Creates a
Rule
, which contains the
IPSet
objects,
ByteMatchSet
objects, and other predicates that identify the requests that you want to block. If you add more than one predicate to a
Rule
, a request must match all of the specifications to be allowed or blocked. For example, suppose you add the following to a
Rule
:
You then add the Rule
to a WebACL
and specify that you want to blocks requests that satisfy the Rule
. For a request to be blocked, it must come from the IP address 192.0.2.44 and the User-Agent
header in the request must contain the value BadBot
.
To create and configure a Rule
, perform the following steps:
-
Create and update the predicates that you want to include in the Rule
. For more information, see CreateByteMatchSet, CreateIPSet, and CreateSqlInjectionMatchSet.
-
Use GetChangeToken to get the change token that you provide in the ChangeToken
parameter of a CreateRule
request.
-
Submit a CreateRule
request.
-
Use GetChangeToken
to get the change token that you provide in the ChangeToken
parameter of an UpdateRule request.
-
Submit an UpdateRule
request to specify the predicates that you want to include in the Rule
.
-
Create and update a WebACL
that contains the Rule
. For more information, see CreateWebACL.
For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.
/// The name specified is invalid.
///
/// The operation failed because of a system problem, even though the request was valid.
/// Retry your request.
///
/// The operation failed because AWS WAF didn't recognize a parameter in the request.
/// For example:
///
///
-
///
/// You specified an invalid parameter name.
///
///
-
///
/// You specified an invalid value.
///
///
-
///
/// You tried to update an object (
ByteMatchSet
, IPSet
, Rule
,
/// or WebACL
) using an action other than INSERT
or DELETE
.
///
/// -
///
/// You tried to create a
WebACL
with a DefaultAction
Type
/// other than ALLOW
, BLOCK
, or COUNT
.
///
/// -
///
/// You tried to update a
WebACL
with a WafAction
Type
/// other than ALLOW
, BLOCK
, or COUNT
.
///
/// -
///
/// You tried to update a
ByteMatchSet
with a FieldToMatch
Type
/// other than HEADER, QUERY_STRING, or URI.
///
/// -
///
/// You tried to update a
ByteMatchSet
with a Field
of HEADER
/// but no value for Data
.
///
/// -
///
/// Your request references an ARN that is malformed, or corresponds to a resource with
/// which a web ACL cannot be associated.
///
///
///
/// The operation exceeds a resource limit, for example, the maximum number of
WebACL
/// objects that you can create for an AWS account. For more information, see
Limits
/// in the
AWS WAF Developer Guide.
///
/// The operation failed because you tried to create, update, or delete an object by using
/// a change token that has already been used.
///