{-# LANGUAGE DeriveGeneric #-}
{-# LANGUAGE DuplicateRecordFields #-}
{-# LANGUAGE NamedFieldPuns #-}
{-# LANGUAGE OverloadedStrings #-}
{-# LANGUAGE RecordWildCards #-}
{-# LANGUAGE StrictData #-}
{-# LANGUAGE NoImplicitPrelude #-}
{-# OPTIONS_GHC -fno-warn-unused-imports #-}
{-# OPTIONS_GHC -fno-warn-unused-matches #-}

-- Derived from AWS service descriptions, licensed under Apache 2.0.

-- |
-- Module      : Amazonka.WAFV2.Types.GeoMatchStatement
-- Copyright   : (c) 2013-2023 Brendan Hay
-- License     : Mozilla Public License, v. 2.0.
-- Maintainer  : Brendan Hay
-- Stability   : auto-generated
-- Portability : non-portable (GHC extensions)
module Amazonka.WAFV2.Types.GeoMatchStatement where

import qualified Amazonka.Core as Core
import qualified Amazonka.Core.Lens.Internal as Lens
import qualified Amazonka.Data as Data
import qualified Amazonka.Prelude as Prelude
import Amazonka.WAFV2.Types.CountryCode
import Amazonka.WAFV2.Types.ForwardedIPConfig

-- | A rule statement that labels web requests by country and region and that
-- matches against web requests based on country code. A geo match rule
-- labels every request that it inspects regardless of whether it finds a
-- match.
--
-- -   To manage requests only by country, you can use this statement by
--     itself and specify the countries that you want to match against in
--     the @CountryCodes@ array.
--
-- -   Otherwise, configure your geo match rule with Count action so that
--     it only labels requests. Then, add one or more label match rules to
--     run after the geo match rule and configure them to match against the
--     geographic labels and handle the requests as needed.
--
-- WAF labels requests using the alpha-2 country and region codes from the
-- International Organization for Standardization (ISO) 3166 standard. WAF
-- determines the codes using either the IP address in the web request
-- origin or, if you specify it, the address in the geo match
-- @ForwardedIPConfig@.
--
-- If you use the web request origin, the label formats are
-- @awswaf:clientip:geo:region:\<ISO country code>-\<ISO region code>@ and
-- @awswaf:clientip:geo:country:\<ISO country code>@.
--
-- If you use a forwarded IP address, the label formats are
-- @awswaf:forwardedip:geo:region:\<ISO country code>-\<ISO region code>@
-- and @awswaf:forwardedip:geo:country:\<ISO country code>@.
--
-- For additional details, see
-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html Geographic match rule statement>
-- in the
-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
--
-- /See:/ 'newGeoMatchStatement' smart constructor.
data GeoMatchStatement = GeoMatchStatement'
  { -- | An array of two-character country codes that you want to match against,
    -- for example, @[ \"US\", \"CN\" ]@, from the alpha-2 country ISO codes of
    -- the ISO 3166 international standard.
    --
    -- When you use a geo match statement just for the region and country
    -- labels that it adds to requests, you still have to supply a country code
    -- for the rule to evaluate. In this case, you configure the rule to only
    -- count matching requests, but it will still generate logging and count
    -- metrics for any matches. You can reduce the logging and metrics that the
    -- rule produces by specifying a country that\'s unlikely to be a source of
    -- traffic to your site.
    GeoMatchStatement -> Maybe (NonEmpty CountryCode)
countryCodes :: Prelude.Maybe (Prelude.NonEmpty CountryCode),
    -- | The configuration for inspecting IP addresses in an HTTP header that you
    -- specify, instead of using the IP address that\'s reported by the web
    -- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
    -- you can specify any header name.
    --
    -- If the specified header isn\'t present in the request, WAF doesn\'t
    -- apply the rule to the web request at all.
    GeoMatchStatement -> Maybe ForwardedIPConfig
forwardedIPConfig :: Prelude.Maybe ForwardedIPConfig
  }
  deriving (GeoMatchStatement -> GeoMatchStatement -> Bool
forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a
/= :: GeoMatchStatement -> GeoMatchStatement -> Bool
$c/= :: GeoMatchStatement -> GeoMatchStatement -> Bool
== :: GeoMatchStatement -> GeoMatchStatement -> Bool
$c== :: GeoMatchStatement -> GeoMatchStatement -> Bool
Prelude.Eq, ReadPrec [GeoMatchStatement]
ReadPrec GeoMatchStatement
Int -> ReadS GeoMatchStatement
ReadS [GeoMatchStatement]
forall a.
(Int -> ReadS a)
-> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a
readListPrec :: ReadPrec [GeoMatchStatement]
$creadListPrec :: ReadPrec [GeoMatchStatement]
readPrec :: ReadPrec GeoMatchStatement
$creadPrec :: ReadPrec GeoMatchStatement
readList :: ReadS [GeoMatchStatement]
$creadList :: ReadS [GeoMatchStatement]
readsPrec :: Int -> ReadS GeoMatchStatement
$creadsPrec :: Int -> ReadS GeoMatchStatement
Prelude.Read, Int -> GeoMatchStatement -> ShowS
[GeoMatchStatement] -> ShowS
GeoMatchStatement -> String
forall a.
(Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a
showList :: [GeoMatchStatement] -> ShowS
$cshowList :: [GeoMatchStatement] -> ShowS
show :: GeoMatchStatement -> String
$cshow :: GeoMatchStatement -> String
showsPrec :: Int -> GeoMatchStatement -> ShowS
$cshowsPrec :: Int -> GeoMatchStatement -> ShowS
Prelude.Show, forall x. Rep GeoMatchStatement x -> GeoMatchStatement
forall x. GeoMatchStatement -> Rep GeoMatchStatement x
forall a.
(forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a
$cto :: forall x. Rep GeoMatchStatement x -> GeoMatchStatement
$cfrom :: forall x. GeoMatchStatement -> Rep GeoMatchStatement x
Prelude.Generic)

-- |
-- Create a value of 'GeoMatchStatement' with all optional fields omitted.
--
-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
--
-- The following record fields are available, with the corresponding lenses provided
-- for backwards compatibility:
--
-- 'countryCodes', 'geoMatchStatement_countryCodes' - An array of two-character country codes that you want to match against,
-- for example, @[ \"US\", \"CN\" ]@, from the alpha-2 country ISO codes of
-- the ISO 3166 international standard.
--
-- When you use a geo match statement just for the region and country
-- labels that it adds to requests, you still have to supply a country code
-- for the rule to evaluate. In this case, you configure the rule to only
-- count matching requests, but it will still generate logging and count
-- metrics for any matches. You can reduce the logging and metrics that the
-- rule produces by specifying a country that\'s unlikely to be a source of
-- traffic to your site.
--
-- 'forwardedIPConfig', 'geoMatchStatement_forwardedIPConfig' - The configuration for inspecting IP addresses in an HTTP header that you
-- specify, instead of using the IP address that\'s reported by the web
-- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
-- you can specify any header name.
--
-- If the specified header isn\'t present in the request, WAF doesn\'t
-- apply the rule to the web request at all.
newGeoMatchStatement ::
  GeoMatchStatement
newGeoMatchStatement :: GeoMatchStatement
newGeoMatchStatement =
  GeoMatchStatement'
    { $sel:countryCodes:GeoMatchStatement' :: Maybe (NonEmpty CountryCode)
countryCodes = forall a. Maybe a
Prelude.Nothing,
      $sel:forwardedIPConfig:GeoMatchStatement' :: Maybe ForwardedIPConfig
forwardedIPConfig = forall a. Maybe a
Prelude.Nothing
    }

-- | An array of two-character country codes that you want to match against,
-- for example, @[ \"US\", \"CN\" ]@, from the alpha-2 country ISO codes of
-- the ISO 3166 international standard.
--
-- When you use a geo match statement just for the region and country
-- labels that it adds to requests, you still have to supply a country code
-- for the rule to evaluate. In this case, you configure the rule to only
-- count matching requests, but it will still generate logging and count
-- metrics for any matches. You can reduce the logging and metrics that the
-- rule produces by specifying a country that\'s unlikely to be a source of
-- traffic to your site.
geoMatchStatement_countryCodes :: Lens.Lens' GeoMatchStatement (Prelude.Maybe (Prelude.NonEmpty CountryCode))
geoMatchStatement_countryCodes :: Lens' GeoMatchStatement (Maybe (NonEmpty CountryCode))
geoMatchStatement_countryCodes = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GeoMatchStatement' {Maybe (NonEmpty CountryCode)
countryCodes :: Maybe (NonEmpty CountryCode)
$sel:countryCodes:GeoMatchStatement' :: GeoMatchStatement -> Maybe (NonEmpty CountryCode)
countryCodes} -> Maybe (NonEmpty CountryCode)
countryCodes) (\s :: GeoMatchStatement
s@GeoMatchStatement' {} Maybe (NonEmpty CountryCode)
a -> GeoMatchStatement
s {$sel:countryCodes:GeoMatchStatement' :: Maybe (NonEmpty CountryCode)
countryCodes = Maybe (NonEmpty CountryCode)
a} :: GeoMatchStatement) forall b c a. (b -> c) -> (a -> b) -> a -> c
Prelude.. forall (f :: * -> *) (g :: * -> *) s t a b.
(Functor f, Functor g) =>
AnIso s t a b -> Iso (f s) (g t) (f a) (g b)
Lens.mapping forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b
Lens.coerced

-- | The configuration for inspecting IP addresses in an HTTP header that you
-- specify, instead of using the IP address that\'s reported by the web
-- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
-- you can specify any header name.
--
-- If the specified header isn\'t present in the request, WAF doesn\'t
-- apply the rule to the web request at all.
geoMatchStatement_forwardedIPConfig :: Lens.Lens' GeoMatchStatement (Prelude.Maybe ForwardedIPConfig)
geoMatchStatement_forwardedIPConfig :: Lens' GeoMatchStatement (Maybe ForwardedIPConfig)
geoMatchStatement_forwardedIPConfig = forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b
Lens.lens (\GeoMatchStatement' {Maybe ForwardedIPConfig
forwardedIPConfig :: Maybe ForwardedIPConfig
$sel:forwardedIPConfig:GeoMatchStatement' :: GeoMatchStatement -> Maybe ForwardedIPConfig
forwardedIPConfig} -> Maybe ForwardedIPConfig
forwardedIPConfig) (\s :: GeoMatchStatement
s@GeoMatchStatement' {} Maybe ForwardedIPConfig
a -> GeoMatchStatement
s {$sel:forwardedIPConfig:GeoMatchStatement' :: Maybe ForwardedIPConfig
forwardedIPConfig = Maybe ForwardedIPConfig
a} :: GeoMatchStatement)

instance Data.FromJSON GeoMatchStatement where
  parseJSON :: Value -> Parser GeoMatchStatement
parseJSON =
    forall a. String -> (Object -> Parser a) -> Value -> Parser a
Data.withObject
      String
"GeoMatchStatement"
      ( \Object
x ->
          Maybe (NonEmpty CountryCode)
-> Maybe ForwardedIPConfig -> GeoMatchStatement
GeoMatchStatement'
            forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"CountryCodes")
            forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b
Prelude.<*> (Object
x forall a. FromJSON a => Object -> Key -> Parser (Maybe a)
Data..:? Key
"ForwardedIPConfig")
      )

instance Prelude.Hashable GeoMatchStatement where
  hashWithSalt :: Int -> GeoMatchStatement -> Int
hashWithSalt Int
_salt GeoMatchStatement' {Maybe (NonEmpty CountryCode)
Maybe ForwardedIPConfig
forwardedIPConfig :: Maybe ForwardedIPConfig
countryCodes :: Maybe (NonEmpty CountryCode)
$sel:forwardedIPConfig:GeoMatchStatement' :: GeoMatchStatement -> Maybe ForwardedIPConfig
$sel:countryCodes:GeoMatchStatement' :: GeoMatchStatement -> Maybe (NonEmpty CountryCode)
..} =
    Int
_salt
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe (NonEmpty CountryCode)
countryCodes
      forall a. Hashable a => Int -> a -> Int
`Prelude.hashWithSalt` Maybe ForwardedIPConfig
forwardedIPConfig

instance Prelude.NFData GeoMatchStatement where
  rnf :: GeoMatchStatement -> ()
rnf GeoMatchStatement' {Maybe (NonEmpty CountryCode)
Maybe ForwardedIPConfig
forwardedIPConfig :: Maybe ForwardedIPConfig
countryCodes :: Maybe (NonEmpty CountryCode)
$sel:forwardedIPConfig:GeoMatchStatement' :: GeoMatchStatement -> Maybe ForwardedIPConfig
$sel:countryCodes:GeoMatchStatement' :: GeoMatchStatement -> Maybe (NonEmpty CountryCode)
..} =
    forall a. NFData a => a -> ()
Prelude.rnf Maybe (NonEmpty CountryCode)
countryCodes
      seq :: forall a b. a -> b -> b
`Prelude.seq` forall a. NFData a => a -> ()
Prelude.rnf Maybe ForwardedIPConfig
forwardedIPConfig

instance Data.ToJSON GeoMatchStatement where
  toJSON :: GeoMatchStatement -> Value
toJSON GeoMatchStatement' {Maybe (NonEmpty CountryCode)
Maybe ForwardedIPConfig
forwardedIPConfig :: Maybe ForwardedIPConfig
countryCodes :: Maybe (NonEmpty CountryCode)
$sel:forwardedIPConfig:GeoMatchStatement' :: GeoMatchStatement -> Maybe ForwardedIPConfig
$sel:countryCodes:GeoMatchStatement' :: GeoMatchStatement -> Maybe (NonEmpty CountryCode)
..} =
    [Pair] -> Value
Data.object
      ( forall a. [Maybe a] -> [a]
Prelude.catMaybes
          [ (Key
"CountryCodes" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe (NonEmpty CountryCode)
countryCodes,
            (Key
"ForwardedIPConfig" forall kv v. (KeyValue kv, ToJSON v) => Key -> v -> kv
Data..=)
              forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b
Prelude.<$> Maybe ForwardedIPConfig
forwardedIPConfig
          ]
      )