/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace WAFV2 { namespace Model { class Statement; /** *

This is the latest version of AWS WAF, named AWS WAFV2, * released in November, 2019. For information, including how to migrate your AWS * WAF resources from the prior release, see the AWS * WAF Developer Guide.

A rate-based rule tracks the rate of * requests for each originating IP address, and triggers the rule action when the * rate exceeds a limit that you specify on the number of requests in any 5-minute * time span. You can use this to put a temporary block on requests from an IP * address that is sending excessive requests.

When the rule action * triggers, AWS WAF blocks additional requests from the IP address until the * request rate falls below the limit.

You can optionally nest another * statement inside the rate-based statement, to narrow the scope of the rule so * that it only counts requests that match the nested statement. For example, based * on recent requests that you have seen from an attacker, you might create a * rate-based rule with a nested AND rule statement that contains the following * nested statements:

  • An IP match statement with an IP set that * specified the address 192.0.2.44.

  • A string match statement * that searches in the User-Agent header for the string BadBot.

*

In this rate-based rule, you also define a rate limit. For this example, the * rate limit is 1,000. Requests that meet both of the conditions in the statements * are counted. If the count exceeds 1,000 requests per five minutes, the rule * action triggers. Requests that do not meet both conditions are not counted * towards the rate limit and are not affected by this rule.

You cannot nest * a RateBasedStatement, for example for use inside a * NotStatement or OrStatement. It can only be referenced * as a top-level statement within a rule.

See Also:

AWS * API Reference

*/ class AWS_WAFV2_API RateBasedStatement { public: RateBasedStatement(); RateBasedStatement(Aws::Utils::Json::JsonView jsonValue); RateBasedStatement& operator=(Aws::Utils::Json::JsonView jsonValue); Aws::Utils::Json::JsonValue Jsonize() const; /** *

The limit on requests per 5-minute period for a single originating IP * address. If the statement includes a ScopeDownStatement, this limit * is applied only to the requests that match the statement.

*/ inline long long GetLimit() const{ return m_limit; } /** *

The limit on requests per 5-minute period for a single originating IP * address. If the statement includes a ScopeDownStatement, this limit * is applied only to the requests that match the statement.

*/ inline bool LimitHasBeenSet() const { return m_limitHasBeenSet; } /** *

The limit on requests per 5-minute period for a single originating IP * address. If the statement includes a ScopeDownStatement, this limit * is applied only to the requests that match the statement.

*/ inline void SetLimit(long long value) { m_limitHasBeenSet = true; m_limit = value; } /** *

The limit on requests per 5-minute period for a single originating IP * address. If the statement includes a ScopeDownStatement, this limit * is applied only to the requests that match the statement.

*/ inline RateBasedStatement& WithLimit(long long value) { SetLimit(value); return *this;} /** *

Setting that indicates how to aggregate the request counts. The options are * the following:

  • IP - Aggregate the request counts on the IP * address from the web request origin.

  • FORWARDED_IP - Aggregate * the request counts on the first IP address in an HTTP header. If you use this, * configure the ForwardedIPConfig, to specify the header to use.

    *
*/ inline const RateBasedStatementAggregateKeyType& GetAggregateKeyType() const{ return m_aggregateKeyType; } /** *

Setting that indicates how to aggregate the request counts. The options are * the following:

  • IP - Aggregate the request counts on the IP * address from the web request origin.

  • FORWARDED_IP - Aggregate * the request counts on the first IP address in an HTTP header. If you use this, * configure the ForwardedIPConfig, to specify the header to use.

    *
*/ inline bool AggregateKeyTypeHasBeenSet() const { return m_aggregateKeyTypeHasBeenSet; } /** *

Setting that indicates how to aggregate the request counts. The options are * the following:

  • IP - Aggregate the request counts on the IP * address from the web request origin.

  • FORWARDED_IP - Aggregate * the request counts on the first IP address in an HTTP header. If you use this, * configure the ForwardedIPConfig, to specify the header to use.

    *
*/ inline void SetAggregateKeyType(const RateBasedStatementAggregateKeyType& value) { m_aggregateKeyTypeHasBeenSet = true; m_aggregateKeyType = value; } /** *

Setting that indicates how to aggregate the request counts. The options are * the following:

  • IP - Aggregate the request counts on the IP * address from the web request origin.

  • FORWARDED_IP - Aggregate * the request counts on the first IP address in an HTTP header. If you use this, * configure the ForwardedIPConfig, to specify the header to use.

    *
*/ inline void SetAggregateKeyType(RateBasedStatementAggregateKeyType&& value) { m_aggregateKeyTypeHasBeenSet = true; m_aggregateKeyType = std::move(value); } /** *

Setting that indicates how to aggregate the request counts. The options are * the following:

  • IP - Aggregate the request counts on the IP * address from the web request origin.

  • FORWARDED_IP - Aggregate * the request counts on the first IP address in an HTTP header. If you use this, * configure the ForwardedIPConfig, to specify the header to use.

    *
*/ inline RateBasedStatement& WithAggregateKeyType(const RateBasedStatementAggregateKeyType& value) { SetAggregateKeyType(value); return *this;} /** *

Setting that indicates how to aggregate the request counts. The options are * the following:

  • IP - Aggregate the request counts on the IP * address from the web request origin.

  • FORWARDED_IP - Aggregate * the request counts on the first IP address in an HTTP header. If you use this, * configure the ForwardedIPConfig, to specify the header to use.

    *
*/ inline RateBasedStatement& WithAggregateKeyType(RateBasedStatementAggregateKeyType&& value) { SetAggregateKeyType(std::move(value)); return *this;} /** *

An optional nested statement that narrows the scope of the rate-based * statement to matching web requests. This can be any nestable statement, and you * can nest statements at any level below this scope-down statement.

*/ const Statement& GetScopeDownStatement() const; /** *

An optional nested statement that narrows the scope of the rate-based * statement to matching web requests. This can be any nestable statement, and you * can nest statements at any level below this scope-down statement.

*/ bool ScopeDownStatementHasBeenSet() const; /** *

An optional nested statement that narrows the scope of the rate-based * statement to matching web requests. This can be any nestable statement, and you * can nest statements at any level below this scope-down statement.

*/ void SetScopeDownStatement(const Statement& value); /** *

An optional nested statement that narrows the scope of the rate-based * statement to matching web requests. This can be any nestable statement, and you * can nest statements at any level below this scope-down statement.

*/ void SetScopeDownStatement(Statement&& value); /** *

An optional nested statement that narrows the scope of the rate-based * statement to matching web requests. This can be any nestable statement, and you * can nest statements at any level below this scope-down statement.

*/ RateBasedStatement& WithScopeDownStatement(const Statement& value); /** *

An optional nested statement that narrows the scope of the rate-based * statement to matching web requests. This can be any nestable statement, and you * can nest statements at any level below this scope-down statement.

*/ RateBasedStatement& WithScopeDownStatement(Statement&& value); /** *

The configuration for inspecting IP addresses in an HTTP header that you * specify, instead of using the IP address that's reported by the web request * origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify * any header name.

If the specified header isn't present in the * request, AWS WAF doesn't apply the rule to the web request at all.

*

This is required if AggregateKeyType is set to * FORWARDED_IP.

*/ inline const ForwardedIPConfig& GetForwardedIPConfig() const{ return m_forwardedIPConfig; } /** *

The configuration for inspecting IP addresses in an HTTP header that you * specify, instead of using the IP address that's reported by the web request * origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify * any header name.

If the specified header isn't present in the * request, AWS WAF doesn't apply the rule to the web request at all.

*

This is required if AggregateKeyType is set to * FORWARDED_IP.

*/ inline bool ForwardedIPConfigHasBeenSet() const { return m_forwardedIPConfigHasBeenSet; } /** *

The configuration for inspecting IP addresses in an HTTP header that you * specify, instead of using the IP address that's reported by the web request * origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify * any header name.

If the specified header isn't present in the * request, AWS WAF doesn't apply the rule to the web request at all.

*

This is required if AggregateKeyType is set to * FORWARDED_IP.

*/ inline void SetForwardedIPConfig(const ForwardedIPConfig& value) { m_forwardedIPConfigHasBeenSet = true; m_forwardedIPConfig = value; } /** *

The configuration for inspecting IP addresses in an HTTP header that you * specify, instead of using the IP address that's reported by the web request * origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify * any header name.

If the specified header isn't present in the * request, AWS WAF doesn't apply the rule to the web request at all.

*

This is required if AggregateKeyType is set to * FORWARDED_IP.

*/ inline void SetForwardedIPConfig(ForwardedIPConfig&& value) { m_forwardedIPConfigHasBeenSet = true; m_forwardedIPConfig = std::move(value); } /** *

The configuration for inspecting IP addresses in an HTTP header that you * specify, instead of using the IP address that's reported by the web request * origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify * any header name.

If the specified header isn't present in the * request, AWS WAF doesn't apply the rule to the web request at all.

*

This is required if AggregateKeyType is set to * FORWARDED_IP.

*/ inline RateBasedStatement& WithForwardedIPConfig(const ForwardedIPConfig& value) { SetForwardedIPConfig(value); return *this;} /** *

The configuration for inspecting IP addresses in an HTTP header that you * specify, instead of using the IP address that's reported by the web request * origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify * any header name.

If the specified header isn't present in the * request, AWS WAF doesn't apply the rule to the web request at all.

*

This is required if AggregateKeyType is set to * FORWARDED_IP.

*/ inline RateBasedStatement& WithForwardedIPConfig(ForwardedIPConfig&& value) { SetForwardedIPConfig(std::move(value)); return *this;} private: long long m_limit; bool m_limitHasBeenSet; RateBasedStatementAggregateKeyType m_aggregateKeyType; bool m_aggregateKeyTypeHasBeenSet; Aws::Vector m_scopeDownStatement; bool m_scopeDownStatementHasBeenSet; ForwardedIPConfig m_forwardedIPConfig; bool m_forwardedIPConfigHasBeenSet; }; } // namespace Model } // namespace WAFV2 } // namespace Aws