com.amazonaws.services.wafv2.model.FieldToMatch Maven / Gradle / Ivy
Show all versions of aws-java-sdk-wafv2 Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.wafv2.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.protocol.StructuredPojo;
import com.amazonaws.protocol.ProtocolMarshaller;
/**
*
* Specifies a web request component to be used in a rule match statement or in a logging configuration.
*
*
* -
*
* In a rule statement, this is the part of the web request that you want WAF to inspect. Include the single
* FieldToMatch type that you want to inspect, with additional specifications as needed, according to the
* type. You specify a single request component in FieldToMatch for each rule statement that requires it.
* To inspect more than one component of the web request, create a separate rule statement for each component.
*
*
* Example JSON for a QueryString field to match:
*
*
* "FieldToMatch": { "QueryString": {} }
*
*
* Example JSON for a Method field to match specification:
*
*
* "FieldToMatch": { "Method": { "Name": "DELETE" } }
*
*
* -
*
* In a logging configuration, this is used in the RedactedFields property to specify a field to redact
* from the logging records. For this use case, note the following:
*
*
* -
*
* Even though all FieldToMatch settings are available, the only valid settings for field redaction are
* UriPath, QueryString, SingleHeader, and Method.
*
*
* -
*
* In this documentation, the descriptions of the individual fields talk about specifying the web request component to
* inspect, but for field redaction, you are specifying the component type to redact from the logs.
*
*
*
*
*
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class FieldToMatch implements Serializable, Cloneable, StructuredPojo {
/**
*
* Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or
* Referer. This setting isn't case sensitive.
*
*
* Example JSON: "SingleHeader": { "Name": "haystack" }
*
*
* Alternately, you can filter and inspect all headers with the Headers FieldToMatch
* setting.
*
*/
private SingleHeader singleHeader;
/**
*
* Inspect a single query argument. Provide the name of the query argument to inspect, such as UserName or
* SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
*
*
* Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
*
*/
private SingleQueryArgument singleQueryArgument;
/**
*
* Inspect all query arguments.
*
*/
private AllQueryArguments allQueryArguments;
/**
*
* Inspect the request URI path. This is the part of the web request that identifies a resource, for example,
* /images/daily-ad.jpg.
*
*/
private UriPath uriPath;
/**
*
* Inspect the query string. This is the part of a URL that appears after a ? character, if any.
*
*/
private QueryString queryString;
/**
*
* Inspect the request body as plain text. The request body immediately follows the request headers. This is the
* part of a request that contains any additional data that you want to send to your web server as the HTTP request
* body, such as data from a form.
*
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the
* resource type. When a web request body is larger than the limit, the underlying host service only forwards the
* contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384
* bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for
* additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the Body object configuration.
*
*/
private Body body;
/**
*
* Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to
* perform.
*
*/
private Method method;
/**
*
* Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a
* request that contains any additional data that you want to send to your web server as the HTTP request body, such
* as data from a form.
*
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the
* resource type. When a web request body is larger than the limit, the underlying host service only forwards the
* contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384
* bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for
* additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the JsonBody object configuration.
*
*/
private JsonBody jsonBody;
/**
*
* Inspect the request headers. You must configure scope and pattern matching filters in the Headers
* object, to define the set of headers to and the parts of the headers that WAF inspects.
*
*
* Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to WAF for
* inspection by the underlying host service. You must configure how to handle any oversize header content in the
* Headers object. WAF applies the pattern matching filters to the headers that it receives from the
* underlying host service.
*
*/
private Headers headers;
/**
*
* Inspect the request cookies. You must configure scope and pattern matching filters in the Cookies
* object, to define the set of cookies and the parts of the cookies that WAF inspects.
*
*
* Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to WAF for
* inspection by the underlying host service. You must configure how to handle any oversize cookie content in the
* Cookies object. WAF applies the pattern matching filters to the cookies that it receives from the
* underlying host service.
*
*/
private Cookies cookies;
/**
*
* Inspect a string containing the list of the request's header names, ordered as they appear in the web request
* that WAF receives for inspection. WAF generates the string and then uses that as the field to match component in
* its inspection. WAF separates the header names in the string using colons and no added spaces, for example
* host:user-agent:accept:authorization:referer.
*
*/
private HeaderOrder headerOrder;
/**
*
* Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS
* Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS
* configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello
* information for the calculation. Almost all web requests include this information.
*
*
*
* You can use this choice only with a string match ByteMatchStatement with the
* PositionalConstraint set to EXACTLY.
*
*
*
* You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the
* fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF
* Developer Guide.
*
*
* Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any
* future requests that have the same TLS configuration.
*
*/
private JA3Fingerprint jA3Fingerprint;
/**
*
* Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or
* Referer. This setting isn't case sensitive.
*
*
* Example JSON: "SingleHeader": { "Name": "haystack" }
*
*
* Alternately, you can filter and inspect all headers with the Headers FieldToMatch
* setting.
*
*
* @param singleHeader
* Inspect a single header. Provide the name of the header to inspect, for example, User-Agent
* or Referer. This setting isn't case sensitive.
*
* Example JSON: "SingleHeader": { "Name": "haystack" }
*
*
* Alternately, you can filter and inspect all headers with the Headers
* FieldToMatch setting.
*/
public void setSingleHeader(SingleHeader singleHeader) {
this.singleHeader = singleHeader;
}
/**
*
* Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or
* Referer. This setting isn't case sensitive.
*
*
* Example JSON: "SingleHeader": { "Name": "haystack" }
*
*
* Alternately, you can filter and inspect all headers with the Headers FieldToMatch
* setting.
*
*
* @return Inspect a single header. Provide the name of the header to inspect, for example, User-Agent
* or Referer. This setting isn't case sensitive.
*
* Example JSON: "SingleHeader": { "Name": "haystack" }
*
*
* Alternately, you can filter and inspect all headers with the Headers
* FieldToMatch setting.
*/
public SingleHeader getSingleHeader() {
return this.singleHeader;
}
/**
*
* Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or
* Referer. This setting isn't case sensitive.
*
*
* Example JSON: "SingleHeader": { "Name": "haystack" }
*
*
* Alternately, you can filter and inspect all headers with the Headers FieldToMatch
* setting.
*
*
* @param singleHeader
* Inspect a single header. Provide the name of the header to inspect, for example, User-Agent
* or Referer. This setting isn't case sensitive.
*
* Example JSON: "SingleHeader": { "Name": "haystack" }
*
*
* Alternately, you can filter and inspect all headers with the Headers
* FieldToMatch setting.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FieldToMatch withSingleHeader(SingleHeader singleHeader) {
setSingleHeader(singleHeader);
return this;
}
/**
*
* Inspect a single query argument. Provide the name of the query argument to inspect, such as UserName or
* SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
*
*
* Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
*
*
* @param singleQueryArgument
* Inspect a single query argument. Provide the name of the query argument to inspect, such as
* UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
*
*
* Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
*/
public void setSingleQueryArgument(SingleQueryArgument singleQueryArgument) {
this.singleQueryArgument = singleQueryArgument;
}
/**
*
* Inspect a single query argument. Provide the name of the query argument to inspect, such as UserName or
* SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
*
*
* Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
*
*
* @return Inspect a single query argument. Provide the name of the query argument to inspect, such as
* UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
*
*
* Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
*/
public SingleQueryArgument getSingleQueryArgument() {
return this.singleQueryArgument;
}
/**
*
* Inspect a single query argument. Provide the name of the query argument to inspect, such as UserName or
* SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
*
*
* Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
*
*
* @param singleQueryArgument
* Inspect a single query argument. Provide the name of the query argument to inspect, such as
* UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
*
*
* Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FieldToMatch withSingleQueryArgument(SingleQueryArgument singleQueryArgument) {
setSingleQueryArgument(singleQueryArgument);
return this;
}
/**
*
* Inspect all query arguments.
*
*
* @param allQueryArguments
* Inspect all query arguments.
*/
public void setAllQueryArguments(AllQueryArguments allQueryArguments) {
this.allQueryArguments = allQueryArguments;
}
/**
*
* Inspect all query arguments.
*
*
* @return Inspect all query arguments.
*/
public AllQueryArguments getAllQueryArguments() {
return this.allQueryArguments;
}
/**
*
* Inspect all query arguments.
*
*
* @param allQueryArguments
* Inspect all query arguments.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FieldToMatch withAllQueryArguments(AllQueryArguments allQueryArguments) {
setAllQueryArguments(allQueryArguments);
return this;
}
/**
*
* Inspect the request URI path. This is the part of the web request that identifies a resource, for example,
* /images/daily-ad.jpg.
*
*
* @param uriPath
* Inspect the request URI path. This is the part of the web request that identifies a resource, for example,
* /images/daily-ad.jpg.
*/
public void setUriPath(UriPath uriPath) {
this.uriPath = uriPath;
}
/**
*
* Inspect the request URI path. This is the part of the web request that identifies a resource, for example,
* /images/daily-ad.jpg.
*
*
* @return Inspect the request URI path. This is the part of the web request that identifies a resource, for
* example, /images/daily-ad.jpg.
*/
public UriPath getUriPath() {
return this.uriPath;
}
/**
*
* Inspect the request URI path. This is the part of the web request that identifies a resource, for example,
* /images/daily-ad.jpg.
*
*
* @param uriPath
* Inspect the request URI path. This is the part of the web request that identifies a resource, for example,
* /images/daily-ad.jpg.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FieldToMatch withUriPath(UriPath uriPath) {
setUriPath(uriPath);
return this;
}
/**
*
* Inspect the query string. This is the part of a URL that appears after a ? character, if any.
*
*
* @param queryString
* Inspect the query string. This is the part of a URL that appears after a ? character, if any.
*/
public void setQueryString(QueryString queryString) {
this.queryString = queryString;
}
/**
*
* Inspect the query string. This is the part of a URL that appears after a ? character, if any.
*
*
* @return Inspect the query string. This is the part of a URL that appears after a ? character, if
* any.
*/
public QueryString getQueryString() {
return this.queryString;
}
/**
*
* Inspect the query string. This is the part of a URL that appears after a ? character, if any.
*
*
* @param queryString
* Inspect the query string. This is the part of a URL that appears after a ? character, if any.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FieldToMatch withQueryString(QueryString queryString) {
setQueryString(queryString);
return this;
}
/**
*
* Inspect the request body as plain text. The request body immediately follows the request headers. This is the
* part of a request that contains any additional data that you want to send to your web server as the HTTP request
* body, such as data from a form.
*
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the
* resource type. When a web request body is larger than the limit, the underlying host service only forwards the
* contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384
* bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for
* additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the Body object configuration.
*
*
* @param body
* Inspect the request body as plain text. The request body immediately follows the request headers. This is
* the part of a request that contains any additional data that you want to send to your web server as the
* HTTP request body, such as data from a form.
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit
* for the resource type. When a web request body is larger than the limit, the underlying host service only
* forwards the contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB
* (16,384 bytes), and you can increase the limit for each resource type in the web ACL
* AssociationConfig, for additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the Body object
* configuration.
*/
public void setBody(Body body) {
this.body = body;
}
/**
*
* Inspect the request body as plain text. The request body immediately follows the request headers. This is the
* part of a request that contains any additional data that you want to send to your web server as the HTTP request
* body, such as data from a form.
*
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the
* resource type. When a web request body is larger than the limit, the underlying host service only forwards the
* contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384
* bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for
* additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the Body object configuration.
*
*
* @return Inspect the request body as plain text. The request body immediately follows the request headers. This is
* the part of a request that contains any additional data that you want to send to your web server as the
* HTTP request body, such as data from a form.
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit
* for the resource type. When a web request body is larger than the limit, the underlying host service only
* forwards the contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB
* (16,384 bytes), and you can increase the limit for each resource type in the web ACL
* AssociationConfig, for additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the Body object
* configuration.
*/
public Body getBody() {
return this.body;
}
/**
*
* Inspect the request body as plain text. The request body immediately follows the request headers. This is the
* part of a request that contains any additional data that you want to send to your web server as the HTTP request
* body, such as data from a form.
*
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the
* resource type. When a web request body is larger than the limit, the underlying host service only forwards the
* contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384
* bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for
* additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the Body object configuration.
*
*
* @param body
* Inspect the request body as plain text. The request body immediately follows the request headers. This is
* the part of a request that contains any additional data that you want to send to your web server as the
* HTTP request body, such as data from a form.
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit
* for the resource type. When a web request body is larger than the limit, the underlying host service only
* forwards the contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB
* (16,384 bytes), and you can increase the limit for each resource type in the web ACL
* AssociationConfig, for additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the Body object
* configuration.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FieldToMatch withBody(Body body) {
setBody(body);
return this;
}
/**
*
* Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to
* perform.
*
*
* @param method
* Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin
* to perform.
*/
public void setMethod(Method method) {
this.method = method;
}
/**
*
* Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to
* perform.
*
*
* @return Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin
* to perform.
*/
public Method getMethod() {
return this.method;
}
/**
*
* Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to
* perform.
*
*
* @param method
* Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin
* to perform.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FieldToMatch withMethod(Method method) {
setMethod(method);
return this;
}
/**
*
* Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a
* request that contains any additional data that you want to send to your web server as the HTTP request body, such
* as data from a form.
*
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the
* resource type. When a web request body is larger than the limit, the underlying host service only forwards the
* contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384
* bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for
* additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the JsonBody object configuration.
*
*
* @param jsonBody
* Inspect the request body as JSON. The request body immediately follows the request headers. This is the
* part of a request that contains any additional data that you want to send to your web server as the HTTP
* request body, such as data from a form.
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit
* for the resource type. When a web request body is larger than the limit, the underlying host service only
* forwards the contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB
* (16,384 bytes), and you can increase the limit for each resource type in the web ACL
* AssociationConfig, for additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the JsonBody object
* configuration.
*/
public void setJsonBody(JsonBody jsonBody) {
this.jsonBody = jsonBody;
}
/**
*
* Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a
* request that contains any additional data that you want to send to your web server as the HTTP request body, such
* as data from a form.
*
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the
* resource type. When a web request body is larger than the limit, the underlying host service only forwards the
* contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384
* bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for
* additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the JsonBody object configuration.
*
*
* @return Inspect the request body as JSON. The request body immediately follows the request headers. This is the
* part of a request that contains any additional data that you want to send to your web server as the HTTP
* request body, such as data from a form.
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit
* for the resource type. When a web request body is larger than the limit, the underlying host service only
* forwards the contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB
* (16,384 bytes), and you can increase the limit for each resource type in the web ACL
* AssociationConfig, for additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the JsonBody object
* configuration.
*/
public JsonBody getJsonBody() {
return this.jsonBody;
}
/**
*
* Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a
* request that contains any additional data that you want to send to your web server as the HTTP request body, such
* as data from a form.
*
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the
* resource type. When a web request body is larger than the limit, the underlying host service only forwards the
* contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384
* bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig, for
* additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the JsonBody object configuration.
*
*
* @param jsonBody
* Inspect the request body as JSON. The request body immediately follows the request headers. This is the
* part of a request that contains any additional data that you want to send to your web server as the HTTP
* request body, such as data from a form.
*
* WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit
* for the resource type. When a web request body is larger than the limit, the underlying host service only
* forwards the contents that are within the limit to WAF for inspection.
*
*
* -
*
* For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
*
*
* -
*
* For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB
* (16,384 bytes), and you can increase the limit for each resource type in the web ACL
* AssociationConfig, for additional processing fees.
*
*
*
*
* For information about how to handle oversized request bodies, see the JsonBody object
* configuration.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FieldToMatch withJsonBody(JsonBody jsonBody) {
setJsonBody(jsonBody);
return this;
}
/**
*
* Inspect the request headers. You must configure scope and pattern matching filters in the Headers
* object, to define the set of headers to and the parts of the headers that WAF inspects.
*
*
* Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to WAF for
* inspection by the underlying host service. You must configure how to handle any oversize header content in the
* Headers object. WAF applies the pattern matching filters to the headers that it receives from the
* underlying host service.
*
*
* @param headers
* Inspect the request headers. You must configure scope and pattern matching filters in the
* Headers object, to define the set of headers to and the parts of the headers that WAF
* inspects.
*
* Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to
* WAF for inspection by the underlying host service. You must configure how to handle any oversize header
* content in the Headers object. WAF applies the pattern matching filters to the headers that
* it receives from the underlying host service.
*/
public void setHeaders(Headers headers) {
this.headers = headers;
}
/**
*
* Inspect the request headers. You must configure scope and pattern matching filters in the Headers
* object, to define the set of headers to and the parts of the headers that WAF inspects.
*
*
* Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to WAF for
* inspection by the underlying host service. You must configure how to handle any oversize header content in the
* Headers object. WAF applies the pattern matching filters to the headers that it receives from the
* underlying host service.
*
*
* @return Inspect the request headers. You must configure scope and pattern matching filters in the
* Headers object, to define the set of headers to and the parts of the headers that WAF
* inspects.
*
* Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to
* WAF for inspection by the underlying host service. You must configure how to handle any oversize header
* content in the Headers object. WAF applies the pattern matching filters to the headers that
* it receives from the underlying host service.
*/
public Headers getHeaders() {
return this.headers;
}
/**
*
* Inspect the request headers. You must configure scope and pattern matching filters in the Headers
* object, to define the set of headers to and the parts of the headers that WAF inspects.
*
*
* Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to WAF for
* inspection by the underlying host service. You must configure how to handle any oversize header content in the
* Headers object. WAF applies the pattern matching filters to the headers that it receives from the
* underlying host service.
*
*
* @param headers
* Inspect the request headers. You must configure scope and pattern matching filters in the
* Headers object, to define the set of headers to and the parts of the headers that WAF
* inspects.
*
* Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to
* WAF for inspection by the underlying host service. You must configure how to handle any oversize header
* content in the Headers object. WAF applies the pattern matching filters to the headers that
* it receives from the underlying host service.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FieldToMatch withHeaders(Headers headers) {
setHeaders(headers);
return this;
}
/**
*
* Inspect the request cookies. You must configure scope and pattern matching filters in the Cookies
* object, to define the set of cookies and the parts of the cookies that WAF inspects.
*
*
* Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to WAF for
* inspection by the underlying host service. You must configure how to handle any oversize cookie content in the
* Cookies object. WAF applies the pattern matching filters to the cookies that it receives from the
* underlying host service.
*
*
* @param cookies
* Inspect the request cookies. You must configure scope and pattern matching filters in the
* Cookies object, to define the set of cookies and the parts of the cookies that WAF inspects.
*
*
* Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to
* WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie
* content in the Cookies object. WAF applies the pattern matching filters to the cookies that
* it receives from the underlying host service.
*/
public void setCookies(Cookies cookies) {
this.cookies = cookies;
}
/**
*
* Inspect the request cookies. You must configure scope and pattern matching filters in the Cookies
* object, to define the set of cookies and the parts of the cookies that WAF inspects.
*
*
* Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to WAF for
* inspection by the underlying host service. You must configure how to handle any oversize cookie content in the
* Cookies object. WAF applies the pattern matching filters to the cookies that it receives from the
* underlying host service.
*
*
* @return Inspect the request cookies. You must configure scope and pattern matching filters in the
* Cookies object, to define the set of cookies and the parts of the cookies that WAF inspects.
*
*
* Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to
* WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie
* content in the Cookies object. WAF applies the pattern matching filters to the cookies that
* it receives from the underlying host service.
*/
public Cookies getCookies() {
return this.cookies;
}
/**
*
* Inspect the request cookies. You must configure scope and pattern matching filters in the Cookies
* object, to define the set of cookies and the parts of the cookies that WAF inspects.
*
*
* Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to WAF for
* inspection by the underlying host service. You must configure how to handle any oversize cookie content in the
* Cookies object. WAF applies the pattern matching filters to the cookies that it receives from the
* underlying host service.
*
*
* @param cookies
* Inspect the request cookies. You must configure scope and pattern matching filters in the
* Cookies object, to define the set of cookies and the parts of the cookies that WAF inspects.
*
*
* Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to
* WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie
* content in the Cookies object. WAF applies the pattern matching filters to the cookies that
* it receives from the underlying host service.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FieldToMatch withCookies(Cookies cookies) {
setCookies(cookies);
return this;
}
/**
*
* Inspect a string containing the list of the request's header names, ordered as they appear in the web request
* that WAF receives for inspection. WAF generates the string and then uses that as the field to match component in
* its inspection. WAF separates the header names in the string using colons and no added spaces, for example
* host:user-agent:accept:authorization:referer.
*
*
* @param headerOrder
* Inspect a string containing the list of the request's header names, ordered as they appear in the web
* request that WAF receives for inspection. WAF generates the string and then uses that as the field to
* match component in its inspection. WAF separates the header names in the string using colons and no added
* spaces, for example host:user-agent:accept:authorization:referer.
*/
public void setHeaderOrder(HeaderOrder headerOrder) {
this.headerOrder = headerOrder;
}
/**
*
* Inspect a string containing the list of the request's header names, ordered as they appear in the web request
* that WAF receives for inspection. WAF generates the string and then uses that as the field to match component in
* its inspection. WAF separates the header names in the string using colons and no added spaces, for example
* host:user-agent:accept:authorization:referer.
*
*
* @return Inspect a string containing the list of the request's header names, ordered as they appear in the web
* request that WAF receives for inspection. WAF generates the string and then uses that as the field to
* match component in its inspection. WAF separates the header names in the string using colons and no added
* spaces, for example host:user-agent:accept:authorization:referer.
*/
public HeaderOrder getHeaderOrder() {
return this.headerOrder;
}
/**
*
* Inspect a string containing the list of the request's header names, ordered as they appear in the web request
* that WAF receives for inspection. WAF generates the string and then uses that as the field to match component in
* its inspection. WAF separates the header names in the string using colons and no added spaces, for example
* host:user-agent:accept:authorization:referer.
*
*
* @param headerOrder
* Inspect a string containing the list of the request's header names, ordered as they appear in the web
* request that WAF receives for inspection. WAF generates the string and then uses that as the field to
* match component in its inspection. WAF separates the header names in the string using colons and no added
* spaces, for example host:user-agent:accept:authorization:referer.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FieldToMatch withHeaderOrder(HeaderOrder headerOrder) {
setHeaderOrder(headerOrder);
return this;
}
/**
*
* Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS
* Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS
* configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello
* information for the calculation. Almost all web requests include this information.
*
*
*
* You can use this choice only with a string match ByteMatchStatement with the
* PositionalConstraint set to EXACTLY.
*
*
*
* You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the
* fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF
* Developer Guide.
*
*
* Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any
* future requests that have the same TLS configuration.
*
*
* @param jA3Fingerprint
* Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the
* TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's
* TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client
* Hello information for the calculation. Almost all web requests include this information.
*
* You can use this choice only with a string match ByteMatchStatement with the
* PositionalConstraint set to EXACTLY.
*
*
*
* You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate
* the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the
* WAF Developer Guide.
*
*
* Provide the JA3 fingerprint string from the logs in your string match statement specification, to match
* with any future requests that have the same TLS configuration.
*/
public void setJA3Fingerprint(JA3Fingerprint jA3Fingerprint) {
this.jA3Fingerprint = jA3Fingerprint;
}
/**
*
* Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS
* Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS
* configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello
* information for the calculation. Almost all web requests include this information.
*
*
*
* You can use this choice only with a string match ByteMatchStatement with the
* PositionalConstraint set to EXACTLY.
*
*
*
* You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the
* fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF
* Developer Guide.
*
*
* Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any
* future requests that have the same TLS configuration.
*
*
* @return Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the
* TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's
* TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client
* Hello information for the calculation. Almost all web requests include this information.
*
* You can use this choice only with a string match ByteMatchStatement with the
* PositionalConstraint set to EXACTLY.
*
*
*
* You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate
* the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the
* WAF Developer Guide.
*
*
* Provide the JA3 fingerprint string from the logs in your string match statement specification, to match
* with any future requests that have the same TLS configuration.
*/
public JA3Fingerprint getJA3Fingerprint() {
return this.jA3Fingerprint;
}
/**
*
* Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS
* Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS
* configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello
* information for the calculation. Almost all web requests include this information.
*
*
*
* You can use this choice only with a string match ByteMatchStatement with the
* PositionalConstraint set to EXACTLY.
*
*
*
* You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the
* fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF
* Developer Guide.
*
*
* Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any
* future requests that have the same TLS configuration.
*
*
* @param jA3Fingerprint
* Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the
* TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's
* TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client
* Hello information for the calculation. Almost all web requests include this information.
*
* You can use this choice only with a string match ByteMatchStatement with the
* PositionalConstraint set to EXACTLY.
*
*
*
* You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate
* the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the
* WAF Developer Guide.
*
*
* Provide the JA3 fingerprint string from the logs in your string match statement specification, to match
* with any future requests that have the same TLS configuration.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public FieldToMatch withJA3Fingerprint(JA3Fingerprint jA3Fingerprint) {
setJA3Fingerprint(jA3Fingerprint);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getSingleHeader() != null)
sb.append("SingleHeader: ").append(getSingleHeader()).append(",");
if (getSingleQueryArgument() != null)
sb.append("SingleQueryArgument: ").append(getSingleQueryArgument()).append(",");
if (getAllQueryArguments() != null)
sb.append("AllQueryArguments: ").append(getAllQueryArguments()).append(",");
if (getUriPath() != null)
sb.append("UriPath: ").append(getUriPath()).append(",");
if (getQueryString() != null)
sb.append("QueryString: ").append(getQueryString()).append(",");
if (getBody() != null)
sb.append("Body: ").append(getBody()).append(",");
if (getMethod() != null)
sb.append("Method: ").append(getMethod()).append(",");
if (getJsonBody() != null)
sb.append("JsonBody: ").append(getJsonBody()).append(",");
if (getHeaders() != null)
sb.append("Headers: ").append(getHeaders()).append(",");
if (getCookies() != null)
sb.append("Cookies: ").append(getCookies()).append(",");
if (getHeaderOrder() != null)
sb.append("HeaderOrder: ").append(getHeaderOrder()).append(",");
if (getJA3Fingerprint() != null)
sb.append("JA3Fingerprint: ").append(getJA3Fingerprint());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof FieldToMatch == false)
return false;
FieldToMatch other = (FieldToMatch) obj;
if (other.getSingleHeader() == null ^ this.getSingleHeader() == null)
return false;
if (other.getSingleHeader() != null && other.getSingleHeader().equals(this.getSingleHeader()) == false)
return false;
if (other.getSingleQueryArgument() == null ^ this.getSingleQueryArgument() == null)
return false;
if (other.getSingleQueryArgument() != null && other.getSingleQueryArgument().equals(this.getSingleQueryArgument()) == false)
return false;
if (other.getAllQueryArguments() == null ^ this.getAllQueryArguments() == null)
return false;
if (other.getAllQueryArguments() != null && other.getAllQueryArguments().equals(this.getAllQueryArguments()) == false)
return false;
if (other.getUriPath() == null ^ this.getUriPath() == null)
return false;
if (other.getUriPath() != null && other.getUriPath().equals(this.getUriPath()) == false)
return false;
if (other.getQueryString() == null ^ this.getQueryString() == null)
return false;
if (other.getQueryString() != null && other.getQueryString().equals(this.getQueryString()) == false)
return false;
if (other.getBody() == null ^ this.getBody() == null)
return false;
if (other.getBody() != null && other.getBody().equals(this.getBody()) == false)
return false;
if (other.getMethod() == null ^ this.getMethod() == null)
return false;
if (other.getMethod() != null && other.getMethod().equals(this.getMethod()) == false)
return false;
if (other.getJsonBody() == null ^ this.getJsonBody() == null)
return false;
if (other.getJsonBody() != null && other.getJsonBody().equals(this.getJsonBody()) == false)
return false;
if (other.getHeaders() == null ^ this.getHeaders() == null)
return false;
if (other.getHeaders() != null && other.getHeaders().equals(this.getHeaders()) == false)
return false;
if (other.getCookies() == null ^ this.getCookies() == null)
return false;
if (other.getCookies() != null && other.getCookies().equals(this.getCookies()) == false)
return false;
if (other.getHeaderOrder() == null ^ this.getHeaderOrder() == null)
return false;
if (other.getHeaderOrder() != null && other.getHeaderOrder().equals(this.getHeaderOrder()) == false)
return false;
if (other.getJA3Fingerprint() == null ^ this.getJA3Fingerprint() == null)
return false;
if (other.getJA3Fingerprint() != null && other.getJA3Fingerprint().equals(this.getJA3Fingerprint()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getSingleHeader() == null) ? 0 : getSingleHeader().hashCode());
hashCode = prime * hashCode + ((getSingleQueryArgument() == null) ? 0 : getSingleQueryArgument().hashCode());
hashCode = prime * hashCode + ((getAllQueryArguments() == null) ? 0 : getAllQueryArguments().hashCode());
hashCode = prime * hashCode + ((getUriPath() == null) ? 0 : getUriPath().hashCode());
hashCode = prime * hashCode + ((getQueryString() == null) ? 0 : getQueryString().hashCode());
hashCode = prime * hashCode + ((getBody() == null) ? 0 : getBody().hashCode());
hashCode = prime * hashCode + ((getMethod() == null) ? 0 : getMethod().hashCode());
hashCode = prime * hashCode + ((getJsonBody() == null) ? 0 : getJsonBody().hashCode());
hashCode = prime * hashCode + ((getHeaders() == null) ? 0 : getHeaders().hashCode());
hashCode = prime * hashCode + ((getCookies() == null) ? 0 : getCookies().hashCode());
hashCode = prime * hashCode + ((getHeaderOrder() == null) ? 0 : getHeaderOrder().hashCode());
hashCode = prime * hashCode + ((getJA3Fingerprint() == null) ? 0 : getJA3Fingerprint().hashCode());
return hashCode;
}
@Override
public FieldToMatch clone() {
try {
return (FieldToMatch) super.clone();
} catch (CloneNotSupportedException e) {
throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e);
}
}
@com.amazonaws.annotation.SdkInternalApi
@Override
public void marshall(ProtocolMarshaller protocolMarshaller) {
com.amazonaws.services.wafv2.model.transform.FieldToMatchMarshaller.getInstance().marshall(this, protocolMarshaller);
}
}