Specifies the protection behavior for a field type. This is part of the data protection configuration for a web ACL.
Contents
- Action
-
Specifies how to protect the field. AWS WAF can apply a one-way hash to the field or hard code a string substitution.
-
One-way hash example:
ade099751dEXAMPLEHASH2ea9f3393f80dd5d3bEXAMPLEHASH966ae0d3cd5a1e -
Substitution example:
REDACTED
Type: String
Valid Values:
SUBSTITUTION | HASHRequired: Yes
-
- Field
-
Specifies the field type and optional keys to apply the protection behavior to.
Type: FieldToProtect object
Required: Yes
- ExcludeRateBasedDetails
-
Specifies whether to also exclude any rate-based rule details from the data protection you have enabled for a given field. If you specify this exception, RateBasedDetails will show the value of the field. For additional information, see the log field
rateBasedRuleListat Log fields for web ACL traffic in the AWS WAF Developer Guide.Default:
FALSEType: Boolean
Required: No
- ExcludeRuleMatchDetails
-
Specifies whether to also exclude any rule match details from the data protection you have enabled for a given field. AWS WAF logs these details for non-terminating matching rules and for the terminating matching rule. For additional information, see Log fields for web ACL traffic in the AWS WAF Developer Guide.
Default:
FALSEType: Boolean
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
