選取您的 Cookie 偏好設定

我們使用提供自身網站和服務所需的基本 Cookie 和類似工具。我們使用效能 Cookie 收集匿名統計資料,以便了解客戶如何使用我們的網站並進行改進。基本 Cookie 無法停用,但可以按一下「自訂」或「拒絕」以拒絕效能 Cookie。

如果您同意,AWS 與經核准的第三方也會使用 Cookie 提供實用的網站功能、記住您的偏好設定,並顯示相關內容,包括相關廣告。若要接受或拒絕所有非必要 Cookie,請按一下「接受」或「拒絕」。若要進行更詳細的選擇,請按一下「自訂」。

AWS::WAF::XssMatchSet

焦點模式
AWS::WAF::XssMatchSet - AWS CloudFormation
此頁面尚未翻譯為您的語言。 請求翻譯
篩選條件查看
Note

AWS WAF Classic support will end on September 30, 2025.

This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide.

For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use.

A complex type that contains XssMatchTuple objects, which specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header. If a XssMatchSet contains more than one XssMatchTuple object, a request needs to include cross-site scripting attacks in only one of the specified parts of the request to be considered a match.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::WAF::XssMatchSet", "Properties" : { "Name" : String, "XssMatchTuples" : [ XssMatchTuple, ... ] } }

YAML

Type: AWS::WAF::XssMatchSet Properties: Name: String XssMatchTuples: - XssMatchTuple

Properties

Name

The name, if any, of the XssMatchSet.

Required: Yes

Type: String

Pattern: .*\S.*

Minimum: 1

Maximum: 128

Update requires: Replacement

XssMatchTuples

Specifies the parts of web requests that you want to inspect for cross-site scripting attacks.

Required: Yes

Type: Array of XssMatchTuple

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.

For more information about using the Ref function, see Ref.

Fn::GetAtt

Examples

Define Which Part of a Request to Check for Cross-site Scripting

The following example looks for cross-site scripting in the URI or query string of an HTTP request.

JSON

"DetectXSS": { "Type": "AWS::WAF::XssMatchSet", "Properties": { "Name": "XssMatchSet", "XssMatchTuples": [ { "FieldToMatch": { "Type": "URI" }, "TextTransformation": "NONE" }, { "FieldToMatch": { "Type": "QUERY_STRING" }, "TextTransformation": "NONE" } ] } }

YAML

DetectXSS: Type: "AWS::WAF::XssMatchSet" Properties: Name: "XssMatchSet" XssMatchTuples: - FieldToMatch: Type: "URI" TextTransformation: "NONE" - FieldToMatch: Type: "QUERY_STRING" TextTransformation: "NONE"

Associate an XssMatchSet with a Web ACL Rule

The following example associates the DetectXSS match set with a web access control list (ACL) rule.

JSON

"XSSRule" : { "Type": "AWS::WAF::Rule", "Properties": { "Name": "XSSRule", "MetricName" : "XSSRule", "Predicates": [ { "DataId" : { "Ref" : "DetectXSS" }, "Negated" : false, "Type" : "XssMatch" } ] } }

YAML

XSSRule: Type: "AWS::WAF::Rule" Properties: Name: "XSSRule" MetricName: "XSSRule" Predicates: - DataId: Ref: "DetectXSS" Negated: false Type: "XssMatch"

Create a Web ACL

The following example associates the XSSRule rule with a web ACL. The web ACL allows all requests except for ones that contain cross-site scripting in the URI or query string of an HTTP request.

JSON

"MyWebACL": { "Type": "AWS::WAF::WebACL", "Properties": { "Name": "Web ACL to block cross-site scripting", "DefaultAction": { "Type": "ALLOW" }, "MetricName" : "DetectXSSWebACL", "Rules": [ { "Action" : { "Type" : "BLOCK" }, "Priority" : 1, "RuleId" : { "Ref" : "XSSRule" } } ] } }

YAML

MyWebACL: Type: "AWS::WAF::WebACL" Properties: Name: "Web ACL to block cross-site scripting" DefaultAction: Type: "ALLOW" MetricName: "DetectXSSWebACL" Rules: - Action: Type: "BLOCK" Priority: 1 RuleId: Ref: "XSSRule"

在本頁面

下一個主題:

FieldToMatch

上一個主題:

WafAction
隱私權網站條款Cookie 偏好設定
© 2025, Amazon Web Services, Inc.或其附屬公司。保留所有權利。