Class AWSWAFClient
- All Implemented Interfaces:
AWSWAF
- Direct Known Subclasses:
AWSWAFAsyncClient
This is the AWS WAF API Reference. This guide is for developers who need detailed information about the AWS WAF API actions, data types, and errors. For detailed information about AWS WAF features and an overview of how to use the AWS WAF API, see the AWS WAF Developer Guide.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprotected static final ClientConfigurationFactory
Client configuration factory providing ClientConfigurations tailored to this clientFields inherited from class com.amazonaws.AmazonWebServiceClient
client, clientConfiguration, endpoint, LOGGING_AWS_REQUEST_METRIC, requestHandler2s, timeOffset
-
Constructor Summary
ConstructorsConstructorDescriptionConstructs a new client to invoke service methods on WAF.AWSWAFClient
(AWSCredentials awsCredentials) Constructs a new client to invoke service methods on WAF using the specified AWS account credentials.AWSWAFClient
(AWSCredentialsProvider awsCredentialsProvider) Constructs a new client to invoke service methods on WAF using the specified AWS account credentials provider.AWSWAFClient
(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration) Constructs a new client to invoke service methods on WAF using the specified AWS account credentials provider and client configuration options.AWSWAFClient
(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration, RequestMetricCollector requestMetricCollector) Constructs a new client to invoke service methods on WAF using the specified AWS account credentials provider, client configuration options, and request metric collector.AWSWAFClient
(AWSCredentials awsCredentials, ClientConfiguration clientConfiguration) Constructs a new client to invoke service methods on WAF using the specified AWS account credentials and client configuration options.AWSWAFClient
(ClientConfiguration clientConfiguration) Constructs a new client to invoke service methods on WAF. -
Method Summary
Modifier and TypeMethodDescriptioncreateByteMatchSet
(CreateByteMatchSetRequest createByteMatchSetRequest) Creates aByteMatchSet
.createIPSet
(CreateIPSetRequest createIPSetRequest) Creates an IPSet, which you use to specify which web requests you want to allow or block based on the IP addresses that the requests originate from.createRule
(CreateRuleRequest createRuleRequest) Creates aRule
, which contains theIPSet
objects,ByteMatchSet
objects, and other predicates that identify the requests that you want to block.createSizeConstraintSet
(CreateSizeConstraintSetRequest createSizeConstraintSetRequest) Creates aSizeConstraintSet
.createSqlInjectionMatchSet
(CreateSqlInjectionMatchSetRequest createSqlInjectionMatchSetRequest) Creates a SqlInjectionMatchSet, which you use to allow, block, or count requests that contain snippets of SQL code in a specified part of web requests.createWebACL
(CreateWebACLRequest createWebACLRequest) Creates aWebACL
, which contains theRules
that identify the CloudFront web requests that you want to allow, block, or count.createXssMatchSet
(CreateXssMatchSetRequest createXssMatchSetRequest) Creates an XssMatchSet, which you use to allow, block, or count requests that contain cross-site scripting attacks in the specified part of web requests.deleteByteMatchSet
(DeleteByteMatchSetRequest deleteByteMatchSetRequest) Permanently deletes a ByteMatchSet.deleteIPSet
(DeleteIPSetRequest deleteIPSetRequest) Permanently deletes an IPSet.deleteRule
(DeleteRuleRequest deleteRuleRequest) Permanently deletes a Rule.deleteSizeConstraintSet
(DeleteSizeConstraintSetRequest deleteSizeConstraintSetRequest) Permanently deletes a SizeConstraintSet.deleteSqlInjectionMatchSet
(DeleteSqlInjectionMatchSetRequest deleteSqlInjectionMatchSetRequest) Permanently deletes a SqlInjectionMatchSet.deleteWebACL
(DeleteWebACLRequest deleteWebACLRequest) Permanently deletes a WebACL.deleteXssMatchSet
(DeleteXssMatchSetRequest deleteXssMatchSetRequest) Permanently deletes an XssMatchSet.getByteMatchSet
(GetByteMatchSetRequest getByteMatchSetRequest) Returns the ByteMatchSet specified byByteMatchSetId
.Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected.getChangeToken
(GetChangeTokenRequest getChangeTokenRequest) When you want to create, update, or delete AWS WAF objects, get a change token and include the change token in the create, update, or delete request.getChangeTokenStatus
(GetChangeTokenStatusRequest getChangeTokenStatusRequest) Returns the status of aChangeToken
that you got by calling GetChangeToken.getIPSet
(GetIPSetRequest getIPSetRequest) Returns the IPSet that is specified byIPSetId
.getRule
(GetRuleRequest getRuleRequest) getSampledRequests
(GetSampledRequestsRequest getSampledRequestsRequest) Gets detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received during a time range that you choose.getSizeConstraintSet
(GetSizeConstraintSetRequest getSizeConstraintSetRequest) Returns the SizeConstraintSet specified bySizeConstraintSetId
.getSqlInjectionMatchSet
(GetSqlInjectionMatchSetRequest getSqlInjectionMatchSetRequest) Returns the SqlInjectionMatchSet that is specified bySqlInjectionMatchSetId
.getWebACL
(GetWebACLRequest getWebACLRequest) Returns the WebACL that is specified byWebACLId
.getXssMatchSet
(GetXssMatchSetRequest getXssMatchSetRequest) Returns the XssMatchSet that is specified byXssMatchSetId
.listByteMatchSets
(ListByteMatchSetsRequest listByteMatchSetsRequest) Returns an array of ByteMatchSetSummary objects.listIPSets
(ListIPSetsRequest listIPSetsRequest) Returns an array of IPSetSummary objects in the response.listRules
(ListRulesRequest listRulesRequest) Returns an array of RuleSummary objects.listSizeConstraintSets
(ListSizeConstraintSetsRequest listSizeConstraintSetsRequest) Returns an array of SizeConstraintSetSummary objects.listSqlInjectionMatchSets
(ListSqlInjectionMatchSetsRequest listSqlInjectionMatchSetsRequest) Returns an array of SqlInjectionMatchSet objects.listWebACLs
(ListWebACLsRequest listWebACLsRequest) Returns an array of WebACLSummary objects in the response.listXssMatchSets
(ListXssMatchSetsRequest listXssMatchSetsRequest) Returns an array of XssMatchSet objects.updateByteMatchSet
(UpdateByteMatchSetRequest updateByteMatchSetRequest) Inserts or deletes ByteMatchTuple objects (filters) in a ByteMatchSet.updateIPSet
(UpdateIPSetRequest updateIPSetRequest) Inserts or deletes IPSetDescriptor objects in anIPSet
.updateRule
(UpdateRuleRequest updateRuleRequest) Inserts or deletes Predicate objects in aRule
.updateSizeConstraintSet
(UpdateSizeConstraintSetRequest updateSizeConstraintSetRequest) Inserts or deletes SizeConstraint objects (filters) in a SizeConstraintSet.updateSqlInjectionMatchSet
(UpdateSqlInjectionMatchSetRequest updateSqlInjectionMatchSetRequest) Inserts or deletes SqlInjectionMatchTuple objects (filters) in a SqlInjectionMatchSet.updateWebACL
(UpdateWebACLRequest updateWebACLRequest) Inserts or deletes ActivatedRule objects in aWebACL
.updateXssMatchSet
(UpdateXssMatchSetRequest updateXssMatchSetRequest) Inserts or deletes XssMatchTuple objects (filters) in an XssMatchSet.Methods inherited from class com.amazonaws.AmazonWebServiceClient
addRequestHandler, addRequestHandler, beforeMarshalling, configureRegion, createExecutionContext, createExecutionContext, createExecutionContext, endClientExecution, endClientExecution, findRequestMetricCollector, getEndpointPrefix, getRequestMetricsCollector, getServiceAbbreviation, getServiceName, getServiceNameIntern, getSigner, getSignerByURI, getSignerRegionOverride, getTimeOffset, isProfilingEnabled, isRequestMetricsEnabled, removeRequestHandler, removeRequestHandler, requestMetricCollector, setEndpoint, setEndpointPrefix, setRegion, setServiceNameIntern, setSignerRegionOverride, setTimeOffset, shutdown, withEndpoint, withRegion, withRegion, withTimeOffset
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface com.amazonaws.services.waf.AWSWAF
setEndpoint, setRegion, shutdown
-
Field Details
-
configFactory
Client configuration factory providing ClientConfigurations tailored to this client
-
-
Constructor Details
-
AWSWAFClient
public AWSWAFClient()Constructs a new client to invoke service methods on WAF. A credentials provider chain will be used that searches for credentials in this order:- Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
- Java System Properties - aws.accessKeyId and aws.secretKey
- Instance profile credentials delivered through the Amazon EC2 metadata service
All service calls made using this new client object are blocking, and will not return until the service call completes.
- See Also:
-
AWSWAFClient
Constructs a new client to invoke service methods on WAF. A credentials provider chain will be used that searches for credentials in this order:- Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
- Java System Properties - aws.accessKeyId and aws.secretKey
- Instance profile credentials delivered through the Amazon EC2 metadata service
All service calls made using this new client object are blocking, and will not return until the service call completes.
- Parameters:
clientConfiguration
- The client configuration options controlling how this client connects to WAF (ex: proxy settings, retry counts, etc.).- See Also:
-
AWSWAFClient
Constructs a new client to invoke service methods on WAF using the specified AWS account credentials.All service calls made using this new client object are blocking, and will not return until the service call completes.
- Parameters:
awsCredentials
- The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.
-
AWSWAFClient
Constructs a new client to invoke service methods on WAF using the specified AWS account credentials and client configuration options.All service calls made using this new client object are blocking, and will not return until the service call completes.
- Parameters:
awsCredentials
- The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.clientConfiguration
- The client configuration options controlling how this client connects to WAF (ex: proxy settings, retry counts, etc.).
-
AWSWAFClient
Constructs a new client to invoke service methods on WAF using the specified AWS account credentials provider.All service calls made using this new client object are blocking, and will not return until the service call completes.
- Parameters:
awsCredentialsProvider
- The AWS credentials provider which will provide credentials to authenticate requests with AWS services.
-
AWSWAFClient
public AWSWAFClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration) Constructs a new client to invoke service methods on WAF using the specified AWS account credentials provider and client configuration options.All service calls made using this new client object are blocking, and will not return until the service call completes.
- Parameters:
awsCredentialsProvider
- The AWS credentials provider which will provide credentials to authenticate requests with AWS services.clientConfiguration
- The client configuration options controlling how this client connects to WAF (ex: proxy settings, retry counts, etc.).
-
AWSWAFClient
public AWSWAFClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration, RequestMetricCollector requestMetricCollector) Constructs a new client to invoke service methods on WAF using the specified AWS account credentials provider, client configuration options, and request metric collector.All service calls made using this new client object are blocking, and will not return until the service call completes.
- Parameters:
awsCredentialsProvider
- The AWS credentials provider which will provide credentials to authenticate requests with AWS services.clientConfiguration
- The client configuration options controlling how this client connects to WAF (ex: proxy settings, retry counts, etc.).requestMetricCollector
- optional request metric collector
-
-
Method Details
-
createByteMatchSet
public CreateByteMatchSetResult createByteMatchSet(CreateByteMatchSetRequest createByteMatchSetRequest) Creates a
ByteMatchSet
. You then use UpdateByteMatchSet to identify the part of a web request that you want AWS WAF to inspect, such as the values of theUser-Agent
header or the query string. For example, you can create aByteMatchSet
that matches any requests withUser-Agent
headers that contain the stringBadBot
. You can then configure AWS WAF to reject those requests.To create and configure a
ByteMatchSet
, perform the following steps:- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateByteMatchSet
request. - Submit a
CreateByteMatchSet
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of anUpdateByteMatchSet
request. - Submit an UpdateByteMatchSet request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Specified by:
createByteMatchSet
in interfaceAWSWAF
- Parameters:
createByteMatchSetRequest
-- Returns:
- Result of the CreateByteMatchSet operation returned by the service.
- Throws:
WAFDisallowedNameException
- The name specified is invalid.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Use GetChangeToken to get the change token that you provide in
the
-
createIPSet
Creates an IPSet, which you use to specify which web requests you want to allow or block based on the IP addresses that the requests originate from. For example, if you're receiving a lot of requests from one or more individual IP addresses or one or more ranges of IP addresses and you want to block the requests, you can create an
IPSet
that contains those IP addresses and then configure AWS WAF to block the requests.To create and configure an
IPSet
, perform the following steps:- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateIPSet
request. - Submit a
CreateIPSet
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateIPSet request. - Submit an
UpdateIPSet
request to specify the IP addresses that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Specified by:
createIPSet
in interfaceAWSWAF
- Parameters:
createIPSetRequest
-- Returns:
- Result of the CreateIPSet operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFDisallowedNameException
- The name specified is invalid.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Use GetChangeToken to get the change token that you provide in
the
-
createRule
Creates a
Rule
, which contains theIPSet
objects,ByteMatchSet
objects, and other predicates that identify the requests that you want to block. If you add more than one predicate to aRule
, a request must match all of the specifications to be allowed or blocked. For example, suppose you add the following to aRule
:- An
IPSet
that matches the IP address192.0.2.44/32
- A
ByteMatchSet
that matchesBadBot
in theUser-Agent
header
You then add the
Rule
to aWebACL
and specify that you want to blocks requests that satisfy theRule
. For a request to be blocked, it must come from the IP address 192.0.2.44 and theUser-Agent
header in the request must contain the valueBadBot
.To create and configure a
Rule
, perform the following steps:- Create and update the predicates that you want to include in the
Rule
. For more information, see CreateByteMatchSet, CreateIPSet, and CreateSqlInjectionMatchSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateRule
request. - Submit a
CreateRule
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateRule request. - Submit an
UpdateRule
request to specify the predicates that you want to include in theRule
. - Create and update a
WebACL
that contains theRule
. For more information, see CreateWebACL.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Specified by:
createRule
in interfaceAWSWAF
- Parameters:
createRuleRequest
-- Returns:
- Result of the CreateRule operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFDisallowedNameException
- The name specified is invalid.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- An
-
createSizeConstraintSet
public CreateSizeConstraintSetResult createSizeConstraintSet(CreateSizeConstraintSetRequest createSizeConstraintSetRequest) Creates a
SizeConstraintSet
. You then use UpdateSizeConstraintSet to identify the part of a web request that you want AWS WAF to check for length, such as the length of theUser-Agent
header or the length of the query string. For example, you can create aSizeConstraintSet
that matches any requests that have a query string that is longer than 100 bytes. You can then configure AWS WAF to reject those requests.To create and configure a
SizeConstraintSet
, perform the following steps:- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateSizeConstraintSet
request. - Submit a
CreateSizeConstraintSet
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of anUpdateSizeConstraintSet
request. - Submit an UpdateSizeConstraintSet request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Specified by:
createSizeConstraintSet
in interfaceAWSWAF
- Parameters:
createSizeConstraintSetRequest
-- Returns:
- Result of the CreateSizeConstraintSet operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFDisallowedNameException
- The name specified is invalid.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Use GetChangeToken to get the change token that you provide in
the
-
createSqlInjectionMatchSet
public CreateSqlInjectionMatchSetResult createSqlInjectionMatchSet(CreateSqlInjectionMatchSetRequest createSqlInjectionMatchSetRequest) Creates a SqlInjectionMatchSet, which you use to allow, block, or count requests that contain snippets of SQL code in a specified part of web requests. AWS WAF searches for character sequences that are likely to be malicious strings.
To create and configure a
SqlInjectionMatchSet
, perform the following steps:- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateSqlInjectionMatchSet
request. - Submit a
CreateSqlInjectionMatchSet
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateSqlInjectionMatchSet request. - Submit an UpdateSqlInjectionMatchSet request to specify the parts of web requests in which you want to allow, block, or count malicious SQL code.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Specified by:
createSqlInjectionMatchSet
in interfaceAWSWAF
- Parameters:
createSqlInjectionMatchSetRequest
- A request to create a SqlInjectionMatchSet.- Returns:
- Result of the CreateSqlInjectionMatchSet operation returned by the service.
- Throws:
WAFDisallowedNameException
- The name specified is invalid.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Use GetChangeToken to get the change token that you provide in
the
-
createWebACL
Creates a
WebACL
, which contains theRules
that identify the CloudFront web requests that you want to allow, block, or count. AWS WAF evaluatesRules
in order based on the value ofPriority
for eachRule
.You also specify a default action, either
ALLOW
orBLOCK
. If a web request doesn't match any of theRules
in aWebACL
, AWS WAF responds to the request with the default action.To create and configure a
WebACL
, perform the following steps:- Create and update the
ByteMatchSet
objects and other predicates that you want to include inRules
. For more information, see CreateByteMatchSet, UpdateByteMatchSet, CreateIPSet, UpdateIPSet, CreateSqlInjectionMatchSet, and UpdateSqlInjectionMatchSet. - Create and update the
Rules
that you want to include in theWebACL
. For more information, see CreateRule and UpdateRule. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateWebACL
request. - Submit a
CreateWebACL
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateWebACL request. - Submit an UpdateWebACL request to specify the
Rules
that you want to include in theWebACL
, to specify the default action, and to associate theWebACL
with a CloudFront distribution.
For more information about how to use the AWS WAF API, see the AWS WAF Developer Guide.
- Specified by:
createWebACL
in interfaceAWSWAF
- Parameters:
createWebACLRequest
-- Returns:
- Result of the CreateWebACL operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFDisallowedNameException
- The name specified is invalid.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Create and update the
-
createXssMatchSet
Creates an XssMatchSet, which you use to allow, block, or count requests that contain cross-site scripting attacks in the specified part of web requests. AWS WAF searches for character sequences that are likely to be malicious strings.
To create and configure an
XssMatchSet
, perform the following steps:- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aCreateXssMatchSet
request. - Submit a
CreateXssMatchSet
request. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateXssMatchSet request. - Submit an UpdateXssMatchSet request to specify the parts of web requests in which you want to allow, block, or count cross-site scripting attacks.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Specified by:
createXssMatchSet
in interfaceAWSWAF
- Parameters:
createXssMatchSetRequest
- A request to create an XssMatchSet.- Returns:
- Result of the CreateXssMatchSet operation returned by the service.
- Throws:
WAFDisallowedNameException
- The name specified is invalid.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Use GetChangeToken to get the change token that you provide in
the
-
deleteByteMatchSet
public DeleteByteMatchSetResult deleteByteMatchSet(DeleteByteMatchSetRequest deleteByteMatchSetRequest) Permanently deletes a ByteMatchSet. You can't delete a
ByteMatchSet
if it's still used in anyRules
or if it still includes any ByteMatchTuple objects (any filters).If you just want to remove a
ByteMatchSet
from aRule
, use UpdateRule.To permanently delete a
ByteMatchSet
, perform the following steps:- Update the
ByteMatchSet
to remove filters, if any. For more information, see UpdateByteMatchSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteByteMatchSet
request. - Submit a
DeleteByteMatchSet
request.
- Specified by:
deleteByteMatchSet
in interfaceAWSWAF
- Parameters:
deleteByteMatchSetRequest
-- Returns:
- Result of the DeleteByteMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
deleteIPSet
Permanently deletes an IPSet. You can't delete an
IPSet
if it's still used in anyRules
or if it still includes any IP addresses.If you just want to remove an
IPSet
from aRule
, use UpdateRule.To permanently delete an
IPSet
from AWS WAF, perform the following steps:- Update the
IPSet
to remove IP address ranges, if any. For more information, see UpdateIPSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteIPSet
request. - Submit a
DeleteIPSet
request.
- Specified by:
deleteIPSet
in interfaceAWSWAF
- Parameters:
deleteIPSetRequest
-- Returns:
- Result of the DeleteIPSet operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
deleteRule
Permanently deletes a Rule. You can't delete a
Rule
if it's still used in anyWebACL
objects or if it still includes any predicates, such asByteMatchSet
objects.If you just want to remove a
Rule
from aWebACL
, use UpdateWebACL.To permanently delete a
Rule
from AWS WAF, perform the following steps:- Update the
Rule
to remove predicates, if any. For more information, see UpdateRule. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteRule
request. - Submit a
DeleteRule
request.
- Specified by:
deleteRule
in interfaceAWSWAF
- Parameters:
deleteRuleRequest
-- Returns:
- Result of the DeleteRule operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
deleteSizeConstraintSet
public DeleteSizeConstraintSetResult deleteSizeConstraintSet(DeleteSizeConstraintSetRequest deleteSizeConstraintSetRequest) Permanently deletes a SizeConstraintSet. You can't delete a
SizeConstraintSet
if it's still used in anyRules
or if it still includes any SizeConstraint objects (any filters).If you just want to remove a
SizeConstraintSet
from aRule
, use UpdateRule.To permanently delete a
SizeConstraintSet
, perform the following steps:- Update the
SizeConstraintSet
to remove filters, if any. For more information, see UpdateSizeConstraintSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteSizeConstraintSet
request. - Submit a
DeleteSizeConstraintSet
request.
- Specified by:
deleteSizeConstraintSet
in interfaceAWSWAF
- Parameters:
deleteSizeConstraintSetRequest
-- Returns:
- Result of the DeleteSizeConstraintSet operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
deleteSqlInjectionMatchSet
public DeleteSqlInjectionMatchSetResult deleteSqlInjectionMatchSet(DeleteSqlInjectionMatchSetRequest deleteSqlInjectionMatchSetRequest) Permanently deletes a SqlInjectionMatchSet. You can't delete a
SqlInjectionMatchSet
if it's still used in anyRules
or if it still contains any SqlInjectionMatchTuple objects.If you just want to remove a
SqlInjectionMatchSet
from aRule
, use UpdateRule.To permanently delete a
SqlInjectionMatchSet
from AWS WAF, perform the following steps:- Update the
SqlInjectionMatchSet
to remove filters, if any. For more information, see UpdateSqlInjectionMatchSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteSqlInjectionMatchSet
request. - Submit a
DeleteSqlInjectionMatchSet
request.
- Specified by:
deleteSqlInjectionMatchSet
in interfaceAWSWAF
- Parameters:
deleteSqlInjectionMatchSetRequest
- A request to delete a SqlInjectionMatchSet from AWS WAF.- Returns:
- Result of the DeleteSqlInjectionMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
deleteWebACL
Permanently deletes a WebACL. You can't delete a
WebACL
if it still contains anyRules
.To delete a
WebACL
, perform the following steps:- Update the
WebACL
to removeRules
, if any. For more information, see UpdateWebACL. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteWebACL
request. - Submit a
DeleteWebACL
request.
- Specified by:
deleteWebACL
in interfaceAWSWAF
- Parameters:
deleteWebACLRequest
-- Returns:
- Result of the DeleteWebACL operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
deleteXssMatchSet
Permanently deletes an XssMatchSet. You can't delete an
XssMatchSet
if it's still used in anyRules
or if it still contains any XssMatchTuple objects.If you just want to remove an
XssMatchSet
from aRule
, use UpdateRule.To permanently delete an
XssMatchSet
from AWS WAF, perform the following steps:- Update the
XssMatchSet
to remove filters, if any. For more information, see UpdateXssMatchSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of aDeleteXssMatchSet
request. - Submit a
DeleteXssMatchSet
request.
- Specified by:
deleteXssMatchSet
in interfaceAWSWAF
- Parameters:
deleteXssMatchSetRequest
- A request to delete an XssMatchSet from AWS WAF.- Returns:
- Result of the DeleteXssMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFNonEmptyEntityException
- The operation failed because you tried to delete an object that isn't empty. For example:- You tried to delete a
WebACL
that still contains one or moreRule
objects. - You tried to delete a
Rule
that still contains one or moreByteMatchSet
objects or other predicates. - You tried to delete a
ByteMatchSet
that contains one or moreByteMatchTuple
objects. - You tried to delete an
IPSet
that references one or more IP addresses.
- You tried to delete a
- Update the
-
getByteMatchSet
Returns the ByteMatchSet specified by
ByteMatchSetId
.- Specified by:
getByteMatchSet
in interfaceAWSWAF
- Parameters:
getByteMatchSetRequest
-- Returns:
- Result of the GetByteMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
getChangeToken
When you want to create, update, or delete AWS WAF objects, get a change token and include the change token in the create, update, or delete request. Change tokens ensure that your application doesn't submit conflicting requests to AWS WAF.
Each create, update, or delete request must use a unique change token. If your application submits a
GetChangeToken
request and then submits a secondGetChangeToken
request before submitting a create, update, or delete request, the secondGetChangeToken
request returns the same value as the firstGetChangeToken
request.When you use a change token in a create, update, or delete request, the status of the change token changes to
PENDING
, which indicates that AWS WAF is propagating the change to all AWS WAF servers. UseGetChangeTokenStatus
to determine the status of your change token.- Specified by:
getChangeToken
in interfaceAWSWAF
- Parameters:
getChangeTokenRequest
-- Returns:
- Result of the GetChangeToken operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.
-
getChangeTokenStatus
public GetChangeTokenStatusResult getChangeTokenStatus(GetChangeTokenStatusRequest getChangeTokenStatusRequest) Returns the status of a
ChangeToken
that you got by calling GetChangeToken.ChangeTokenStatus
is one of the following values:PROVISIONED
: You requested the change token by callingGetChangeToken
, but you haven't used it yet in a call to create, update, or delete an AWS WAF object.PENDING
: AWS WAF is propagating the create, update, or delete request to all AWS WAF servers.IN_SYNC
: Propagation is complete.
- Specified by:
getChangeTokenStatus
in interfaceAWSWAF
- Parameters:
getChangeTokenStatusRequest
-- Returns:
- Result of the GetChangeTokenStatus operation returned by the service.
- Throws:
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.
-
getIPSet
Returns the IPSet that is specified by
IPSetId
.- Specified by:
getIPSet
in interfaceAWSWAF
- Parameters:
getIPSetRequest
-- Returns:
- Result of the GetIPSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
getRule
Returns the Rule that is specified by the
RuleId
that you included in theGetRule
request.- Specified by:
getRule
in interfaceAWSWAF
- Parameters:
getRuleRequest
-- Returns:
- Result of the GetRule operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
getSampledRequests
public GetSampledRequestsResult getSampledRequests(GetSampledRequestsRequest getSampledRequestsRequest) Gets detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received during a time range that you choose. You can specify a sample size of up to 100 requests, and you can specify any time range in the previous three hours.
GetSampledRequests
returns a time range, which is usually the time range that you specified. However, if your resource (such as a CloudFront distribution) received 5,000 requests before the specified time range elapsed,GetSampledRequests
returns an updated time range. This new time range indicates the actual period during which AWS WAF selected the requests in the sample.- Specified by:
getSampledRequests
in interfaceAWSWAF
- Parameters:
getSampledRequestsRequest
-- Returns:
- Result of the GetSampledRequests operation returned by the service.
- Throws:
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.
-
getSizeConstraintSet
public GetSizeConstraintSetResult getSizeConstraintSet(GetSizeConstraintSetRequest getSizeConstraintSetRequest) Returns the SizeConstraintSet specified by
SizeConstraintSetId
.- Specified by:
getSizeConstraintSet
in interfaceAWSWAF
- Parameters:
getSizeConstraintSetRequest
-- Returns:
- Result of the GetSizeConstraintSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
getSqlInjectionMatchSet
public GetSqlInjectionMatchSetResult getSqlInjectionMatchSet(GetSqlInjectionMatchSetRequest getSqlInjectionMatchSetRequest) Returns the SqlInjectionMatchSet that is specified by
SqlInjectionMatchSetId
.- Specified by:
getSqlInjectionMatchSet
in interfaceAWSWAF
- Parameters:
getSqlInjectionMatchSetRequest
- A request to get a SqlInjectionMatchSet.- Returns:
- Result of the GetSqlInjectionMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
getWebACL
Returns the WebACL that is specified by
WebACLId
.- Specified by:
getWebACL
in interfaceAWSWAF
- Parameters:
getWebACLRequest
-- Returns:
- Result of the GetWebACL operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
getXssMatchSet
Returns the XssMatchSet that is specified by
XssMatchSetId
.- Specified by:
getXssMatchSet
in interfaceAWSWAF
- Parameters:
getXssMatchSetRequest
- A request to get an XssMatchSet.- Returns:
- Result of the GetXssMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.
-
listByteMatchSets
Returns an array of ByteMatchSetSummary objects.
- Specified by:
listByteMatchSets
in interfaceAWSWAF
- Parameters:
listByteMatchSetsRequest
-- Returns:
- Result of the ListByteMatchSets operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
listIPSets
Returns an array of IPSetSummary objects in the response.
- Specified by:
listIPSets
in interfaceAWSWAF
- Parameters:
listIPSetsRequest
-- Returns:
- Result of the ListIPSets operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
listRules
Returns an array of RuleSummary objects.
- Specified by:
listRules
in interfaceAWSWAF
- Parameters:
listRulesRequest
-- Returns:
- Result of the ListRules operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
listSizeConstraintSets
public ListSizeConstraintSetsResult listSizeConstraintSets(ListSizeConstraintSetsRequest listSizeConstraintSetsRequest) Returns an array of SizeConstraintSetSummary objects.
- Specified by:
listSizeConstraintSets
in interfaceAWSWAF
- Parameters:
listSizeConstraintSetsRequest
-- Returns:
- Result of the ListSizeConstraintSets operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
listSqlInjectionMatchSets
public ListSqlInjectionMatchSetsResult listSqlInjectionMatchSets(ListSqlInjectionMatchSetsRequest listSqlInjectionMatchSetsRequest) Returns an array of SqlInjectionMatchSet objects.
- Specified by:
listSqlInjectionMatchSets
in interfaceAWSWAF
- Parameters:
listSqlInjectionMatchSetsRequest
- A request to list the SqlInjectionMatchSet objects created by the current AWS account.- Returns:
- Result of the ListSqlInjectionMatchSets operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
listWebACLs
Returns an array of WebACLSummary objects in the response.
- Specified by:
listWebACLs
in interfaceAWSWAF
- Parameters:
listWebACLsRequest
-- Returns:
- Result of the ListWebACLs operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
listXssMatchSets
Returns an array of XssMatchSet objects.
- Specified by:
listXssMatchSets
in interfaceAWSWAF
- Parameters:
listXssMatchSetsRequest
- A request to list the XssMatchSet objects created by the current AWS account.- Returns:
- Result of the ListXssMatchSets operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.
-
updateByteMatchSet
public UpdateByteMatchSetResult updateByteMatchSet(UpdateByteMatchSetRequest updateByteMatchSetRequest) Inserts or deletes ByteMatchTuple objects (filters) in a ByteMatchSet. For each
ByteMatchTuple
object, you specify the following values:- Whether to insert or delete the object from the array. If you want to
change a
ByteMatchSetUpdate
object, you delete the existing object and add a new one. - The part of a web request that you want AWS WAF to inspect, such as a
query string or the value of the
User-Agent
header. - The bytes (typically a string that corresponds with ASCII characters)
that you want AWS WAF to look for. For more information, including how
you specify the values for the AWS WAF API and the AWS CLI or SDKs, see
TargetString
in the ByteMatchTuple data type. - Where to look, such as at the beginning or the end of a query string.
- Whether to perform any conversions on the request, such as converting it to lowercase, before inspecting it for the specified string.
For example, you can add a
ByteMatchSetUpdate
object that matches web requests in whichUser-Agent
headers contain the stringBadBot
. You can then configure AWS WAF to block those requests.To create and configure a
ByteMatchSet
, perform the following steps:- Create a
ByteMatchSet.
For more information, see CreateByteMatchSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of anUpdateByteMatchSet
request. - Submit an
UpdateByteMatchSet
request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Specified by:
updateByteMatchSet
in interfaceAWSWAF
- Parameters:
updateByteMatchSetRequest
-- Returns:
- Result of the UpdateByteMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Whether to insert or delete the object from the array. If you want to
change a
-
updateIPSet
Inserts or deletes IPSetDescriptor objects in an
IPSet
. For eachIPSetDescriptor
object, you specify the following values:- Whether to insert or delete the object from the array. If you want to
change an
IPSetDescriptor
object, you delete the existing object and add a new one. - The IP address version,
IPv4
. - The IP address in CIDR notation, for example,
192.0.2.0/24
(for the range of IP addresses from192.0.2.0
to192.0.2.255
) or192.0.2.44/32
(for the individual IP address192.0.2.44
).
AWS WAF supports /8, /16, /24, and /32 IP address ranges. For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.
You use an
IPSet
to specify which web requests you want to allow or block based on the IP addresses that the requests originated from. For example, if you're receiving a lot of requests from one or a small number of IP addresses and you want to block the requests, you can create anIPSet
that specifies those IP addresses, and then configure AWS WAF to block the requests.To create and configure an
IPSet
, perform the following steps:- Submit a CreateIPSet request.
- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of an UpdateIPSet request. - Submit an
UpdateIPSet
request to specify the IP addresses that you want AWS WAF to watch for.
When you update an
IPSet
, you specify the IP addresses that you want to add and/or the IP addresses that you want to delete. If you want to change an IP address, you delete the existing IP address and add the new one.For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Specified by:
updateIPSet
in interfaceAWSWAF
- Parameters:
updateIPSetRequest
-- Returns:
- Result of the UpdateIPSet operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Whether to insert or delete the object from the array. If you want to
change an
-
updateRule
Inserts or deletes Predicate objects in a
Rule
. EachPredicate
object identifies a predicate, such as a ByteMatchSet or an IPSet, that specifies the web requests that you want to allow, block, or count. If you add more than one predicate to aRule
, a request must match all of the specifications to be allowed, blocked, or counted. For example, suppose you add the following to aRule
:- A
ByteMatchSet
that matches the valueBadBot
in theUser-Agent
header - An
IPSet
that matches the IP address192.0.2.44
You then add the
Rule
to aWebACL
and specify that you want to block requests that satisfy theRule
. For a request to be blocked, theUser-Agent
header in the request must contain the valueBadBot
and the request must originate from the IP address 192.0.2.44.To create and configure a
Rule
, perform the following steps:- Create and update the predicates that you want to include in the
Rule
. - Create the
Rule
. See CreateRule. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateRule request. - Submit an
UpdateRule
request to add predicates to theRule
. - Create and update a
WebACL
that contains theRule
. See CreateWebACL.
If you want to replace one
ByteMatchSet
orIPSet
with another, you delete the existing one and add the new one.For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Specified by:
updateRule
in interfaceAWSWAF
- Parameters:
updateRuleRequest
-- Returns:
- Result of the UpdateRule operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- A
-
updateSizeConstraintSet
public UpdateSizeConstraintSetResult updateSizeConstraintSet(UpdateSizeConstraintSetRequest updateSizeConstraintSetRequest) Inserts or deletes SizeConstraint objects (filters) in a SizeConstraintSet. For each
SizeConstraint
object, you specify the following values:- Whether to insert or delete the object from the array. If you want to
change a
SizeConstraintSetUpdate
object, you delete the existing object and add a new one. - The part of a web request that you want AWS WAF to evaluate, such as
the length of a query string or the length of the
User-Agent
header. - Whether to perform any transformations on the request, such as
converting it to lowercase, before checking its length. Note that
transformations of the request body are not supported because the AWS
resource forwards only the first
8192
bytes of your request to AWS WAF. - A
ComparisonOperator
used for evaluating the selected part of the request against the specifiedSize
, such as equals, greater than, less than, and so on. - The length, in bytes, that you want AWS WAF to watch for in selected part of the request. The length is computed after applying the transformation.
For example, you can add a
SizeConstraintSetUpdate
object that matches web requests in which the length of theUser-Agent
header is greater than 100 bytes. You can then configure AWS WAF to block those requests.To create and configure a
SizeConstraintSet
, perform the following steps:- Create a
SizeConstraintSet.
For more information, see CreateSizeConstraintSet. - Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of anUpdateSizeConstraintSet
request. - Submit an
UpdateSizeConstraintSet
request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Specified by:
updateSizeConstraintSet
in interfaceAWSWAF
- Parameters:
updateSizeConstraintSetRequest
-- Returns:
- Result of the UpdateSizeConstraintSet operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- Whether to insert or delete the object from the array. If you want to
change a
-
updateSqlInjectionMatchSet
public UpdateSqlInjectionMatchSetResult updateSqlInjectionMatchSet(UpdateSqlInjectionMatchSetRequest updateSqlInjectionMatchSetRequest) Inserts or deletes SqlInjectionMatchTuple objects (filters) in a SqlInjectionMatchSet. For each
SqlInjectionMatchTuple
object, you specify the following values:Action
: Whether to insert the object into or delete the object from the array. To change aSqlInjectionMatchTuple
, you delete the existing object and add a new one.FieldToMatch
: The part of web requests that you want AWS WAF to inspect and, if you want AWS WAF to inspect a header, the name of the header.TextTransformation
: Which text transformation, if any, to perform on the web request before inspecting the request for snippets of malicious SQL code.
You use
SqlInjectionMatchSet
objects to specify which CloudFront requests you want to allow, block, or count. For example, if you're receiving requests that contain snippets of SQL code in the query string and you want to block the requests, you can create aSqlInjectionMatchSet
with the applicable settings, and then configure AWS WAF to block the requests.To create and configure a
SqlInjectionMatchSet
, perform the following steps:- Submit a CreateSqlInjectionMatchSet request.
- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of an UpdateIPSet request. - Submit an
UpdateSqlInjectionMatchSet
request to specify the parts of web requests that you want AWS WAF to inspect for snippets of SQL code.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Specified by:
updateSqlInjectionMatchSet
in interfaceAWSWAF
- Parameters:
updateSqlInjectionMatchSetRequest
- A request to update a SqlInjectionMatchSet.- Returns:
- Result of the UpdateSqlInjectionMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
-
updateWebACL
Inserts or deletes ActivatedRule objects in a
WebACL
. EachRule
identifies web requests that you want to allow, block, or count. When you update aWebACL
, you specify the following values:- A default action for the
WebACL
, eitherALLOW
orBLOCK
. AWS WAF performs the default action if a request doesn't match the criteria in any of theRules
in aWebACL
. - The
Rules
that you want to add and/or delete. If you want to replace oneRule
with another, you delete the existingRule
and add the new one. - For each
Rule
, whether you want AWS WAF to allow requests, block requests, or count requests that match the conditions in theRule
. - The order in which you want AWS WAF to evaluate the
Rules
in aWebACL
. If you add more than oneRule
to aWebACL
, AWS WAF evaluates each request against theRules
in order based on the value ofPriority
. (TheRule
that has the lowest value forPriority
is evaluated first.) When a web request matches all of the predicates (such asByteMatchSets
andIPSets
) in aRule
, AWS WAF immediately takes the corresponding action, allow or block, and doesn't evaluate the request against the remainingRules
in theWebACL
, if any. - The CloudFront distribution that you want to associate with the
WebACL
.
To create and configure a
WebACL
, perform the following steps:- Create and update the predicates that you want to include in
Rules
. For more information, see CreateByteMatchSet, UpdateByteMatchSet, CreateIPSet, UpdateIPSet, CreateSqlInjectionMatchSet, and UpdateSqlInjectionMatchSet. - Create and update the
Rules
that you want to include in theWebACL
. For more information, see CreateRule and UpdateRule. - Create a
WebACL
. See CreateWebACL. - Use
GetChangeToken
to get the change token that you provide in theChangeToken
parameter of an UpdateWebACL request. - Submit an
UpdateWebACL
request to specify theRules
that you want to include in theWebACL
, to specify the default action, and to associate theWebACL
with a CloudFront distribution.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Specified by:
updateWebACL
in interfaceAWSWAF
- Parameters:
updateWebACLRequest
-- Returns:
- Result of the UpdateWebACL operation returned by the service.
- Throws:
WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFReferencedItemException
- The operation failed because you tried to delete an object that is still in use. For example:- You tried to delete a
ByteMatchSet
that is still referenced by aRule
. - You tried to delete a
Rule
that is still referenced by aWebACL
.
- You tried to delete a
WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
- A default action for the
-
updateXssMatchSet
Inserts or deletes XssMatchTuple objects (filters) in an XssMatchSet. For each
XssMatchTuple
object, you specify the following values:Action
: Whether to insert the object into or delete the object from the array. To change aXssMatchTuple
, you delete the existing object and add a new one.FieldToMatch
: The part of web requests that you want AWS WAF to inspect and, if you want AWS WAF to inspect a header, the name of the header.TextTransformation
: Which text transformation, if any, to perform on the web request before inspecting the request for cross-site scripting attacks.
You use
XssMatchSet
objects to specify which CloudFront requests you want to allow, block, or count. For example, if you're receiving requests that contain cross-site scripting attacks in the request body and you want to block the requests, you can create anXssMatchSet
with the applicable settings, and then configure AWS WAF to block the requests.To create and configure an
XssMatchSet
, perform the following steps:- Submit a CreateXssMatchSet request.
- Use GetChangeToken to get the change token that you provide in
the
ChangeToken
parameter of an UpdateIPSet request. - Submit an
UpdateXssMatchSet
request to specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
- Specified by:
updateXssMatchSet
in interfaceAWSWAF
- Parameters:
updateXssMatchSetRequest
- A request to update an XssMatchSet.- Returns:
- Result of the UpdateXssMatchSet operation returned by the service.
- Throws:
WAFInternalErrorException
- The operation failed because of a system problem, even though the request was valid. Retry your request.WAFInvalidAccountException
- The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.WAFInvalidOperationException
- The operation failed because there was nothing to do. For example:- You tried to remove a
Rule
from aWebACL
, but theRule
isn't in the specifiedWebACL
. - You tried to remove an IP address from an
IPSet
, but the IP address isn't in the specifiedIPSet
. - You tried to remove a
ByteMatchTuple
from aByteMatchSet
, but theByteMatchTuple
isn't in the specifiedWebACL
. - You tried to add a
Rule
to aWebACL
, but theRule
already exists in the specifiedWebACL
. - You tried to add an IP address to an
IPSet
, but the IP address already exists in the specifiedIPSet
. - You tried to add a
ByteMatchTuple
to aByteMatchSet
, but theByteMatchTuple
already exists in the specifiedWebACL
.
- You tried to remove a
WAFInvalidParameterException
- The operation failed because AWS WAF didn't recognize a parameter in the request. For example:- You specified an invalid parameter name.
- You specified an invalid value.
- You tried to update an object (
ByteMatchSet
,IPSet
,Rule
, orWebACL
) using an action other thanINSERT
orDELETE
. - You tried to create a
WebACL
with aDefaultAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
WebACL
with aWafAction
Type
other thanALLOW
,BLOCK
, orCOUNT
. - You tried to update a
ByteMatchSet
with aFieldToMatch
Type
other than HEADER, QUERY_STRING, or URI. - You tried to update a
ByteMatchSet
with aField
ofHEADER
but no value forData
.
WAFNonexistentContainerException
- The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:- You tried to add a
Rule
to or delete aRule
from aWebACL
that doesn't exist. - You tried to add a
ByteMatchSet
to or delete aByteMatchSet
from aRule
that doesn't exist. - You tried to add an IP address to or delete an IP address
from an
IPSet
that doesn't exist. - You tried to add a
ByteMatchTuple
to or delete aByteMatchTuple
from aByteMatchSet
that doesn't exist.
- You tried to add a
WAFNonexistentItemException
- The operation failed because the referenced object doesn't exist.WAFStaleDataException
- The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.WAFLimitsExceededException
- The operation exceeds a resource limit, for example, the maximum number ofWebACL
objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.
-
getCachedResponseMetadata
Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing the request.
- Specified by:
getCachedResponseMetadata
in interfaceAWSWAF
- Parameters:
request
- The originally executed request- Returns:
- The response metadata for the specified request, or null if none is available.
-