/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include #include #include #include #include #include #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace WAFV2 { namespace Model { class RateBasedStatement; class AndStatement; class OrStatement; class NotStatement; class ManagedRuleGroupStatement; /** *

The processing guidance for a Rule, used by WAF to determine whether a * web request matches the rule.

For example specifications, see the * examples section of CreateWebACL.

See Also:

AWS API * Reference

*/ class Statement { public: AWS_WAFV2_API Statement(); AWS_WAFV2_API Statement(Aws::Utils::Json::JsonView jsonValue); AWS_WAFV2_API Statement& operator=(Aws::Utils::Json::JsonView jsonValue); AWS_WAFV2_API Aws::Utils::Json::JsonValue Jsonize() const; /** *

A rule statement that defines a string match search for WAF to apply to web * requests. The byte match statement provides the bytes to search for, the * location in requests that you want WAF to search, and other settings. The bytes * to search for are typically a string that corresponds with ASCII characters. In * the WAF console and the developer guide, this is called a string match * statement.

*/ inline const ByteMatchStatement& GetByteMatchStatement() const{ return m_byteMatchStatement; } /** *

A rule statement that defines a string match search for WAF to apply to web * requests. The byte match statement provides the bytes to search for, the * location in requests that you want WAF to search, and other settings. The bytes * to search for are typically a string that corresponds with ASCII characters. In * the WAF console and the developer guide, this is called a string match * statement.

*/ inline bool ByteMatchStatementHasBeenSet() const { return m_byteMatchStatementHasBeenSet; } /** *

A rule statement that defines a string match search for WAF to apply to web * requests. The byte match statement provides the bytes to search for, the * location in requests that you want WAF to search, and other settings. The bytes * to search for are typically a string that corresponds with ASCII characters. In * the WAF console and the developer guide, this is called a string match * statement.

*/ inline void SetByteMatchStatement(const ByteMatchStatement& value) { m_byteMatchStatementHasBeenSet = true; m_byteMatchStatement = value; } /** *

A rule statement that defines a string match search for WAF to apply to web * requests. The byte match statement provides the bytes to search for, the * location in requests that you want WAF to search, and other settings. The bytes * to search for are typically a string that corresponds with ASCII characters. In * the WAF console and the developer guide, this is called a string match * statement.

*/ inline void SetByteMatchStatement(ByteMatchStatement&& value) { m_byteMatchStatementHasBeenSet = true; m_byteMatchStatement = std::move(value); } /** *

A rule statement that defines a string match search for WAF to apply to web * requests. The byte match statement provides the bytes to search for, the * location in requests that you want WAF to search, and other settings. The bytes * to search for are typically a string that corresponds with ASCII characters. In * the WAF console and the developer guide, this is called a string match * statement.

*/ inline Statement& WithByteMatchStatement(const ByteMatchStatement& value) { SetByteMatchStatement(value); return *this;} /** *

A rule statement that defines a string match search for WAF to apply to web * requests. The byte match statement provides the bytes to search for, the * location in requests that you want WAF to search, and other settings. The bytes * to search for are typically a string that corresponds with ASCII characters. In * the WAF console and the developer guide, this is called a string match * statement.

*/ inline Statement& WithByteMatchStatement(ByteMatchStatement&& value) { SetByteMatchStatement(std::move(value)); return *this;} /** *

A rule statement that inspects for malicious SQL code. Attackers insert * malicious SQL code into web requests to do things like modify your database or * extract data from it.

*/ inline const SqliMatchStatement& GetSqliMatchStatement() const{ return m_sqliMatchStatement; } /** *

A rule statement that inspects for malicious SQL code. Attackers insert * malicious SQL code into web requests to do things like modify your database or * extract data from it.

*/ inline bool SqliMatchStatementHasBeenSet() const { return m_sqliMatchStatementHasBeenSet; } /** *

A rule statement that inspects for malicious SQL code. Attackers insert * malicious SQL code into web requests to do things like modify your database or * extract data from it.

*/ inline void SetSqliMatchStatement(const SqliMatchStatement& value) { m_sqliMatchStatementHasBeenSet = true; m_sqliMatchStatement = value; } /** *

A rule statement that inspects for malicious SQL code. Attackers insert * malicious SQL code into web requests to do things like modify your database or * extract data from it.

*/ inline void SetSqliMatchStatement(SqliMatchStatement&& value) { m_sqliMatchStatementHasBeenSet = true; m_sqliMatchStatement = std::move(value); } /** *

A rule statement that inspects for malicious SQL code. Attackers insert * malicious SQL code into web requests to do things like modify your database or * extract data from it.

*/ inline Statement& WithSqliMatchStatement(const SqliMatchStatement& value) { SetSqliMatchStatement(value); return *this;} /** *

A rule statement that inspects for malicious SQL code. Attackers insert * malicious SQL code into web requests to do things like modify your database or * extract data from it.

*/ inline Statement& WithSqliMatchStatement(SqliMatchStatement&& value) { SetSqliMatchStatement(std::move(value)); return *this;} /** *

A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS * attacks, the attacker uses vulnerabilities in a benign website as a vehicle to * inject malicious client-site scripts into other legitimate web browsers.

*/ inline const XssMatchStatement& GetXssMatchStatement() const{ return m_xssMatchStatement; } /** *

A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS * attacks, the attacker uses vulnerabilities in a benign website as a vehicle to * inject malicious client-site scripts into other legitimate web browsers.

*/ inline bool XssMatchStatementHasBeenSet() const { return m_xssMatchStatementHasBeenSet; } /** *

A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS * attacks, the attacker uses vulnerabilities in a benign website as a vehicle to * inject malicious client-site scripts into other legitimate web browsers.

*/ inline void SetXssMatchStatement(const XssMatchStatement& value) { m_xssMatchStatementHasBeenSet = true; m_xssMatchStatement = value; } /** *

A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS * attacks, the attacker uses vulnerabilities in a benign website as a vehicle to * inject malicious client-site scripts into other legitimate web browsers.

*/ inline void SetXssMatchStatement(XssMatchStatement&& value) { m_xssMatchStatementHasBeenSet = true; m_xssMatchStatement = std::move(value); } /** *

A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS * attacks, the attacker uses vulnerabilities in a benign website as a vehicle to * inject malicious client-site scripts into other legitimate web browsers.

*/ inline Statement& WithXssMatchStatement(const XssMatchStatement& value) { SetXssMatchStatement(value); return *this;} /** *

A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS * attacks, the attacker uses vulnerabilities in a benign website as a vehicle to * inject malicious client-site scripts into other legitimate web browsers.

*/ inline Statement& WithXssMatchStatement(XssMatchStatement&& value) { SetXssMatchStatement(std::move(value)); return *this;} /** *

A rule statement that compares a number of bytes against the size of a * request component, using a comparison operator, such as greater than (>) or * less than (<). For example, you can use a size constraint statement to look * for query strings that are longer than 100 bytes.

If you configure WAF * to inspect the request body, WAF inspects only the number of bytes of the body * up to the limit for the web ACL. By default, for regional web ACLs, this limit * is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB * (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the * web ACL AssociationConfig, for additional fees. If you know that * the request body for your web requests should never exceed the inspection limit, * you could use a size constraint statement to block requests that have a larger * request body size.

If you choose URI for the value of Part of the request * to filter on, the slash (/) in the URI counts as one character. For example, the * URI /logo.jpg is nine characters long.

*/ inline const SizeConstraintStatement& GetSizeConstraintStatement() const{ return m_sizeConstraintStatement; } /** *

A rule statement that compares a number of bytes against the size of a * request component, using a comparison operator, such as greater than (>) or * less than (<). For example, you can use a size constraint statement to look * for query strings that are longer than 100 bytes.

If you configure WAF * to inspect the request body, WAF inspects only the number of bytes of the body * up to the limit for the web ACL. By default, for regional web ACLs, this limit * is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB * (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the * web ACL AssociationConfig, for additional fees. If you know that * the request body for your web requests should never exceed the inspection limit, * you could use a size constraint statement to block requests that have a larger * request body size.

If you choose URI for the value of Part of the request * to filter on, the slash (/) in the URI counts as one character. For example, the * URI /logo.jpg is nine characters long.

*/ inline bool SizeConstraintStatementHasBeenSet() const { return m_sizeConstraintStatementHasBeenSet; } /** *

A rule statement that compares a number of bytes against the size of a * request component, using a comparison operator, such as greater than (>) or * less than (<). For example, you can use a size constraint statement to look * for query strings that are longer than 100 bytes.

If you configure WAF * to inspect the request body, WAF inspects only the number of bytes of the body * up to the limit for the web ACL. By default, for regional web ACLs, this limit * is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB * (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the * web ACL AssociationConfig, for additional fees. If you know that * the request body for your web requests should never exceed the inspection limit, * you could use a size constraint statement to block requests that have a larger * request body size.

If you choose URI for the value of Part of the request * to filter on, the slash (/) in the URI counts as one character. For example, the * URI /logo.jpg is nine characters long.

*/ inline void SetSizeConstraintStatement(const SizeConstraintStatement& value) { m_sizeConstraintStatementHasBeenSet = true; m_sizeConstraintStatement = value; } /** *

A rule statement that compares a number of bytes against the size of a * request component, using a comparison operator, such as greater than (>) or * less than (<). For example, you can use a size constraint statement to look * for query strings that are longer than 100 bytes.

If you configure WAF * to inspect the request body, WAF inspects only the number of bytes of the body * up to the limit for the web ACL. By default, for regional web ACLs, this limit * is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB * (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the * web ACL AssociationConfig, for additional fees. If you know that * the request body for your web requests should never exceed the inspection limit, * you could use a size constraint statement to block requests that have a larger * request body size.

If you choose URI for the value of Part of the request * to filter on, the slash (/) in the URI counts as one character. For example, the * URI /logo.jpg is nine characters long.

*/ inline void SetSizeConstraintStatement(SizeConstraintStatement&& value) { m_sizeConstraintStatementHasBeenSet = true; m_sizeConstraintStatement = std::move(value); } /** *

A rule statement that compares a number of bytes against the size of a * request component, using a comparison operator, such as greater than (>) or * less than (<). For example, you can use a size constraint statement to look * for query strings that are longer than 100 bytes.

If you configure WAF * to inspect the request body, WAF inspects only the number of bytes of the body * up to the limit for the web ACL. By default, for regional web ACLs, this limit * is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB * (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the * web ACL AssociationConfig, for additional fees. If you know that * the request body for your web requests should never exceed the inspection limit, * you could use a size constraint statement to block requests that have a larger * request body size.

If you choose URI for the value of Part of the request * to filter on, the slash (/) in the URI counts as one character. For example, the * URI /logo.jpg is nine characters long.

*/ inline Statement& WithSizeConstraintStatement(const SizeConstraintStatement& value) { SetSizeConstraintStatement(value); return *this;} /** *

A rule statement that compares a number of bytes against the size of a * request component, using a comparison operator, such as greater than (>) or * less than (<). For example, you can use a size constraint statement to look * for query strings that are longer than 100 bytes.

If you configure WAF * to inspect the request body, WAF inspects only the number of bytes of the body * up to the limit for the web ACL. By default, for regional web ACLs, this limit * is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB * (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the * web ACL AssociationConfig, for additional fees. If you know that * the request body for your web requests should never exceed the inspection limit, * you could use a size constraint statement to block requests that have a larger * request body size.

If you choose URI for the value of Part of the request * to filter on, the slash (/) in the URI counts as one character. For example, the * URI /logo.jpg is nine characters long.

*/ inline Statement& WithSizeConstraintStatement(SizeConstraintStatement&& value) { SetSizeConstraintStatement(std::move(value)); return *this;} /** *

A rule statement that labels web requests by country and region and that * matches against web requests based on country code. A geo match rule labels * every request that it inspects regardless of whether it finds a match.

    *

  • To manage requests only by country, you can use this statement by itself * and specify the countries that you want to match against in the * CountryCodes array.

  • Otherwise, configure your * geo match rule with Count action so that it only labels requests. Then, add one * or more label match rules to run after the geo match rule and configure them to * match against the geographic labels and handle the requests as needed.

    *

WAF labels requests using the alpha-2 country and region codes * from the International Organization for Standardization (ISO) 3166 standard. WAF * determines the codes using either the IP address in the web request origin or, * if you specify it, the address in the geo match ForwardedIPConfig. *

If you use the web request origin, the label formats are * awswaf:clientip:geo:region:<ISO country code>-<ISO region * code> and awswaf:clientip:geo:country:<ISO country * code>.

If you use a forwarded IP address, the label formats are * awswaf:forwardedip:geo:region:<ISO country code>-<ISO region * code> and awswaf:forwardedip:geo:country:<ISO country * code>.

For additional details, see Geographic * match rule statement in the WAF * Developer Guide.

*/ inline const GeoMatchStatement& GetGeoMatchStatement() const{ return m_geoMatchStatement; } /** *

A rule statement that labels web requests by country and region and that * matches against web requests based on country code. A geo match rule labels * every request that it inspects regardless of whether it finds a match.

    *

  • To manage requests only by country, you can use this statement by itself * and specify the countries that you want to match against in the * CountryCodes array.

  • Otherwise, configure your * geo match rule with Count action so that it only labels requests. Then, add one * or more label match rules to run after the geo match rule and configure them to * match against the geographic labels and handle the requests as needed.

    *

WAF labels requests using the alpha-2 country and region codes * from the International Organization for Standardization (ISO) 3166 standard. WAF * determines the codes using either the IP address in the web request origin or, * if you specify it, the address in the geo match ForwardedIPConfig. *

If you use the web request origin, the label formats are * awswaf:clientip:geo:region:<ISO country code>-<ISO region * code> and awswaf:clientip:geo:country:<ISO country * code>.

If you use a forwarded IP address, the label formats are * awswaf:forwardedip:geo:region:<ISO country code>-<ISO region * code> and awswaf:forwardedip:geo:country:<ISO country * code>.

For additional details, see Geographic * match rule statement in the WAF * Developer Guide.

*/ inline bool GeoMatchStatementHasBeenSet() const { return m_geoMatchStatementHasBeenSet; } /** *

A rule statement that labels web requests by country and region and that * matches against web requests based on country code. A geo match rule labels * every request that it inspects regardless of whether it finds a match.

    *

  • To manage requests only by country, you can use this statement by itself * and specify the countries that you want to match against in the * CountryCodes array.

  • Otherwise, configure your * geo match rule with Count action so that it only labels requests. Then, add one * or more label match rules to run after the geo match rule and configure them to * match against the geographic labels and handle the requests as needed.

    *

WAF labels requests using the alpha-2 country and region codes * from the International Organization for Standardization (ISO) 3166 standard. WAF * determines the codes using either the IP address in the web request origin or, * if you specify it, the address in the geo match ForwardedIPConfig. *

If you use the web request origin, the label formats are * awswaf:clientip:geo:region:<ISO country code>-<ISO region * code> and awswaf:clientip:geo:country:<ISO country * code>.

If you use a forwarded IP address, the label formats are * awswaf:forwardedip:geo:region:<ISO country code>-<ISO region * code> and awswaf:forwardedip:geo:country:<ISO country * code>.

For additional details, see Geographic * match rule statement in the WAF * Developer Guide.

*/ inline void SetGeoMatchStatement(const GeoMatchStatement& value) { m_geoMatchStatementHasBeenSet = true; m_geoMatchStatement = value; } /** *

A rule statement that labels web requests by country and region and that * matches against web requests based on country code. A geo match rule labels * every request that it inspects regardless of whether it finds a match.

    *

  • To manage requests only by country, you can use this statement by itself * and specify the countries that you want to match against in the * CountryCodes array.

  • Otherwise, configure your * geo match rule with Count action so that it only labels requests. Then, add one * or more label match rules to run after the geo match rule and configure them to * match against the geographic labels and handle the requests as needed.

    *

WAF labels requests using the alpha-2 country and region codes * from the International Organization for Standardization (ISO) 3166 standard. WAF * determines the codes using either the IP address in the web request origin or, * if you specify it, the address in the geo match ForwardedIPConfig. *

If you use the web request origin, the label formats are * awswaf:clientip:geo:region:<ISO country code>-<ISO region * code> and awswaf:clientip:geo:country:<ISO country * code>.

If you use a forwarded IP address, the label formats are * awswaf:forwardedip:geo:region:<ISO country code>-<ISO region * code> and awswaf:forwardedip:geo:country:<ISO country * code>.

For additional details, see Geographic * match rule statement in the WAF * Developer Guide.

*/ inline void SetGeoMatchStatement(GeoMatchStatement&& value) { m_geoMatchStatementHasBeenSet = true; m_geoMatchStatement = std::move(value); } /** *

A rule statement that labels web requests by country and region and that * matches against web requests based on country code. A geo match rule labels * every request that it inspects regardless of whether it finds a match.

    *

  • To manage requests only by country, you can use this statement by itself * and specify the countries that you want to match against in the * CountryCodes array.

  • Otherwise, configure your * geo match rule with Count action so that it only labels requests. Then, add one * or more label match rules to run after the geo match rule and configure them to * match against the geographic labels and handle the requests as needed.

    *

WAF labels requests using the alpha-2 country and region codes * from the International Organization for Standardization (ISO) 3166 standard. WAF * determines the codes using either the IP address in the web request origin or, * if you specify it, the address in the geo match ForwardedIPConfig. *

If you use the web request origin, the label formats are * awswaf:clientip:geo:region:<ISO country code>-<ISO region * code> and awswaf:clientip:geo:country:<ISO country * code>.

If you use a forwarded IP address, the label formats are * awswaf:forwardedip:geo:region:<ISO country code>-<ISO region * code> and awswaf:forwardedip:geo:country:<ISO country * code>.

For additional details, see Geographic * match rule statement in the WAF * Developer Guide.

*/ inline Statement& WithGeoMatchStatement(const GeoMatchStatement& value) { SetGeoMatchStatement(value); return *this;} /** *

A rule statement that labels web requests by country and region and that * matches against web requests based on country code. A geo match rule labels * every request that it inspects regardless of whether it finds a match.

    *

  • To manage requests only by country, you can use this statement by itself * and specify the countries that you want to match against in the * CountryCodes array.

  • Otherwise, configure your * geo match rule with Count action so that it only labels requests. Then, add one * or more label match rules to run after the geo match rule and configure them to * match against the geographic labels and handle the requests as needed.

    *

WAF labels requests using the alpha-2 country and region codes * from the International Organization for Standardization (ISO) 3166 standard. WAF * determines the codes using either the IP address in the web request origin or, * if you specify it, the address in the geo match ForwardedIPConfig. *

If you use the web request origin, the label formats are * awswaf:clientip:geo:region:<ISO country code>-<ISO region * code> and awswaf:clientip:geo:country:<ISO country * code>.

If you use a forwarded IP address, the label formats are * awswaf:forwardedip:geo:region:<ISO country code>-<ISO region * code> and awswaf:forwardedip:geo:country:<ISO country * code>.

For additional details, see Geographic * match rule statement in the WAF * Developer Guide.

*/ inline Statement& WithGeoMatchStatement(GeoMatchStatement&& value) { SetGeoMatchStatement(std::move(value)); return *this;} /** *

A rule statement used to run the rules that are defined in a * RuleGroup. To use this, create a rule group with your rules, then provide * the ARN of the rule group in this statement.

You cannot nest a * RuleGroupReferenceStatement, for example for use inside a * NotStatement or OrStatement. You can only use a rule * group reference statement at the top level inside a web ACL.

*/ inline const RuleGroupReferenceStatement& GetRuleGroupReferenceStatement() const{ return m_ruleGroupReferenceStatement; } /** *

A rule statement used to run the rules that are defined in a * RuleGroup. To use this, create a rule group with your rules, then provide * the ARN of the rule group in this statement.

You cannot nest a * RuleGroupReferenceStatement, for example for use inside a * NotStatement or OrStatement. You can only use a rule * group reference statement at the top level inside a web ACL.

*/ inline bool RuleGroupReferenceStatementHasBeenSet() const { return m_ruleGroupReferenceStatementHasBeenSet; } /** *

A rule statement used to run the rules that are defined in a * RuleGroup. To use this, create a rule group with your rules, then provide * the ARN of the rule group in this statement.

You cannot nest a * RuleGroupReferenceStatement, for example for use inside a * NotStatement or OrStatement. You can only use a rule * group reference statement at the top level inside a web ACL.

*/ inline void SetRuleGroupReferenceStatement(const RuleGroupReferenceStatement& value) { m_ruleGroupReferenceStatementHasBeenSet = true; m_ruleGroupReferenceStatement = value; } /** *

A rule statement used to run the rules that are defined in a * RuleGroup. To use this, create a rule group with your rules, then provide * the ARN of the rule group in this statement.

You cannot nest a * RuleGroupReferenceStatement, for example for use inside a * NotStatement or OrStatement. You can only use a rule * group reference statement at the top level inside a web ACL.

*/ inline void SetRuleGroupReferenceStatement(RuleGroupReferenceStatement&& value) { m_ruleGroupReferenceStatementHasBeenSet = true; m_ruleGroupReferenceStatement = std::move(value); } /** *

A rule statement used to run the rules that are defined in a * RuleGroup. To use this, create a rule group with your rules, then provide * the ARN of the rule group in this statement.

You cannot nest a * RuleGroupReferenceStatement, for example for use inside a * NotStatement or OrStatement. You can only use a rule * group reference statement at the top level inside a web ACL.

*/ inline Statement& WithRuleGroupReferenceStatement(const RuleGroupReferenceStatement& value) { SetRuleGroupReferenceStatement(value); return *this;} /** *

A rule statement used to run the rules that are defined in a * RuleGroup. To use this, create a rule group with your rules, then provide * the ARN of the rule group in this statement.

You cannot nest a * RuleGroupReferenceStatement, for example for use inside a * NotStatement or OrStatement. You can only use a rule * group reference statement at the top level inside a web ACL.

*/ inline Statement& WithRuleGroupReferenceStatement(RuleGroupReferenceStatement&& value) { SetRuleGroupReferenceStatement(std::move(value)); return *this;} /** *

A rule statement used to detect web requests coming from particular IP * addresses or address ranges. To use this, create an IPSet that specifies * the addresses you want to detect, then use the ARN of that set in this * statement. To create an IP set, see CreateIPSet.

Each IP set rule * statement references an IP set. You create and maintain the set independent of * your rules. This allows you to use the single set in multiple rules. When you * update the referenced set, WAF automatically updates all rules that reference * it.

*/ inline const IPSetReferenceStatement& GetIPSetReferenceStatement() const{ return m_iPSetReferenceStatement; } /** *

A rule statement used to detect web requests coming from particular IP * addresses or address ranges. To use this, create an IPSet that specifies * the addresses you want to detect, then use the ARN of that set in this * statement. To create an IP set, see CreateIPSet.

Each IP set rule * statement references an IP set. You create and maintain the set independent of * your rules. This allows you to use the single set in multiple rules. When you * update the referenced set, WAF automatically updates all rules that reference * it.

*/ inline bool IPSetReferenceStatementHasBeenSet() const { return m_iPSetReferenceStatementHasBeenSet; } /** *

A rule statement used to detect web requests coming from particular IP * addresses or address ranges. To use this, create an IPSet that specifies * the addresses you want to detect, then use the ARN of that set in this * statement. To create an IP set, see CreateIPSet.

Each IP set rule * statement references an IP set. You create and maintain the set independent of * your rules. This allows you to use the single set in multiple rules. When you * update the referenced set, WAF automatically updates all rules that reference * it.

*/ inline void SetIPSetReferenceStatement(const IPSetReferenceStatement& value) { m_iPSetReferenceStatementHasBeenSet = true; m_iPSetReferenceStatement = value; } /** *

A rule statement used to detect web requests coming from particular IP * addresses or address ranges. To use this, create an IPSet that specifies * the addresses you want to detect, then use the ARN of that set in this * statement. To create an IP set, see CreateIPSet.

Each IP set rule * statement references an IP set. You create and maintain the set independent of * your rules. This allows you to use the single set in multiple rules. When you * update the referenced set, WAF automatically updates all rules that reference * it.

*/ inline void SetIPSetReferenceStatement(IPSetReferenceStatement&& value) { m_iPSetReferenceStatementHasBeenSet = true; m_iPSetReferenceStatement = std::move(value); } /** *

A rule statement used to detect web requests coming from particular IP * addresses or address ranges. To use this, create an IPSet that specifies * the addresses you want to detect, then use the ARN of that set in this * statement. To create an IP set, see CreateIPSet.

Each IP set rule * statement references an IP set. You create and maintain the set independent of * your rules. This allows you to use the single set in multiple rules. When you * update the referenced set, WAF automatically updates all rules that reference * it.

*/ inline Statement& WithIPSetReferenceStatement(const IPSetReferenceStatement& value) { SetIPSetReferenceStatement(value); return *this;} /** *

A rule statement used to detect web requests coming from particular IP * addresses or address ranges. To use this, create an IPSet that specifies * the addresses you want to detect, then use the ARN of that set in this * statement. To create an IP set, see CreateIPSet.

Each IP set rule * statement references an IP set. You create and maintain the set independent of * your rules. This allows you to use the single set in multiple rules. When you * update the referenced set, WAF automatically updates all rules that reference * it.

*/ inline Statement& WithIPSetReferenceStatement(IPSetReferenceStatement&& value) { SetIPSetReferenceStatement(std::move(value)); return *this;} /** *

A rule statement used to search web request components for matches with * regular expressions. To use this, create a RegexPatternSet that specifies * the expressions that you want to detect, then use the ARN of that set in this * statement. A web request matches the pattern set rule statement if the request * component matches any of the patterns in the set. To create a regex pattern set, * see CreateRegexPatternSet.

Each regex pattern set rule statement * references a regex pattern set. You create and maintain the set independent of * your rules. This allows you to use the single set in multiple rules. When you * update the referenced set, WAF automatically updates all rules that reference * it.

*/ inline const RegexPatternSetReferenceStatement& GetRegexPatternSetReferenceStatement() const{ return m_regexPatternSetReferenceStatement; } /** *

A rule statement used to search web request components for matches with * regular expressions. To use this, create a RegexPatternSet that specifies * the expressions that you want to detect, then use the ARN of that set in this * statement. A web request matches the pattern set rule statement if the request * component matches any of the patterns in the set. To create a regex pattern set, * see CreateRegexPatternSet.

Each regex pattern set rule statement * references a regex pattern set. You create and maintain the set independent of * your rules. This allows you to use the single set in multiple rules. When you * update the referenced set, WAF automatically updates all rules that reference * it.

*/ inline bool RegexPatternSetReferenceStatementHasBeenSet() const { return m_regexPatternSetReferenceStatementHasBeenSet; } /** *

A rule statement used to search web request components for matches with * regular expressions. To use this, create a RegexPatternSet that specifies * the expressions that you want to detect, then use the ARN of that set in this * statement. A web request matches the pattern set rule statement if the request * component matches any of the patterns in the set. To create a regex pattern set, * see CreateRegexPatternSet.

Each regex pattern set rule statement * references a regex pattern set. You create and maintain the set independent of * your rules. This allows you to use the single set in multiple rules. When you * update the referenced set, WAF automatically updates all rules that reference * it.

*/ inline void SetRegexPatternSetReferenceStatement(const RegexPatternSetReferenceStatement& value) { m_regexPatternSetReferenceStatementHasBeenSet = true; m_regexPatternSetReferenceStatement = value; } /** *

A rule statement used to search web request components for matches with * regular expressions. To use this, create a RegexPatternSet that specifies * the expressions that you want to detect, then use the ARN of that set in this * statement. A web request matches the pattern set rule statement if the request * component matches any of the patterns in the set. To create a regex pattern set, * see CreateRegexPatternSet.

Each regex pattern set rule statement * references a regex pattern set. You create and maintain the set independent of * your rules. This allows you to use the single set in multiple rules. When you * update the referenced set, WAF automatically updates all rules that reference * it.

*/ inline void SetRegexPatternSetReferenceStatement(RegexPatternSetReferenceStatement&& value) { m_regexPatternSetReferenceStatementHasBeenSet = true; m_regexPatternSetReferenceStatement = std::move(value); } /** *

A rule statement used to search web request components for matches with * regular expressions. To use this, create a RegexPatternSet that specifies * the expressions that you want to detect, then use the ARN of that set in this * statement. A web request matches the pattern set rule statement if the request * component matches any of the patterns in the set. To create a regex pattern set, * see CreateRegexPatternSet.

Each regex pattern set rule statement * references a regex pattern set. You create and maintain the set independent of * your rules. This allows you to use the single set in multiple rules. When you * update the referenced set, WAF automatically updates all rules that reference * it.

*/ inline Statement& WithRegexPatternSetReferenceStatement(const RegexPatternSetReferenceStatement& value) { SetRegexPatternSetReferenceStatement(value); return *this;} /** *

A rule statement used to search web request components for matches with * regular expressions. To use this, create a RegexPatternSet that specifies * the expressions that you want to detect, then use the ARN of that set in this * statement. A web request matches the pattern set rule statement if the request * component matches any of the patterns in the set. To create a regex pattern set, * see CreateRegexPatternSet.

Each regex pattern set rule statement * references a regex pattern set. You create and maintain the set independent of * your rules. This allows you to use the single set in multiple rules. When you * update the referenced set, WAF automatically updates all rules that reference * it.

*/ inline Statement& WithRegexPatternSetReferenceStatement(RegexPatternSetReferenceStatement&& value) { SetRegexPatternSetReferenceStatement(std::move(value)); return *this;} /** *

A rate-based rule counts incoming requests and rate limits requests when they * are coming at too fast a rate. The rule categorizes requests according to your * aggregation criteria, collects them into aggregation instances, and counts and * rate limits the requests for each instance.

You can specify individual * aggregation keys, like IP address or HTTP method. You can also specify * aggregation key combinations, like IP address and HTTP method, or HTTP method, * query argument, and cookie.

Each unique set of values for the * aggregation keys that you specify is a separate aggregation instance, with the * value from each key contributing to the aggregation instance definition.

*

For example, assume the rule evaluates web requests with the following IP * address and HTTP method values:

  • IP address 10.1.1.1, HTTP * method POST

  • IP address 10.1.1.1, HTTP method GET

    • *

  • IP address 127.0.0.0, HTTP method POST

  • IP address * 10.1.1.1, HTTP method GET

The rule would create different * aggregation instances according to your aggregation criteria, for example:

*

  • If the aggregation criteria is just the IP address, then each * individual address is an aggregation instance, and WAF counts requests * separately for each. The aggregation instances and request counts for our * example would be the following:

    • IP address 10.1.1.1: count * 3

    • IP address 127.0.0.0: count 1

  • *

    If the aggregation criteria is HTTP method, then each individual HTTP method * is an aggregation instance. The aggregation instances and request counts for our * example would be the following:

    • HTTP method POST: count 2

      *

    • HTTP method GET: count 2

  • If the * aggregation criteria is IP address and HTTP method, then each IP address and * each HTTP method would contribute to the combined aggregation instance. The * aggregation instances and request counts for our example would be the following: *

    • IP address 10.1.1.1, HTTP method POST: count 1

    • *

      IP address 10.1.1.1, HTTP method GET: count 2

    • IP address * 127.0.0.0, HTTP method POST: count 1

For any * n-tuple of aggregation keys, each unique combination of values for the keys * defines a separate aggregation instance, which WAF counts and rate-limits * individually.

You can optionally nest another statement inside the * rate-based statement, to narrow the scope of the rule so that it only counts and * rate limits requests that match the nested statement. You can use this nested * scope-down statement in conjunction with your aggregation key specifications or * you can just count and rate limit all requests that match the scope-down * statement, without additional aggregation. When you choose to just manage all * requests that match a scope-down statement, the aggregation instance is singular * for the rule.

You cannot nest a RateBasedStatement inside * another statement, for example inside a NotStatement or * OrStatement. You can define a RateBasedStatement * inside a web ACL and inside a rule group.

For additional information * about the options, see Rate * limiting web requests using rate-based rules in the WAF Developer * Guide.

If you only aggregate on the individual IP address or * forwarded IP address, you can retrieve the list of IP addresses that WAF is * currently rate limiting for a rule through the API call * GetRateBasedStatementManagedKeys. This option is not available for * other aggregation configurations.

WAF tracks and manages web requests * separately for each instance of a rate-based rule that you use. For example, if * you provide the same rate-based rule settings in two web ACLs, each of the two * rule statements represents a separate instance of the rate-based rule and gets * its own tracking and management by WAF. If you define a rate-based rule inside a * rule group, and then use that rule group in multiple places, each use creates a * separate instance of the rate-based rule that gets its own tracking and * management by WAF.

*/ AWS_WAFV2_API const RateBasedStatement& GetRateBasedStatement() const; /** *

A rate-based rule counts incoming requests and rate limits requests when they * are coming at too fast a rate. The rule categorizes requests according to your * aggregation criteria, collects them into aggregation instances, and counts and * rate limits the requests for each instance.

You can specify individual * aggregation keys, like IP address or HTTP method. You can also specify * aggregation key combinations, like IP address and HTTP method, or HTTP method, * query argument, and cookie.

Each unique set of values for the * aggregation keys that you specify is a separate aggregation instance, with the * value from each key contributing to the aggregation instance definition.

*

For example, assume the rule evaluates web requests with the following IP * address and HTTP method values:

  • IP address 10.1.1.1, HTTP * method POST

  • IP address 10.1.1.1, HTTP method GET

    • *

  • IP address 127.0.0.0, HTTP method POST

  • IP address * 10.1.1.1, HTTP method GET

The rule would create different * aggregation instances according to your aggregation criteria, for example:

*

  • If the aggregation criteria is just the IP address, then each * individual address is an aggregation instance, and WAF counts requests * separately for each. The aggregation instances and request counts for our * example would be the following:

    • IP address 10.1.1.1: count * 3

    • IP address 127.0.0.0: count 1

  • *

    If the aggregation criteria is HTTP method, then each individual HTTP method * is an aggregation instance. The aggregation instances and request counts for our * example would be the following:

    • HTTP method POST: count 2

      *

    • HTTP method GET: count 2

  • If the * aggregation criteria is IP address and HTTP method, then each IP address and * each HTTP method would contribute to the combined aggregation instance. The * aggregation instances and request counts for our example would be the following: *

    • IP address 10.1.1.1, HTTP method POST: count 1

    • *

      IP address 10.1.1.1, HTTP method GET: count 2

    • IP address * 127.0.0.0, HTTP method POST: count 1

For any * n-tuple of aggregation keys, each unique combination of values for the keys * defines a separate aggregation instance, which WAF counts and rate-limits * individually.

You can optionally nest another statement inside the * rate-based statement, to narrow the scope of the rule so that it only counts and * rate limits requests that match the nested statement. You can use this nested * scope-down statement in conjunction with your aggregation key specifications or * you can just count and rate limit all requests that match the scope-down * statement, without additional aggregation. When you choose to just manage all * requests that match a scope-down statement, the aggregation instance is singular * for the rule.

You cannot nest a RateBasedStatement inside * another statement, for example inside a NotStatement or * OrStatement. You can define a RateBasedStatement * inside a web ACL and inside a rule group.

For additional information * about the options, see Rate * limiting web requests using rate-based rules in the WAF Developer * Guide.

If you only aggregate on the individual IP address or * forwarded IP address, you can retrieve the list of IP addresses that WAF is * currently rate limiting for a rule through the API call * GetRateBasedStatementManagedKeys. This option is not available for * other aggregation configurations.

WAF tracks and manages web requests * separately for each instance of a rate-based rule that you use. For example, if * you provide the same rate-based rule settings in two web ACLs, each of the two * rule statements represents a separate instance of the rate-based rule and gets * its own tracking and management by WAF. If you define a rate-based rule inside a * rule group, and then use that rule group in multiple places, each use creates a * separate instance of the rate-based rule that gets its own tracking and * management by WAF.

*/ AWS_WAFV2_API bool RateBasedStatementHasBeenSet() const; /** *

A rate-based rule counts incoming requests and rate limits requests when they * are coming at too fast a rate. The rule categorizes requests according to your * aggregation criteria, collects them into aggregation instances, and counts and * rate limits the requests for each instance.

You can specify individual * aggregation keys, like IP address or HTTP method. You can also specify * aggregation key combinations, like IP address and HTTP method, or HTTP method, * query argument, and cookie.

Each unique set of values for the * aggregation keys that you specify is a separate aggregation instance, with the * value from each key contributing to the aggregation instance definition.

*

For example, assume the rule evaluates web requests with the following IP * address and HTTP method values:

  • IP address 10.1.1.1, HTTP * method POST

  • IP address 10.1.1.1, HTTP method GET

    • *

  • IP address 127.0.0.0, HTTP method POST

  • IP address * 10.1.1.1, HTTP method GET

The rule would create different * aggregation instances according to your aggregation criteria, for example:

*

  • If the aggregation criteria is just the IP address, then each * individual address is an aggregation instance, and WAF counts requests * separately for each. The aggregation instances and request counts for our * example would be the following:

    • IP address 10.1.1.1: count * 3

    • IP address 127.0.0.0: count 1

  • *

    If the aggregation criteria is HTTP method, then each individual HTTP method * is an aggregation instance. The aggregation instances and request counts for our * example would be the following:

    • HTTP method POST: count 2

      *

    • HTTP method GET: count 2

  • If the * aggregation criteria is IP address and HTTP method, then each IP address and * each HTTP method would contribute to the combined aggregation instance. The * aggregation instances and request counts for our example would be the following: *

    • IP address 10.1.1.1, HTTP method POST: count 1

    • *

      IP address 10.1.1.1, HTTP method GET: count 2

    • IP address * 127.0.0.0, HTTP method POST: count 1

For any * n-tuple of aggregation keys, each unique combination of values for the keys * defines a separate aggregation instance, which WAF counts and rate-limits * individually.

You can optionally nest another statement inside the * rate-based statement, to narrow the scope of the rule so that it only counts and * rate limits requests that match the nested statement. You can use this nested * scope-down statement in conjunction with your aggregation key specifications or * you can just count and rate limit all requests that match the scope-down * statement, without additional aggregation. When you choose to just manage all * requests that match a scope-down statement, the aggregation instance is singular * for the rule.

You cannot nest a RateBasedStatement inside * another statement, for example inside a NotStatement or * OrStatement. You can define a RateBasedStatement * inside a web ACL and inside a rule group.

For additional information * about the options, see Rate * limiting web requests using rate-based rules in the WAF Developer * Guide.

If you only aggregate on the individual IP address or * forwarded IP address, you can retrieve the list of IP addresses that WAF is * currently rate limiting for a rule through the API call * GetRateBasedStatementManagedKeys. This option is not available for * other aggregation configurations.

WAF tracks and manages web requests * separately for each instance of a rate-based rule that you use. For example, if * you provide the same rate-based rule settings in two web ACLs, each of the two * rule statements represents a separate instance of the rate-based rule and gets * its own tracking and management by WAF. If you define a rate-based rule inside a * rule group, and then use that rule group in multiple places, each use creates a * separate instance of the rate-based rule that gets its own tracking and * management by WAF.

*/ AWS_WAFV2_API void SetRateBasedStatement(const RateBasedStatement& value); /** *

A rate-based rule counts incoming requests and rate limits requests when they * are coming at too fast a rate. The rule categorizes requests according to your * aggregation criteria, collects them into aggregation instances, and counts and * rate limits the requests for each instance.

You can specify individual * aggregation keys, like IP address or HTTP method. You can also specify * aggregation key combinations, like IP address and HTTP method, or HTTP method, * query argument, and cookie.

Each unique set of values for the * aggregation keys that you specify is a separate aggregation instance, with the * value from each key contributing to the aggregation instance definition.

*

For example, assume the rule evaluates web requests with the following IP * address and HTTP method values:

  • IP address 10.1.1.1, HTTP * method POST

  • IP address 10.1.1.1, HTTP method GET

    • *

  • IP address 127.0.0.0, HTTP method POST

  • IP address * 10.1.1.1, HTTP method GET

The rule would create different * aggregation instances according to your aggregation criteria, for example:

*

  • If the aggregation criteria is just the IP address, then each * individual address is an aggregation instance, and WAF counts requests * separately for each. The aggregation instances and request counts for our * example would be the following:

    • IP address 10.1.1.1: count * 3

    • IP address 127.0.0.0: count 1

  • *

    If the aggregation criteria is HTTP method, then each individual HTTP method * is an aggregation instance. The aggregation instances and request counts for our * example would be the following:

    • HTTP method POST: count 2

      *

    • HTTP method GET: count 2

  • If the * aggregation criteria is IP address and HTTP method, then each IP address and * each HTTP method would contribute to the combined aggregation instance. The * aggregation instances and request counts for our example would be the following: *

    • IP address 10.1.1.1, HTTP method POST: count 1

    • *

      IP address 10.1.1.1, HTTP method GET: count 2

    • IP address * 127.0.0.0, HTTP method POST: count 1

For any * n-tuple of aggregation keys, each unique combination of values for the keys * defines a separate aggregation instance, which WAF counts and rate-limits * individually.

You can optionally nest another statement inside the * rate-based statement, to narrow the scope of the rule so that it only counts and * rate limits requests that match the nested statement. You can use this nested * scope-down statement in conjunction with your aggregation key specifications or * you can just count and rate limit all requests that match the scope-down * statement, without additional aggregation. When you choose to just manage all * requests that match a scope-down statement, the aggregation instance is singular * for the rule.

You cannot nest a RateBasedStatement inside * another statement, for example inside a NotStatement or * OrStatement. You can define a RateBasedStatement * inside a web ACL and inside a rule group.

For additional information * about the options, see Rate * limiting web requests using rate-based rules in the WAF Developer * Guide.

If you only aggregate on the individual IP address or * forwarded IP address, you can retrieve the list of IP addresses that WAF is * currently rate limiting for a rule through the API call * GetRateBasedStatementManagedKeys. This option is not available for * other aggregation configurations.

WAF tracks and manages web requests * separately for each instance of a rate-based rule that you use. For example, if * you provide the same rate-based rule settings in two web ACLs, each of the two * rule statements represents a separate instance of the rate-based rule and gets * its own tracking and management by WAF. If you define a rate-based rule inside a * rule group, and then use that rule group in multiple places, each use creates a * separate instance of the rate-based rule that gets its own tracking and * management by WAF.

*/ AWS_WAFV2_API void SetRateBasedStatement(RateBasedStatement&& value); /** *

A rate-based rule counts incoming requests and rate limits requests when they * are coming at too fast a rate. The rule categorizes requests according to your * aggregation criteria, collects them into aggregation instances, and counts and * rate limits the requests for each instance.

You can specify individual * aggregation keys, like IP address or HTTP method. You can also specify * aggregation key combinations, like IP address and HTTP method, or HTTP method, * query argument, and cookie.

Each unique set of values for the * aggregation keys that you specify is a separate aggregation instance, with the * value from each key contributing to the aggregation instance definition.

*

For example, assume the rule evaluates web requests with the following IP * address and HTTP method values:

  • IP address 10.1.1.1, HTTP * method POST

  • IP address 10.1.1.1, HTTP method GET

    • *

  • IP address 127.0.0.0, HTTP method POST

  • IP address * 10.1.1.1, HTTP method GET

The rule would create different * aggregation instances according to your aggregation criteria, for example:

*

  • If the aggregation criteria is just the IP address, then each * individual address is an aggregation instance, and WAF counts requests * separately for each. The aggregation instances and request counts for our * example would be the following:

    • IP address 10.1.1.1: count * 3

    • IP address 127.0.0.0: count 1

  • *

    If the aggregation criteria is HTTP method, then each individual HTTP method * is an aggregation instance. The aggregation instances and request counts for our * example would be the following:

    • HTTP method POST: count 2

      *

    • HTTP method GET: count 2

  • If the * aggregation criteria is IP address and HTTP method, then each IP address and * each HTTP method would contribute to the combined aggregation instance. The * aggregation instances and request counts for our example would be the following: *

    • IP address 10.1.1.1, HTTP method POST: count 1

    • *

      IP address 10.1.1.1, HTTP method GET: count 2

    • IP address * 127.0.0.0, HTTP method POST: count 1

For any * n-tuple of aggregation keys, each unique combination of values for the keys * defines a separate aggregation instance, which WAF counts and rate-limits * individually.

You can optionally nest another statement inside the * rate-based statement, to narrow the scope of the rule so that it only counts and * rate limits requests that match the nested statement. You can use this nested * scope-down statement in conjunction with your aggregation key specifications or * you can just count and rate limit all requests that match the scope-down * statement, without additional aggregation. When you choose to just manage all * requests that match a scope-down statement, the aggregation instance is singular * for the rule.

You cannot nest a RateBasedStatement inside * another statement, for example inside a NotStatement or * OrStatement. You can define a RateBasedStatement * inside a web ACL and inside a rule group.

For additional information * about the options, see Rate * limiting web requests using rate-based rules in the WAF Developer * Guide.

If you only aggregate on the individual IP address or * forwarded IP address, you can retrieve the list of IP addresses that WAF is * currently rate limiting for a rule through the API call * GetRateBasedStatementManagedKeys. This option is not available for * other aggregation configurations.

WAF tracks and manages web requests * separately for each instance of a rate-based rule that you use. For example, if * you provide the same rate-based rule settings in two web ACLs, each of the two * rule statements represents a separate instance of the rate-based rule and gets * its own tracking and management by WAF. If you define a rate-based rule inside a * rule group, and then use that rule group in multiple places, each use creates a * separate instance of the rate-based rule that gets its own tracking and * management by WAF.

*/ AWS_WAFV2_API Statement& WithRateBasedStatement(const RateBasedStatement& value); /** *

A rate-based rule counts incoming requests and rate limits requests when they * are coming at too fast a rate. The rule categorizes requests according to your * aggregation criteria, collects them into aggregation instances, and counts and * rate limits the requests for each instance.

You can specify individual * aggregation keys, like IP address or HTTP method. You can also specify * aggregation key combinations, like IP address and HTTP method, or HTTP method, * query argument, and cookie.

Each unique set of values for the * aggregation keys that you specify is a separate aggregation instance, with the * value from each key contributing to the aggregation instance definition.

*

For example, assume the rule evaluates web requests with the following IP * address and HTTP method values:

  • IP address 10.1.1.1, HTTP * method POST

  • IP address 10.1.1.1, HTTP method GET

    • *

  • IP address 127.0.0.0, HTTP method POST

  • IP address * 10.1.1.1, HTTP method GET

The rule would create different * aggregation instances according to your aggregation criteria, for example:

*

  • If the aggregation criteria is just the IP address, then each * individual address is an aggregation instance, and WAF counts requests * separately for each. The aggregation instances and request counts for our * example would be the following:

    • IP address 10.1.1.1: count * 3

    • IP address 127.0.0.0: count 1

  • *

    If the aggregation criteria is HTTP method, then each individual HTTP method * is an aggregation instance. The aggregation instances and request counts for our * example would be the following:

    • HTTP method POST: count 2

      *

    • HTTP method GET: count 2

  • If the * aggregation criteria is IP address and HTTP method, then each IP address and * each HTTP method would contribute to the combined aggregation instance. The * aggregation instances and request counts for our example would be the following: *

    • IP address 10.1.1.1, HTTP method POST: count 1

    • *

      IP address 10.1.1.1, HTTP method GET: count 2

    • IP address * 127.0.0.0, HTTP method POST: count 1

For any * n-tuple of aggregation keys, each unique combination of values for the keys * defines a separate aggregation instance, which WAF counts and rate-limits * individually.

You can optionally nest another statement inside the * rate-based statement, to narrow the scope of the rule so that it only counts and * rate limits requests that match the nested statement. You can use this nested * scope-down statement in conjunction with your aggregation key specifications or * you can just count and rate limit all requests that match the scope-down * statement, without additional aggregation. When you choose to just manage all * requests that match a scope-down statement, the aggregation instance is singular * for the rule.

You cannot nest a RateBasedStatement inside * another statement, for example inside a NotStatement or * OrStatement. You can define a RateBasedStatement * inside a web ACL and inside a rule group.

For additional information * about the options, see Rate * limiting web requests using rate-based rules in the WAF Developer * Guide.

If you only aggregate on the individual IP address or * forwarded IP address, you can retrieve the list of IP addresses that WAF is * currently rate limiting for a rule through the API call * GetRateBasedStatementManagedKeys. This option is not available for * other aggregation configurations.

WAF tracks and manages web requests * separately for each instance of a rate-based rule that you use. For example, if * you provide the same rate-based rule settings in two web ACLs, each of the two * rule statements represents a separate instance of the rate-based rule and gets * its own tracking and management by WAF. If you define a rate-based rule inside a * rule group, and then use that rule group in multiple places, each use creates a * separate instance of the rate-based rule that gets its own tracking and * management by WAF.

*/ AWS_WAFV2_API Statement& WithRateBasedStatement(RateBasedStatement&& value); /** *

A logical rule statement used to combine other rule statements with AND * logic. You provide more than one Statement within the * AndStatement.

*/ AWS_WAFV2_API const AndStatement& GetAndStatement() const; /** *

A logical rule statement used to combine other rule statements with AND * logic. You provide more than one Statement within the * AndStatement.

*/ AWS_WAFV2_API bool AndStatementHasBeenSet() const; /** *

A logical rule statement used to combine other rule statements with AND * logic. You provide more than one Statement within the * AndStatement.

*/ AWS_WAFV2_API void SetAndStatement(const AndStatement& value); /** *

A logical rule statement used to combine other rule statements with AND * logic. You provide more than one Statement within the * AndStatement.

*/ AWS_WAFV2_API void SetAndStatement(AndStatement&& value); /** *

A logical rule statement used to combine other rule statements with AND * logic. You provide more than one Statement within the * AndStatement.

*/ AWS_WAFV2_API Statement& WithAndStatement(const AndStatement& value); /** *

A logical rule statement used to combine other rule statements with AND * logic. You provide more than one Statement within the * AndStatement.

*/ AWS_WAFV2_API Statement& WithAndStatement(AndStatement&& value); /** *

A logical rule statement used to combine other rule statements with OR logic. * You provide more than one Statement within the OrStatement. *

*/ AWS_WAFV2_API const OrStatement& GetOrStatement() const; /** *

A logical rule statement used to combine other rule statements with OR logic. * You provide more than one Statement within the OrStatement. *

*/ AWS_WAFV2_API bool OrStatementHasBeenSet() const; /** *

A logical rule statement used to combine other rule statements with OR logic. * You provide more than one Statement within the OrStatement. *

*/ AWS_WAFV2_API void SetOrStatement(const OrStatement& value); /** *

A logical rule statement used to combine other rule statements with OR logic. * You provide more than one Statement within the OrStatement. *

*/ AWS_WAFV2_API void SetOrStatement(OrStatement&& value); /** *

A logical rule statement used to combine other rule statements with OR logic. * You provide more than one Statement within the OrStatement. *

*/ AWS_WAFV2_API Statement& WithOrStatement(const OrStatement& value); /** *

A logical rule statement used to combine other rule statements with OR logic. * You provide more than one Statement within the OrStatement. *

*/ AWS_WAFV2_API Statement& WithOrStatement(OrStatement&& value); /** *

A logical rule statement used to negate the results of another rule * statement. You provide one Statement within the * NotStatement.

*/ AWS_WAFV2_API const NotStatement& GetNotStatement() const; /** *

A logical rule statement used to negate the results of another rule * statement. You provide one Statement within the * NotStatement.

*/ AWS_WAFV2_API bool NotStatementHasBeenSet() const; /** *

A logical rule statement used to negate the results of another rule * statement. You provide one Statement within the * NotStatement.

*/ AWS_WAFV2_API void SetNotStatement(const NotStatement& value); /** *

A logical rule statement used to negate the results of another rule * statement. You provide one Statement within the * NotStatement.

*/ AWS_WAFV2_API void SetNotStatement(NotStatement&& value); /** *

A logical rule statement used to negate the results of another rule * statement. You provide one Statement within the * NotStatement.

*/ AWS_WAFV2_API Statement& WithNotStatement(const NotStatement& value); /** *

A logical rule statement used to negate the results of another rule * statement. You provide one Statement within the * NotStatement.

*/ AWS_WAFV2_API Statement& WithNotStatement(NotStatement&& value); /** *

A rule statement used to run the rules that are defined in a managed rule * group. To use this, provide the vendor name and the name of the rule group in * this statement. You can retrieve the required names by calling * ListAvailableManagedRuleGroups.

You cannot nest a * ManagedRuleGroupStatement, for example for use inside a * NotStatement or OrStatement. It can only be referenced * as a top-level statement within a rule.

You are charged additional * fees when you use the WAF Bot Control managed rule group * AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account * takeover prevention (ATP) managed rule group * AWSManagedRulesATPRuleSet, or the WAF Fraud Control account * creation fraud prevention (ACFP) managed rule group * AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing.

*/ AWS_WAFV2_API const ManagedRuleGroupStatement& GetManagedRuleGroupStatement() const; /** *

A rule statement used to run the rules that are defined in a managed rule * group. To use this, provide the vendor name and the name of the rule group in * this statement. You can retrieve the required names by calling * ListAvailableManagedRuleGroups.

You cannot nest a * ManagedRuleGroupStatement, for example for use inside a * NotStatement or OrStatement. It can only be referenced * as a top-level statement within a rule.

You are charged additional * fees when you use the WAF Bot Control managed rule group * AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account * takeover prevention (ATP) managed rule group * AWSManagedRulesATPRuleSet, or the WAF Fraud Control account * creation fraud prevention (ACFP) managed rule group * AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing.

*/ AWS_WAFV2_API bool ManagedRuleGroupStatementHasBeenSet() const; /** *

A rule statement used to run the rules that are defined in a managed rule * group. To use this, provide the vendor name and the name of the rule group in * this statement. You can retrieve the required names by calling * ListAvailableManagedRuleGroups.

You cannot nest a * ManagedRuleGroupStatement, for example for use inside a * NotStatement or OrStatement. It can only be referenced * as a top-level statement within a rule.

You are charged additional * fees when you use the WAF Bot Control managed rule group * AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account * takeover prevention (ATP) managed rule group * AWSManagedRulesATPRuleSet, or the WAF Fraud Control account * creation fraud prevention (ACFP) managed rule group * AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing.

*/ AWS_WAFV2_API void SetManagedRuleGroupStatement(const ManagedRuleGroupStatement& value); /** *

A rule statement used to run the rules that are defined in a managed rule * group. To use this, provide the vendor name and the name of the rule group in * this statement. You can retrieve the required names by calling * ListAvailableManagedRuleGroups.

You cannot nest a * ManagedRuleGroupStatement, for example for use inside a * NotStatement or OrStatement. It can only be referenced * as a top-level statement within a rule.

You are charged additional * fees when you use the WAF Bot Control managed rule group * AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account * takeover prevention (ATP) managed rule group * AWSManagedRulesATPRuleSet, or the WAF Fraud Control account * creation fraud prevention (ACFP) managed rule group * AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing.

*/ AWS_WAFV2_API void SetManagedRuleGroupStatement(ManagedRuleGroupStatement&& value); /** *

A rule statement used to run the rules that are defined in a managed rule * group. To use this, provide the vendor name and the name of the rule group in * this statement. You can retrieve the required names by calling * ListAvailableManagedRuleGroups.

You cannot nest a * ManagedRuleGroupStatement, for example for use inside a * NotStatement or OrStatement. It can only be referenced * as a top-level statement within a rule.

You are charged additional * fees when you use the WAF Bot Control managed rule group * AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account * takeover prevention (ATP) managed rule group * AWSManagedRulesATPRuleSet, or the WAF Fraud Control account * creation fraud prevention (ACFP) managed rule group * AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing.

*/ AWS_WAFV2_API Statement& WithManagedRuleGroupStatement(const ManagedRuleGroupStatement& value); /** *

A rule statement used to run the rules that are defined in a managed rule * group. To use this, provide the vendor name and the name of the rule group in * this statement. You can retrieve the required names by calling * ListAvailableManagedRuleGroups.

You cannot nest a * ManagedRuleGroupStatement, for example for use inside a * NotStatement or OrStatement. It can only be referenced * as a top-level statement within a rule.

You are charged additional * fees when you use the WAF Bot Control managed rule group * AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account * takeover prevention (ATP) managed rule group * AWSManagedRulesATPRuleSet, or the WAF Fraud Control account * creation fraud prevention (ACFP) managed rule group * AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing.

*/ AWS_WAFV2_API Statement& WithManagedRuleGroupStatement(ManagedRuleGroupStatement&& value); /** *

A rule statement to match against labels that have been added to the web * request by rules that have already run in the web ACL.

The label match * statement provides the label or namespace string to search for. The label string * can represent a part or all of the fully qualified label name that had been * added to the web request. Fully qualified labels have a prefix, optional * namespaces, and label name. The prefix identifies the rule group or web ACL * context of the rule that added the label. If you do not provide the fully * qualified name in your label match string, WAF performs the search for labels * that were added in the same context as the label match statement.

*/ inline const LabelMatchStatement& GetLabelMatchStatement() const{ return m_labelMatchStatement; } /** *

A rule statement to match against labels that have been added to the web * request by rules that have already run in the web ACL.

The label match * statement provides the label or namespace string to search for. The label string * can represent a part or all of the fully qualified label name that had been * added to the web request. Fully qualified labels have a prefix, optional * namespaces, and label name. The prefix identifies the rule group or web ACL * context of the rule that added the label. If you do not provide the fully * qualified name in your label match string, WAF performs the search for labels * that were added in the same context as the label match statement.

*/ inline bool LabelMatchStatementHasBeenSet() const { return m_labelMatchStatementHasBeenSet; } /** *

A rule statement to match against labels that have been added to the web * request by rules that have already run in the web ACL.

The label match * statement provides the label or namespace string to search for. The label string * can represent a part or all of the fully qualified label name that had been * added to the web request. Fully qualified labels have a prefix, optional * namespaces, and label name. The prefix identifies the rule group or web ACL * context of the rule that added the label. If you do not provide the fully * qualified name in your label match string, WAF performs the search for labels * that were added in the same context as the label match statement.

*/ inline void SetLabelMatchStatement(const LabelMatchStatement& value) { m_labelMatchStatementHasBeenSet = true; m_labelMatchStatement = value; } /** *

A rule statement to match against labels that have been added to the web * request by rules that have already run in the web ACL.

The label match * statement provides the label or namespace string to search for. The label string * can represent a part or all of the fully qualified label name that had been * added to the web request. Fully qualified labels have a prefix, optional * namespaces, and label name. The prefix identifies the rule group or web ACL * context of the rule that added the label. If you do not provide the fully * qualified name in your label match string, WAF performs the search for labels * that were added in the same context as the label match statement.

*/ inline void SetLabelMatchStatement(LabelMatchStatement&& value) { m_labelMatchStatementHasBeenSet = true; m_labelMatchStatement = std::move(value); } /** *

A rule statement to match against labels that have been added to the web * request by rules that have already run in the web ACL.

The label match * statement provides the label or namespace string to search for. The label string * can represent a part or all of the fully qualified label name that had been * added to the web request. Fully qualified labels have a prefix, optional * namespaces, and label name. The prefix identifies the rule group or web ACL * context of the rule that added the label. If you do not provide the fully * qualified name in your label match string, WAF performs the search for labels * that were added in the same context as the label match statement.

*/ inline Statement& WithLabelMatchStatement(const LabelMatchStatement& value) { SetLabelMatchStatement(value); return *this;} /** *

A rule statement to match against labels that have been added to the web * request by rules that have already run in the web ACL.

The label match * statement provides the label or namespace string to search for. The label string * can represent a part or all of the fully qualified label name that had been * added to the web request. Fully qualified labels have a prefix, optional * namespaces, and label name. The prefix identifies the rule group or web ACL * context of the rule that added the label. If you do not provide the fully * qualified name in your label match string, WAF performs the search for labels * that were added in the same context as the label match statement.

*/ inline Statement& WithLabelMatchStatement(LabelMatchStatement&& value) { SetLabelMatchStatement(std::move(value)); return *this;} /** *

A rule statement used to search web request components for a match against a * single regular expression.

*/ inline const RegexMatchStatement& GetRegexMatchStatement() const{ return m_regexMatchStatement; } /** *

A rule statement used to search web request components for a match against a * single regular expression.

*/ inline bool RegexMatchStatementHasBeenSet() const { return m_regexMatchStatementHasBeenSet; } /** *

A rule statement used to search web request components for a match against a * single regular expression.

*/ inline void SetRegexMatchStatement(const RegexMatchStatement& value) { m_regexMatchStatementHasBeenSet = true; m_regexMatchStatement = value; } /** *

A rule statement used to search web request components for a match against a * single regular expression.

*/ inline void SetRegexMatchStatement(RegexMatchStatement&& value) { m_regexMatchStatementHasBeenSet = true; m_regexMatchStatement = std::move(value); } /** *

A rule statement used to search web request components for a match against a * single regular expression.

*/ inline Statement& WithRegexMatchStatement(const RegexMatchStatement& value) { SetRegexMatchStatement(value); return *this;} /** *

A rule statement used to search web request components for a match against a * single regular expression.

*/ inline Statement& WithRegexMatchStatement(RegexMatchStatement&& value) { SetRegexMatchStatement(std::move(value)); return *this;} private: ByteMatchStatement m_byteMatchStatement; bool m_byteMatchStatementHasBeenSet = false; SqliMatchStatement m_sqliMatchStatement; bool m_sqliMatchStatementHasBeenSet = false; XssMatchStatement m_xssMatchStatement; bool m_xssMatchStatementHasBeenSet = false; SizeConstraintStatement m_sizeConstraintStatement; bool m_sizeConstraintStatementHasBeenSet = false; GeoMatchStatement m_geoMatchStatement; bool m_geoMatchStatementHasBeenSet = false; RuleGroupReferenceStatement m_ruleGroupReferenceStatement; bool m_ruleGroupReferenceStatementHasBeenSet = false; IPSetReferenceStatement m_iPSetReferenceStatement; bool m_iPSetReferenceStatementHasBeenSet = false; RegexPatternSetReferenceStatement m_regexPatternSetReferenceStatement; bool m_regexPatternSetReferenceStatementHasBeenSet = false; std::shared_ptr m_rateBasedStatement; bool m_rateBasedStatementHasBeenSet = false; std::shared_ptr m_andStatement; bool m_andStatementHasBeenSet = false; std::shared_ptr m_orStatement; bool m_orStatementHasBeenSet = false; std::shared_ptr m_notStatement; bool m_notStatementHasBeenSet = false; std::shared_ptr m_managedRuleGroupStatement; bool m_managedRuleGroupStatementHasBeenSet = false; LabelMatchStatement m_labelMatchStatement; bool m_labelMatchStatementHasBeenSet = false; RegexMatchStatement m_regexMatchStatement; bool m_regexMatchStatementHasBeenSet = false; }; } // namespace Model } // namespace WAFV2 } // namespace Aws