AWS::WAF::SizeConstraintSet
Note
AWS WAF Classic support will end on September 30, 2025.
This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.
For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use.
A complex type that contains SizeConstraint objects, which specify the parts of web requests that you
want AWS WAF to inspect the size of. If a SizeConstraintSet contains more than one SizeConstraint
object, a request only needs to match one constraint to be considered a match.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::WAF::SizeConstraintSet", "Properties" : { "Name" :String, "SizeConstraints" :[ SizeConstraint, ... ]} }
YAML
Type: AWS::WAF::SizeConstraintSet Properties: Name:StringSizeConstraints:- SizeConstraint
Properties
Name-
The name, if any, of the
SizeConstraintSet.Required: Yes
Type: String
Pattern:
.*\S.*Minimum:
1Maximum:
128Update requires: Replacement
SizeConstraints-
The size constraint and the part of the web request to check.
Required: Yes
Type: Array of SizeConstraint
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.
For more information about using the Ref function, see Ref.
Fn::GetAtt
Examples
Define a Size Constraint
The following example checks that the body of an HTTP request equals 4096 bytes.
JSON
"MySizeConstraint": { "Type": "AWS::WAF::SizeConstraintSet", "Properties": { "Name": "SizeConstraints", "SizeConstraints": [ { "ComparisonOperator": "EQ", "FieldToMatch": { "Type": "BODY" }, "Size": "4096", "TextTransformation": "NONE" } ] } }
YAML
MySizeConstraint: Type: "AWS::WAF::SizeConstraintSet" Properties: Name: "SizeConstraints" SizeConstraints: - ComparisonOperator: "EQ" FieldToMatch: Type: "BODY" Size: "4096" TextTransformation: "NONE"
Associate a SizeConstraintSet with a Web ACL Rule
The following example associates the MySizeConstraint object with a web ACL rule.
JSON
"SizeConstraintRule" : { "Type": "AWS::WAF::Rule", "Properties": { "Name": "SizeConstraintRule", "MetricName" : "SizeConstraintRule", "Predicates": [ { "DataId" : { "Ref" : "MySizeConstraint" }, "Negated" : false, "Type" : "SizeConstraint" } ] } }
YAML
SizeConstraintRule: Type: "AWS::WAF::Rule" Properties: Name: "SizeConstraintRule" MetricName: "SizeConstraintRule" Predicates: - DataId: Ref: "MySizeConstraint" Negated: false Type: "SizeConstraint"
Create a Web ACL
The following example associates the SizeConstraintRule rule with a web ACL. The web ACL blocks all requests except for requests with a body size equal to 4096 bytes.
JSON
"MyWebACL": { "Type": "AWS::WAF::WebACL", "Properties": { "Name": "Web ACL to allow requests with a specific size", "DefaultAction": { "Type": "BLOCK" }, "MetricName" : "SizeConstraintWebACL", "Rules": [ { "Action" : { "Type" : "ALLOW" }, "Priority" : 1, "RuleId" : { "Ref" : "SizeConstraintRule" } } ] } }
YAML
MyWebACL: Type: "AWS::WAF::WebACL" Properties: Name: "Web ACL to allow requests with a specific size" DefaultAction: Type: "BLOCK" MetricName: "SizeConstraintWebACL" Rules: - Action: Type: "ALLOW" Priority: 1 RuleId: Ref: "SizeConstraintRule"
