Interface ClientSideAction.Builder

All Superinterfaces:
Buildable, CopyableBuilder<ClientSideAction.Builder,ClientSideAction>, SdkBuilder<ClientSideAction.Builder,ClientSideAction>, SdkPojo
Enclosing class:
ClientSideAction
@Mutable @NotThreadSafe public static interface ClientSideAction.Builder extends SdkPojo, CopyableBuilder<ClientSideAction.Builder,ClientSideAction>

  • Method Details

    • usageOfAction

      ClientSideAction.Builder usageOfAction(String usageOfAction)

      Determines whether to use the AWSManagedRulesAntiDDoSRuleSet rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the rule group evaluation and the related label awswaf:managed:aws:anti-ddos:challengeable-request.

      • If usage is enabled:

        • The managed rule group adds the label awswaf:managed:aws:anti-ddos:challengeable-request to any web request whose URL does NOT match the regular expressions provided in the ClientSideAction setting ExemptUriRegularExpressions.

        • The two rules are evaluated against web requests for protected resources that are experiencing a DDoS attack. The two rules only apply their action to matching requests that have the label awswaf:managed:aws:anti-ddos:challengeable-request.

      • If usage is disabled:

        • The managed rule group doesn't add the label awswaf:managed:aws:anti-ddos:challengeable-request to any web requests.

        • The two rules are not evaluated.

        • None of the other ClientSideAction settings have any effect.

      This setting only enables or disables the use of the two anti-DDOS rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the anti-DDoS managed rule group.

      This setting doesn't alter the action setting in the two rules. To override the actions used by the rules ChallengeAllDuringEvent and ChallengeDDoSRequests, enable this setting, and then override the rule actions in the usual way, in your managed rule group configuration.

      Parameters:
      usageOfAction - Determines whether to use the AWSManagedRulesAntiDDoSRuleSet rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the rule group evaluation and the related label awswaf:managed:aws:anti-ddos:challengeable-request.

      • If usage is enabled:

        • The managed rule group adds the label awswaf:managed:aws:anti-ddos:challengeable-request to any web request whose URL does NOT match the regular expressions provided in the ClientSideAction setting ExemptUriRegularExpressions.

        • The two rules are evaluated against web requests for protected resources that are experiencing a DDoS attack. The two rules only apply their action to matching requests that have the label awswaf:managed:aws:anti-ddos:challengeable-request.

      • If usage is disabled:

        • The managed rule group doesn't add the label awswaf:managed:aws:anti-ddos:challengeable-request to any web requests.

        • The two rules are not evaluated.

        • None of the other ClientSideAction settings have any effect.

      This setting only enables or disables the use of the two anti-DDOS rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the anti-DDoS managed rule group.

      This setting doesn't alter the action setting in the two rules. To override the actions used by the rules ChallengeAllDuringEvent and ChallengeDDoSRequests, enable this setting, and then override the rule actions in the usual way, in your managed rule group configuration.

      Returns:
      Returns a reference to this object so that method calls can be chained together.
      See Also:

    • usageOfAction

      ClientSideAction.Builder usageOfAction(UsageOfAction usageOfAction)

      Determines whether to use the AWSManagedRulesAntiDDoSRuleSet rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the rule group evaluation and the related label awswaf:managed:aws:anti-ddos:challengeable-request.

      • If usage is enabled:

        • The managed rule group adds the label awswaf:managed:aws:anti-ddos:challengeable-request to any web request whose URL does NOT match the regular expressions provided in the ClientSideAction setting ExemptUriRegularExpressions.

        • The two rules are evaluated against web requests for protected resources that are experiencing a DDoS attack. The two rules only apply their action to matching requests that have the label awswaf:managed:aws:anti-ddos:challengeable-request.

      • If usage is disabled:

        • The managed rule group doesn't add the label awswaf:managed:aws:anti-ddos:challengeable-request to any web requests.

        • The two rules are not evaluated.

        • None of the other ClientSideAction settings have any effect.

      This setting only enables or disables the use of the two anti-DDOS rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the anti-DDoS managed rule group.

      This setting doesn't alter the action setting in the two rules. To override the actions used by the rules ChallengeAllDuringEvent and ChallengeDDoSRequests, enable this setting, and then override the rule actions in the usual way, in your managed rule group configuration.

      Parameters:
      usageOfAction - Determines whether to use the AWSManagedRulesAntiDDoSRuleSet rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the rule group evaluation and the related label awswaf:managed:aws:anti-ddos:challengeable-request.

      • If usage is enabled:

        • The managed rule group adds the label awswaf:managed:aws:anti-ddos:challengeable-request to any web request whose URL does NOT match the regular expressions provided in the ClientSideAction setting ExemptUriRegularExpressions.

        • The two rules are evaluated against web requests for protected resources that are experiencing a DDoS attack. The two rules only apply their action to matching requests that have the label awswaf:managed:aws:anti-ddos:challengeable-request.

      • If usage is disabled:

        • The managed rule group doesn't add the label awswaf:managed:aws:anti-ddos:challengeable-request to any web requests.

        • The two rules are not evaluated.

        • None of the other ClientSideAction settings have any effect.

      This setting only enables or disables the use of the two anti-DDOS rules ChallengeAllDuringEvent and ChallengeDDoSRequests in the anti-DDoS managed rule group.

      This setting doesn't alter the action setting in the two rules. To override the actions used by the rules ChallengeAllDuringEvent and ChallengeDDoSRequests, enable this setting, and then override the rule actions in the usual way, in your managed rule group configuration.

      Returns:
      Returns a reference to this object so that method calls can be chained together.
      See Also:

    • sensitivity

      ClientSideAction.Builder sensitivity(String sensitivity)

      The sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the ChallengeDDoSRequests rule runs.

      The higher the sensitivity, the more levels of labeling that the rule matches:

      • Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request.

      • Medium sensitivity causes the rule to match on the medium and high suspicion labels.

      • High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.

      Default: HIGH

      Parameters:
      sensitivity - The sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the ChallengeDDoSRequests rule runs.

      The higher the sensitivity, the more levels of labeling that the rule matches:

      • Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request.

      • Medium sensitivity causes the rule to match on the medium and high suspicion labels.

      • High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.

      Default: HIGH

      Returns:
      Returns a reference to this object so that method calls can be chained together.
      See Also:

    • sensitivity

      ClientSideAction.Builder sensitivity(SensitivityToAct sensitivity)

      The sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the ChallengeDDoSRequests rule runs.

      The higher the sensitivity, the more levels of labeling that the rule matches:

      • Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request.

      • Medium sensitivity causes the rule to match on the medium and high suspicion labels.

      • High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.

      Default: HIGH

      Parameters:
      sensitivity - The sensitivity that the rule group rule ChallengeDDoSRequests uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the ChallengeDDoSRequests rule runs.

      The higher the sensitivity, the more levels of labeling that the rule matches:

      • Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request.

      • Medium sensitivity causes the rule to match on the medium and high suspicion labels.

      • High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.

      Default: HIGH

      Returns:
      Returns a reference to this object so that method calls can be chained together.
      See Also:

    • exemptUriRegularExpressions

      ClientSideAction.Builder exemptUriRegularExpressions(Collection<Regex> exemptUriRegularExpressions)

      The regular expression to match against the web request URI, used to identify requests that can't handle a silent browser challenge. When the ClientSideAction setting UsageOfAction is enabled, the managed rule group uses this setting to determine which requests to label with awswaf:managed:aws:anti-ddos:challengeable-request. If UsageOfAction is disabled, this setting has no effect and the managed rule group doesn't add the label to any requests.

      The anti-DDoS managed rule group doesn't evaluate the rules ChallengeDDoSRequests or ChallengeAllDuringEvent for web requests whose URIs match this regex. This is true regardless of whether you override the rule action for either of the rules in your web ACL configuration.

      Amazon Web Services recommends using a regular expression.

      This setting is required if UsageOfAction is set to ENABLED. If required, you can provide between 1 and 5 regex objects in the array of settings.

      Amazon Web Services recommends starting with the following setting. Review and update it for your application's needs:

      \/api\/|\.(acc|avi|css|gif|jpe?g|js|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?)$

      Parameters:
      exemptUriRegularExpressions - The regular expression to match against the web request URI, used to identify requests that can't handle a silent browser challenge. When the ClientSideAction setting UsageOfAction is enabled, the managed rule group uses this setting to determine which requests to label with awswaf:managed:aws:anti-ddos:challengeable-request. If UsageOfAction is disabled, this setting has no effect and the managed rule group doesn't add the label to any requests.

      The anti-DDoS managed rule group doesn't evaluate the rules ChallengeDDoSRequests or ChallengeAllDuringEvent for web requests whose URIs match this regex. This is true regardless of whether you override the rule action for either of the rules in your web ACL configuration.

      Amazon Web Services recommends using a regular expression.

      This setting is required if UsageOfAction is set to ENABLED. If required, you can provide between 1 and 5 regex objects in the array of settings.

      Amazon Web Services recommends starting with the following setting. Review and update it for your application's needs:

      \/api\/|\.(acc|avi|css|gif|jpe?g|js|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?)$

      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • exemptUriRegularExpressions

      ClientSideAction.Builder exemptUriRegularExpressions(Regex... exemptUriRegularExpressions)

      The regular expression to match against the web request URI, used to identify requests that can't handle a silent browser challenge. When the ClientSideAction setting UsageOfAction is enabled, the managed rule group uses this setting to determine which requests to label with awswaf:managed:aws:anti-ddos:challengeable-request. If UsageOfAction is disabled, this setting has no effect and the managed rule group doesn't add the label to any requests.

      The anti-DDoS managed rule group doesn't evaluate the rules ChallengeDDoSRequests or ChallengeAllDuringEvent for web requests whose URIs match this regex. This is true regardless of whether you override the rule action for either of the rules in your web ACL configuration.

      Amazon Web Services recommends using a regular expression.

      This setting is required if UsageOfAction is set to ENABLED. If required, you can provide between 1 and 5 regex objects in the array of settings.

      Amazon Web Services recommends starting with the following setting. Review and update it for your application's needs:

      \/api\/|\.(acc|avi|css|gif|jpe?g|js|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?)$

      Parameters:
      exemptUriRegularExpressions - The regular expression to match against the web request URI, used to identify requests that can't handle a silent browser challenge. When the ClientSideAction setting UsageOfAction is enabled, the managed rule group uses this setting to determine which requests to label with awswaf:managed:aws:anti-ddos:challengeable-request. If UsageOfAction is disabled, this setting has no effect and the managed rule group doesn't add the label to any requests.

      The anti-DDoS managed rule group doesn't evaluate the rules ChallengeDDoSRequests or ChallengeAllDuringEvent for web requests whose URIs match this regex. This is true regardless of whether you override the rule action for either of the rules in your web ACL configuration.

      Amazon Web Services recommends using a regular expression.

      This setting is required if UsageOfAction is set to ENABLED. If required, you can provide between 1 and 5 regex objects in the array of settings.

      Amazon Web Services recommends starting with the following setting. Review and update it for your application's needs:

      \/api\/|\.(acc|avi|css|gif|jpe?g|js|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?)$

      Returns:
      Returns a reference to this object so that method calls can be chained together.

    • exemptUriRegularExpressions

      ClientSideAction.Builder exemptUriRegularExpressions(Consumer<Regex.Builder>... exemptUriRegularExpressions)

      The regular expression to match against the web request URI, used to identify requests that can't handle a silent browser challenge. When the ClientSideAction setting UsageOfAction is enabled, the managed rule group uses this setting to determine which requests to label with awswaf:managed:aws:anti-ddos:challengeable-request. If UsageOfAction is disabled, this setting has no effect and the managed rule group doesn't add the label to any requests.

      The anti-DDoS managed rule group doesn't evaluate the rules ChallengeDDoSRequests or ChallengeAllDuringEvent for web requests whose URIs match this regex. This is true regardless of whether you override the rule action for either of the rules in your web ACL configuration.

      Amazon Web Services recommends using a regular expression.

      This setting is required if UsageOfAction is set to ENABLED. If required, you can provide between 1 and 5 regex objects in the array of settings.

      Amazon Web Services recommends starting with the following setting. Review and update it for your application's needs:

      \/api\/|\.(acc|avi|css|gif|jpe?g|js|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?)$

      This is a convenience method that creates an instance of the Regex.Builder avoiding the need to create one manually via Regex.builder().

      When the Consumer completes, SdkBuilder.build() is called immediately and its result is passed to exemptUriRegularExpressions(List<Regex>).

      Parameters:
      exemptUriRegularExpressions - a consumer that will call methods on Regex.Builder
      Returns:
      Returns a reference to this object so that method calls can be chained together.
      See Also: