* This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the * developer guide. *
** For the latest version of AWS WAF, use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the * latest version, AWS WAF has a single set of endpoints for regional and global use. *
*
* The ActivatedRule object in an UpdateWebACL request specifies a Rule that you want
* to insert or delete, the priority of the Rule in the WebACL, and the action that you want
* AWS WAF to take when a web request matches the Rule (ALLOW, BLOCK, or
* COUNT).
*
* To specify whether to insert or delete a Rule, use the Action parameter in the
* WebACLUpdate data type.
*
* Specifies the order in which the Rules in a WebACL are evaluated. Rules with a lower
* value for Priority are evaluated before Rules with a higher value. The value must be a
* unique integer. If you add multiple Rules to a WebACL, the values don't need to be
* consecutive.
*
* The RuleId for a Rule. You use RuleId to get more information about a
* Rule (see GetRule), update a Rule (see UpdateRule), insert a
* Rule into a WebACL or delete a one from a WebACL (see
* UpdateWebACL), or delete a Rule from AWS WAF (see DeleteRule).
*
* RuleId is returned by CreateRule and by ListRules.
*
* Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the
* Rule. Valid values for Action include the following:
*
* ALLOW: CloudFront responds with the requested object.
*
* BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code.
*
* COUNT: AWS WAF increments a counter of requests that match the conditions in the rule and then
* continues to inspect the web request based on the remaining rules in the web ACL.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a
* WebACL. In this case, you do not use ActivatedRule|Action. For all other update
* requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.
*
* Use the OverrideAction to test your RuleGroup.
*
* Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction
* to None, the RuleGroup will block a request if any individual rule in the
* RuleGroup matches the request and is configured to block that request. However if you first want to
* test the RuleGroup, set the OverrideAction to Count. The
* RuleGroup will then override any block action specified by individual rules contained within the
* group. Instead of blocking matching requests, those requests will be counted. You can view a record of counted
* requests using GetSampledRequests.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a
* WebACL. In this case you do not use ActivatedRule|Action. For all other update
* requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.
*
* The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by
* RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. Although
* this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without setting the type,
* the UpdateWebACL request will fail because the request tries to add a REGULAR rule with the specified ID,
* which does not exist.
*
* An array of rules to exclude from a rule group. This is applicable only when the ActivatedRule
* refers to a RuleGroup.
*
* Sometimes it is necessary to troubleshoot rule groups that are blocking traffic unexpectedly (false positives). * One troubleshooting technique is to identify the specific rule within the rule group that is blocking the * legitimate traffic and then disable (exclude) that particular rule. You can exclude rules from both your own rule * groups and AWS Marketplace rule groups that have been associated with a web ACL. *
*
* Specifying ExcludedRules does not remove those rules from the rule group. Rather, it changes the
* action for the rules to COUNT. Therefore, requests that match an ExcludedRule are
* counted but not blocked. The RuleGroup owner will receive COUNT metrics for each
* ExcludedRule.
*
* If you want to exclude rules from a rule group that is already associated with a web ACL, perform the following * steps: *
** Use the AWS WAF logs to identify the IDs of the rules that you want to exclude. For more information about the * logs, see Logging Web ACL Traffic * Information. *
** Submit an UpdateWebACL request that has two actions: *
*
* The first action deletes the existing rule group from the web ACL. That is, in the UpdateWebACL request,
* the first Updates:Action should be DELETE and Updates:ActivatedRule:RuleId
* should be the rule group that contains the rules that you want to exclude.
*
* The second action inserts the same rule group back in, but specifying the rules to exclude. That is, the second
* Updates:Action should be INSERT, Updates:ActivatedRule:RuleId should be
* the rule group that you just removed, and ExcludedRules should contain the rules that you want to
* exclude.
*
* Specifies the order in which the Rules in a WebACL are evaluated. Rules with a lower
* value for Priority are evaluated before Rules with a higher value. The value must be a
* unique integer. If you add multiple Rules to a WebACL, the values don't need to be
* consecutive.
*
Rules in a WebACL are evaluated. Rules with a
* lower value for Priority are evaluated before Rules with a higher value. The
* value must be a unique integer. If you add multiple Rules to a WebACL, the
* values don't need to be consecutive.
*/
public void setPriority(Integer priority) {
this.priority = priority;
}
/**
*
* Specifies the order in which the Rules in a WebACL are evaluated. Rules with a lower
* value for Priority are evaluated before Rules with a higher value. The value must be a
* unique integer. If you add multiple Rules to a WebACL, the values don't need to be
* consecutive.
*
Rules in a WebACL are evaluated. Rules with a
* lower value for Priority are evaluated before Rules with a higher value. The
* value must be a unique integer. If you add multiple Rules to a WebACL, the
* values don't need to be consecutive.
*/
public Integer getPriority() {
return this.priority;
}
/**
*
* Specifies the order in which the Rules in a WebACL are evaluated. Rules with a lower
* value for Priority are evaluated before Rules with a higher value. The value must be a
* unique integer. If you add multiple Rules to a WebACL, the values don't need to be
* consecutive.
*
Rules in a WebACL are evaluated. Rules with a
* lower value for Priority are evaluated before Rules with a higher value. The
* value must be a unique integer. If you add multiple Rules to a WebACL, the
* values don't need to be consecutive.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ActivatedRule withPriority(Integer priority) {
setPriority(priority);
return this;
}
/**
*
* The RuleId for a Rule. You use RuleId to get more information about a
* Rule (see GetRule), update a Rule (see UpdateRule), insert a
* Rule into a WebACL or delete a one from a WebACL (see
* UpdateWebACL), or delete a Rule from AWS WAF (see DeleteRule).
*
* RuleId is returned by CreateRule and by ListRules.
*
RuleId for a Rule. You use RuleId to get more information about
* a Rule (see GetRule), update a Rule (see UpdateRule), insert a
* Rule into a WebACL or delete a one from a WebACL (see
* UpdateWebACL), or delete a Rule from AWS WAF (see DeleteRule).
*
* RuleId is returned by CreateRule and by ListRules.
*/
public void setRuleId(String ruleId) {
this.ruleId = ruleId;
}
/**
*
* The RuleId for a Rule. You use RuleId to get more information about a
* Rule (see GetRule), update a Rule (see UpdateRule), insert a
* Rule into a WebACL or delete a one from a WebACL (see
* UpdateWebACL), or delete a Rule from AWS WAF (see DeleteRule).
*
* RuleId is returned by CreateRule and by ListRules.
*
RuleId for a Rule. You use RuleId to get more information
* about a Rule (see GetRule), update a Rule (see UpdateRule),
* insert a Rule into a WebACL or delete a one from a WebACL (see
* UpdateWebACL), or delete a Rule from AWS WAF (see DeleteRule).
*
* RuleId is returned by CreateRule and by ListRules.
*/
public String getRuleId() {
return this.ruleId;
}
/**
*
* The RuleId for a Rule. You use RuleId to get more information about a
* Rule (see GetRule), update a Rule (see UpdateRule), insert a
* Rule into a WebACL or delete a one from a WebACL (see
* UpdateWebACL), or delete a Rule from AWS WAF (see DeleteRule).
*
* RuleId is returned by CreateRule and by ListRules.
*
RuleId for a Rule. You use RuleId to get more information about
* a Rule (see GetRule), update a Rule (see UpdateRule), insert a
* Rule into a WebACL or delete a one from a WebACL (see
* UpdateWebACL), or delete a Rule from AWS WAF (see DeleteRule).
*
* RuleId is returned by CreateRule and by ListRules.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ActivatedRule withRuleId(String ruleId) {
setRuleId(ruleId);
return this;
}
/**
*
* Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the
* Rule. Valid values for Action include the following:
*
* ALLOW: CloudFront responds with the requested object.
*
* BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code.
*
* COUNT: AWS WAF increments a counter of requests that match the conditions in the rule and then
* continues to inspect the web request based on the remaining rules in the web ACL.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a
* WebACL. In this case, you do not use ActivatedRule|Action. For all other update
* requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.
*
Rule. Valid values for Action include the following:
*
* ALLOW: CloudFront responds with the requested object.
*
* BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code.
*
* COUNT: AWS WAF increments a counter of requests that match the conditions in the rule and
* then continues to inspect the web request based on the remaining rules in the web ACL.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to
* a WebACL. In this case, you do not use ActivatedRule|Action. For all other
* update requests, ActivatedRule|Action is used instead of
* ActivatedRule|OverrideAction.
*/
public void setAction(WafAction action) {
this.action = action;
}
/**
*
* Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the
* Rule. Valid values for Action include the following:
*
* ALLOW: CloudFront responds with the requested object.
*
* BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code.
*
* COUNT: AWS WAF increments a counter of requests that match the conditions in the rule and then
* continues to inspect the web request based on the remaining rules in the web ACL.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a
* WebACL. In this case, you do not use ActivatedRule|Action. For all other update
* requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.
*
Rule. Valid values for Action include the following:
*
* ALLOW: CloudFront responds with the requested object.
*
* BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code.
*
* COUNT: AWS WAF increments a counter of requests that match the conditions in the rule and
* then continues to inspect the web request based on the remaining rules in the web ACL.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup
* to a WebACL. In this case, you do not use ActivatedRule|Action. For all other
* update requests, ActivatedRule|Action is used instead of
* ActivatedRule|OverrideAction.
*/
public WafAction getAction() {
return this.action;
}
/**
*
* Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the
* Rule. Valid values for Action include the following:
*
* ALLOW: CloudFront responds with the requested object.
*
* BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code.
*
* COUNT: AWS WAF increments a counter of requests that match the conditions in the rule and then
* continues to inspect the web request based on the remaining rules in the web ACL.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a
* WebACL. In this case, you do not use ActivatedRule|Action. For all other update
* requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.
*
Rule. Valid values for Action include the following:
*
* ALLOW: CloudFront responds with the requested object.
*
* BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code.
*
* COUNT: AWS WAF increments a counter of requests that match the conditions in the rule and
* then continues to inspect the web request based on the remaining rules in the web ACL.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to
* a WebACL. In this case, you do not use ActivatedRule|Action. For all other
* update requests, ActivatedRule|Action is used instead of
* ActivatedRule|OverrideAction.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ActivatedRule withAction(WafAction action) {
setAction(action);
return this;
}
/**
*
* Use the OverrideAction to test your RuleGroup.
*
* Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction
* to None, the RuleGroup will block a request if any individual rule in the
* RuleGroup matches the request and is configured to block that request. However if you first want to
* test the RuleGroup, set the OverrideAction to Count. The
* RuleGroup will then override any block action specified by individual rules contained within the
* group. Instead of blocking matching requests, those requests will be counted. You can view a record of counted
* requests using GetSampledRequests.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a
* WebACL. In this case you do not use ActivatedRule|Action. For all other update
* requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.
*
OverrideAction to test your RuleGroup.
*
* Any rule in a RuleGroup can potentially block a request. If you set the
* OverrideAction to None, the RuleGroup will block a request if any
* individual rule in the RuleGroup matches the request and is configured to block that request.
* However if you first want to test the RuleGroup, set the OverrideAction to
* Count. The RuleGroup will then override any block action specified by individual
* rules contained within the group. Instead of blocking matching requests, those requests will be counted.
* You can view a record of counted requests using GetSampledRequests.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to
* a WebACL. In this case you do not use ActivatedRule|Action. For all other update
* requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.
*/
public void setOverrideAction(WafOverrideAction overrideAction) {
this.overrideAction = overrideAction;
}
/**
*
* Use the OverrideAction to test your RuleGroup.
*
* Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction
* to None, the RuleGroup will block a request if any individual rule in the
* RuleGroup matches the request and is configured to block that request. However if you first want to
* test the RuleGroup, set the OverrideAction to Count. The
* RuleGroup will then override any block action specified by individual rules contained within the
* group. Instead of blocking matching requests, those requests will be counted. You can view a record of counted
* requests using GetSampledRequests.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a
* WebACL. In this case you do not use ActivatedRule|Action. For all other update
* requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.
*
OverrideAction to test your RuleGroup.
*
* Any rule in a RuleGroup can potentially block a request. If you set the
* OverrideAction to None, the RuleGroup will block a request if any
* individual rule in the RuleGroup matches the request and is configured to block that
* request. However if you first want to test the RuleGroup, set the
* OverrideAction to Count. The RuleGroup will then override any
* block action specified by individual rules contained within the group. Instead of blocking matching
* requests, those requests will be counted. You can view a record of counted requests using
* GetSampledRequests.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup
* to a WebACL. In this case you do not use ActivatedRule|Action. For all other
* update requests, ActivatedRule|Action is used instead of
* ActivatedRule|OverrideAction.
*/
public WafOverrideAction getOverrideAction() {
return this.overrideAction;
}
/**
*
* Use the OverrideAction to test your RuleGroup.
*
* Any rule in a RuleGroup can potentially block a request. If you set the OverrideAction
* to None, the RuleGroup will block a request if any individual rule in the
* RuleGroup matches the request and is configured to block that request. However if you first want to
* test the RuleGroup, set the OverrideAction to Count. The
* RuleGroup will then override any block action specified by individual rules contained within the
* group. Instead of blocking matching requests, those requests will be counted. You can view a record of counted
* requests using GetSampledRequests.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to a
* WebACL. In this case you do not use ActivatedRule|Action. For all other update
* requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.
*
OverrideAction to test your RuleGroup.
*
* Any rule in a RuleGroup can potentially block a request. If you set the
* OverrideAction to None, the RuleGroup will block a request if any
* individual rule in the RuleGroup matches the request and is configured to block that request.
* However if you first want to test the RuleGroup, set the OverrideAction to
* Count. The RuleGroup will then override any block action specified by individual
* rules contained within the group. Instead of blocking matching requests, those requests will be counted.
* You can view a record of counted requests using GetSampledRequests.
*
* ActivatedRule|OverrideAction applies only when updating or adding a RuleGroup to
* a WebACL. In this case you do not use ActivatedRule|Action. For all other update
* requests, ActivatedRule|Action is used instead of ActivatedRule|OverrideAction.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ActivatedRule withOverrideAction(WafOverrideAction overrideAction) {
setOverrideAction(overrideAction);
return this;
}
/**
*
* The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by
* RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. Although
* this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without setting the type,
* the UpdateWebACL request will fail because the request tries to add a REGULAR rule with the specified ID,
* which does not exist.
*
REGULAR, as defined by Rule, RATE_BASED, as defined
* by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR.
* Although this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without
* setting the type, the UpdateWebACL request will fail because the request tries to add a REGULAR
* rule with the specified ID, which does not exist.
* @see WafRuleType
*/
public void setType(String type) {
this.type = type;
}
/**
*
* The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by
* RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. Although
* this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without setting the type,
* the UpdateWebACL request will fail because the request tries to add a REGULAR rule with the specified ID,
* which does not exist.
*
REGULAR, as defined by Rule, RATE_BASED, as
* defined by RateBasedRule, or GROUP, as defined by RuleGroup. The default is
* REGULAR. Although this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL
* without setting the type, the UpdateWebACL request will fail because the request tries to add a
* REGULAR rule with the specified ID, which does not exist.
* @see WafRuleType
*/
public String getType() {
return this.type;
}
/**
*
* The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by
* RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. Although
* this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without setting the type,
* the UpdateWebACL request will fail because the request tries to add a REGULAR rule with the specified ID,
* which does not exist.
*
REGULAR, as defined by Rule, RATE_BASED, as defined
* by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR.
* Although this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without
* setting the type, the UpdateWebACL request will fail because the request tries to add a REGULAR
* rule with the specified ID, which does not exist.
* @return Returns a reference to this object so that method calls can be chained together.
* @see WafRuleType
*/
public ActivatedRule withType(String type) {
setType(type);
return this;
}
/**
*
* The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by
* RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. Although
* this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without setting the type,
* the UpdateWebACL request will fail because the request tries to add a REGULAR rule with the specified ID,
* which does not exist.
*
REGULAR, as defined by Rule, RATE_BASED, as defined
* by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR.
* Although this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without
* setting the type, the UpdateWebACL request will fail because the request tries to add a REGULAR
* rule with the specified ID, which does not exist.
* @see WafRuleType
*/
public void setType(WafRuleType type) {
withType(type);
}
/**
*
* The rule type, either REGULAR, as defined by Rule, RATE_BASED, as defined by
* RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR. Although
* this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without setting the type,
* the UpdateWebACL request will fail because the request tries to add a REGULAR rule with the specified ID,
* which does not exist.
*
REGULAR, as defined by Rule, RATE_BASED, as defined
* by RateBasedRule, or GROUP, as defined by RuleGroup. The default is REGULAR.
* Although this field is optional, be aware that if you try to add a RATE_BASED rule to a web ACL without
* setting the type, the UpdateWebACL request will fail because the request tries to add a REGULAR
* rule with the specified ID, which does not exist.
* @return Returns a reference to this object so that method calls can be chained together.
* @see WafRuleType
*/
public ActivatedRule withType(WafRuleType type) {
this.type = type.toString();
return this;
}
/**
*
* An array of rules to exclude from a rule group. This is applicable only when the ActivatedRule
* refers to a RuleGroup.
*
* Sometimes it is necessary to troubleshoot rule groups that are blocking traffic unexpectedly (false positives). * One troubleshooting technique is to identify the specific rule within the rule group that is blocking the * legitimate traffic and then disable (exclude) that particular rule. You can exclude rules from both your own rule * groups and AWS Marketplace rule groups that have been associated with a web ACL. *
*
* Specifying ExcludedRules does not remove those rules from the rule group. Rather, it changes the
* action for the rules to COUNT. Therefore, requests that match an ExcludedRule are
* counted but not blocked. The RuleGroup owner will receive COUNT metrics for each
* ExcludedRule.
*
* If you want to exclude rules from a rule group that is already associated with a web ACL, perform the following * steps: *
** Use the AWS WAF logs to identify the IDs of the rules that you want to exclude. For more information about the * logs, see Logging Web ACL Traffic * Information. *
** Submit an UpdateWebACL request that has two actions: *
*
* The first action deletes the existing rule group from the web ACL. That is, in the UpdateWebACL request,
* the first Updates:Action should be DELETE and Updates:ActivatedRule:RuleId
* should be the rule group that contains the rules that you want to exclude.
*
* The second action inserts the same rule group back in, but specifying the rules to exclude. That is, the second
* Updates:Action should be INSERT, Updates:ActivatedRule:RuleId should be
* the rule group that you just removed, and ExcludedRules should contain the rules that you want to
* exclude.
*
ActivatedRule refers to a RuleGroup.
* * Sometimes it is necessary to troubleshoot rule groups that are blocking traffic unexpectedly (false * positives). One troubleshooting technique is to identify the specific rule within the rule group that is * blocking the legitimate traffic and then disable (exclude) that particular rule. You can exclude rules * from both your own rule groups and AWS Marketplace rule groups that have been associated with a web ACL. *
*
* Specifying ExcludedRules does not remove those rules from the rule group. Rather, it changes
* the action for the rules to COUNT. Therefore, requests that match an
* ExcludedRule are counted but not blocked. The RuleGroup owner will receive
* COUNT metrics for each ExcludedRule.
*
* If you want to exclude rules from a rule group that is already associated with a web ACL, perform the * following steps: *
** Use the AWS WAF logs to identify the IDs of the rules that you want to exclude. For more information * about the logs, see Logging * Web ACL Traffic Information. *
** Submit an UpdateWebACL request that has two actions: *
*
* The first action deletes the existing rule group from the web ACL. That is, in the UpdateWebACL
* request, the first Updates:Action should be DELETE and
* Updates:ActivatedRule:RuleId should be the rule group that contains the rules that you want
* to exclude.
*
* The second action inserts the same rule group back in, but specifying the rules to exclude. That is, the
* second Updates:Action should be INSERT,
* Updates:ActivatedRule:RuleId should be the rule group that you just removed, and
* ExcludedRules should contain the rules that you want to exclude.
*
* An array of rules to exclude from a rule group. This is applicable only when the ActivatedRule
* refers to a RuleGroup.
*
* Sometimes it is necessary to troubleshoot rule groups that are blocking traffic unexpectedly (false positives). * One troubleshooting technique is to identify the specific rule within the rule group that is blocking the * legitimate traffic and then disable (exclude) that particular rule. You can exclude rules from both your own rule * groups and AWS Marketplace rule groups that have been associated with a web ACL. *
*
* Specifying ExcludedRules does not remove those rules from the rule group. Rather, it changes the
* action for the rules to COUNT. Therefore, requests that match an ExcludedRule are
* counted but not blocked. The RuleGroup owner will receive COUNT metrics for each
* ExcludedRule.
*
* If you want to exclude rules from a rule group that is already associated with a web ACL, perform the following * steps: *
** Use the AWS WAF logs to identify the IDs of the rules that you want to exclude. For more information about the * logs, see Logging Web ACL Traffic * Information. *
** Submit an UpdateWebACL request that has two actions: *
*
* The first action deletes the existing rule group from the web ACL. That is, in the UpdateWebACL request,
* the first Updates:Action should be DELETE and Updates:ActivatedRule:RuleId
* should be the rule group that contains the rules that you want to exclude.
*
* The second action inserts the same rule group back in, but specifying the rules to exclude. That is, the second
* Updates:Action should be INSERT, Updates:ActivatedRule:RuleId should be
* the rule group that you just removed, and ExcludedRules should contain the rules that you want to
* exclude.
*
ActivatedRule refers to a RuleGroup.
* * Sometimes it is necessary to troubleshoot rule groups that are blocking traffic unexpectedly (false * positives). One troubleshooting technique is to identify the specific rule within the rule group that is * blocking the legitimate traffic and then disable (exclude) that particular rule. You can exclude rules * from both your own rule groups and AWS Marketplace rule groups that have been associated with a web ACL. *
*
* Specifying ExcludedRules does not remove those rules from the rule group. Rather, it changes
* the action for the rules to COUNT. Therefore, requests that match an
* ExcludedRule are counted but not blocked. The RuleGroup owner will receive COUNT
* metrics for each ExcludedRule.
*
* If you want to exclude rules from a rule group that is already associated with a web ACL, perform the * following steps: *
** Use the AWS WAF logs to identify the IDs of the rules that you want to exclude. For more information about * the logs, see Logging Web ACL * Traffic Information. *
** Submit an UpdateWebACL request that has two actions: *
*
* The first action deletes the existing rule group from the web ACL. That is, in the UpdateWebACL
* request, the first Updates:Action should be DELETE and
* Updates:ActivatedRule:RuleId should be the rule group that contains the rules that you want
* to exclude.
*
* The second action inserts the same rule group back in, but specifying the rules to exclude. That is, the
* second Updates:Action should be INSERT,
* Updates:ActivatedRule:RuleId should be the rule group that you just removed, and
* ExcludedRules should contain the rules that you want to exclude.
*
* An array of rules to exclude from a rule group. This is applicable only when the ActivatedRule
* refers to a RuleGroup.
*
* Sometimes it is necessary to troubleshoot rule groups that are blocking traffic unexpectedly (false positives). * One troubleshooting technique is to identify the specific rule within the rule group that is blocking the * legitimate traffic and then disable (exclude) that particular rule. You can exclude rules from both your own rule * groups and AWS Marketplace rule groups that have been associated with a web ACL. *
*
* Specifying ExcludedRules does not remove those rules from the rule group. Rather, it changes the
* action for the rules to COUNT. Therefore, requests that match an ExcludedRule are
* counted but not blocked. The RuleGroup owner will receive COUNT metrics for each
* ExcludedRule.
*
* If you want to exclude rules from a rule group that is already associated with a web ACL, perform the following * steps: *
** Use the AWS WAF logs to identify the IDs of the rules that you want to exclude. For more information about the * logs, see Logging Web ACL Traffic * Information. *
** Submit an UpdateWebACL request that has two actions: *
*
* The first action deletes the existing rule group from the web ACL. That is, in the UpdateWebACL request,
* the first Updates:Action should be DELETE and Updates:ActivatedRule:RuleId
* should be the rule group that contains the rules that you want to exclude.
*
* The second action inserts the same rule group back in, but specifying the rules to exclude. That is, the second
* Updates:Action should be INSERT, Updates:ActivatedRule:RuleId should be
* the rule group that you just removed, and ExcludedRules should contain the rules that you want to
* exclude.
*
* NOTE: This method appends the values to the existing list (if any). Use * {@link #setExcludedRules(java.util.Collection)} or {@link #withExcludedRules(java.util.Collection)} if you want * to override the existing values. *
* * @param excludedRules * An array of rules to exclude from a rule group. This is applicable only when the *ActivatedRule refers to a RuleGroup.
* * Sometimes it is necessary to troubleshoot rule groups that are blocking traffic unexpectedly (false * positives). One troubleshooting technique is to identify the specific rule within the rule group that is * blocking the legitimate traffic and then disable (exclude) that particular rule. You can exclude rules * from both your own rule groups and AWS Marketplace rule groups that have been associated with a web ACL. *
*
* Specifying ExcludedRules does not remove those rules from the rule group. Rather, it changes
* the action for the rules to COUNT. Therefore, requests that match an
* ExcludedRule are counted but not blocked. The RuleGroup owner will receive COUNT
* metrics for each ExcludedRule.
*
* If you want to exclude rules from a rule group that is already associated with a web ACL, perform the * following steps: *
** Use the AWS WAF logs to identify the IDs of the rules that you want to exclude. For more information about * the logs, see Logging Web ACL * Traffic Information. *
** Submit an UpdateWebACL request that has two actions: *
*
* The first action deletes the existing rule group from the web ACL. That is, in the UpdateWebACL
* request, the first Updates:Action should be DELETE and
* Updates:ActivatedRule:RuleId should be the rule group that contains the rules that you want
* to exclude.
*
* The second action inserts the same rule group back in, but specifying the rules to exclude. That is, the
* second Updates:Action should be INSERT,
* Updates:ActivatedRule:RuleId should be the rule group that you just removed, and
* ExcludedRules should contain the rules that you want to exclude.
*
* An array of rules to exclude from a rule group. This is applicable only when the ActivatedRule
* refers to a RuleGroup.
*
* Sometimes it is necessary to troubleshoot rule groups that are blocking traffic unexpectedly (false positives). * One troubleshooting technique is to identify the specific rule within the rule group that is blocking the * legitimate traffic and then disable (exclude) that particular rule. You can exclude rules from both your own rule * groups and AWS Marketplace rule groups that have been associated with a web ACL. *
*
* Specifying ExcludedRules does not remove those rules from the rule group. Rather, it changes the
* action for the rules to COUNT. Therefore, requests that match an ExcludedRule are
* counted but not blocked. The RuleGroup owner will receive COUNT metrics for each
* ExcludedRule.
*
* If you want to exclude rules from a rule group that is already associated with a web ACL, perform the following * steps: *
** Use the AWS WAF logs to identify the IDs of the rules that you want to exclude. For more information about the * logs, see Logging Web ACL Traffic * Information. *
** Submit an UpdateWebACL request that has two actions: *
*
* The first action deletes the existing rule group from the web ACL. That is, in the UpdateWebACL request,
* the first Updates:Action should be DELETE and Updates:ActivatedRule:RuleId
* should be the rule group that contains the rules that you want to exclude.
*
* The second action inserts the same rule group back in, but specifying the rules to exclude. That is, the second
* Updates:Action should be INSERT, Updates:ActivatedRule:RuleId should be
* the rule group that you just removed, and ExcludedRules should contain the rules that you want to
* exclude.
*
ActivatedRule refers to a RuleGroup.
* * Sometimes it is necessary to troubleshoot rule groups that are blocking traffic unexpectedly (false * positives). One troubleshooting technique is to identify the specific rule within the rule group that is * blocking the legitimate traffic and then disable (exclude) that particular rule. You can exclude rules * from both your own rule groups and AWS Marketplace rule groups that have been associated with a web ACL. *
*
* Specifying ExcludedRules does not remove those rules from the rule group. Rather, it changes
* the action for the rules to COUNT. Therefore, requests that match an
* ExcludedRule are counted but not blocked. The RuleGroup owner will receive COUNT
* metrics for each ExcludedRule.
*
* If you want to exclude rules from a rule group that is already associated with a web ACL, perform the * following steps: *
** Use the AWS WAF logs to identify the IDs of the rules that you want to exclude. For more information about * the logs, see Logging Web ACL * Traffic Information. *
** Submit an UpdateWebACL request that has two actions: *
*
* The first action deletes the existing rule group from the web ACL. That is, in the UpdateWebACL
* request, the first Updates:Action should be DELETE and
* Updates:ActivatedRule:RuleId should be the rule group that contains the rules that you want
* to exclude.
*
* The second action inserts the same rule group back in, but specifying the rules to exclude. That is, the
* second Updates:Action should be INSERT,
* Updates:ActivatedRule:RuleId should be the rule group that you just removed, and
* ExcludedRules should contain the rules that you want to exclude.
*