Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
DataProtection - AWS WAFV2
ContentsSee Also

DataProtection

PDF

Specifies the protection behavior for a field type. This is part of the data protection configuration for a web ACL.

Contents

Action

Specifies how to protect the field. AWS WAF can apply a one-way hash to the field or hard code a string substitution.

  • One-way hash example: ade099751dEXAMPLEHASH2ea9f3393f80dd5d3bEXAMPLEHASH966ae0d3cd5a1e

  • Substitution example: REDACTED

Type: String

Valid Values: SUBSTITUTION | HASH

Required: Yes

Field

Specifies the field type and optional keys to apply the protection behavior to.

Type: FieldToProtect object

Required: Yes

ExcludeRateBasedDetails

Specifies whether to also exclude any rate-based rule details from the data protection you have enabled for a given field. If you specify this exception, RateBasedDetails will show the value of the field. For additional information, see the log field rateBasedRuleList at Log fields for web ACL traffic in the AWS WAF Developer Guide.

Default: FALSE

Type: Boolean

Required: No

ExcludeRuleMatchDetails

Specifies whether to also exclude any rule match details from the data protection you have enabled for a given field. AWS WAF logs these details for non-terminating matching rules and for the terminating matching rule. For additional information, see Log fields for web ACL traffic in the AWS WAF Developer Guide.

Default: FALSE

Type: Boolean

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

Previous topic:

CustomResponseBody

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.