com.amazonaws.services.wafv2.model.RateBasedStatement Maven / Gradle / Ivy
Show all versions of aws-java-sdk-wafv2 Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.wafv2.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.protocol.StructuredPojo;
import com.amazonaws.protocol.ProtocolMarshaller;
/**
*
* A rate-based rule counts incoming requests and rate limits requests when they are coming at too fast a rate. The rule
* categorizes requests according to your aggregation criteria, collects them into aggregation instances, and counts and
* rate limits the requests for each instance.
*
*
*
* If you change any of these settings in a rule that's currently in use, the change resets the rule's rate limiting
* counts. This can pause the rule's rate limiting activities for up to a minute.
*
*
*
* You can specify individual aggregation keys, like IP address or HTTP method. You can also specify aggregation key
* combinations, like IP address and HTTP method, or HTTP method, query argument, and cookie.
*
*
* Each unique set of values for the aggregation keys that you specify is a separate aggregation instance, with the
* value from each key contributing to the aggregation instance definition.
*
*
* For example, assume the rule evaluates web requests with the following IP address and HTTP method values:
*
*
* -
*
* IP address 10.1.1.1, HTTP method POST
*
*
* -
*
* IP address 10.1.1.1, HTTP method GET
*
*
* -
*
* IP address 127.0.0.0, HTTP method POST
*
*
* -
*
* IP address 10.1.1.1, HTTP method GET
*
*
*
*
* The rule would create different aggregation instances according to your aggregation criteria, for example:
*
*
* -
*
* If the aggregation criteria is just the IP address, then each individual address is an aggregation instance, and WAF
* counts requests separately for each. The aggregation instances and request counts for our example would be the
* following:
*
*
* -
*
* IP address 10.1.1.1: count 3
*
*
* -
*
* IP address 127.0.0.0: count 1
*
*
*
*
* -
*
* If the aggregation criteria is HTTP method, then each individual HTTP method is an aggregation instance. The
* aggregation instances and request counts for our example would be the following:
*
*
* -
*
* HTTP method POST: count 2
*
*
* -
*
* HTTP method GET: count 2
*
*
*
*
* -
*
* If the aggregation criteria is IP address and HTTP method, then each IP address and each HTTP method would contribute
* to the combined aggregation instance. The aggregation instances and request counts for our example would be the
* following:
*
*
* -
*
* IP address 10.1.1.1, HTTP method POST: count 1
*
*
* -
*
* IP address 10.1.1.1, HTTP method GET: count 2
*
*
* -
*
* IP address 127.0.0.0, HTTP method POST: count 1
*
*
*
*
*
*
* For any n-tuple of aggregation keys, each unique combination of values for the keys defines a separate aggregation
* instance, which WAF counts and rate-limits individually.
*
*
* You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it
* only counts and rate limits requests that match the nested statement. You can use this nested scope-down statement in
* conjunction with your aggregation key specifications or you can just count and rate limit all requests that match the
* scope-down statement, without additional aggregation. When you choose to just manage all requests that match a
* scope-down statement, the aggregation instance is singular for the rule.
*
*
* You cannot nest a RateBasedStatement inside another statement, for example inside a
* NotStatement or OrStatement. You can define a RateBasedStatement inside a web
* ACL and inside a rule group.
*
*
* For additional information about the options, see Rate limiting web requests
* using rate-based rules in the WAF Developer Guide.
*
*
* If you only aggregate on the individual IP address or forwarded IP address, you can retrieve the list of IP addresses
* that WAF is currently rate limiting for a rule through the API call GetRateBasedStatementManagedKeys.
* This option is not available for other aggregation configurations.
*
*
* WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if
* you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate
* instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule
* inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the
* rate-based rule that gets its own tracking and management by WAF.
*
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class RateBasedStatement implements Serializable, Cloneable, StructuredPojo {
/**
*
* The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If the
* rate-based statement includes a ScopeDownStatement, this limit is applied only to the requests that
* match the statement.
*
*
* Examples:
*
*
* -
*
* If you aggregate on just the IP address, this is the limit on requests from any single IP address.
*
*
* -
*
* If you aggregate on the HTTP method and the query argument name "city", then this is the limit on requests for
* any single method, city pair.
*
*
*
*/
private Long limit;
/**
*
* The amount of time, in seconds, that WAF should include in its request counts, looking back from the current
* time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the 2 minutes
* immediately preceding the current time. Valid settings are 60, 120, 300, and 600.
*
*
* This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it checks. WAF
* checks the rate about every 10 seconds.
*
*
* Default: 300 (5 minutes)
*
*/
private Long evaluationWindowSec;
/**
*
* Setting that indicates how to aggregate the request counts.
*
*
*
* Web requests that are missing any of the components specified in the aggregation keys are omitted from the
* rate-based rule evaluation and handling.
*
*
*
* -
*
* CONSTANT - Count and limit the requests that match the rate-based rule's scope-down statement. With
* this option, the counted requests aren't further aggregated. The scope-down statement is the only specification
* used. When the count of all requests that satisfy the scope-down statement goes over the limit, WAF applies the
* rule action to all requests that satisfy the scope-down statement.
*
*
* With this option, you must configure the ScopeDownStatement property.
*
*
* -
*
* CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the aggregate
* keys.
*
*
* With this option, you must specify the aggregate keys in the CustomKeys property.
*
*
* To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set the
* aggregate key type to IP or FORWARDED_IP.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header.
*
*
* With this option, you must specify the header to use in the ForwardedIPConfig property.
*
*
* To aggregate on a combination of the forwarded IP address with other aggregate keys, use CUSTOM_KEYS
* .
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS.
*
*
*
*/
private String aggregateKeyType;
/**
*
* An optional nested statement that narrows the scope of the web requests that are evaluated and managed by the
* rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate limits
* requests that match the scope-down statement. You can use any nestable Statement in the scope-down
* statement, and you can nest statements at any level, the same as you can for a rule statement.
*
*/
private Statement scopeDownStatement;
/**
*
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address
* that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can
* specify any header name.
*
*
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
*
*
*
* This is required if you specify a forwarded IP in the rule's aggregate key settings.
*
*/
private ForwardedIPConfig forwardedIPConfig;
/**
*
* Specifies the aggregate keys to use in a rate-base rule.
*
*/
private java.util.List customKeys;
/**
*
* The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If the
* rate-based statement includes a ScopeDownStatement, this limit is applied only to the requests that
* match the statement.
*
*
* Examples:
*
*
* -
*
* If you aggregate on just the IP address, this is the limit on requests from any single IP address.
*
*
* -
*
* If you aggregate on the HTTP method and the query argument name "city", then this is the limit on requests for
* any single method, city pair.
*
*
*
*
* @param limit
* The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If
* the rate-based statement includes a ScopeDownStatement, this limit is applied only to the
* requests that match the statement.
*
* Examples:
*
*
* -
*
* If you aggregate on just the IP address, this is the limit on requests from any single IP address.
*
*
* -
*
* If you aggregate on the HTTP method and the query argument name "city", then this is the limit on requests
* for any single method, city pair.
*
*
*/
public void setLimit(Long limit) {
this.limit = limit;
}
/**
*
* The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If the
* rate-based statement includes a ScopeDownStatement, this limit is applied only to the requests that
* match the statement.
*
*
* Examples:
*
*
* -
*
* If you aggregate on just the IP address, this is the limit on requests from any single IP address.
*
*
* -
*
* If you aggregate on the HTTP method and the query argument name "city", then this is the limit on requests for
* any single method, city pair.
*
*
*
*
* @return The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If
* the rate-based statement includes a ScopeDownStatement, this limit is applied only to the
* requests that match the statement.
*
* Examples:
*
*
* -
*
* If you aggregate on just the IP address, this is the limit on requests from any single IP address.
*
*
* -
*
* If you aggregate on the HTTP method and the query argument name "city", then this is the limit on
* requests for any single method, city pair.
*
*
*/
public Long getLimit() {
return this.limit;
}
/**
*
* The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If the
* rate-based statement includes a ScopeDownStatement, this limit is applied only to the requests that
* match the statement.
*
*
* Examples:
*
*
* -
*
* If you aggregate on just the IP address, this is the limit on requests from any single IP address.
*
*
* -
*
* If you aggregate on the HTTP method and the query argument name "city", then this is the limit on requests for
* any single method, city pair.
*
*
*
*
* @param limit
* The limit on requests per 5-minute period for a single aggregation instance for the rate-based rule. If
* the rate-based statement includes a ScopeDownStatement, this limit is applied only to the
* requests that match the statement.
*
* Examples:
*
*
* -
*
* If you aggregate on just the IP address, this is the limit on requests from any single IP address.
*
*
* -
*
* If you aggregate on the HTTP method and the query argument name "city", then this is the limit on requests
* for any single method, city pair.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RateBasedStatement withLimit(Long limit) {
setLimit(limit);
return this;
}
/**
*
* The amount of time, in seconds, that WAF should include in its request counts, looking back from the current
* time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the 2 minutes
* immediately preceding the current time. Valid settings are 60, 120, 300, and 600.
*
*
* This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it checks. WAF
* checks the rate about every 10 seconds.
*
*
* Default: 300 (5 minutes)
*
*
* @param evaluationWindowSec
* The amount of time, in seconds, that WAF should include in its request counts, looking back from the
* current time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the
* 2 minutes immediately preceding the current time. Valid settings are 60, 120, 300, and 600.
*
* This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it
* checks. WAF checks the rate about every 10 seconds.
*
*
* Default: 300 (5 minutes)
*/
public void setEvaluationWindowSec(Long evaluationWindowSec) {
this.evaluationWindowSec = evaluationWindowSec;
}
/**
*
* The amount of time, in seconds, that WAF should include in its request counts, looking back from the current
* time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the 2 minutes
* immediately preceding the current time. Valid settings are 60, 120, 300, and 600.
*
*
* This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it checks. WAF
* checks the rate about every 10 seconds.
*
*
* Default: 300 (5 minutes)
*
*
* @return The amount of time, in seconds, that WAF should include in its request counts, looking back from the
* current time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the
* 2 minutes immediately preceding the current time. Valid settings are 60, 120, 300, and 600.
*
* This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it
* checks. WAF checks the rate about every 10 seconds.
*
*
* Default: 300 (5 minutes)
*/
public Long getEvaluationWindowSec() {
return this.evaluationWindowSec;
}
/**
*
* The amount of time, in seconds, that WAF should include in its request counts, looking back from the current
* time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the 2 minutes
* immediately preceding the current time. Valid settings are 60, 120, 300, and 600.
*
*
* This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it checks. WAF
* checks the rate about every 10 seconds.
*
*
* Default: 300 (5 minutes)
*
*
* @param evaluationWindowSec
* The amount of time, in seconds, that WAF should include in its request counts, looking back from the
* current time. For example, for a setting of 120, when WAF checks the rate, it counts the requests for the
* 2 minutes immediately preceding the current time. Valid settings are 60, 120, 300, and 600.
*
* This setting doesn't determine how often WAF checks the rate, but how far back it looks each time it
* checks. WAF checks the rate about every 10 seconds.
*
*
* Default: 300 (5 minutes)
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RateBasedStatement withEvaluationWindowSec(Long evaluationWindowSec) {
setEvaluationWindowSec(evaluationWindowSec);
return this;
}
/**
*
* Setting that indicates how to aggregate the request counts.
*
*
*
* Web requests that are missing any of the components specified in the aggregation keys are omitted from the
* rate-based rule evaluation and handling.
*
*
*
* -
*
* CONSTANT - Count and limit the requests that match the rate-based rule's scope-down statement. With
* this option, the counted requests aren't further aggregated. The scope-down statement is the only specification
* used. When the count of all requests that satisfy the scope-down statement goes over the limit, WAF applies the
* rule action to all requests that satisfy the scope-down statement.
*
*
* With this option, you must configure the ScopeDownStatement property.
*
*
* -
*
* CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the aggregate
* keys.
*
*
* With this option, you must specify the aggregate keys in the CustomKeys property.
*
*
* To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set the
* aggregate key type to IP or FORWARDED_IP.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header.
*
*
* With this option, you must specify the header to use in the ForwardedIPConfig property.
*
*
* To aggregate on a combination of the forwarded IP address with other aggregate keys, use CUSTOM_KEYS
* .
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS.
*
*
*
*
* @param aggregateKeyType
* Setting that indicates how to aggregate the request counts.
*
* Web requests that are missing any of the components specified in the aggregation keys are omitted from the
* rate-based rule evaluation and handling.
*
*
*
* -
*
* CONSTANT - Count and limit the requests that match the rate-based rule's scope-down
* statement. With this option, the counted requests aren't further aggregated. The scope-down statement is
* the only specification used. When the count of all requests that satisfy the scope-down statement goes
* over the limit, WAF applies the rule action to all requests that satisfy the scope-down statement.
*
*
* With this option, you must configure the ScopeDownStatement property.
*
*
* -
*
* CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the
* aggregate keys.
*
*
* With this option, you must specify the aggregate keys in the CustomKeys property.
*
*
* To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set
* the aggregate key type to IP or FORWARDED_IP.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header.
*
*
* With this option, you must specify the header to use in the ForwardedIPConfig property.
*
*
* To aggregate on a combination of the forwarded IP address with other aggregate keys, use
* CUSTOM_KEYS.
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS.
*
*
* @see RateBasedStatementAggregateKeyType
*/
public void setAggregateKeyType(String aggregateKeyType) {
this.aggregateKeyType = aggregateKeyType;
}
/**
*
* Setting that indicates how to aggregate the request counts.
*
*
*
* Web requests that are missing any of the components specified in the aggregation keys are omitted from the
* rate-based rule evaluation and handling.
*
*
*
* -
*
* CONSTANT - Count and limit the requests that match the rate-based rule's scope-down statement. With
* this option, the counted requests aren't further aggregated. The scope-down statement is the only specification
* used. When the count of all requests that satisfy the scope-down statement goes over the limit, WAF applies the
* rule action to all requests that satisfy the scope-down statement.
*
*
* With this option, you must configure the ScopeDownStatement property.
*
*
* -
*
* CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the aggregate
* keys.
*
*
* With this option, you must specify the aggregate keys in the CustomKeys property.
*
*
* To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set the
* aggregate key type to IP or FORWARDED_IP.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header.
*
*
* With this option, you must specify the header to use in the ForwardedIPConfig property.
*
*
* To aggregate on a combination of the forwarded IP address with other aggregate keys, use CUSTOM_KEYS
* .
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS.
*
*
*
*
* @return Setting that indicates how to aggregate the request counts.
*
* Web requests that are missing any of the components specified in the aggregation keys are omitted from
* the rate-based rule evaluation and handling.
*
*
*
* -
*
* CONSTANT - Count and limit the requests that match the rate-based rule's scope-down
* statement. With this option, the counted requests aren't further aggregated. The scope-down statement is
* the only specification used. When the count of all requests that satisfy the scope-down statement goes
* over the limit, WAF applies the rule action to all requests that satisfy the scope-down statement.
*
*
* With this option, you must configure the ScopeDownStatement property.
*
*
* -
*
* CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the
* aggregate keys.
*
*
* With this option, you must specify the aggregate keys in the CustomKeys property.
*
*
* To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set
* the aggregate key type to IP or FORWARDED_IP.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header.
*
*
* With this option, you must specify the header to use in the ForwardedIPConfig property.
*
*
* To aggregate on a combination of the forwarded IP address with other aggregate keys, use
* CUSTOM_KEYS.
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS.
*
*
* @see RateBasedStatementAggregateKeyType
*/
public String getAggregateKeyType() {
return this.aggregateKeyType;
}
/**
*
* Setting that indicates how to aggregate the request counts.
*
*
*
* Web requests that are missing any of the components specified in the aggregation keys are omitted from the
* rate-based rule evaluation and handling.
*
*
*
* -
*
* CONSTANT - Count and limit the requests that match the rate-based rule's scope-down statement. With
* this option, the counted requests aren't further aggregated. The scope-down statement is the only specification
* used. When the count of all requests that satisfy the scope-down statement goes over the limit, WAF applies the
* rule action to all requests that satisfy the scope-down statement.
*
*
* With this option, you must configure the ScopeDownStatement property.
*
*
* -
*
* CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the aggregate
* keys.
*
*
* With this option, you must specify the aggregate keys in the CustomKeys property.
*
*
* To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set the
* aggregate key type to IP or FORWARDED_IP.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header.
*
*
* With this option, you must specify the header to use in the ForwardedIPConfig property.
*
*
* To aggregate on a combination of the forwarded IP address with other aggregate keys, use CUSTOM_KEYS
* .
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS.
*
*
*
*
* @param aggregateKeyType
* Setting that indicates how to aggregate the request counts.
*
* Web requests that are missing any of the components specified in the aggregation keys are omitted from the
* rate-based rule evaluation and handling.
*
*
*
* -
*
* CONSTANT - Count and limit the requests that match the rate-based rule's scope-down
* statement. With this option, the counted requests aren't further aggregated. The scope-down statement is
* the only specification used. When the count of all requests that satisfy the scope-down statement goes
* over the limit, WAF applies the rule action to all requests that satisfy the scope-down statement.
*
*
* With this option, you must configure the ScopeDownStatement property.
*
*
* -
*
* CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the
* aggregate keys.
*
*
* With this option, you must specify the aggregate keys in the CustomKeys property.
*
*
* To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set
* the aggregate key type to IP or FORWARDED_IP.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header.
*
*
* With this option, you must specify the header to use in the ForwardedIPConfig property.
*
*
* To aggregate on a combination of the forwarded IP address with other aggregate keys, use
* CUSTOM_KEYS.
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see RateBasedStatementAggregateKeyType
*/
public RateBasedStatement withAggregateKeyType(String aggregateKeyType) {
setAggregateKeyType(aggregateKeyType);
return this;
}
/**
*
* Setting that indicates how to aggregate the request counts.
*
*
*
* Web requests that are missing any of the components specified in the aggregation keys are omitted from the
* rate-based rule evaluation and handling.
*
*
*
* -
*
* CONSTANT - Count and limit the requests that match the rate-based rule's scope-down statement. With
* this option, the counted requests aren't further aggregated. The scope-down statement is the only specification
* used. When the count of all requests that satisfy the scope-down statement goes over the limit, WAF applies the
* rule action to all requests that satisfy the scope-down statement.
*
*
* With this option, you must configure the ScopeDownStatement property.
*
*
* -
*
* CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the aggregate
* keys.
*
*
* With this option, you must specify the aggregate keys in the CustomKeys property.
*
*
* To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set the
* aggregate key type to IP or FORWARDED_IP.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header.
*
*
* With this option, you must specify the header to use in the ForwardedIPConfig property.
*
*
* To aggregate on a combination of the forwarded IP address with other aggregate keys, use CUSTOM_KEYS
* .
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS.
*
*
*
*
* @param aggregateKeyType
* Setting that indicates how to aggregate the request counts.
*
* Web requests that are missing any of the components specified in the aggregation keys are omitted from the
* rate-based rule evaluation and handling.
*
*
*
* -
*
* CONSTANT - Count and limit the requests that match the rate-based rule's scope-down
* statement. With this option, the counted requests aren't further aggregated. The scope-down statement is
* the only specification used. When the count of all requests that satisfy the scope-down statement goes
* over the limit, WAF applies the rule action to all requests that satisfy the scope-down statement.
*
*
* With this option, you must configure the ScopeDownStatement property.
*
*
* -
*
* CUSTOM_KEYS - Aggregate the request counts using one or more web request components as the
* aggregate keys.
*
*
* With this option, you must specify the aggregate keys in the CustomKeys property.
*
*
* To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set
* the aggregate key type to IP or FORWARDED_IP.
*
*
* -
*
* FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header.
*
*
* With this option, you must specify the header to use in the ForwardedIPConfig property.
*
*
* To aggregate on a combination of the forwarded IP address with other aggregate keys, use
* CUSTOM_KEYS.
*
*
* -
*
* IP - Aggregate the request counts on the IP address from the web request origin.
*
*
* To aggregate on a combination of the IP address with other aggregate keys, use CUSTOM_KEYS.
*
*
* @return Returns a reference to this object so that method calls can be chained together.
* @see RateBasedStatementAggregateKeyType
*/
public RateBasedStatement withAggregateKeyType(RateBasedStatementAggregateKeyType aggregateKeyType) {
this.aggregateKeyType = aggregateKeyType.toString();
return this;
}
/**
*
* An optional nested statement that narrows the scope of the web requests that are evaluated and managed by the
* rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate limits
* requests that match the scope-down statement. You can use any nestable Statement in the scope-down
* statement, and you can nest statements at any level, the same as you can for a rule statement.
*
*
* @param scopeDownStatement
* An optional nested statement that narrows the scope of the web requests that are evaluated and managed by
* the rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate
* limits requests that match the scope-down statement. You can use any nestable Statement in the
* scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.
*/
public void setScopeDownStatement(Statement scopeDownStatement) {
this.scopeDownStatement = scopeDownStatement;
}
/**
*
* An optional nested statement that narrows the scope of the web requests that are evaluated and managed by the
* rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate limits
* requests that match the scope-down statement. You can use any nestable Statement in the scope-down
* statement, and you can nest statements at any level, the same as you can for a rule statement.
*
*
* @return An optional nested statement that narrows the scope of the web requests that are evaluated and managed by
* the rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate
* limits requests that match the scope-down statement. You can use any nestable Statement in the
* scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.
*/
public Statement getScopeDownStatement() {
return this.scopeDownStatement;
}
/**
*
* An optional nested statement that narrows the scope of the web requests that are evaluated and managed by the
* rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate limits
* requests that match the scope-down statement. You can use any nestable Statement in the scope-down
* statement, and you can nest statements at any level, the same as you can for a rule statement.
*
*
* @param scopeDownStatement
* An optional nested statement that narrows the scope of the web requests that are evaluated and managed by
* the rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate
* limits requests that match the scope-down statement. You can use any nestable Statement in the
* scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RateBasedStatement withScopeDownStatement(Statement scopeDownStatement) {
setScopeDownStatement(scopeDownStatement);
return this;
}
/**
*
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address
* that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can
* specify any header name.
*
*
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
*
*
*
* This is required if you specify a forwarded IP in the rule's aggregate key settings.
*
*
* @param forwardedIPConfig
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP
* address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
* you can specify any header name.
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at
* all.
*
*
*
* This is required if you specify a forwarded IP in the rule's aggregate key settings.
*/
public void setForwardedIPConfig(ForwardedIPConfig forwardedIPConfig) {
this.forwardedIPConfig = forwardedIPConfig;
}
/**
*
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address
* that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can
* specify any header name.
*
*
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
*
*
*
* This is required if you specify a forwarded IP in the rule's aggregate key settings.
*
*
* @return The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP
* address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header,
* but you can specify any header name.
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at
* all.
*
*
*
* This is required if you specify a forwarded IP in the rule's aggregate key settings.
*/
public ForwardedIPConfig getForwardedIPConfig() {
return this.forwardedIPConfig;
}
/**
*
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address
* that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can
* specify any header name.
*
*
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
*
*
*
* This is required if you specify a forwarded IP in the rule's aggregate key settings.
*
*
* @param forwardedIPConfig
* The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP
* address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
* you can specify any header name.
*
* If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at
* all.
*
*
*
* This is required if you specify a forwarded IP in the rule's aggregate key settings.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RateBasedStatement withForwardedIPConfig(ForwardedIPConfig forwardedIPConfig) {
setForwardedIPConfig(forwardedIPConfig);
return this;
}
/**
*
* Specifies the aggregate keys to use in a rate-base rule.
*
*
* @return Specifies the aggregate keys to use in a rate-base rule.
*/
public java.util.List getCustomKeys() {
return customKeys;
}
/**
*
* Specifies the aggregate keys to use in a rate-base rule.
*
*
* @param customKeys
* Specifies the aggregate keys to use in a rate-base rule.
*/
public void setCustomKeys(java.util.Collection customKeys) {
if (customKeys == null) {
this.customKeys = null;
return;
}
this.customKeys = new java.util.ArrayList(customKeys);
}
/**
*
* Specifies the aggregate keys to use in a rate-base rule.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setCustomKeys(java.util.Collection)} or {@link #withCustomKeys(java.util.Collection)} if you want to
* override the existing values.
*
*
* @param customKeys
* Specifies the aggregate keys to use in a rate-base rule.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RateBasedStatement withCustomKeys(RateBasedStatementCustomKey... customKeys) {
if (this.customKeys == null) {
setCustomKeys(new java.util.ArrayList(customKeys.length));
}
for (RateBasedStatementCustomKey ele : customKeys) {
this.customKeys.add(ele);
}
return this;
}
/**
*
* Specifies the aggregate keys to use in a rate-base rule.
*
*
* @param customKeys
* Specifies the aggregate keys to use in a rate-base rule.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RateBasedStatement withCustomKeys(java.util.Collection customKeys) {
setCustomKeys(customKeys);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getLimit() != null)
sb.append("Limit: ").append(getLimit()).append(",");
if (getEvaluationWindowSec() != null)
sb.append("EvaluationWindowSec: ").append(getEvaluationWindowSec()).append(",");
if (getAggregateKeyType() != null)
sb.append("AggregateKeyType: ").append(getAggregateKeyType()).append(",");
if (getScopeDownStatement() != null)
sb.append("ScopeDownStatement: ").append(getScopeDownStatement()).append(",");
if (getForwardedIPConfig() != null)
sb.append("ForwardedIPConfig: ").append(getForwardedIPConfig()).append(",");
if (getCustomKeys() != null)
sb.append("CustomKeys: ").append(getCustomKeys());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof RateBasedStatement == false)
return false;
RateBasedStatement other = (RateBasedStatement) obj;
if (other.getLimit() == null ^ this.getLimit() == null)
return false;
if (other.getLimit() != null && other.getLimit().equals(this.getLimit()) == false)
return false;
if (other.getEvaluationWindowSec() == null ^ this.getEvaluationWindowSec() == null)
return false;
if (other.getEvaluationWindowSec() != null && other.getEvaluationWindowSec().equals(this.getEvaluationWindowSec()) == false)
return false;
if (other.getAggregateKeyType() == null ^ this.getAggregateKeyType() == null)
return false;
if (other.getAggregateKeyType() != null && other.getAggregateKeyType().equals(this.getAggregateKeyType()) == false)
return false;
if (other.getScopeDownStatement() == null ^ this.getScopeDownStatement() == null)
return false;
if (other.getScopeDownStatement() != null && other.getScopeDownStatement().equals(this.getScopeDownStatement()) == false)
return false;
if (other.getForwardedIPConfig() == null ^ this.getForwardedIPConfig() == null)
return false;
if (other.getForwardedIPConfig() != null && other.getForwardedIPConfig().equals(this.getForwardedIPConfig()) == false)
return false;
if (other.getCustomKeys() == null ^ this.getCustomKeys() == null)
return false;
if (other.getCustomKeys() != null && other.getCustomKeys().equals(this.getCustomKeys()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getLimit() == null) ? 0 : getLimit().hashCode());
hashCode = prime * hashCode + ((getEvaluationWindowSec() == null) ? 0 : getEvaluationWindowSec().hashCode());
hashCode = prime * hashCode + ((getAggregateKeyType() == null) ? 0 : getAggregateKeyType().hashCode());
hashCode = prime * hashCode + ((getScopeDownStatement() == null) ? 0 : getScopeDownStatement().hashCode());
hashCode = prime * hashCode + ((getForwardedIPConfig() == null) ? 0 : getForwardedIPConfig().hashCode());
hashCode = prime * hashCode + ((getCustomKeys() == null) ? 0 : getCustomKeys().hashCode());
return hashCode;
}
@Override
public RateBasedStatement clone() {
try {
return (RateBasedStatement) super.clone();
} catch (CloneNotSupportedException e) {
throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e);
}
}
@com.amazonaws.annotation.SdkInternalApi
@Override
public void marshall(ProtocolMarshaller protocolMarshaller) {
com.amazonaws.services.wafv2.model.transform.RateBasedStatementMarshaller.getInstance().marshall(this, protocolMarshaller);
}
}