XssMatchSet - AWS WAFV2

XssMatchSet

Note

AWS WAF Classic support will end on September 30, 2025.

This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.

For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use.

A complex type that contains XssMatchTuple objects, which specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header. If a XssMatchSet contains more than one XssMatchTuple object, a request needs to include cross-site scripting attacks in only one of the specified parts of the request to be considered a match.

Contents

XssMatchSetId

A unique identifier for an XssMatchSet. You use XssMatchSetId to get information about an XssMatchSet (see GetXssMatchSet), update an XssMatchSet (see UpdateXssMatchSet), insert an XssMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete an XssMatchSet from AWS WAF (see DeleteXssMatchSet).

XssMatchSetId is returned by CreateXssMatchSet and by ListXssMatchSets.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: .*\S.*

Required: Yes

XssMatchTuples

Specifies the parts of web requests that you want to inspect for cross-site scripting attacks.

Type: Array of XssMatchTuple objects

Required: Yes

Name

The name, if any, of the XssMatchSet.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: