/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace WAFV2 { namespace Model { class Statement; /** *

A rule statement used to run the rules that are defined in a managed rule * group. To use this, provide the vendor name and the name of the rule group in * this statement. You can retrieve the required names by calling * ListAvailableManagedRuleGroups.

You cannot nest a * ManagedRuleGroupStatement, for example for use inside a * NotStatement or OrStatement. It can only be referenced * as a top-level statement within a rule.

You are charged additional * fees when you use the WAF Bot Control managed rule group * AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account * takeover prevention (ATP) managed rule group * AWSManagedRulesATPRuleSet, or the WAF Fraud Control account * creation fraud prevention (ACFP) managed rule group * AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing.

See * Also:

AWS * API Reference

*/ class ManagedRuleGroupStatement { public: AWS_WAFV2_API ManagedRuleGroupStatement(); AWS_WAFV2_API ManagedRuleGroupStatement(Aws::Utils::Json::JsonView jsonValue); AWS_WAFV2_API ManagedRuleGroupStatement& operator=(Aws::Utils::Json::JsonView jsonValue); AWS_WAFV2_API Aws::Utils::Json::JsonValue Jsonize() const; /** *

The name of the managed rule group vendor. You use this, along with the rule * group name, to identify a rule group.

*/ inline const Aws::String& GetVendorName() const{ return m_vendorName; } /** *

The name of the managed rule group vendor. You use this, along with the rule * group name, to identify a rule group.

*/ inline bool VendorNameHasBeenSet() const { return m_vendorNameHasBeenSet; } /** *

The name of the managed rule group vendor. You use this, along with the rule * group name, to identify a rule group.

*/ inline void SetVendorName(const Aws::String& value) { m_vendorNameHasBeenSet = true; m_vendorName = value; } /** *

The name of the managed rule group vendor. You use this, along with the rule * group name, to identify a rule group.

*/ inline void SetVendorName(Aws::String&& value) { m_vendorNameHasBeenSet = true; m_vendorName = std::move(value); } /** *

The name of the managed rule group vendor. You use this, along with the rule * group name, to identify a rule group.

*/ inline void SetVendorName(const char* value) { m_vendorNameHasBeenSet = true; m_vendorName.assign(value); } /** *

The name of the managed rule group vendor. You use this, along with the rule * group name, to identify a rule group.

*/ inline ManagedRuleGroupStatement& WithVendorName(const Aws::String& value) { SetVendorName(value); return *this;} /** *

The name of the managed rule group vendor. You use this, along with the rule * group name, to identify a rule group.

*/ inline ManagedRuleGroupStatement& WithVendorName(Aws::String&& value) { SetVendorName(std::move(value)); return *this;} /** *

The name of the managed rule group vendor. You use this, along with the rule * group name, to identify a rule group.

*/ inline ManagedRuleGroupStatement& WithVendorName(const char* value) { SetVendorName(value); return *this;} /** *

The name of the managed rule group. You use this, along with the vendor name, * to identify the rule group.

*/ inline const Aws::String& GetName() const{ return m_name; } /** *

The name of the managed rule group. You use this, along with the vendor name, * to identify the rule group.

*/ inline bool NameHasBeenSet() const { return m_nameHasBeenSet; } /** *

The name of the managed rule group. You use this, along with the vendor name, * to identify the rule group.

*/ inline void SetName(const Aws::String& value) { m_nameHasBeenSet = true; m_name = value; } /** *

The name of the managed rule group. You use this, along with the vendor name, * to identify the rule group.

*/ inline void SetName(Aws::String&& value) { m_nameHasBeenSet = true; m_name = std::move(value); } /** *

The name of the managed rule group. You use this, along with the vendor name, * to identify the rule group.

*/ inline void SetName(const char* value) { m_nameHasBeenSet = true; m_name.assign(value); } /** *

The name of the managed rule group. You use this, along with the vendor name, * to identify the rule group.

*/ inline ManagedRuleGroupStatement& WithName(const Aws::String& value) { SetName(value); return *this;} /** *

The name of the managed rule group. You use this, along with the vendor name, * to identify the rule group.

*/ inline ManagedRuleGroupStatement& WithName(Aws::String&& value) { SetName(std::move(value)); return *this;} /** *

The name of the managed rule group. You use this, along with the vendor name, * to identify the rule group.

*/ inline ManagedRuleGroupStatement& WithName(const char* value) { SetName(value); return *this;} /** *

The version of the managed rule group to use. If you specify this, the * version setting is fixed until you change it. If you don't specify this, WAF * uses the vendor's default version, and then keeps the version at the vendor's * default when the vendor updates the managed rule group settings.

*/ inline const Aws::String& GetVersion() const{ return m_version; } /** *

The version of the managed rule group to use. If you specify this, the * version setting is fixed until you change it. If you don't specify this, WAF * uses the vendor's default version, and then keeps the version at the vendor's * default when the vendor updates the managed rule group settings.

*/ inline bool VersionHasBeenSet() const { return m_versionHasBeenSet; } /** *

The version of the managed rule group to use. If you specify this, the * version setting is fixed until you change it. If you don't specify this, WAF * uses the vendor's default version, and then keeps the version at the vendor's * default when the vendor updates the managed rule group settings.

*/ inline void SetVersion(const Aws::String& value) { m_versionHasBeenSet = true; m_version = value; } /** *

The version of the managed rule group to use. If you specify this, the * version setting is fixed until you change it. If you don't specify this, WAF * uses the vendor's default version, and then keeps the version at the vendor's * default when the vendor updates the managed rule group settings.

*/ inline void SetVersion(Aws::String&& value) { m_versionHasBeenSet = true; m_version = std::move(value); } /** *

The version of the managed rule group to use. If you specify this, the * version setting is fixed until you change it. If you don't specify this, WAF * uses the vendor's default version, and then keeps the version at the vendor's * default when the vendor updates the managed rule group settings.

*/ inline void SetVersion(const char* value) { m_versionHasBeenSet = true; m_version.assign(value); } /** *

The version of the managed rule group to use. If you specify this, the * version setting is fixed until you change it. If you don't specify this, WAF * uses the vendor's default version, and then keeps the version at the vendor's * default when the vendor updates the managed rule group settings.

*/ inline ManagedRuleGroupStatement& WithVersion(const Aws::String& value) { SetVersion(value); return *this;} /** *

The version of the managed rule group to use. If you specify this, the * version setting is fixed until you change it. If you don't specify this, WAF * uses the vendor's default version, and then keeps the version at the vendor's * default when the vendor updates the managed rule group settings.

*/ inline ManagedRuleGroupStatement& WithVersion(Aws::String&& value) { SetVersion(std::move(value)); return *this;} /** *

The version of the managed rule group to use. If you specify this, the * version setting is fixed until you change it. If you don't specify this, WAF * uses the vendor's default version, and then keeps the version at the vendor's * default when the vendor updates the managed rule group settings.

*/ inline ManagedRuleGroupStatement& WithVersion(const char* value) { SetVersion(value); return *this;} /** *

Rules in the referenced rule group whose actions are set to * Count.

Instead of this option, use * RuleActionOverrides. It accepts any valid action setting, including * Count.

*/ inline const Aws::Vector& GetExcludedRules() const{ return m_excludedRules; } /** *

Rules in the referenced rule group whose actions are set to * Count.

Instead of this option, use * RuleActionOverrides. It accepts any valid action setting, including * Count.

*/ inline bool ExcludedRulesHasBeenSet() const { return m_excludedRulesHasBeenSet; } /** *

Rules in the referenced rule group whose actions are set to * Count.

Instead of this option, use * RuleActionOverrides. It accepts any valid action setting, including * Count.

*/ inline void SetExcludedRules(const Aws::Vector& value) { m_excludedRulesHasBeenSet = true; m_excludedRules = value; } /** *

Rules in the referenced rule group whose actions are set to * Count.

Instead of this option, use * RuleActionOverrides. It accepts any valid action setting, including * Count.

*/ inline void SetExcludedRules(Aws::Vector&& value) { m_excludedRulesHasBeenSet = true; m_excludedRules = std::move(value); } /** *

Rules in the referenced rule group whose actions are set to * Count.

Instead of this option, use * RuleActionOverrides. It accepts any valid action setting, including * Count.

*/ inline ManagedRuleGroupStatement& WithExcludedRules(const Aws::Vector& value) { SetExcludedRules(value); return *this;} /** *

Rules in the referenced rule group whose actions are set to * Count.

Instead of this option, use * RuleActionOverrides. It accepts any valid action setting, including * Count.

*/ inline ManagedRuleGroupStatement& WithExcludedRules(Aws::Vector&& value) { SetExcludedRules(std::move(value)); return *this;} /** *

Rules in the referenced rule group whose actions are set to * Count.

Instead of this option, use * RuleActionOverrides. It accepts any valid action setting, including * Count.

*/ inline ManagedRuleGroupStatement& AddExcludedRules(const ExcludedRule& value) { m_excludedRulesHasBeenSet = true; m_excludedRules.push_back(value); return *this; } /** *

Rules in the referenced rule group whose actions are set to * Count.

Instead of this option, use * RuleActionOverrides. It accepts any valid action setting, including * Count.

*/ inline ManagedRuleGroupStatement& AddExcludedRules(ExcludedRule&& value) { m_excludedRulesHasBeenSet = true; m_excludedRules.push_back(std::move(value)); return *this; } /** *

An optional nested statement that narrows the scope of the web requests that * are evaluated by the managed rule group. Requests are only evaluated by the rule * group if they match the scope-down statement. You can use any nestable * Statement in the scope-down statement, and you can nest statements at any * level, the same as you can for a rule statement.

*/ AWS_WAFV2_API const Statement& GetScopeDownStatement() const; /** *

An optional nested statement that narrows the scope of the web requests that * are evaluated by the managed rule group. Requests are only evaluated by the rule * group if they match the scope-down statement. You can use any nestable * Statement in the scope-down statement, and you can nest statements at any * level, the same as you can for a rule statement.

*/ AWS_WAFV2_API bool ScopeDownStatementHasBeenSet() const; /** *

An optional nested statement that narrows the scope of the web requests that * are evaluated by the managed rule group. Requests are only evaluated by the rule * group if they match the scope-down statement. You can use any nestable * Statement in the scope-down statement, and you can nest statements at any * level, the same as you can for a rule statement.

*/ AWS_WAFV2_API void SetScopeDownStatement(const Statement& value); /** *

An optional nested statement that narrows the scope of the web requests that * are evaluated by the managed rule group. Requests are only evaluated by the rule * group if they match the scope-down statement. You can use any nestable * Statement in the scope-down statement, and you can nest statements at any * level, the same as you can for a rule statement.

*/ AWS_WAFV2_API void SetScopeDownStatement(Statement&& value); /** *

An optional nested statement that narrows the scope of the web requests that * are evaluated by the managed rule group. Requests are only evaluated by the rule * group if they match the scope-down statement. You can use any nestable * Statement in the scope-down statement, and you can nest statements at any * level, the same as you can for a rule statement.

*/ AWS_WAFV2_API ManagedRuleGroupStatement& WithScopeDownStatement(const Statement& value); /** *

An optional nested statement that narrows the scope of the web requests that * are evaluated by the managed rule group. Requests are only evaluated by the rule * group if they match the scope-down statement. You can use any nestable * Statement in the scope-down statement, and you can nest statements at any * level, the same as you can for a rule statement.

*/ AWS_WAFV2_API ManagedRuleGroupStatement& WithScopeDownStatement(Statement&& value); /** *

Additional information that's used by a managed rule group. Many managed rule * groups don't require this.

The rule groups used for intelligent threat * mitigation require additional configuration:

  • Use the * AWSManagedRulesACFPRuleSet configuration object to configure the * account creation fraud prevention managed rule group. The configuration includes * the registration and sign-up pages of your application and the locations in the * account creation request payload of data, such as the user email and phone * number fields.

  • Use the AWSManagedRulesATPRuleSet * configuration object to configure the account takeover prevention managed rule * group. The configuration includes the sign-in page of your application and the * locations in the login request payload of data such as the username and * password.

  • Use the * AWSManagedRulesBotControlRuleSet configuration object to configure * the protection level that you want the Bot Control rule group to use.

    • *
*/ inline const Aws::Vector& GetManagedRuleGroupConfigs() const{ return m_managedRuleGroupConfigs; } /** *

Additional information that's used by a managed rule group. Many managed rule * groups don't require this.

The rule groups used for intelligent threat * mitigation require additional configuration:

  • Use the * AWSManagedRulesACFPRuleSet configuration object to configure the * account creation fraud prevention managed rule group. The configuration includes * the registration and sign-up pages of your application and the locations in the * account creation request payload of data, such as the user email and phone * number fields.

  • Use the AWSManagedRulesATPRuleSet * configuration object to configure the account takeover prevention managed rule * group. The configuration includes the sign-in page of your application and the * locations in the login request payload of data such as the username and * password.

  • Use the * AWSManagedRulesBotControlRuleSet configuration object to configure * the protection level that you want the Bot Control rule group to use.

    • *
*/ inline bool ManagedRuleGroupConfigsHasBeenSet() const { return m_managedRuleGroupConfigsHasBeenSet; } /** *

Additional information that's used by a managed rule group. Many managed rule * groups don't require this.

The rule groups used for intelligent threat * mitigation require additional configuration:

  • Use the * AWSManagedRulesACFPRuleSet configuration object to configure the * account creation fraud prevention managed rule group. The configuration includes * the registration and sign-up pages of your application and the locations in the * account creation request payload of data, such as the user email and phone * number fields.

  • Use the AWSManagedRulesATPRuleSet * configuration object to configure the account takeover prevention managed rule * group. The configuration includes the sign-in page of your application and the * locations in the login request payload of data such as the username and * password.

  • Use the * AWSManagedRulesBotControlRuleSet configuration object to configure * the protection level that you want the Bot Control rule group to use.

    • *
*/ inline void SetManagedRuleGroupConfigs(const Aws::Vector& value) { m_managedRuleGroupConfigsHasBeenSet = true; m_managedRuleGroupConfigs = value; } /** *

Additional information that's used by a managed rule group. Many managed rule * groups don't require this.

The rule groups used for intelligent threat * mitigation require additional configuration:

  • Use the * AWSManagedRulesACFPRuleSet configuration object to configure the * account creation fraud prevention managed rule group. The configuration includes * the registration and sign-up pages of your application and the locations in the * account creation request payload of data, such as the user email and phone * number fields.

  • Use the AWSManagedRulesATPRuleSet * configuration object to configure the account takeover prevention managed rule * group. The configuration includes the sign-in page of your application and the * locations in the login request payload of data such as the username and * password.

  • Use the * AWSManagedRulesBotControlRuleSet configuration object to configure * the protection level that you want the Bot Control rule group to use.

    • *
*/ inline void SetManagedRuleGroupConfigs(Aws::Vector&& value) { m_managedRuleGroupConfigsHasBeenSet = true; m_managedRuleGroupConfigs = std::move(value); } /** *

Additional information that's used by a managed rule group. Many managed rule * groups don't require this.

The rule groups used for intelligent threat * mitigation require additional configuration:

  • Use the * AWSManagedRulesACFPRuleSet configuration object to configure the * account creation fraud prevention managed rule group. The configuration includes * the registration and sign-up pages of your application and the locations in the * account creation request payload of data, such as the user email and phone * number fields.

  • Use the AWSManagedRulesATPRuleSet * configuration object to configure the account takeover prevention managed rule * group. The configuration includes the sign-in page of your application and the * locations in the login request payload of data such as the username and * password.

  • Use the * AWSManagedRulesBotControlRuleSet configuration object to configure * the protection level that you want the Bot Control rule group to use.

    • *
*/ inline ManagedRuleGroupStatement& WithManagedRuleGroupConfigs(const Aws::Vector& value) { SetManagedRuleGroupConfigs(value); return *this;} /** *

Additional information that's used by a managed rule group. Many managed rule * groups don't require this.

The rule groups used for intelligent threat * mitigation require additional configuration:

  • Use the * AWSManagedRulesACFPRuleSet configuration object to configure the * account creation fraud prevention managed rule group. The configuration includes * the registration and sign-up pages of your application and the locations in the * account creation request payload of data, such as the user email and phone * number fields.

  • Use the AWSManagedRulesATPRuleSet * configuration object to configure the account takeover prevention managed rule * group. The configuration includes the sign-in page of your application and the * locations in the login request payload of data such as the username and * password.

  • Use the * AWSManagedRulesBotControlRuleSet configuration object to configure * the protection level that you want the Bot Control rule group to use.

    • *
*/ inline ManagedRuleGroupStatement& WithManagedRuleGroupConfigs(Aws::Vector&& value) { SetManagedRuleGroupConfigs(std::move(value)); return *this;} /** *

Additional information that's used by a managed rule group. Many managed rule * groups don't require this.

The rule groups used for intelligent threat * mitigation require additional configuration:

  • Use the * AWSManagedRulesACFPRuleSet configuration object to configure the * account creation fraud prevention managed rule group. The configuration includes * the registration and sign-up pages of your application and the locations in the * account creation request payload of data, such as the user email and phone * number fields.

  • Use the AWSManagedRulesATPRuleSet * configuration object to configure the account takeover prevention managed rule * group. The configuration includes the sign-in page of your application and the * locations in the login request payload of data such as the username and * password.

  • Use the * AWSManagedRulesBotControlRuleSet configuration object to configure * the protection level that you want the Bot Control rule group to use.

    • *
*/ inline ManagedRuleGroupStatement& AddManagedRuleGroupConfigs(const ManagedRuleGroupConfig& value) { m_managedRuleGroupConfigsHasBeenSet = true; m_managedRuleGroupConfigs.push_back(value); return *this; } /** *

Additional information that's used by a managed rule group. Many managed rule * groups don't require this.

The rule groups used for intelligent threat * mitigation require additional configuration:

  • Use the * AWSManagedRulesACFPRuleSet configuration object to configure the * account creation fraud prevention managed rule group. The configuration includes * the registration and sign-up pages of your application and the locations in the * account creation request payload of data, such as the user email and phone * number fields.

  • Use the AWSManagedRulesATPRuleSet * configuration object to configure the account takeover prevention managed rule * group. The configuration includes the sign-in page of your application and the * locations in the login request payload of data such as the username and * password.

  • Use the * AWSManagedRulesBotControlRuleSet configuration object to configure * the protection level that you want the Bot Control rule group to use.

    • *
*/ inline ManagedRuleGroupStatement& AddManagedRuleGroupConfigs(ManagedRuleGroupConfig&& value) { m_managedRuleGroupConfigsHasBeenSet = true; m_managedRuleGroupConfigs.push_back(std::move(value)); return *this; } /** *

Action settings to use in the place of the rule actions that are configured * inside the rule group. You specify one override for each rule whose action you * want to change.

You can use overrides for testing, for example you can * override all of rule actions to Count and then monitor the * resulting count metrics to understand how the rule group would handle your web * traffic. You can also permanently override some or all actions, to modify how * the rule group manages your web traffic.

*/ inline const Aws::Vector& GetRuleActionOverrides() const{ return m_ruleActionOverrides; } /** *

Action settings to use in the place of the rule actions that are configured * inside the rule group. You specify one override for each rule whose action you * want to change.

You can use overrides for testing, for example you can * override all of rule actions to Count and then monitor the * resulting count metrics to understand how the rule group would handle your web * traffic. You can also permanently override some or all actions, to modify how * the rule group manages your web traffic.

*/ inline bool RuleActionOverridesHasBeenSet() const { return m_ruleActionOverridesHasBeenSet; } /** *

Action settings to use in the place of the rule actions that are configured * inside the rule group. You specify one override for each rule whose action you * want to change.

You can use overrides for testing, for example you can * override all of rule actions to Count and then monitor the * resulting count metrics to understand how the rule group would handle your web * traffic. You can also permanently override some or all actions, to modify how * the rule group manages your web traffic.

*/ inline void SetRuleActionOverrides(const Aws::Vector& value) { m_ruleActionOverridesHasBeenSet = true; m_ruleActionOverrides = value; } /** *

Action settings to use in the place of the rule actions that are configured * inside the rule group. You specify one override for each rule whose action you * want to change.

You can use overrides for testing, for example you can * override all of rule actions to Count and then monitor the * resulting count metrics to understand how the rule group would handle your web * traffic. You can also permanently override some or all actions, to modify how * the rule group manages your web traffic.

*/ inline void SetRuleActionOverrides(Aws::Vector&& value) { m_ruleActionOverridesHasBeenSet = true; m_ruleActionOverrides = std::move(value); } /** *

Action settings to use in the place of the rule actions that are configured * inside the rule group. You specify one override for each rule whose action you * want to change.

You can use overrides for testing, for example you can * override all of rule actions to Count and then monitor the * resulting count metrics to understand how the rule group would handle your web * traffic. You can also permanently override some or all actions, to modify how * the rule group manages your web traffic.

*/ inline ManagedRuleGroupStatement& WithRuleActionOverrides(const Aws::Vector& value) { SetRuleActionOverrides(value); return *this;} /** *

Action settings to use in the place of the rule actions that are configured * inside the rule group. You specify one override for each rule whose action you * want to change.

You can use overrides for testing, for example you can * override all of rule actions to Count and then monitor the * resulting count metrics to understand how the rule group would handle your web * traffic. You can also permanently override some or all actions, to modify how * the rule group manages your web traffic.

*/ inline ManagedRuleGroupStatement& WithRuleActionOverrides(Aws::Vector&& value) { SetRuleActionOverrides(std::move(value)); return *this;} /** *

Action settings to use in the place of the rule actions that are configured * inside the rule group. You specify one override for each rule whose action you * want to change.

You can use overrides for testing, for example you can * override all of rule actions to Count and then monitor the * resulting count metrics to understand how the rule group would handle your web * traffic. You can also permanently override some or all actions, to modify how * the rule group manages your web traffic.

*/ inline ManagedRuleGroupStatement& AddRuleActionOverrides(const RuleActionOverride& value) { m_ruleActionOverridesHasBeenSet = true; m_ruleActionOverrides.push_back(value); return *this; } /** *

Action settings to use in the place of the rule actions that are configured * inside the rule group. You specify one override for each rule whose action you * want to change.

You can use overrides for testing, for example you can * override all of rule actions to Count and then monitor the * resulting count metrics to understand how the rule group would handle your web * traffic. You can also permanently override some or all actions, to modify how * the rule group manages your web traffic.

*/ inline ManagedRuleGroupStatement& AddRuleActionOverrides(RuleActionOverride&& value) { m_ruleActionOverridesHasBeenSet = true; m_ruleActionOverrides.push_back(std::move(value)); return *this; } private: Aws::String m_vendorName; bool m_vendorNameHasBeenSet = false; Aws::String m_name; bool m_nameHasBeenSet = false; Aws::String m_version; bool m_versionHasBeenSet = false; Aws::Vector m_excludedRules; bool m_excludedRulesHasBeenSet = false; std::shared_ptr m_scopeDownStatement; bool m_scopeDownStatementHasBeenSet = false; Aws::Vector m_managedRuleGroupConfigs; bool m_managedRuleGroupConfigsHasBeenSet = false; Aws::Vector m_ruleActionOverrides; bool m_ruleActionOverridesHasBeenSet = false; }; } // namespace Model } // namespace WAFV2 } // namespace Aws