All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.amazonaws.services.wafv2.model.RateBasedStatement Maven / Gradle / Ivy

Go to download

The AWS Java SDK for AWS WAFV2 module holds the client classes that are used for communicating with AWS WAFV2 Service

There is a newer version: 1.12.780
Show newest version
/*
 * Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
 * the License. A copy of the License is located at
 * 
 * http://aws.amazon.com/apache2.0
 * 
 * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
 * and limitations under the License.
 */
package com.amazonaws.services.wafv2.model;

import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.protocol.StructuredPojo;
import com.amazonaws.protocol.ProtocolMarshaller;

/**
 * 

* A rate-based rule counts incoming requests and rate limits requests when they are coming at too fast a rate. The rule * categorizes requests according to your aggregation criteria, collects them into aggregation instances, and counts and * rate limits the requests for each instance. *

* *

* If you change any of these settings in a rule that's currently in use, the change resets the rule's rate limiting * counts. This can pause the rule's rate limiting activities for up to a minute. *

*
*

* You can specify individual aggregation keys, like IP address or HTTP method. You can also specify aggregation key * combinations, like IP address and HTTP method, or HTTP method, query argument, and cookie. *

*

* Each unique set of values for the aggregation keys that you specify is a separate aggregation instance, with the * value from each key contributing to the aggregation instance definition. *

*

* For example, assume the rule evaluates web requests with the following IP address and HTTP method values: *

*
    *
  • *

    * IP address 10.1.1.1, HTTP method POST *

    *
  • *
  • *

    * IP address 10.1.1.1, HTTP method GET *

    *
  • *
  • *

    * IP address 127.0.0.0, HTTP method POST *

    *
  • *
  • *

    * IP address 10.1.1.1, HTTP method GET *

    *
  • *
*

* The rule would create different aggregation instances according to your aggregation criteria, for example: *

*
    *
  • *

    * If the aggregation criteria is just the IP address, then each individual address is an aggregation instance, and WAF * counts requests separately for each. The aggregation instances and request counts for our example would be the * following: *

    *
      *
    • *

      * IP address 10.1.1.1: count 3 *

      *
    • *
    • *

      * IP address 127.0.0.0: count 1 *

      *
    • *
    *
  • *
  • *

    * If the aggregation criteria is HTTP method, then each individual HTTP method is an aggregation instance. The * aggregation instances and request counts for our example would be the following: *

    *
      *
    • *

      * HTTP method POST: count 2 *

      *
    • *
    • *

      * HTTP method GET: count 2 *

      *
    • *
    *
  • *
  • *

    * If the aggregation criteria is IP address and HTTP method, then each IP address and each HTTP method would contribute * to the combined aggregation instance. The aggregation instances and request counts for our example would be the * following: *

    *
      *
    • *

      * IP address 10.1.1.1, HTTP method POST: count 1 *

      *
    • *
    • *

      * IP address 10.1.1.1, HTTP method GET: count 2 *

      *
    • *
    • *

      * IP address 127.0.0.0, HTTP method POST: count 1 *

      *
    • *
    *
  • *
*

* For any n-tuple of aggregation keys, each unique combination of values for the keys defines a separate aggregation * instance, which WAF counts and rate-limits individually. *

*

* You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it * only counts and rate limits requests that match the nested statement. You can use this nested scope-down statement in * conjunction with your aggregation key specifications or you can just count and rate limit all requests that match the * scope-down statement, without additional aggregation. When you choose to just manage all requests that match a * scope-down statement, the aggregation instance is singular for the rule. *

*

* You cannot nest a RateBasedStatement inside another statement, for example inside a * NotStatement or OrStatement. You can define a RateBasedStatement inside a web * ACL and inside a rule group. *

*

* For additional information about the options, see Rate limiting web requests * using rate-based rules in the WAF Developer Guide. *

*

* If you only aggregate on the individual IP address or forwarded IP address, you can retrieve the list of IP addresses * that WAF is currently rate limiting for a rule through the API call GetRateBasedStatementManagedKeys. * This option is not available for other aggregation configurations. *

*

* WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if * you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate * instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule * inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the * rate-based rule that gets its own tracking and management by WAF. *

* * @see AWS API * Documentation */ @Generated("com.amazonaws:aws-java-sdk-code-generator") public class RateBasedStatement implements Serializable, Cloneable, StructuredPojo { /** *

* The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If the * rate-based statement includes a ScopeDownStatement, this limit is applied only to the requests that * match the statement. *

*

* Examples: *

*
    *
  • *

    * If you aggregate on just the IP address, this is the limit on requests from any single IP address. *

    *
  • *
  • *

    * If you aggregate on the HTTP method and the query argument name "city", then this is the limit on requests for * any single method, city pair. *

    *
  • *
*/ private Long limit; /** *

* The amount of time, in seconds, that WAF should include in its request counts, looking back from the current * time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the 2 minutes * immediately preceding the current time. Valid settings are 60, 120, 300, and 600. *

*

* This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it checks. WAF * checks the rate about every 10 seconds. *

*

* Default: 300 (5 minutes) *

*/ private Long evaluationWindowSec; /** *

* Setting that indicates how to aggregate the request counts. *

* *

* Web requests that are missing any of the components specified in the aggregation keys are omitted from the * rate-based rule evaluation and handling. *

*
*
    *
  • *

    * CONSTANT - Count and limit the requests that match the rate-based rule's scope-down statement. With * this option, the counted requests aren't further aggregated. The scope-down statement is the only specification * used. When the count of all requests that satisfy the scope-down statement goes over the limit, WAF applies the * rule action to all requests that satisfy the scope-down statement. *

    *

    * With this option, you must configure the ScopeDownStatement property. *

    *
  • *
  • *

    * CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the aggregate * keys. *

    *

    * With this option, you must specify the aggregate keys in the CustomKeys property. *

    *

    * To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set the * aggregate key type to IP or FORWARDED_IP. *

    *
  • *
  • *

    * FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. *

    *

    * With this option, you must specify the header to use in the ForwardedIPConfig property. *

    *

    * To aggregate on a combination of the forwarded IP address with other aggregate keys, use CUSTOM_KEYS * . *

    *
  • *
  • *

    * IP - Aggregate the request counts on the IP address from the web request origin. *

    *

    * To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS. *

    *
  • *
*/ private String aggregateKeyType; /** *

* An optional nested statement that narrows the scope of the web requests that are evaluated and managed by the * rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate limits * requests that match the scope-down statement. You can use any nestable Statement in the scope-down * statement, and you can nest statements at any level, the same as you can for a rule statement. *

*/ private Statement scopeDownStatement; /** *

* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address * that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can * specify any header name. *

* *

* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all. *

*
*

* This is required if you specify a forwarded IP in the rule's aggregate key settings. *

*/ private ForwardedIPConfig forwardedIPConfig; /** *

* Specifies the aggregate keys to use in a rate-base rule. *

*/ private java.util.List customKeys; /** *

* The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If the * rate-based statement includes a ScopeDownStatement, this limit is applied only to the requests that * match the statement. *

*

* Examples: *

*
    *
  • *

    * If you aggregate on just the IP address, this is the limit on requests from any single IP address. *

    *
  • *
  • *

    * If you aggregate on the HTTP method and the query argument name "city", then this is the limit on requests for * any single method, city pair. *

    *
  • *
* * @param limit * The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If * the rate-based statement includes a ScopeDownStatement, this limit is applied only to the * requests that match the statement.

*

* Examples: *

*
    *
  • *

    * If you aggregate on just the IP address, this is the limit on requests from any single IP address. *

    *
  • *
  • *

    * If you aggregate on the HTTP method and the query argument name "city", then this is the limit on requests * for any single method, city pair. *

    *
  • */ public void setLimit(Long limit) { this.limit = limit; } /** *

    * The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If the * rate-based statement includes a ScopeDownStatement, this limit is applied only to the requests that * match the statement. *

    *

    * Examples: *

    *
      *
    • *

      * If you aggregate on just the IP address, this is the limit on requests from any single IP address. *

      *
    • *
    • *

      * If you aggregate on the HTTP method and the query argument name "city", then this is the limit on requests for * any single method, city pair. *

      *
    • *
    * * @return The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If * the rate-based statement includes a ScopeDownStatement, this limit is applied only to the * requests that match the statement.

    *

    * Examples: *

    *
      *
    • *

      * If you aggregate on just the IP address, this is the limit on requests from any single IP address. *

      *
    • *
    • *

      * If you aggregate on the HTTP method and the query argument name "city", then this is the limit on * requests for any single method, city pair. *

      *
    • */ public Long getLimit() { return this.limit; } /** *

      * The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If the * rate-based statement includes a ScopeDownStatement, this limit is applied only to the requests that * match the statement. *

      *

      * Examples: *

      *
        *
      • *

        * If you aggregate on just the IP address, this is the limit on requests from any single IP address. *

        *
      • *
      • *

        * If you aggregate on the HTTP method and the query argument name "city", then this is the limit on requests for * any single method, city pair. *

        *
      • *
      * * @param limit * The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If * the rate-based statement includes a ScopeDownStatement, this limit is applied only to the * requests that match the statement.

      *

      * Examples: *

      *
        *
      • *

        * If you aggregate on just the IP address, this is the limit on requests from any single IP address. *

        *
      • *
      • *

        * If you aggregate on the HTTP method and the query argument name "city", then this is the limit on requests * for any single method, city pair. *

        *
      • * @return Returns a reference to this object so that method calls can be chained together. */ public RateBasedStatement withLimit(Long limit) { setLimit(limit); return this; } /** *

        * The amount of time, in seconds, that WAF should include in its request counts, looking back from the current * time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the 2 minutes * immediately preceding the current time. Valid settings are 60, 120, 300, and 600. *

        *

        * This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it checks. WAF * checks the rate about every 10 seconds. *

        *

        * Default: 300 (5 minutes) *

        * * @param evaluationWindowSec * The amount of time, in seconds, that WAF should include in its request counts, looking back from the * current time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the * 2 minutes immediately preceding the current time. Valid settings are 60, 120, 300, and 600.

        *

        * This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it * checks. WAF checks the rate about every 10 seconds. *

        *

        * Default: 300 (5 minutes) */ public void setEvaluationWindowSec(Long evaluationWindowSec) { this.evaluationWindowSec = evaluationWindowSec; } /** *

        * The amount of time, in seconds, that WAF should include in its request counts, looking back from the current * time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the 2 minutes * immediately preceding the current time. Valid settings are 60, 120, 300, and 600. *

        *

        * This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it checks. WAF * checks the rate about every 10 seconds. *

        *

        * Default: 300 (5 minutes) *

        * * @return The amount of time, in seconds, that WAF should include in its request counts, looking back from the * current time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the * 2 minutes immediately preceding the current time. Valid settings are 60, 120, 300, and 600.

        *

        * This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it * checks. WAF checks the rate about every 10 seconds. *

        *

        * Default: 300 (5 minutes) */ public Long getEvaluationWindowSec() { return this.evaluationWindowSec; } /** *

        * The amount of time, in seconds, that WAF should include in its request counts, looking back from the current * time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the 2 minutes * immediately preceding the current time. Valid settings are 60, 120, 300, and 600. *

        *

        * This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it checks. WAF * checks the rate about every 10 seconds. *

        *

        * Default: 300 (5 minutes) *

        * * @param evaluationWindowSec * The amount of time, in seconds, that WAF should include in its request counts, looking back from the * current time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the * 2 minutes immediately preceding the current time. Valid settings are 60, 120, 300, and 600.

        *

        * This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it * checks. WAF checks the rate about every 10 seconds. *

        *

        * Default: 300 (5 minutes) * @return Returns a reference to this object so that method calls can be chained together. */ public RateBasedStatement withEvaluationWindowSec(Long evaluationWindowSec) { setEvaluationWindowSec(evaluationWindowSec); return this; } /** *

        * Setting that indicates how to aggregate the request counts. *

        * *

        * Web requests that are missing any of the components specified in the aggregation keys are omitted from the * rate-based rule evaluation and handling. *

        *
        *
          *
        • *

          * CONSTANT - Count and limit the requests that match the rate-based rule's scope-down statement. With * this option, the counted requests aren't further aggregated. The scope-down statement is the only specification * used. When the count of all requests that satisfy the scope-down statement goes over the limit, WAF applies the * rule action to all requests that satisfy the scope-down statement. *

          *

          * With this option, you must configure the ScopeDownStatement property. *

          *
        • *
        • *

          * CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the aggregate * keys. *

          *

          * With this option, you must specify the aggregate keys in the CustomKeys property. *

          *

          * To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set the * aggregate key type to IP or FORWARDED_IP. *

          *
        • *
        • *

          * FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. *

          *

          * With this option, you must specify the header to use in the ForwardedIPConfig property. *

          *

          * To aggregate on a combination of the forwarded IP address with other aggregate keys, use CUSTOM_KEYS * . *

          *
        • *
        • *

          * IP - Aggregate the request counts on the IP address from the web request origin. *

          *

          * To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS. *

          *
        • *
        * * @param aggregateKeyType * Setting that indicates how to aggregate the request counts.

        *

        * Web requests that are missing any of the components specified in the aggregation keys are omitted from the * rate-based rule evaluation and handling. *

        *
        *
          *
        • *

          * CONSTANT - Count and limit the requests that match the rate-based rule's scope-down * statement. With this option, the counted requests aren't further aggregated. The scope-down statement is * the only specification used. When the count of all requests that satisfy the scope-down statement goes * over the limit, WAF applies the rule action to all requests that satisfy the scope-down statement. *

          *

          * With this option, you must configure the ScopeDownStatement property. *

          *
        • *
        • *

          * CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the * aggregate keys. *

          *

          * With this option, you must specify the aggregate keys in the CustomKeys property. *

          *

          * To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set * the aggregate key type to IP or FORWARDED_IP. *

          *
        • *
        • *

          * FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. *

          *

          * With this option, you must specify the header to use in the ForwardedIPConfig property. *

          *

          * To aggregate on a combination of the forwarded IP address with other aggregate keys, use * CUSTOM_KEYS. *

          *
        • *
        • *

          * IP - Aggregate the request counts on the IP address from the web request origin. *

          *

          * To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS. *

          *
        • * @see RateBasedStatementAggregateKeyType */ public void setAggregateKeyType(String aggregateKeyType) { this.aggregateKeyType = aggregateKeyType; } /** *

          * Setting that indicates how to aggregate the request counts. *

          * *

          * Web requests that are missing any of the components specified in the aggregation keys are omitted from the * rate-based rule evaluation and handling. *

          *
          *
            *
          • *

            * CONSTANT - Count and limit the requests that match the rate-based rule's scope-down statement. With * this option, the counted requests aren't further aggregated. The scope-down statement is the only specification * used. When the count of all requests that satisfy the scope-down statement goes over the limit, WAF applies the * rule action to all requests that satisfy the scope-down statement. *

            *

            * With this option, you must configure the ScopeDownStatement property. *

            *
          • *
          • *

            * CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the aggregate * keys. *

            *

            * With this option, you must specify the aggregate keys in the CustomKeys property. *

            *

            * To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set the * aggregate key type to IP or FORWARDED_IP. *

            *
          • *
          • *

            * FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. *

            *

            * With this option, you must specify the header to use in the ForwardedIPConfig property. *

            *

            * To aggregate on a combination of the forwarded IP address with other aggregate keys, use CUSTOM_KEYS * . *

            *
          • *
          • *

            * IP - Aggregate the request counts on the IP address from the web request origin. *

            *

            * To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS. *

            *
          • *
          * * @return Setting that indicates how to aggregate the request counts.

          *

          * Web requests that are missing any of the components specified in the aggregation keys are omitted from * the rate-based rule evaluation and handling. *

          *
          *
            *
          • *

            * CONSTANT - Count and limit the requests that match the rate-based rule's scope-down * statement. With this option, the counted requests aren't further aggregated. The scope-down statement is * the only specification used. When the count of all requests that satisfy the scope-down statement goes * over the limit, WAF applies the rule action to all requests that satisfy the scope-down statement. *

            *

            * With this option, you must configure the ScopeDownStatement property. *

            *
          • *
          • *

            * CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the * aggregate keys. *

            *

            * With this option, you must specify the aggregate keys in the CustomKeys property. *

            *

            * To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set * the aggregate key type to IP or FORWARDED_IP. *

            *
          • *
          • *

            * FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. *

            *

            * With this option, you must specify the header to use in the ForwardedIPConfig property. *

            *

            * To aggregate on a combination of the forwarded IP address with other aggregate keys, use * CUSTOM_KEYS. *

            *
          • *
          • *

            * IP - Aggregate the request counts on the IP address from the web request origin. *

            *

            * To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS. *

            *
          • * @see RateBasedStatementAggregateKeyType */ public String getAggregateKeyType() { return this.aggregateKeyType; } /** *

            * Setting that indicates how to aggregate the request counts. *

            * *

            * Web requests that are missing any of the components specified in the aggregation keys are omitted from the * rate-based rule evaluation and handling. *

            *
            *
              *
            • *

              * CONSTANT - Count and limit the requests that match the rate-based rule's scope-down statement. With * this option, the counted requests aren't further aggregated. The scope-down statement is the only specification * used. When the count of all requests that satisfy the scope-down statement goes over the limit, WAF applies the * rule action to all requests that satisfy the scope-down statement. *

              *

              * With this option, you must configure the ScopeDownStatement property. *

              *
            • *
            • *

              * CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the aggregate * keys. *

              *

              * With this option, you must specify the aggregate keys in the CustomKeys property. *

              *

              * To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set the * aggregate key type to IP or FORWARDED_IP. *

              *
            • *
            • *

              * FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. *

              *

              * With this option, you must specify the header to use in the ForwardedIPConfig property. *

              *

              * To aggregate on a combination of the forwarded IP address with other aggregate keys, use CUSTOM_KEYS * . *

              *
            • *
            • *

              * IP - Aggregate the request counts on the IP address from the web request origin. *

              *

              * To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS. *

              *
            • *
            * * @param aggregateKeyType * Setting that indicates how to aggregate the request counts.

            *

            * Web requests that are missing any of the components specified in the aggregation keys are omitted from the * rate-based rule evaluation and handling. *

            *
            *
              *
            • *

              * CONSTANT - Count and limit the requests that match the rate-based rule's scope-down * statement. With this option, the counted requests aren't further aggregated. The scope-down statement is * the only specification used. When the count of all requests that satisfy the scope-down statement goes * over the limit, WAF applies the rule action to all requests that satisfy the scope-down statement. *

              *

              * With this option, you must configure the ScopeDownStatement property. *

              *
            • *
            • *

              * CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the * aggregate keys. *

              *

              * With this option, you must specify the aggregate keys in the CustomKeys property. *

              *

              * To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set * the aggregate key type to IP or FORWARDED_IP. *

              *
            • *
            • *

              * FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. *

              *

              * With this option, you must specify the header to use in the ForwardedIPConfig property. *

              *

              * To aggregate on a combination of the forwarded IP address with other aggregate keys, use * CUSTOM_KEYS. *

              *
            • *
            • *

              * IP - Aggregate the request counts on the IP address from the web request origin. *

              *

              * To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS. *

              *
            • * @return Returns a reference to this object so that method calls can be chained together. * @see RateBasedStatementAggregateKeyType */ public RateBasedStatement withAggregateKeyType(String aggregateKeyType) { setAggregateKeyType(aggregateKeyType); return this; } /** *

              * Setting that indicates how to aggregate the request counts. *

              * *

              * Web requests that are missing any of the components specified in the aggregation keys are omitted from the * rate-based rule evaluation and handling. *

              *
              *
                *
              • *

                * CONSTANT - Count and limit the requests that match the rate-based rule's scope-down statement. With * this option, the counted requests aren't further aggregated. The scope-down statement is the only specification * used. When the count of all requests that satisfy the scope-down statement goes over the limit, WAF applies the * rule action to all requests that satisfy the scope-down statement. *

                *

                * With this option, you must configure the ScopeDownStatement property. *

                *
              • *
              • *

                * CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the aggregate * keys. *

                *

                * With this option, you must specify the aggregate keys in the CustomKeys property. *

                *

                * To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set the * aggregate key type to IP or FORWARDED_IP. *

                *
              • *
              • *

                * FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. *

                *

                * With this option, you must specify the header to use in the ForwardedIPConfig property. *

                *

                * To aggregate on a combination of the forwarded IP address with other aggregate keys, use CUSTOM_KEYS * . *

                *
              • *
              • *

                * IP - Aggregate the request counts on the IP address from the web request origin. *

                *

                * To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS. *

                *
              • *
              * * @param aggregateKeyType * Setting that indicates how to aggregate the request counts.

              *

              * Web requests that are missing any of the components specified in the aggregation keys are omitted from the * rate-based rule evaluation and handling. *

              *
              *
                *
              • *

                * CONSTANT - Count and limit the requests that match the rate-based rule's scope-down * statement. With this option, the counted requests aren't further aggregated. The scope-down statement is * the only specification used. When the count of all requests that satisfy the scope-down statement goes * over the limit, WAF applies the rule action to all requests that satisfy the scope-down statement. *

                *

                * With this option, you must configure the ScopeDownStatement property. *

                *
              • *
              • *

                * CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the * aggregate keys. *

                *

                * With this option, you must specify the aggregate keys in the CustomKeys property. *

                *

                * To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set * the aggregate key type to IP or FORWARDED_IP. *

                *
              • *
              • *

                * FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. *

                *

                * With this option, you must specify the header to use in the ForwardedIPConfig property. *

                *

                * To aggregate on a combination of the forwarded IP address with other aggregate keys, use * CUSTOM_KEYS. *

                *
              • *
              • *

                * IP - Aggregate the request counts on the IP address from the web request origin. *

                *

                * To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS. *

                *
              • * @return Returns a reference to this object so that method calls can be chained together. * @see RateBasedStatementAggregateKeyType */ public RateBasedStatement withAggregateKeyType(RateBasedStatementAggregateKeyType aggregateKeyType) { this.aggregateKeyType = aggregateKeyType.toString(); return this; } /** *

                * An optional nested statement that narrows the scope of the web requests that are evaluated and managed by the * rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate limits * requests that match the scope-down statement. You can use any nestable Statement in the scope-down * statement, and you can nest statements at any level, the same as you can for a rule statement. *

                * * @param scopeDownStatement * An optional nested statement that narrows the scope of the web requests that are evaluated and managed by * the rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate * limits requests that match the scope-down statement. You can use any nestable Statement in the * scope-down statement, and you can nest statements at any level, the same as you can for a rule statement. */ public void setScopeDownStatement(Statement scopeDownStatement) { this.scopeDownStatement = scopeDownStatement; } /** *

                * An optional nested statement that narrows the scope of the web requests that are evaluated and managed by the * rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate limits * requests that match the scope-down statement. You can use any nestable Statement in the scope-down * statement, and you can nest statements at any level, the same as you can for a rule statement. *

                * * @return An optional nested statement that narrows the scope of the web requests that are evaluated and managed by * the rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate * limits requests that match the scope-down statement. You can use any nestable Statement in the * scope-down statement, and you can nest statements at any level, the same as you can for a rule statement. */ public Statement getScopeDownStatement() { return this.scopeDownStatement; } /** *

                * An optional nested statement that narrows the scope of the web requests that are evaluated and managed by the * rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate limits * requests that match the scope-down statement. You can use any nestable Statement in the scope-down * statement, and you can nest statements at any level, the same as you can for a rule statement. *

                * * @param scopeDownStatement * An optional nested statement that narrows the scope of the web requests that are evaluated and managed by * the rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate * limits requests that match the scope-down statement. You can use any nestable Statement in the * scope-down statement, and you can nest statements at any level, the same as you can for a rule statement. * @return Returns a reference to this object so that method calls can be chained together. */ public RateBasedStatement withScopeDownStatement(Statement scopeDownStatement) { setScopeDownStatement(scopeDownStatement); return this; } /** *

                * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address * that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can * specify any header name. *

                * *

                * If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all. *

                *
                *

                * This is required if you specify a forwarded IP in the rule's aggregate key settings. *

                * * @param forwardedIPConfig * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP * address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but * you can specify any header name.

                *

                * If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at * all. *

                *
                *

                * This is required if you specify a forwarded IP in the rule's aggregate key settings. */ public void setForwardedIPConfig(ForwardedIPConfig forwardedIPConfig) { this.forwardedIPConfig = forwardedIPConfig; } /** *

                * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address * that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can * specify any header name. *

                * *

                * If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all. *

                *
                *

                * This is required if you specify a forwarded IP in the rule's aggregate key settings. *

                * * @return The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP * address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, * but you can specify any header name.

                *

                * If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at * all. *

                *
                *

                * This is required if you specify a forwarded IP in the rule's aggregate key settings. */ public ForwardedIPConfig getForwardedIPConfig() { return this.forwardedIPConfig; } /** *

                * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address * that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can * specify any header name. *

                * *

                * If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all. *

                *
                *

                * This is required if you specify a forwarded IP in the rule's aggregate key settings. *

                * * @param forwardedIPConfig * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP * address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but * you can specify any header name.

                *

                * If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at * all. *

                *
                *

                * This is required if you specify a forwarded IP in the rule's aggregate key settings. * @return Returns a reference to this object so that method calls can be chained together. */ public RateBasedStatement withForwardedIPConfig(ForwardedIPConfig forwardedIPConfig) { setForwardedIPConfig(forwardedIPConfig); return this; } /** *

                * Specifies the aggregate keys to use in a rate-base rule. *

                * * @return Specifies the aggregate keys to use in a rate-base rule. */ public java.util.List getCustomKeys() { return customKeys; } /** *

                * Specifies the aggregate keys to use in a rate-base rule. *

                * * @param customKeys * Specifies the aggregate keys to use in a rate-base rule. */ public void setCustomKeys(java.util.Collection customKeys) { if (customKeys == null) { this.customKeys = null; return; } this.customKeys = new java.util.ArrayList(customKeys); } /** *

                * Specifies the aggregate keys to use in a rate-base rule. *

                *

                * NOTE: This method appends the values to the existing list (if any). Use * {@link #setCustomKeys(java.util.Collection)} or {@link #withCustomKeys(java.util.Collection)} if you want to * override the existing values. *

                * * @param customKeys * Specifies the aggregate keys to use in a rate-base rule. * @return Returns a reference to this object so that method calls can be chained together. */ public RateBasedStatement withCustomKeys(RateBasedStatementCustomKey... customKeys) { if (this.customKeys == null) { setCustomKeys(new java.util.ArrayList(customKeys.length)); } for (RateBasedStatementCustomKey ele : customKeys) { this.customKeys.add(ele); } return this; } /** *

                * Specifies the aggregate keys to use in a rate-base rule. *

                * * @param customKeys * Specifies the aggregate keys to use in a rate-base rule. * @return Returns a reference to this object so that method calls can be chained together. */ public RateBasedStatement withCustomKeys(java.util.Collection customKeys) { setCustomKeys(customKeys); return this; } /** * Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be * redacted from this string using a placeholder value. * * @return A string representation of this object. * * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getLimit() != null) sb.append("Limit: ").append(getLimit()).append(","); if (getEvaluationWindowSec() != null) sb.append("EvaluationWindowSec: ").append(getEvaluationWindowSec()).append(","); if (getAggregateKeyType() != null) sb.append("AggregateKeyType: ").append(getAggregateKeyType()).append(","); if (getScopeDownStatement() != null) sb.append("ScopeDownStatement: ").append(getScopeDownStatement()).append(","); if (getForwardedIPConfig() != null) sb.append("ForwardedIPConfig: ").append(getForwardedIPConfig()).append(","); if (getCustomKeys() != null) sb.append("CustomKeys: ").append(getCustomKeys()); sb.append("}"); return sb.toString(); } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof RateBasedStatement == false) return false; RateBasedStatement other = (RateBasedStatement) obj; if (other.getLimit() == null ^ this.getLimit() == null) return false; if (other.getLimit() != null && other.getLimit().equals(this.getLimit()) == false) return false; if (other.getEvaluationWindowSec() == null ^ this.getEvaluationWindowSec() == null) return false; if (other.getEvaluationWindowSec() != null && other.getEvaluationWindowSec().equals(this.getEvaluationWindowSec()) == false) return false; if (other.getAggregateKeyType() == null ^ this.getAggregateKeyType() == null) return false; if (other.getAggregateKeyType() != null && other.getAggregateKeyType().equals(this.getAggregateKeyType()) == false) return false; if (other.getScopeDownStatement() == null ^ this.getScopeDownStatement() == null) return false; if (other.getScopeDownStatement() != null && other.getScopeDownStatement().equals(this.getScopeDownStatement()) == false) return false; if (other.getForwardedIPConfig() == null ^ this.getForwardedIPConfig() == null) return false; if (other.getForwardedIPConfig() != null && other.getForwardedIPConfig().equals(this.getForwardedIPConfig()) == false) return false; if (other.getCustomKeys() == null ^ this.getCustomKeys() == null) return false; if (other.getCustomKeys() != null && other.getCustomKeys().equals(this.getCustomKeys()) == false) return false; return true; } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getLimit() == null) ? 0 : getLimit().hashCode()); hashCode = prime * hashCode + ((getEvaluationWindowSec() == null) ? 0 : getEvaluationWindowSec().hashCode()); hashCode = prime * hashCode + ((getAggregateKeyType() == null) ? 0 : getAggregateKeyType().hashCode()); hashCode = prime * hashCode + ((getScopeDownStatement() == null) ? 0 : getScopeDownStatement().hashCode()); hashCode = prime * hashCode + ((getForwardedIPConfig() == null) ? 0 : getForwardedIPConfig().hashCode()); hashCode = prime * hashCode + ((getCustomKeys() == null) ? 0 : getCustomKeys().hashCode()); return hashCode; } @Override public RateBasedStatement clone() { try { return (RateBasedStatement) super.clone(); } catch (CloneNotSupportedException e) { throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e); } } @com.amazonaws.annotation.SdkInternalApi @Override public void marshall(ProtocolMarshaller protocolMarshaller) { com.amazonaws.services.wafv2.model.transform.RateBasedStatementMarshaller.getInstance().marshall(this, protocolMarshaller); } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy