Copyright	(c) 2013-2023 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	Safe-Inferred
Language	Haskell2010

Amazonka.WAFV2.Types.IPSetForwardedIPConfig

Description

Documentation

data IPSetForwardedIPConfig Source #

The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.

If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

This configuration is used only for IPSetReferenceStatement. For GeoMatchStatement and RateBasedStatement, use ForwardedIPConfig instead.

See: newIPSetForwardedIPConfig smart constructor.

Constructors

IPSetForwardedIPConfig'

Fields

headerName :: Text
The name of the HTTP header to use for the IP address. For example, to use the X-Forwarded-For (XFF) header, set this to X-Forwarded-For.
If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
fallbackBehavior :: FallbackBehavior
The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.
If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
You can specify the following fallback behaviors:
- MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.
- NO_MATCH - Treat the web request as not matching the rule statement.
position :: ForwardedIPPosition
The position in the header to search for the IP address. The header can contain IP addresses of the original client and also of proxies. For example, the header value could be 10.1.1.1, 127.0.0.0, 10.10.10.10 where the first IP address identifies the original client and the rest identify proxies that the request went through.
The options for this setting are the following:
- FIRST - Inspect the first IP address in the list of IP addresses in the header. This is usually the client's original IP.
- LAST - Inspect the last IP address in the list of IP addresses in the header.
- ANY - Inspect all IP addresses in the header for a match. If the header contains more than 10 IP addresses, WAF inspects the last 10.

Instances

Instances details

FromJSON IPSetForwardedIPConfig Source #
Instance details Defined in Amazonka.WAFV2.Types.IPSetForwardedIPConfig Methods parseJSON :: Value -> Parser IPSetForwardedIPConfig # parseJSONList :: Value -> Parser [IPSetForwardedIPConfig] #
ToJSON IPSetForwardedIPConfig Source #
Instance details Defined in Amazonka.WAFV2.Types.IPSetForwardedIPConfig Methods toJSON :: IPSetForwardedIPConfig -> Value # toEncoding :: IPSetForwardedIPConfig -> Encoding # toJSONList :: [IPSetForwardedIPConfig] -> Value # toEncodingList :: [IPSetForwardedIPConfig] -> Encoding #
Generic IPSetForwardedIPConfig Source #
Instance details Defined in Amazonka.WAFV2.Types.IPSetForwardedIPConfig Associated Types type Rep IPSetForwardedIPConfig :: Type -> Type # Methods from :: IPSetForwardedIPConfig -> Rep IPSetForwardedIPConfig x # to :: Rep IPSetForwardedIPConfig x -> IPSetForwardedIPConfig #
Read IPSetForwardedIPConfig Source #
Instance details Defined in Amazonka.WAFV2.Types.IPSetForwardedIPConfig Methods readsPrec :: Int -> ReadS IPSetForwardedIPConfig # readList :: ReadS [IPSetForwardedIPConfig] # readPrec :: ReadPrec IPSetForwardedIPConfig # readListPrec :: ReadPrec [IPSetForwardedIPConfig] #
Show IPSetForwardedIPConfig Source #
Instance details Defined in Amazonka.WAFV2.Types.IPSetForwardedIPConfig Methods showsPrec :: Int -> IPSetForwardedIPConfig -> ShowS # show :: IPSetForwardedIPConfig -> String # showList :: [IPSetForwardedIPConfig] -> ShowS #
NFData IPSetForwardedIPConfig Source #
Instance details Defined in Amazonka.WAFV2.Types.IPSetForwardedIPConfig Methods rnf :: IPSetForwardedIPConfig -> () #
Eq IPSetForwardedIPConfig Source #
Instance details Defined in Amazonka.WAFV2.Types.IPSetForwardedIPConfig Methods (==) :: IPSetForwardedIPConfig -> IPSetForwardedIPConfig -> Bool # (/=) :: IPSetForwardedIPConfig -> IPSetForwardedIPConfig -> Bool #
Hashable IPSetForwardedIPConfig Source #
Instance details Defined in Amazonka.WAFV2.Types.IPSetForwardedIPConfig Methods hashWithSalt :: Int -> IPSetForwardedIPConfig -> Int # hash :: IPSetForwardedIPConfig -> Int #
type Rep IPSetForwardedIPConfig Source #
Instance details Defined in Amazonka.WAFV2.Types.IPSetForwardedIPConfig type Rep IPSetForwardedIPConfig = D1 ('MetaData "IPSetForwardedIPConfig" "Amazonka.WAFV2.Types.IPSetForwardedIPConfig" "amazonka-wafv2-2.0-3v3WgpYn7RT5hSd6MsT5dN" 'False) (C1 ('MetaCons "IPSetForwardedIPConfig'" 'PrefixI 'True) (S1 ('MetaSel ('Just "headerName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :: (S1 ('MetaSel ('Just "fallbackBehavior") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 FallbackBehavior) :: S1 ('MetaSel ('Just "position") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 ForwardedIPPosition))))

newIPSetForwardedIPConfig Source #

Arguments

:: Text	`$sel:headerName:IPSetForwardedIPConfig'`
-> FallbackBehavior	`$sel:fallbackBehavior:IPSetForwardedIPConfig'`
-> ForwardedIPPosition	`$sel:position:IPSetForwardedIPConfig'`
-> IPSetForwardedIPConfig

Create a value of IPSetForwardedIPConfig with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:headerName:IPSetForwardedIPConfig', iPSetForwardedIPConfig_headerName - The name of the HTTP header to use for the IP address. For example, to use the X-Forwarded-For (XFF) header, set this to X-Forwarded-For.

If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

$sel:fallbackBehavior:IPSetForwardedIPConfig', iPSetForwardedIPConfig_fallbackBehavior - The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.

If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

You can specify the following fallback behaviors:

MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH - Treat the web request as not matching the rule statement.

$sel:position:IPSetForwardedIPConfig', iPSetForwardedIPConfig_position - The position in the header to search for the IP address. The header can contain IP addresses of the original client and also of proxies. For example, the header value could be 10.1.1.1, 127.0.0.0, 10.10.10.10 where the first IP address identifies the original client and the rest identify proxies that the request went through.

The options for this setting are the following:

FIRST - Inspect the first IP address in the list of IP addresses in the header. This is usually the client's original IP.
LAST - Inspect the last IP address in the list of IP addresses in the header.
ANY - Inspect all IP addresses in the header for a match. If the header contains more than 10 IP addresses, WAF inspects the last 10.

iPSetForwardedIPConfig_headerName :: Lens' IPSetForwardedIPConfig Text Source #

The name of the HTTP header to use for the IP address. For example, to use the X-Forwarded-For (XFF) header, set this to X-Forwarded-For.

If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

iPSetForwardedIPConfig_fallbackBehavior :: Lens' IPSetForwardedIPConfig FallbackBehavior Source #

The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.

If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.

You can specify the following fallback behaviors:

MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH - Treat the web request as not matching the rule statement.

iPSetForwardedIPConfig_position :: Lens' IPSetForwardedIPConfig ForwardedIPPosition Source #

The position in the header to search for the IP address. The header can contain IP addresses of the original client and also of proxies. For example, the header value could be 10.1.1.1, 127.0.0.0, 10.10.10.10 where the first IP address identifies the original client and the rest identify proxies that the request went through.

The options for this setting are the following:

FIRST - Inspect the first IP address in the list of IP addresses in the header. This is usually the client's original IP.
LAST - Inspect the last IP address in the list of IP addresses in the header.
ANY - Inspect all IP addresses in the header for a match. If the header contains more than 10 IP addresses, WAF inspects the last 10.