Inserts or deletes
Predicate objects in a
Rule
. Each
Predicate
object identifies a predicate, such as a
ByteMatchSet or an
IPSet, that specifies the web requests that you want to allow, block, or count. If you add more than one predicate to a
Rule
, a request must match all of the specifications to be allowed, blocked, or counted. For example, suppose you add the following to a
Rule
:
You then add the Rule
to a WebACL
and specify that you want to block requests that satisfy the Rule
. For a request to be blocked, the User-Agent
header in the request must contain the value BadBot
and the request must originate from the IP address 192.0.2.44.
To create and configure a Rule
, perform the following steps:
-
Create and update the predicates that you want to include in the Rule
.
-
Create the Rule
. See CreateRule.
-
Use GetChangeToken
to get the change token that you provide in the ChangeToken
parameter of an UpdateRule request.
-
Submit an UpdateRule
request to add predicates to the Rule
.
-
Create and update a WebACL
that contains the Rule
. See CreateWebACL.
If you want to replace one ByteMatchSet
or IPSet
with another, you delete the existing one and add the new one.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
/// The operation failed because of a system problem, even though the request was valid.
/// Retry your request.
///
/// The operation failed because you tried to create, update, or delete an object by using
/// an invalid account identifier.
///
/// The operation failed because there was nothing to do. For example:
///
///
-
///
/// You tried to remove a
Rule
from a WebACL
, but the Rule
/// isn't in the specified WebACL
.
///
/// -
///
/// You tried to remove an IP address from an
IPSet
, but the IP address isn't
/// in the specified IPSet
.
///
/// -
///
/// You tried to remove a
ByteMatchTuple
from a ByteMatchSet
,
/// but the ByteMatchTuple
isn't in the specified WebACL
.
///
/// -
///
/// You tried to add a
Rule
to a WebACL
, but the Rule
/// already exists in the specified WebACL
.
///
/// -
///
/// You tried to add an IP address to an
IPSet
, but the IP address already
/// exists in the specified IPSet
.
///
/// -
///
/// You tried to add a
ByteMatchTuple
to a ByteMatchSet
, but
/// the ByteMatchTuple
already exists in the specified WebACL
.
///
///
///
/// The operation failed because AWS WAF didn't recognize a parameter in the request.
/// For example:
///
///
-
///
/// You specified an invalid parameter name.
///
///
-
///
/// You specified an invalid value.
///
///
-
///
/// You tried to update an object (
ByteMatchSet
, IPSet
, Rule
,
/// or WebACL
) using an action other than INSERT
or DELETE
.
///
/// -
///
/// You tried to create a
WebACL
with a DefaultAction
Type
/// other than ALLOW
, BLOCK
, or COUNT
.
///
/// -
///
/// You tried to update a
WebACL
with a WafAction
Type
/// other than ALLOW
, BLOCK
, or COUNT
.
///
/// -
///
/// You tried to update a
ByteMatchSet
with a FieldToMatch
Type
/// other than HEADER, QUERY_STRING, or URI.
///
/// -
///
/// You tried to update a
ByteMatchSet
with a Field
of HEADER
/// but no value for Data
.
///
///
///
/// The operation exceeds a resource limit, for example, the maximum number of
WebACL
/// objects that you can create for an AWS account. For more information, see
Limits
/// in the
AWS WAF Developer Guide.
///
/// The operation failed because you tried to add an object to or delete an object from
/// another object that doesn't exist. For example:
///
///
-
///
/// You tried to add a
Rule
to or delete a Rule
from a WebACL
/// that doesn't exist.
///
/// -
///
/// You tried to add a
ByteMatchSet
to or delete a ByteMatchSet
/// from a Rule
that doesn't exist.
///
/// -
///
/// You tried to add an IP address to or delete an IP address from an
IPSet
/// that doesn't exist.
///
/// -
///
/// You tried to add a
ByteMatchTuple
to or delete a ByteMatchTuple
/// from a ByteMatchSet
that doesn't exist.
///
///
///
/// The operation failed because the referenced object doesn't exist.
///
/// The operation failed because you tried to delete an object that is still in use. For
/// example:
///
///
-
///
/// You tried to delete a
ByteMatchSet
that is still referenced by a Rule
.
///
/// -
///
/// You tried to delete a
Rule
that is still referenced by a WebACL
.
///
///
///
/// The operation failed because you tried to create, update, or delete an object by using
/// a change token that has already been used.
///