AWS::WAFRegional::WebACL Rule

A combination of ByteMatchSet, IPSet, and/or SqlInjectionMatchSet objects that identify the web requests that you want to allow, block, or count. For example, you might create a Rule that includes the following predicates:

An IPSet that causes AWS WAF to search for web requests that originate from the IP address 192.0.2.44
A ByteMatchSet that causes AWS WAF to search for web requests for which the value of the User-Agent header is BadBot.

To match the settings in this Rule, a request must originate from 192.0.2.44 AND include a User-Agent header for which the value is BadBot.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Action" : Action,
  "Priority" : Integer,
  "RuleId" : String
}

YAML


  Action: 
    Action
  Priority: Integer
  RuleId: String

Properties

Action

The action that AWS WAF takes when a web request matches all conditions in the rule, such as allow, block, or count the request.

Required: Yes

Type: Action

Update requires: No interruption

Priority

The order in which AWS WAF evaluates the rules in a web ACL. AWS WAF evaluates rules with a lower value before rules with a higher value. The value must be a unique integer. If you have multiple rules in a web ACL, the priority numbers do not need to be consecutive.

Required: Yes

Type: Integer

Update requires: No interruption

RuleId

The ID of an AWS WAF Regional rule to associate with a web ACL.

Required: Yes

Type: String

Pattern: .*\S.*

Minimum: 1

Maximum: 128

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Action

AWS::WAFRegional::WebACLAssociation