interface AWSManagedRulesACFPRuleSetProperty
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.WAFv2.CfnWebACL.AWSManagedRulesACFPRuleSetProperty |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awswafv2#CfnWebACL_AWSManagedRulesACFPRuleSetProperty |
 Java | software.amazon.awscdk.services.wafv2.CfnWebACL.AWSManagedRulesACFPRuleSetProperty |
 Python | aws_cdk.aws_wafv2.CfnWebACL.AWSManagedRulesACFPRuleSetProperty |
 TypeScript | aws-cdk-lib » aws_wafv2 » CfnWebACL » AWSManagedRulesACFPRuleSetProperty |
Details for your use of the account creation fraud prevention managed rule group, AWSManagedRulesACFPRuleSet .
This configuration is used in ManagedRuleGroupConfig .
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_wafv2 as wafv2 } from 'aws-cdk-lib';
const aWSManagedRulesACFPRuleSetProperty: wafv2.CfnWebACL.AWSManagedRulesACFPRuleSetProperty = {
creationPath: 'creationPath',
registrationPagePath: 'registrationPagePath',
requestInspection: {
payloadType: 'payloadType',
// the properties below are optional
addressFields: [{
identifier: 'identifier',
}],
emailField: {
identifier: 'identifier',
},
passwordField: {
identifier: 'identifier',
},
phoneNumberFields: [{
identifier: 'identifier',
}],
usernameField: {
identifier: 'identifier',
},
},
// the properties below are optional
enableRegexInPath: false,
responseInspection: {
bodyContains: {
failureStrings: ['failureStrings'],
successStrings: ['successStrings'],
},
header: {
failureValues: ['failureValues'],
name: 'name',
successValues: ['successValues'],
},
json: {
failureValues: ['failureValues'],
identifier: 'identifier',
successValues: ['successValues'],
},
statusCode: {
failureCodes: [123],
successCodes: [123],
},
},
};
Properties
| Name | Type | Description |
|---|---|---|
| creation | string | The path of the account creation endpoint for your application. |
| registration | string | The path of the account registration endpoint for your application. |
| request | IResolvable | Request | The criteria for inspecting account creation requests, used by the ACFP rule group to validate and track account creation attempts. |
| enable | boolean | IResolvable | Allow the use of regular expressions in the registration page path and the account creation path. |
| response | IResolvable | Response | The criteria for inspecting responses to account creation requests, used by the ACFP rule group to track account creation success rates. |
creationPath
Type:
string
The path of the account creation endpoint for your application.
This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
For example, for the URL https://example.com/web/newaccount , you would provide the path /web/newaccount . Account creation page paths that start with the path that you provide are considered a match. For example /web/newaccount matches the account creation paths /web/newaccount , /web/newaccount/ , /web/newaccountPage , and /web/newaccount/thisPage , but doesn't match the path /home/web/newaccount or /website/newaccount .
registrationPagePath
Type:
string
The path of the account registration endpoint for your application.
This is the page on your website that presents the registration form to new users.
This page must accept
GETtext/html requests.
For example, for the URL https://example.com/web/registration , you would provide the path /web/registration . Registration page paths that start with the path that you provide are considered a match. For example /web/registration matches the registration paths /web/registration , /web/registration/ , /web/registrationPage , and /web/registration/thisPage , but doesn't match the path /home/web/registration or /website/registration .
requestInspection
Type:
IResolvable | Request
The criteria for inspecting account creation requests, used by the ACFP rule group to validate and track account creation attempts.
enableRegexInPath?
Type:
boolean | IResolvable
(optional)
Allow the use of regular expressions in the registration page path and the account creation path.
responseInspection?
Type:
IResolvable | Response
(optional)
The criteria for inspecting responses to account creation requests, used by the ACFP rule group to track account creation success rates.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
The ACFP rule group evaluates the responses that your protected resources send back to client account creation attempts, keeping count of successful and failed attempts from each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that have had too many successful account creation attempts in a short amount of time.