XssMatchSet
Note
AWS WAF Classic support will end on September 30, 2025.
This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.
For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use.
A complex type that contains XssMatchTuple objects, which specify the parts of web requests that you
want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header. If a
XssMatchSet contains more than one XssMatchTuple object, a request needs to
include cross-site scripting attacks in only one of the specified parts of the request to be considered a match.
Contents
- XssMatchSetId
-
A unique identifier for an
XssMatchSet. You useXssMatchSetIdto get information about anXssMatchSet(see GetXssMatchSet), update anXssMatchSet(see UpdateXssMatchSet), insert anXssMatchSetinto aRuleor delete one from aRule(see UpdateRule), and delete anXssMatchSetfrom AWS WAF (see DeleteXssMatchSet).XssMatchSetIdis returned by CreateXssMatchSet and by ListXssMatchSets.Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
.*\S.*Required: Yes
- XssMatchTuples
-
Specifies the parts of web requests that you want to inspect for cross-site scripting attacks.
Type: Array of XssMatchTuple objects
Required: Yes
- Name
-
The name, if any, of the
XssMatchSet.Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
.*\S.*Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
