/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
/*
* Do not modify this file. This file is generated from the wafv2-2019-07-29.normal.json service model.
*/
using System;
using System.Collections.Generic;
using System.Xml.Serialization;
using System.Text;
using System.IO;
using System.Net;
using Amazon.Runtime;
using Amazon.Runtime.Internal;
namespace Amazon.WAFV2.Model
{
///
/// The processing guidance for a Rule, used by WAF to determine whether a web
/// request matches the rule.
///
///
///
/// For example specifications, see the examples section of CreateWebACL.
///
///
public partial class Statement
{
private AndStatement _andStatement;
private ByteMatchStatement _byteMatchStatement;
private GeoMatchStatement _geoMatchStatement;
private IPSetReferenceStatement _ipSetReferenceStatement;
private LabelMatchStatement _labelMatchStatement;
private ManagedRuleGroupStatement _managedRuleGroupStatement;
private NotStatement _notStatement;
private OrStatement _orStatement;
private RateBasedStatement _rateBasedStatement;
private RegexMatchStatement _regexMatchStatement;
private RegexPatternSetReferenceStatement _regexPatternSetReferenceStatement;
private RuleGroupReferenceStatement _ruleGroupReferenceStatement;
private SizeConstraintStatement _sizeConstraintStatement;
private SqliMatchStatement _sqliMatchStatement;
private XssMatchStatement _xssMatchStatement;
///
/// Gets and sets the property AndStatement.
///
/// A logical rule statement used to combine other rule statements with AND logic. You
/// provide more than one Statement within the AndStatement.
///
///
public AndStatement AndStatement
{
get { return this._andStatement; }
set { this._andStatement = value; }
}
// Check to see if AndStatement property is set
internal bool IsSetAndStatement()
{
return this._andStatement != null;
}
///
/// Gets and sets the property ByteMatchStatement.
///
/// A rule statement that defines a string match search for WAF to apply to web requests.
/// The byte match statement provides the bytes to search for, the location in requests
/// that you want WAF to search, and other settings. The bytes to search for are typically
/// a string that corresponds with ASCII characters. In the WAF console and the developer
/// guide, this is called a string match statement.
///
///
public ByteMatchStatement ByteMatchStatement
{
get { return this._byteMatchStatement; }
set { this._byteMatchStatement = value; }
}
// Check to see if ByteMatchStatement property is set
internal bool IsSetByteMatchStatement()
{
return this._byteMatchStatement != null;
}
///
/// Gets and sets the property GeoMatchStatement.
///
/// A rule statement that labels web requests by country and region and that matches against
/// web requests based on country code. A geo match rule labels every request that it
/// inspects regardless of whether it finds a match.
///
/// -
///
/// To manage requests only by country, you can use this statement by itself and specify
/// the countries that you want to match against in the
CountryCodes array.
///
///
/// -
///
/// Otherwise, configure your geo match rule with Count action so that it only labels
/// requests. Then, add one or more label match rules to run after the geo match rule
/// and configure them to match against the geographic labels and handle the requests
/// as needed.
///
///
///
/// WAF labels requests using the alpha-2 country and region codes from the International
/// Organization for Standardization (ISO) 3166 standard. WAF determines the codes using
/// either the IP address in the web request origin or, if you specify it, the address
/// in the geo match ForwardedIPConfig.
///
///
///
/// If you use the web request origin, the label formats are awswaf:clientip:geo:region:<ISO
/// country code>-<ISO region code> and awswaf:clientip:geo:country:<ISO
/// country code>.
///
///
///
/// If you use a forwarded IP address, the label formats are awswaf:forwardedip:geo:region:<ISO
/// country code>-<ISO region code> and awswaf:forwardedip:geo:country:<ISO
/// country code>.
///
///
///
/// For additional details, see Geographic
/// match rule statement in the WAF
/// Developer Guide.
///
///
public GeoMatchStatement GeoMatchStatement
{
get { return this._geoMatchStatement; }
set { this._geoMatchStatement = value; }
}
// Check to see if GeoMatchStatement property is set
internal bool IsSetGeoMatchStatement()
{
return this._geoMatchStatement != null;
}
///
/// Gets and sets the property IPSetReferenceStatement.
///
/// A rule statement used to detect web requests coming from particular IP addresses or
/// address ranges. To use this, create an IPSet that specifies the addresses you
/// want to detect, then use the ARN of that set in this statement. To create an IP set,
/// see CreateIPSet.
///
///
///
/// Each IP set rule statement references an IP set. You create and maintain the set independent
/// of your rules. This allows you to use the single set in multiple rules. When you update
/// the referenced set, WAF automatically updates all rules that reference it.
///
///
public IPSetReferenceStatement IPSetReferenceStatement
{
get { return this._ipSetReferenceStatement; }
set { this._ipSetReferenceStatement = value; }
}
// Check to see if IPSetReferenceStatement property is set
internal bool IsSetIPSetReferenceStatement()
{
return this._ipSetReferenceStatement != null;
}
///
/// Gets and sets the property LabelMatchStatement.
///
/// A rule statement to match against labels that have been added to the web request by
/// rules that have already run in the web ACL.
///
///
///
/// The label match statement provides the label or namespace string to search for. The
/// label string can represent a part or all of the fully qualified label name that had
/// been added to the web request. Fully qualified labels have a prefix, optional namespaces,
/// and label name. The prefix identifies the rule group or web ACL context of the rule
/// that added the label. If you do not provide the fully qualified name in your label
/// match string, WAF performs the search for labels that were added in the same context
/// as the label match statement.
///
///
public LabelMatchStatement LabelMatchStatement
{
get { return this._labelMatchStatement; }
set { this._labelMatchStatement = value; }
}
// Check to see if LabelMatchStatement property is set
internal bool IsSetLabelMatchStatement()
{
return this._labelMatchStatement != null;
}
///
/// Gets and sets the property ManagedRuleGroupStatement.
///
/// A rule statement used to run the rules that are defined in a managed rule group. To
/// use this, provide the vendor name and the name of the rule group in this statement.
/// You can retrieve the required names by calling ListAvailableManagedRuleGroups.
///
///
///
/// You cannot nest a ManagedRuleGroupStatement, for example for use inside
/// a NotStatement or OrStatement. It can only be referenced
/// as a top-level statement within a rule.
///
///
///
/// You are charged additional fees when you use the WAF Bot Control managed rule group
/// AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account takeover
/// prevention (ATP) managed rule group AWSManagedRulesATPRuleSet, or the
/// WAF Fraud Control account creation fraud prevention (ACFP) managed rule group AWSManagedRulesACFPRuleSet.
/// For more information, see WAF Pricing.
///
///
///
public ManagedRuleGroupStatement ManagedRuleGroupStatement
{
get { return this._managedRuleGroupStatement; }
set { this._managedRuleGroupStatement = value; }
}
// Check to see if ManagedRuleGroupStatement property is set
internal bool IsSetManagedRuleGroupStatement()
{
return this._managedRuleGroupStatement != null;
}
///
/// Gets and sets the property NotStatement.
///
/// A logical rule statement used to negate the results of another rule statement. You
/// provide one Statement within the NotStatement.
///
///
public NotStatement NotStatement
{
get { return this._notStatement; }
set { this._notStatement = value; }
}
// Check to see if NotStatement property is set
internal bool IsSetNotStatement()
{
return this._notStatement != null;
}
///
/// Gets and sets the property OrStatement.
///
/// A logical rule statement used to combine other rule statements with OR logic. You
/// provide more than one Statement within the OrStatement.
///
///
public OrStatement OrStatement
{
get { return this._orStatement; }
set { this._orStatement = value; }
}
// Check to see if OrStatement property is set
internal bool IsSetOrStatement()
{
return this._orStatement != null;
}
///
/// Gets and sets the property RateBasedStatement.
///
/// A rate-based rule counts incoming requests and rate limits requests when they are
/// coming at too fast a rate. The rule categorizes requests according to your aggregation
/// criteria, collects them into aggregation instances, and counts and rate limits the
/// requests for each instance.
///
///
///
/// You can specify individual aggregation keys, like IP address or HTTP method. You can
/// also specify aggregation key combinations, like IP address and HTTP method, or HTTP
/// method, query argument, and cookie.
///
///
///
/// Each unique set of values for the aggregation keys that you specify is a separate
/// aggregation instance, with the value from each key contributing to the aggregation
/// instance definition.
///
///
///
/// For example, assume the rule evaluates web requests with the following IP address
/// and HTTP method values:
///
/// -
///
/// IP address 10.1.1.1, HTTP method POST
///
///
-
///
/// IP address 10.1.1.1, HTTP method GET
///
///
-
///
/// IP address 127.0.0.0, HTTP method POST
///
///
-
///
/// IP address 10.1.1.1, HTTP method GET
///
///
///
/// The rule would create different aggregation instances according to your aggregation
/// criteria, for example:
///
/// -
///
/// If the aggregation criteria is just the IP address, then each individual address is
/// an aggregation instance, and WAF counts requests separately for each. The aggregation
/// instances and request counts for our example would be the following:
///
///
-
///
/// IP address 10.1.1.1: count 3
///
///
-
///
/// IP address 127.0.0.0: count 1
///
///
-
///
/// If the aggregation criteria is HTTP method, then each individual HTTP method is an
/// aggregation instance. The aggregation instances and request counts for our example
/// would be the following:
///
///
-
///
/// HTTP method POST: count 2
///
///
-
///
/// HTTP method GET: count 2
///
///
-
///
/// If the aggregation criteria is IP address and HTTP method, then each IP address and
/// each HTTP method would contribute to the combined aggregation instance. The aggregation
/// instances and request counts for our example would be the following:
///
///
-
///
/// IP address 10.1.1.1, HTTP method POST: count 1
///
///
-
///
/// IP address 10.1.1.1, HTTP method GET: count 2
///
///
-
///
/// IP address 127.0.0.0, HTTP method POST: count 1
///
///
///
/// For any n-tuple of aggregation keys, each unique combination of values for the keys
/// defines a separate aggregation instance, which WAF counts and rate-limits individually.
///
///
///
///
/// You can optionally nest another statement inside the rate-based statement, to narrow
/// the scope of the rule so that it only counts and rate limits requests that match the
/// nested statement. You can use this nested scope-down statement in conjunction with
/// your aggregation key specifications or you can just count and rate limit all requests
/// that match the scope-down statement, without additional aggregation. When you choose
/// to just manage all requests that match a scope-down statement, the aggregation instance
/// is singular for the rule.
///
///
///
/// You cannot nest a RateBasedStatement inside another statement, for example
/// inside a NotStatement or OrStatement. You can define a RateBasedStatement
/// inside a web ACL and inside a rule group.
///
///
///
/// For additional information about the options, see Rate
/// limiting web requests using rate-based rules in the WAF Developer Guide.
///
///
///
///
/// If you only aggregate on the individual IP address or forwarded IP address, you can
/// retrieve the list of IP addresses that WAF is currently rate limiting for a rule through
/// the API call GetRateBasedStatementManagedKeys. This option is not available
/// for other aggregation configurations.
///
///
///
/// WAF tracks and manages web requests separately for each instance of a rate-based rule
/// that you use. For example, if you provide the same rate-based rule settings in two
/// web ACLs, each of the two rule statements represents a separate instance of the rate-based
/// rule and gets its own tracking and management by WAF. If you define a rate-based rule
/// inside a rule group, and then use that rule group in multiple places, each use creates
/// a separate instance of the rate-based rule that gets its own tracking and management
/// by WAF.
///
///
public RateBasedStatement RateBasedStatement
{
get { return this._rateBasedStatement; }
set { this._rateBasedStatement = value; }
}
// Check to see if RateBasedStatement property is set
internal bool IsSetRateBasedStatement()
{
return this._rateBasedStatement != null;
}
///
/// Gets and sets the property RegexMatchStatement.
///
/// A rule statement used to search web request components for a match against a single
/// regular expression.
///
///
public RegexMatchStatement RegexMatchStatement
{
get { return this._regexMatchStatement; }
set { this._regexMatchStatement = value; }
}
// Check to see if RegexMatchStatement property is set
internal bool IsSetRegexMatchStatement()
{
return this._regexMatchStatement != null;
}
///
/// Gets and sets the property RegexPatternSetReferenceStatement.
///
/// A rule statement used to search web request components for matches with regular expressions.
/// To use this, create a RegexPatternSet that specifies the expressions that you
/// want to detect, then use the ARN of that set in this statement. A web request matches
/// the pattern set rule statement if the request component matches any of the patterns
/// in the set. To create a regex pattern set, see CreateRegexPatternSet.
///
///
///
/// Each regex pattern set rule statement references a regex pattern set. You create and
/// maintain the set independent of your rules. This allows you to use the single set
/// in multiple rules. When you update the referenced set, WAF automatically updates all
/// rules that reference it.
///
///
public RegexPatternSetReferenceStatement RegexPatternSetReferenceStatement
{
get { return this._regexPatternSetReferenceStatement; }
set { this._regexPatternSetReferenceStatement = value; }
}
// Check to see if RegexPatternSetReferenceStatement property is set
internal bool IsSetRegexPatternSetReferenceStatement()
{
return this._regexPatternSetReferenceStatement != null;
}
///
/// Gets and sets the property RuleGroupReferenceStatement.
///
/// A rule statement used to run the rules that are defined in a RuleGroup. To
/// use this, create a rule group with your rules, then provide the ARN of the rule group
/// in this statement.
///
///
///
/// You cannot nest a RuleGroupReferenceStatement, for example for use inside
/// a NotStatement or OrStatement. You can only use a rule group
/// reference statement at the top level inside a web ACL.
///
///
public RuleGroupReferenceStatement RuleGroupReferenceStatement
{
get { return this._ruleGroupReferenceStatement; }
set { this._ruleGroupReferenceStatement = value; }
}
// Check to see if RuleGroupReferenceStatement property is set
internal bool IsSetRuleGroupReferenceStatement()
{
return this._ruleGroupReferenceStatement != null;
}
///
/// Gets and sets the property SizeConstraintStatement.
///
/// A rule statement that compares a number of bytes against the size of a request component,
/// using a comparison operator, such as greater than (>) or less than (<). For
/// example, you can use a size constraint statement to look for query strings that are
/// longer than 100 bytes.
///
///
///
/// If you configure WAF to inspect the request body, WAF inspects only the number of
/// bytes of the body up to the limit for the web ACL. By default, for regional web ACLs,
/// this limit is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16
/// KB (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the
/// web ACL AssociationConfig, for additional fees. If you know that the
/// request body for your web requests should never exceed the inspection limit, you could
/// use a size constraint statement to block requests that have a larger request body
/// size.
///
///
///
/// If you choose URI for the value of Part of the request to filter on, the slash (/)
/// in the URI counts as one character. For example, the URI /logo.jpg is
/// nine characters long.
///
///
public SizeConstraintStatement SizeConstraintStatement
{
get { return this._sizeConstraintStatement; }
set { this._sizeConstraintStatement = value; }
}
// Check to see if SizeConstraintStatement property is set
internal bool IsSetSizeConstraintStatement()
{
return this._sizeConstraintStatement != null;
}
///
/// Gets and sets the property SqliMatchStatement.
///
/// A rule statement that inspects for malicious SQL code. Attackers insert malicious
/// SQL code into web requests to do things like modify your database or extract data
/// from it.
///
///
public SqliMatchStatement SqliMatchStatement
{
get { return this._sqliMatchStatement; }
set { this._sqliMatchStatement = value; }
}
// Check to see if SqliMatchStatement property is set
internal bool IsSetSqliMatchStatement()
{
return this._sqliMatchStatement != null;
}
///
/// Gets and sets the property XssMatchStatement.
///
/// A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS attacks,
/// the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious
/// client-site scripts into other legitimate web browsers.
///
///
public XssMatchStatement XssMatchStatement
{
get { return this._xssMatchStatement; }
set { this._xssMatchStatement = value; }
}
// Check to see if XssMatchStatement property is set
internal bool IsSetXssMatchStatement()
{
return this._xssMatchStatement != null;
}
}
}