * specify, instead of using the IP address that's reported by the web request * origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify * any header name.

If the specified header isn't present in the * request, WAF doesn't apply the rule to the web request at all.

*/ inline GeoMatchStatement& WithForwardedIPConfig(const ForwardedIPConfig& value) { SetForwardedIPConfig(value); return *this;} /** *

The configuration for inspecting IP addresses in an HTTP header that you * specify, instead of using the IP address that's reported by the web request * origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify * any header name.

If the specified header isn't present in the * request, WAF doesn't apply the rule to the web request at all.

*/ inline GeoMatchStatement& WithForwardedIPConfig(ForwardedIPConfig&& value) { SetForwardedIPConfig(std::move(value)); return *this;} private: Aws::Vector m_countryCodes; bool m_countryCodesHasBeenSet = false; ForwardedIPConfig m_forwardedIPConfig; bool m_forwardedIPConfigHasBeenSet = false; }; } // namespace Model } // namespace WAFV2 } // namespace Aws