com.amazonaws.services.wafv2.model.RateBasedStatement Maven / Gradle / Ivy
/*
* Copyright 2017-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.wafv2.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.protocol.StructuredPojo;
import com.amazonaws.protocol.ProtocolMarshaller;
/**
*
* A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the
* rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a
* temporary block on requests from an IP address that is sending excessive requests.
*
*
* WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if
* you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate
* instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule
* inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the
* rate-based rule that gets its own tracking and management by WAF.
*
*
* When the rule action triggers, WAF blocks additional requests from the IP address until the request rate falls below
* the limit.
*
*
* You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it
* only counts requests that match the nested statement. For example, based on recent requests that you have seen from
* an attacker, you might create a rate-based rule with a nested AND rule statement that contains the following nested
* statements:
*
*
* -
*
* An IP match statement with an IP set that specified the address 192.0.2.44.
*
*
* -
*
* A string match statement that searches in the User-Agent header for the string BadBot.
*
*
*
*
* In this rate-based rule, you also define a rate limit. For this example, the rate limit is 1,000. Requests that meet
* the criteria of both of the nested statements are counted. If the count exceeds 1,000 requests per five minutes, the
* rule action triggers. Requests that do not meet the criteria of both of the nested statements are not counted towards
* the rate limit and are not affected by this rule.
*
*
* You cannot nest a RateBasedStatement inside another statement, for example inside a
* NotStatement or OrStatement. You can define a RateBasedStatement inside a web
* ACL and inside a rule group.
*
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class RateBasedStatement implements Serializable, Cloneable, StructuredPojo {
/**
*
* The limit on requests per 5-minute period for a single originating IP address. If the statement includes a
* ScopeDownStatement, this limit is applied only to the requests that match the statement.
*
*/
private Long limit;
/**
*
* Setting that indicates how to aggregate the request counts. The options are the following:
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure
* the ForwardedIPConfig, to specify the header to use.
*
*
*
*/
private String aggregateKeyType;
/**
*
* An optional nested statement that narrows the scope of the web requests that are evaluated by the rate-based
* statement. Requests are only tracked by the rate-based statement if they match the scope-down statement. You can
* use any nestable Statement in the scope-down statement, and you can nest statements at any level, the same
* as you can for a rule statement.
*
*/
private Statement scopeDownStatement;
/**
*
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address
* that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can
* specify any header name.
*
*
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
*
*/
private ForwardedIPConfig forwardedIPConfig;
/**
*
* The limit on requests per 5-minute period for a single originating IP address. If the statement includes a
* ScopeDownStatement, this limit is applied only to the requests that match the statement.
*
*
* @param limit
* The limit on requests per 5-minute period for a single originating IP address. If the statement includes a
* ScopeDownStatement, this limit is applied only to the requests that match the statement.
*/
public void setLimit(Long limit) {
this.limit = limit;
}
/**
*
* The limit on requests per 5-minute period for a single originating IP address. If the statement includes a
* ScopeDownStatement, this limit is applied only to the requests that match the statement.
*
*
* @return The limit on requests per 5-minute period for a single originating IP address. If the statement includes
* a ScopeDownStatement, this limit is applied only to the requests that match the statement.
*/
public Long getLimit() {
return this.limit;
}
/**
*
* The limit on requests per 5-minute period for a single originating IP address. If the statement includes a
* ScopeDownStatement, this limit is applied only to the requests that match the statement.
*
*
* @param limit
* The limit on requests per 5-minute period for a single originating IP address. If the statement includes a
* ScopeDownStatement, this limit is applied only to the requests that match the statement.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RateBasedStatement withLimit(Long limit) {
setLimit(limit);
return this;
}
/**
*
* Setting that indicates how to aggregate the request counts. The options are the following:
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure
* the ForwardedIPConfig, to specify the header to use.
*
*
*
*
* @param aggregateKeyType
* Setting that indicates how to aggregate the request counts. The options are the following:
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this,
* configure the ForwardedIPConfig, to specify the header to use.
*
*
* @see RateBasedStatementAggregateKeyType
*/
public void setAggregateKeyType(String aggregateKeyType) {
this.aggregateKeyType = aggregateKeyType;
}
/**
*
* Setting that indicates how to aggregate the request counts. The options are the following:
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure
* the ForwardedIPConfig, to specify the header to use.
*
*
*
*
* @return Setting that indicates how to aggregate the request counts. The options are the following:
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this,
* configure the ForwardedIPConfig, to specify the header to use.
*
*
* @see RateBasedStatementAggregateKeyType
*/
public String getAggregateKeyType() {
return this.aggregateKeyType;
}
/**
*
* Setting that indicates how to aggregate the request counts. The options are the following:
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure
* the ForwardedIPConfig, to specify the header to use.
*
*
*
*
* @param aggregateKeyType
* Setting that indicates how to aggregate the request counts. The options are the following:
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this,
* configure the ForwardedIPConfig, to specify the header to use.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see RateBasedStatementAggregateKeyType
*/
public RateBasedStatement withAggregateKeyType(String aggregateKeyType) {
setAggregateKeyType(aggregateKeyType);
return this;
}
/**
*
* Setting that indicates how to aggregate the request counts. The options are the following:
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure
* the ForwardedIPConfig, to specify the header to use.
*
*
*
*
* @param aggregateKeyType
* Setting that indicates how to aggregate the request counts. The options are the following:
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this,
* configure the ForwardedIPConfig, to specify the header to use.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see RateBasedStatementAggregateKeyType
*/
public RateBasedStatement withAggregateKeyType(RateBasedStatementAggregateKeyType aggregateKeyType) {
this.aggregateKeyType = aggregateKeyType.toString();
return this;
}
/**
*
* An optional nested statement that narrows the scope of the web requests that are evaluated by the rate-based
* statement. Requests are only tracked by the rate-based statement if they match the scope-down statement. You can
* use any nestable Statement in the scope-down statement, and you can nest statements at any level, the same
* as you can for a rule statement.
*
*
* @param scopeDownStatement
* An optional nested statement that narrows the scope of the web requests that are evaluated by the
* rate-based statement. Requests are only tracked by the rate-based statement if they match the scope-down
* statement. You can use any nestable Statement in the scope-down statement, and you can nest
* statements at any level, the same as you can for a rule statement.
*/
public void setScopeDownStatement(Statement scopeDownStatement) {
this.scopeDownStatement = scopeDownStatement;
}
/**
*
* An optional nested statement that narrows the scope of the web requests that are evaluated by the rate-based
* statement. Requests are only tracked by the rate-based statement if they match the scope-down statement. You can
* use any nestable Statement in the scope-down statement, and you can nest statements at any level, the same
* as you can for a rule statement.
*
*
* @return An optional nested statement that narrows the scope of the web requests that are evaluated by the
* rate-based statement. Requests are only tracked by the rate-based statement if they match the scope-down
* statement. You can use any nestable Statement in the scope-down statement, and you can nest
* statements at any level, the same as you can for a rule statement.
*/
public Statement getScopeDownStatement() {
return this.scopeDownStatement;
}
/**
*
* An optional nested statement that narrows the scope of the web requests that are evaluated by the rate-based
* statement. Requests are only tracked by the rate-based statement if they match the scope-down statement. You can
* use any nestable Statement in the scope-down statement, and you can nest statements at any level, the same
* as you can for a rule statement.
*
*
* @param scopeDownStatement
* An optional nested statement that narrows the scope of the web requests that are evaluated by the
* rate-based statement. Requests are only tracked by the rate-based statement if they match the scope-down
* statement. You can use any nestable Statement in the scope-down statement, and you can nest
* statements at any level, the same as you can for a rule statement.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RateBasedStatement withScopeDownStatement(Statement scopeDownStatement) {
setScopeDownStatement(scopeDownStatement);
return this;
}
/**
*
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address
* that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can
* specify any header name.
*
*
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
*
*
* @param forwardedIPConfig
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP
* address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
* you can specify any header name.
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at
* all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
*/
public void setForwardedIPConfig(ForwardedIPConfig forwardedIPConfig) {
this.forwardedIPConfig = forwardedIPConfig;
}
/**
*
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address
* that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can
* specify any header name.
*
*
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
*
*
* @return The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP
* address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header,
* but you can specify any header name.
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at
* all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
*/
public ForwardedIPConfig getForwardedIPConfig() {
return this.forwardedIPConfig;
}
/**
*
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address
* that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can
* specify any header name.
*
*
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
*
*
* @param forwardedIPConfig
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP
* address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
* you can specify any header name.
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at
* all.
*
*
*
* This is required if AggregateKeyType is set to FORWARDED_IP.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RateBasedStatement withForwardedIPConfig(ForwardedIPConfig forwardedIPConfig) {
setForwardedIPConfig(forwardedIPConfig);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getLimit() != null)
sb.append("Limit: ").append(getLimit()).append(",");
if (getAggregateKeyType() != null)
sb.append("AggregateKeyType: ").append(getAggregateKeyType()).append(",");
if (getScopeDownStatement() != null)
sb.append("ScopeDownStatement: ").append(getScopeDownStatement()).append(",");
if (getForwardedIPConfig() != null)
sb.append("ForwardedIPConfig: ").append(getForwardedIPConfig());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof RateBasedStatement == false)
return false;
RateBasedStatement other = (RateBasedStatement) obj;
if (other.getLimit() == null ^ this.getLimit() == null)
return false;
if (other.getLimit() != null && other.getLimit().equals(this.getLimit()) == false)
return false;
if (other.getAggregateKeyType() == null ^ this.getAggregateKeyType() == null)
return false;
if (other.getAggregateKeyType() != null && other.getAggregateKeyType().equals(this.getAggregateKeyType()) == false)
return false;
if (other.getScopeDownStatement() == null ^ this.getScopeDownStatement() == null)
return false;
if (other.getScopeDownStatement() != null && other.getScopeDownStatement().equals(this.getScopeDownStatement()) == false)
return false;
if (other.getForwardedIPConfig() == null ^ this.getForwardedIPConfig() == null)
return false;
if (other.getForwardedIPConfig() != null && other.getForwardedIPConfig().equals(this.getForwardedIPConfig()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getLimit() == null) ? 0 : getLimit().hashCode());
hashCode = prime * hashCode + ((getAggregateKeyType() == null) ? 0 : getAggregateKeyType().hashCode());
hashCode = prime * hashCode + ((getScopeDownStatement() == null) ? 0 : getScopeDownStatement().hashCode());
hashCode = prime * hashCode + ((getForwardedIPConfig() == null) ? 0 : getForwardedIPConfig().hashCode());
return hashCode;
}
@Override
public RateBasedStatement clone() {
try {
return (RateBasedStatement) super.clone();
} catch (CloneNotSupportedException e) {
throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e);
}
}
@com.amazonaws.annotation.SdkInternalApi
@Override
public void marshall(ProtocolMarshaller protocolMarshaller) {
com.amazonaws.services.wafv2.model.transform.RateBasedStatementMarshaller.getInstance().marshall(this, protocolMarshaller);
}
}