OptionalawsDetails for your use of the account creation fraud prevention managed rule group, AWSManagedRulesACFPRuleSet. See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesacfpruleset.html
OptionalawsConfigures the level of DDoS protection that applies to web ACLs associated with Application Load Balancers.t. See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-onsourceddosprotectionconfig
OptionalawsDetails for your use of the account takeover prevention managed rule group, AWSManagedRulesATPRuleSet. See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesatpruleset.html
OptionalawsDetails for your use of the Bot Control managed rule group, AWSManagedRulesBotControlRuleSet . See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesbotcontrolruleset.html
OptionalcapacityWill be automatically set using the Check Capacity API.
OptionalenforceOptional ReadonlyexcludedRules in the referenced rule group whose actions are set to Count .
Instead of this option, use
RuleActionOverrides. It accepts any valid action setting, includingCount.
OptionalexcludeOptionallatestEnforce the current Default version of the managed rule group to be retrieved using a Lambda Function.
Optional ReadonlymanagedAdditional information that's used by a managed rule group. Many managed rule groups don't require this.
The rule groups used for intelligent threat mitigation require additional configuration:
AWSManagedRulesACFPRuleSet configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.AWSManagedRulesAntiDDoSRuleSet configuration object to configure the anti-DDoS managed rule group. The configuration includes the sensitivity levels to use in the rules that typically block and challenge requests that might be participating in DDoS attacks and the specification to use to indicate whether a request can handle a silent browser challenge.AWSManagedRulesATPRuleSet configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.ReadonlynameThe name of the managed rule group.
You use this, along with the vendor name, to identify the rule group.
OptionaloverrideOptionalruleAction settings to use in the place of the rule actions that are configured inside the rule group.
You specify one override for each rule whose action you want to change.
Verify the rule names in your overrides carefully. With managed rule groups, AWS WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.
Optional ReadonlyscopeAn optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group.
Requests are only evaluated by the rule group if they match the scope-down statement. You can use any nestable Statement in the scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.
ReadonlyvendorThe name of the managed rule group vendor.
You use this, along with the rule group name, to identify a rule group.
OptionalversionThe version of the managed rule group to use.
If you specify this, the version setting is fixed until you change it. If you don't specify this, AWS WAF uses the vendor's default version, and then keeps the version at the vendor's default when the vendor updates the managed rule group settings.
Optionalversion
Interface for the ManagedRuleGroup