com.amazonaws.services.wafv2.model

Class RateBasedStatement

java.lang.Object

com.amazonaws.services.wafv2.model.RateBasedStatement

All Implemented Interfaces:

StructuredPojo, Serializable, Cloneable

@Generated(value="com.amazonaws:aws-java-sdk-code-generator")
public class RateBasedStatement
extends Object
implements Serializable, Cloneable, StructuredPojo

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a temporary block on requests from an IP address that is sending excessive requests.

When the rule action triggers, AWS WAF blocks additional requests from the IP address until the request rate falls below the limit.

You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts requests that match the nested statement. For example, based on recent requests that you have seen from an attacker, you might create a rate-based rule with a nested AND rule statement that contains the following nested statements:

• An IP match statement with an IP set that specified the address 192.0.2.44.

• A string match statement that searches in the User-Agent header for the string BadBot.

In this rate-based rule, you also define a rate limit. For this example, the rate limit is 1,000. Requests that meet both of the conditions in the statements are counted. If the count exceeds 1,000 requests per five minutes, the rule action triggers. Requests that do not meet both conditions are not counted towards the rate limit and are not affected by this rule.

You cannot nest a RateBasedStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.

See Also:

AWS API Documentation, Serialized Form

Constructor Summary

Constructors

Constructor and Description
RateBasedStatement()

Method Summary

Modifier and Type	Method and Description
RateBasedStatement	clone()
boolean	equals(Object obj)
String	getAggregateKeyType() Setting that indicates how to aggregate the request counts.
ForwardedIPConfig	getForwardedIPConfig() The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin.
Long	getLimit() The limit on requests per 5-minute period for a single originating IP address.
Statement	getScopeDownStatement() An optional nested statement that narrows the scope of the rate-based statement to matching web requests.
int	hashCode()
void	marshall(ProtocolMarshaller protocolMarshaller) Marshalls this structured data using the given ProtocolMarshaller.
void	setAggregateKeyType(String aggregateKeyType) Setting that indicates how to aggregate the request counts.
void	setForwardedIPConfig(ForwardedIPConfig forwardedIPConfig) The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin.
void	setLimit(Long limit) The limit on requests per 5-minute period for a single originating IP address.
void	setScopeDownStatement(Statement scopeDownStatement) An optional nested statement that narrows the scope of the rate-based statement to matching web requests.
String	toString() Returns a string representation of this object.
RateBasedStatement	withAggregateKeyType(RateBasedStatementAggregateKeyType aggregateKeyType) Setting that indicates how to aggregate the request counts.
RateBasedStatement	withAggregateKeyType(String aggregateKeyType) Setting that indicates how to aggregate the request counts.
RateBasedStatement	withForwardedIPConfig(ForwardedIPConfig forwardedIPConfig) The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin.
RateBasedStatement	withLimit(Long limit) The limit on requests per 5-minute period for a single originating IP address.
RateBasedStatement	withScopeDownStatement(Statement scopeDownStatement) An optional nested statement that narrows the scope of the rate-based statement to matching web requests.

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

RateBasedStatement

public RateBasedStatement()

Method Detail

setLimit

public void setLimit(Long limit)

The limit on requests per 5-minute period for a single originating IP address. If the statement includes a ScopeDownStatement, this limit is applied only to the requests that match the statement.

Parameters:

limit - The limit on requests per 5-minute period for a single originating IP address. If the statement includes a ScopeDownStatement, this limit is applied only to the requests that match the statement.

getLimit

public Long getLimit()

The limit on requests per 5-minute period for a single originating IP address. If the statement includes a ScopeDownStatement, this limit is applied only to the requests that match the statement.

Returns:

The limit on requests per 5-minute period for a single originating IP address. If the statement includes a ScopeDownStatement, this limit is applied only to the requests that match the statement.

withLimit

public RateBasedStatement withLimit(Long limit)

The limit on requests per 5-minute period for a single originating IP address. If the statement includes a ScopeDownStatement, this limit is applied only to the requests that match the statement.

Parameters:

limit - The limit on requests per 5-minute period for a single originating IP address. If the statement includes a ScopeDownStatement, this limit is applied only to the requests that match the statement.

Returns:

Returns a reference to this object so that method calls can be chained together.

setAggregateKeyType

public void setAggregateKeyType(String aggregateKeyType)

Setting that indicates how to aggregate the request counts. The options are the following:

• IP - Aggregate the request counts on the IP address from the web request origin.

• FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure the ForwardedIPConfig, to specify the header to use.

Parameters:

aggregateKeyType - Setting that indicates how to aggregate the request counts. The options are the following:

• IP - Aggregate the request counts on the IP address from the web request origin.

• FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure the ForwardedIPConfig, to specify the header to use.

See Also:

RateBasedStatementAggregateKeyType

getAggregateKeyType

public String getAggregateKeyType()

Setting that indicates how to aggregate the request counts. The options are the following:

• IP - Aggregate the request counts on the IP address from the web request origin.

• FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure the ForwardedIPConfig, to specify the header to use.

Returns:

Setting that indicates how to aggregate the request counts. The options are the following:

• IP - Aggregate the request counts on the IP address from the web request origin.

• FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure the ForwardedIPConfig, to specify the header to use.

See Also:

RateBasedStatementAggregateKeyType

withAggregateKeyType

public RateBasedStatement withAggregateKeyType(String aggregateKeyType)

Setting that indicates how to aggregate the request counts. The options are the following:

• IP - Aggregate the request counts on the IP address from the web request origin.

• FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure the ForwardedIPConfig, to specify the header to use.

Parameters:

aggregateKeyType - Setting that indicates how to aggregate the request counts. The options are the following:

• IP - Aggregate the request counts on the IP address from the web request origin.

• FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure the ForwardedIPConfig, to specify the header to use.

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

RateBasedStatementAggregateKeyType

withAggregateKeyType

public RateBasedStatement withAggregateKeyType(RateBasedStatementAggregateKeyType aggregateKeyType)

Setting that indicates how to aggregate the request counts. The options are the following:

• IP - Aggregate the request counts on the IP address from the web request origin.

• FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure the ForwardedIPConfig, to specify the header to use.

Parameters:

aggregateKeyType - Setting that indicates how to aggregate the request counts. The options are the following:

• IP - Aggregate the request counts on the IP address from the web request origin.

• FORWARDED_IP - Aggregate the request counts on the first IP address in an HTTP header. If you use this, configure the ForwardedIPConfig, to specify the header to use.

Returns:

Returns a reference to this object so that method calls can be chained together.

See Also:

RateBasedStatementAggregateKeyType

setScopeDownStatement

public void setScopeDownStatement(Statement scopeDownStatement)

An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement.

Parameters:

scopeDownStatement - An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement.

getScopeDownStatement

public Statement getScopeDownStatement()

An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement.

Returns:

An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement.

withScopeDownStatement

public RateBasedStatement withScopeDownStatement(Statement scopeDownStatement)

An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement.

Parameters:

scopeDownStatement - An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement.

Returns:

Returns a reference to this object so that method calls can be chained together.

setForwardedIPConfig

public void setForwardedIPConfig(ForwardedIPConfig forwardedIPConfig)

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.

This is required if AggregateKeyType is set to FORWARDED_IP.

Parameters:

forwardedIPConfig - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.

This is required if AggregateKeyType is set to FORWARDED_IP.

getForwardedIPConfig

public ForwardedIPConfig getForwardedIPConfig()

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.

This is required if AggregateKeyType is set to FORWARDED_IP.

Returns:

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.

This is required if AggregateKeyType is set to FORWARDED_IP.

withForwardedIPConfig

public RateBasedStatement withForwardedIPConfig(ForwardedIPConfig forwardedIPConfig)

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.

This is required if AggregateKeyType is set to FORWARDED_IP.

Parameters:

forwardedIPConfig - The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.

This is required if AggregateKeyType is set to FORWARDED_IP.

Returns:

Returns a reference to this object so that method calls can be chained together.

toString

public String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

Returns:

A string representation of this object.

See Also:

Object.toString()

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

clone

public RateBasedStatement clone()

Overrides:

clone in class Object

marshall

public void marshall(ProtocolMarshaller protocolMarshaller)

Description copied from interface: StructuredPojo

Marshalls this structured data using the given ProtocolMarshaller.

Specified by:

marshall in interface StructuredPojo

Parameters:

protocolMarshaller - Implementation of ProtocolMarshaller used to marshall this object's data.