Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Synopsis
Documentation
data XssMatchStatement Source #
A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.
See: newXssMatchStatement
smart constructor.
XssMatchStatement' | |
|
Instances
Create a value of XssMatchStatement
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:fieldToMatch:XssMatchStatement'
, xssMatchStatement_fieldToMatch
- The part of the web request that you want WAF to inspect.
$sel:textTransformations:XssMatchStatement'
, xssMatchStatement_textTransformations
- Text transformations eliminate some of the unusual formatting that
attackers use in web requests in an effort to bypass detection. If you
specify one or more transformations in a rule statement, WAF performs
all transformations on the content of the request component identified
by FieldToMatch
, starting from the lowest priority setting, before
inspecting the content for a match.
xssMatchStatement_fieldToMatch :: Lens' XssMatchStatement FieldToMatch Source #
The part of the web request that you want WAF to inspect.
xssMatchStatement_textTransformations :: Lens' XssMatchStatement (NonEmpty TextTransformation) Source #
Text transformations eliminate some of the unusual formatting that
attackers use in web requests in an effort to bypass detection. If you
specify one or more transformations in a rule statement, WAF performs
all transformations on the content of the request component identified
by FieldToMatch
, starting from the lowest priority setting, before
inspecting the content for a match.