AWS::WAFRegional::SqlInjectionMatchSet
Note
AWS WAF Classic support will end on September 30, 2025.
This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.
For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use.
A complex type that contains SqlInjectionMatchTuple objects, which specify the parts of web requests that you
want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header. If a
SqlInjectionMatchSet contains more than one SqlInjectionMatchTuple object, a request needs to
include snippets of SQL code in only one of the specified parts of the request to be considered a match.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::WAFRegional::SqlInjectionMatchSet", "Properties" : { "Name" :String, "SqlInjectionMatchTuples" :[ SqlInjectionMatchTuple, ... ]} }
YAML
Type: AWS::WAFRegional::SqlInjectionMatchSet Properties: Name:StringSqlInjectionMatchTuples:- SqlInjectionMatchTuple
Properties
Name-
The name, if any, of the
SqlInjectionMatchSet.Required: Yes
Type: String
Pattern:
.*\S.*Minimum:
1Maximum:
128Update requires: Replacement
SqlInjectionMatchTuples-
Specifies the parts of web requests that you want to inspect for snippets of malicious SQL code.
Required: No
Type: Array of SqlInjectionMatchTuple
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.
For more information about using the Ref function, see Ref.
Fn::GetAtt
Examples
Find SQL Injections
The following example looks for snippets of SQL code in the query string of an HTTP request.
JSON
"SqlInjDetection": { "Type": "AWS::WAFRegional::SqlInjectionMatchSet", "Properties": { "Name": "Find SQL injections in the query string", "SqlInjectionMatchTuples": [ { "FieldToMatch" : { "Type": "QUERY_STRING" }, "TextTransformation" : "URL_DECODE" } ] } }
YAML
SqlInjDetection: Type: "AWS::WAFRegional::SqlInjectionMatchSet" Properties: Name: "Find SQL injections in the query string" SqlInjectionMatchTuples: - FieldToMatch: Type: "QUERY_STRING" TextTransformation: "URL_DECODE"
Associate a SQL Injection Match Set with a Web ACL Rule
The following example associates the SqlInjDetection match set with a
web access control list (ACL) rule.
JSON
"SqlInjRule" : { "Type": "AWS::WAFRegional::Rule", "Properties": { "Name": "SqlInjRule", "MetricName" : "SqlInjRule", "Predicates": [ { "DataId" : { "Ref" : "SqlInjDetection" }, "Negated" : false, "Type" : "SqlInjectionMatch" } ] } }
YAML
SqlInjRule: Type: "AWS::WAFRegional::Rule" Properties: Name: "SqlInjRule" MetricName: "SqlInjRule" Predicates: - DataId: Ref: "SqlInjDetection" Negated: false Type: "SqlInjectionMatch"
Create a Web ACL
The following example associates the SqlInjRule rule with a web ACL. The
web ACL allows all requests except for ones with SQL code in the query string of a
request.
JSON
"MyWebACL": { "Type": "AWS::WAFRegional::WebACL", "Properties": { "Name": "Web ACL to block SQL injection in the query string", "DefaultAction": { "Type": "ALLOW" }, "MetricName" : "SqlInjWebACL", "Rules": [ { "Action" : { "Type" : "BLOCK" }, "Priority" : 1, "RuleId" : { "Ref" : "SqlInjRule" } } ] } }
YAML
MyWebACL: Type: "AWS::WAFRegional::WebACL" Properties: Name: "Web ACL to block SQL injection in the query string" DefaultAction: Type: "ALLOW" MetricName: "SqlInjWebACL" Rules: - Action: Type: "BLOCK" Priority: 1 RuleId: Ref: "SqlInjRule"
