software.amazon.awssdk.services.wafv2.model

Class ManagedRuleGroupStatement

java.lang.Object

software.amazon.awssdk.services.wafv2.model.ManagedRuleGroupStatement

All Implemented Interfaces:

Serializable, SdkPojo, ToCopyableBuilder<ManagedRuleGroupStatement.Builder,ManagedRuleGroupStatement>

@Generated(value="software.amazon.awssdk:codegen")
public final class ManagedRuleGroupStatement
extends Object
implements SdkPojo, Serializable, ToCopyableBuilder<ManagedRuleGroupStatement.Builder,ManagedRuleGroupStatement>

A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.

You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. You cannot use a managed rule group inside another rule group. You can only reference a managed rule group as a top-level statement within a rule that you define in a web ACL.

You are charged additional fees when you use the WAF Bot Control managed rule group AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet, or the WAF Fraud Control account creation fraud prevention (ACFP) managed rule group AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing.

See Also:

Serialized Form

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	ManagedRuleGroupStatement.Builder

Method Summary

Modifier and Type	Method and Description
static ManagedRuleGroupStatement.Builder	builder()
boolean	equals(Object obj)
boolean	equalsBySdkFields(Object obj)
List<ExcludedRule>	excludedRules() Rules in the referenced rule group whose actions are set to Count.
<T> Optional<T>	getValueForField(String fieldName, Class<T> clazz)
boolean	hasExcludedRules() For responses, this returns true if the service returned a value for the ExcludedRules property.
int	hashCode()
boolean	hasManagedRuleGroupConfigs() For responses, this returns true if the service returned a value for the ManagedRuleGroupConfigs property.
boolean	hasRuleActionOverrides() For responses, this returns true if the service returned a value for the RuleActionOverrides property.
List<ManagedRuleGroupConfig>	managedRuleGroupConfigs() Additional information that's used by a managed rule group.
String	name() The name of the managed rule group.
List<RuleActionOverride>	ruleActionOverrides() Action settings to use in the place of the rule actions that are configured inside the rule group.
Statement	scopeDownStatement() An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group.
List<SdkField<?>>	sdkFields()
static Class<? extends ManagedRuleGroupStatement.Builder>	serializableBuilderClass()
ManagedRuleGroupStatement.Builder	toBuilder()
String	toString() Returns a string representation of this object.
String	vendorName() The name of the managed rule group vendor.
String	version() The version of the managed rule group to use.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awssdk.utils.builder.ToCopyableBuilder

copy

Method Detail

vendorName

public final String vendorName()

The name of the managed rule group vendor. You use this, along with the rule group name, to identify a rule group.

Returns:

The name of the managed rule group vendor. You use this, along with the rule group name, to identify a rule group.

name

public final String name()

The name of the managed rule group. You use this, along with the vendor name, to identify the rule group.

Returns:

The name of the managed rule group. You use this, along with the vendor name, to identify the rule group.

version

public final String version()

The version of the managed rule group to use. If you specify this, the version setting is fixed until you change it. If you don't specify this, WAF uses the vendor's default version, and then keeps the version at the vendor's default when the vendor updates the managed rule group settings.

Returns:

The version of the managed rule group to use. If you specify this, the version setting is fixed until you change it. If you don't specify this, WAF uses the vendor's default version, and then keeps the version at the vendor's default when the vendor updates the managed rule group settings.

hasExcludedRules

public final boolean hasExcludedRules()

For responses, this returns true if the service returned a value for the ExcludedRules property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

excludedRules

public final List<ExcludedRule> excludedRules()

Rules in the referenced rule group whose actions are set to Count.

Instead of this option, use RuleActionOverrides. It accepts any valid action setting, including Count.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasExcludedRules() method.

Returns:

Rules in the referenced rule group whose actions are set to Count.

Instead of this option, use RuleActionOverrides. It accepts any valid action setting, including Count.

scopeDownStatement

public final Statement scopeDownStatement()

An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group. Requests are only evaluated by the rule group if they match the scope-down statement. You can use any nestable Statement in the scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.

Returns:

An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group. Requests are only evaluated by the rule group if they match the scope-down statement. You can use any nestable Statement in the scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.

hasManagedRuleGroupConfigs

public final boolean hasManagedRuleGroupConfigs()

For responses, this returns true if the service returned a value for the ManagedRuleGroupConfigs property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

managedRuleGroupConfigs

public final List<ManagedRuleGroupConfig> managedRuleGroupConfigs()

Additional information that's used by a managed rule group. Many managed rule groups don't require this.

The rule groups used for intelligent threat mitigation require additional configuration:

• Use the AWSManagedRulesACFPRuleSet configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.

• Use the AWSManagedRulesATPRuleSet configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.

• Use the AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasManagedRuleGroupConfigs() method.

Returns:

Additional information that's used by a managed rule group. Many managed rule groups don't require this.

The rule groups used for intelligent threat mitigation require additional configuration:

• Use the AWSManagedRulesACFPRuleSet configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.

• Use the AWSManagedRulesATPRuleSet configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.

• Use the AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.

hasRuleActionOverrides

public final boolean hasRuleActionOverrides()

For responses, this returns true if the service returned a value for the RuleActionOverrides property. This DOES NOT check that the value is non-empty (for which, you should check the isEmpty() method on the property). This is useful because the SDK will never return a null collection or map, but you may need to differentiate between the service returning nothing (or null) and the service returning an empty collection or map. For requests, this returns true if a value for the property was specified in the request builder, and false if a value was not specified.

ruleActionOverrides

public final List<RuleActionOverride> ruleActionOverrides()

Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.

You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.

Attempts to modify the collection returned by this method will result in an UnsupportedOperationException.

This method will never return null. If you would like to know whether the service returned this field (so that you can differentiate between null and empty), you can use the hasRuleActionOverrides() method.

Returns:

Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.

You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.

toBuilder

public ManagedRuleGroupStatement.Builder toBuilder()

Specified by:

toBuilder in interface ToCopyableBuilder<ManagedRuleGroupStatement.Builder,ManagedRuleGroupStatement>

builder

public static ManagedRuleGroupStatement.Builder builder()

serializableBuilderClass

public static Class<? extends ManagedRuleGroupStatement.Builder> serializableBuilderClass()

hashCode

public final int hashCode()

Overrides:

hashCode in class Object

equals

public final boolean equals(Object obj)

Overrides:

equals in class Object

equalsBySdkFields

public final boolean equalsBySdkFields(Object obj)

Specified by:

equalsBySdkFields in interface SdkPojo

toString

public final String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

getValueForField

public final <T> Optional<T> getValueForField(String fieldName,
                                              Class<T> clazz)

sdkFields

public final List<SdkField<?>> sdkFields()

Specified by:

sdkFields in interface SdkPojo