AWS::WAFv2::RuleGroup RuleAction
The action that AWS WAF should take on a web request when it matches a rule's statement. Settings at the web ACL level can override the rule action setting.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Allow" :
AllowAction
, "Block" :BlockAction
, "Captcha" :CaptchaAction
, "Challenge" :ChallengeAction
, "Count" :CountAction
}
YAML
Allow:
AllowAction
Block:BlockAction
Captcha:CaptchaAction
Challenge:ChallengeAction
Count:CountAction
Properties
Allow
-
Instructs AWS WAF to allow the web request.
Required: No
Type: AllowAction
Update requires: No interruption
Block
-
Instructs AWS WAF to block the web request.
Required: No
Type: BlockAction
Update requires: No interruption
Captcha
-
Specifies that AWS WAF should run a
CAPTCHA
check against the request:-
If the request includes a valid, unexpired
CAPTCHA
token, AWS WAF allows the web request inspection to proceed to the next rule, similar to aCountAction
. -
If the request doesn't include a valid, unexpired
CAPTCHA
token, AWS WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination.AWS WAF generates a response that it sends back to the client, which includes the following:
-
The header
x-amzn-waf-action
with a value ofcaptcha
. -
The HTTP status code
405 Method Not Allowed
. -
If the request contains an
Accept
header with a value oftext/html
, the response includes aCAPTCHA
challenge.
-
You can configure the expiration time in the
CaptchaConfig
ImmunityTimeProperty
setting at the rule and web ACL level. The rule setting overrides the web ACL setting.This action option is available for rules. It isn't available for web ACL default actions.
Required: No
Type: CaptchaAction
Update requires: No interruption
-
Challenge
-
Instructs AWS WAF to run a
Challenge
check against the web request.Required: No
Type: ChallengeAction
Update requires: No interruption
Count
-
Instructs AWS WAF to count the web request and then continue evaluating the request using the remaining rules in the web ACL.
Required: No
Type: CountAction
Update requires: No interruption
Examples
Set an allow action
The following shows an example allow action specification.
YAML
Action: Allow: {}
JSON
"Action": { "Allow": {} }
Set an allow action with a custom request setting
The following shows an example allow action specification with custom request handling.
YAML
Action: Allow: CustomRequestHandling: InsertHeaders: - Name: AllowActionHeader1Name Value: AllowActionHeader1Value - Name: AllowActionHeader2Name Value: AllowActionHeader2Value
JSON
"Action": { "Allow": { "CustomRequestHandling": { "InsertHeaders": [ { "Name": "AllowActionHeader1Name", "Value": "AllowActionHeader1Value" }, { "Name": "AllowActionHeader2Name", "Value": "AllowActionHeader2Value" } ] } } }