/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
/*
* Do not modify this file. This file is generated from the wafv2-2019-07-29.normal.json service model.
*/
using System;
using System.Collections.Generic;
using System.Xml.Serialization;
using System.Text;
using System.IO;
using System.Net;
using Amazon.Runtime;
using Amazon.Runtime.Internal;
namespace Amazon.WAFV2.Model
{
///
/// A rate-based rule counts incoming requests and rate limits requests when they are
/// coming at too fast a rate. The rule categorizes requests according to your aggregation
/// criteria, collects them into aggregation instances, and counts and rate limits the
/// requests for each instance.
///
///
///
/// You can specify individual aggregation keys, like IP address or HTTP method. You can
/// also specify aggregation key combinations, like IP address and HTTP method, or HTTP
/// method, query argument, and cookie.
///
///
///
/// Each unique set of values for the aggregation keys that you specify is a separate
/// aggregation instance, with the value from each key contributing to the aggregation
/// instance definition.
///
///
///
/// For example, assume the rule evaluates web requests with the following IP address
/// and HTTP method values:
///
/// -
///
/// IP address 10.1.1.1, HTTP method POST
///
///
-
///
/// IP address 10.1.1.1, HTTP method GET
///
///
-
///
/// IP address 127.0.0.0, HTTP method POST
///
///
-
///
/// IP address 10.1.1.1, HTTP method GET
///
///
///
/// The rule would create different aggregation instances according to your aggregation
/// criteria, for example:
///
/// -
///
/// If the aggregation criteria is just the IP address, then each individual address is
/// an aggregation instance, and WAF counts requests separately for each. The aggregation
/// instances and request counts for our example would be the following:
///
///
-
///
/// IP address 10.1.1.1: count 3
///
///
-
///
/// IP address 127.0.0.0: count 1
///
///
-
///
/// If the aggregation criteria is HTTP method, then each individual HTTP method is an
/// aggregation instance. The aggregation instances and request counts for our example
/// would be the following:
///
///
-
///
/// HTTP method POST: count 2
///
///
-
///
/// HTTP method GET: count 2
///
///
-
///
/// If the aggregation criteria is IP address and HTTP method, then each IP address and
/// each HTTP method would contribute to the combined aggregation instance. The aggregation
/// instances and request counts for our example would be the following:
///
///
-
///
/// IP address 10.1.1.1, HTTP method POST: count 1
///
///
-
///
/// IP address 10.1.1.1, HTTP method GET: count 2
///
///
-
///
/// IP address 127.0.0.0, HTTP method POST: count 1
///
///
///
/// For any n-tuple of aggregation keys, each unique combination of values for the keys
/// defines a separate aggregation instance, which WAF counts and rate-limits individually.
///
///
///
///
/// You can optionally nest another statement inside the rate-based statement, to narrow
/// the scope of the rule so that it only counts and rate limits requests that match the
/// nested statement. You can use this nested scope-down statement in conjunction with
/// your aggregation key specifications or you can just count and rate limit all requests
/// that match the scope-down statement, without additional aggregation. When you choose
/// to just manage all requests that match a scope-down statement, the aggregation instance
/// is singular for the rule.
///
///
///
/// You cannot nest a RateBasedStatement inside another statement, for example
/// inside a NotStatement or OrStatement. You can define a RateBasedStatement
/// inside a web ACL and inside a rule group.
///
///
///
/// For additional information about the options, see Rate
/// limiting web requests using rate-based rules in the WAF Developer Guide.
///
///
///
///
/// If you only aggregate on the individual IP address or forwarded IP address, you can
/// retrieve the list of IP addresses that WAF is currently rate limiting for a rule through
/// the API call GetRateBasedStatementManagedKeys. This option is not available
/// for other aggregation configurations.
///
///
///
/// WAF tracks and manages web requests separately for each instance of a rate-based rule
/// that you use. For example, if you provide the same rate-based rule settings in two
/// web ACLs, each of the two rule statements represents a separate instance of the rate-based
/// rule and gets its own tracking and management by WAF. If you define a rate-based rule
/// inside a rule group, and then use that rule group in multiple places, each use creates
/// a separate instance of the rate-based rule that gets its own tracking and management
/// by WAF.
///
///
public partial class RateBasedStatement
{
private RateBasedStatementAggregateKeyType _aggregateKeyType;
private List _customKeys = new List();
private ForwardedIPConfig _forwardedIPConfig;
private long? _limit;
private Statement _scopeDownStatement;
///
/// Gets and sets the property AggregateKeyType.
///
/// Setting that indicates how to aggregate the request counts.
///
///
///
/// Web requests that are missing any of the components specified in the aggregation keys
/// are omitted from the rate-based rule evaluation and handling.
///
/// -
///
///
CONSTANT - Count and limit the requests that match the rate-based rule's
/// scope-down statement. With this option, the counted requests aren't further aggregated.
/// The scope-down statement is the only specification used. When the count of all requests
/// that satisfy the scope-down statement goes over the limit, WAF applies the rule action
/// to all requests that satisfy the scope-down statement.
///
///
///
/// With this option, you must configure the ScopeDownStatement property.
///
///
/// -
///
///
CUSTOM_KEYS - Aggregate the request counts using one or more web request
/// components as the aggregate keys.
///
///
///
/// With this option, you must specify the aggregate keys in the CustomKeys
/// property.
///
///
///
/// To aggregate on only the IP address or only the forwarded IP address, don't use custom
/// keys. Instead, set the aggregate key type to IP or FORWARDED_IP.
///
/// -
///
///
FORWARDED_IP - Aggregate the request counts on the first IP address
/// in an HTTP header.
///
///
///
/// With this option, you must specify the header to use in the ForwardedIPConfig
/// property.
///
///
///
/// To aggregate on a combination of the forwarded IP address with other aggregate keys,
/// use CUSTOM_KEYS.
///
/// -
///
///
IP - Aggregate the request counts on the IP address from the web request
/// origin.
///
///
///
/// To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS.
///
///
///
///
[AWSProperty(Required=true)]
public RateBasedStatementAggregateKeyType AggregateKeyType
{
get { return this._aggregateKeyType; }
set { this._aggregateKeyType = value; }
}
// Check to see if AggregateKeyType property is set
internal bool IsSetAggregateKeyType()
{
return this._aggregateKeyType != null;
}
///
/// Gets and sets the property CustomKeys.
///
/// Specifies the aggregate keys to use in a rate-base rule.
///
///
[AWSProperty(Min=1, Max=5)]
public List CustomKeys
{
get { return this._customKeys; }
set { this._customKeys = value; }
}
// Check to see if CustomKeys property is set
internal bool IsSetCustomKeys()
{
return this._customKeys != null && this._customKeys.Count > 0;
}
///
/// Gets and sets the property ForwardedIPConfig.
///
/// The configuration for inspecting IP addresses in an HTTP header that you specify,
/// instead of using the IP address that's reported by the web request origin. Commonly,
/// this is the X-Forwarded-For (XFF) header, but you can specify any header name.
///
///
///
/// If the specified header isn't present in the request, WAF doesn't apply the rule to
/// the web request at all.
///
///
///
/// This is required if you specify a forwarded IP in the rule's aggregate key settings.
///
///
///
public ForwardedIPConfig ForwardedIPConfig
{
get { return this._forwardedIPConfig; }
set { this._forwardedIPConfig = value; }
}
// Check to see if ForwardedIPConfig property is set
internal bool IsSetForwardedIPConfig()
{
return this._forwardedIPConfig != null;
}
///
/// Gets and sets the property Limit.
///
/// The limit on requests per 5-minute period for a single aggregation instance for the
/// rate-based rule. If the rate-based statement includes a ScopeDownStatement,
/// this limit is applied only to the requests that match the statement.
///
///
///
/// Examples:
///
/// -
///
/// If you aggregate on just the IP address, this is the limit on requests from any single
/// IP address.
///
///
-
///
/// If you aggregate on the HTTP method and the query argument name "city", then this
/// is the limit on requests for any single method, city pair.
///
///
///
[AWSProperty(Required=true, Min=100, Max=2000000000)]
public long Limit
{
get { return this._limit.GetValueOrDefault(); }
set { this._limit = value; }
}
// Check to see if Limit property is set
internal bool IsSetLimit()
{
return this._limit.HasValue;
}
///
/// Gets and sets the property ScopeDownStatement.
///
/// An optional nested statement that narrows the scope of the web requests that are evaluated
/// and managed by the rate-based statement. When you use a scope-down statement, the
/// rate-based rule only tracks and rate limits requests that match the scope-down statement.
/// You can use any nestable Statement in the scope-down statement, and you can
/// nest statements at any level, the same as you can for a rule statement.
///
///
public Statement ScopeDownStatement
{
get { return this._scopeDownStatement; }
set { this._scopeDownStatement = value; }
}
// Check to see if ScopeDownStatement property is set
internal bool IsSetScopeDownStatement()
{
return this._scopeDownStatement != null;
}
}
}