I am trying to create a WAF rule that only accepts POST requests.
Via the UI this was straight forward, however trying to achieve the same with the CDK.
I think I have most of it complete, but the Method is giving me problems. I would have thought it should be HttpMethod.Post but that does not work.
Here is what I have:
Amazon.CDK.AWS.WAFv2.CfnWebACL cfnWebACL2 = new Amazon.CDK.AWS.WAFv2.CfnWebACL(this, "MyCfnWebACL", new Amazon.CDK.AWS.WAFv2.CfnWebACLProps {
DefaultAction = new Amazon.CDK.AWS.WAFv2.CfnWebACL.DefaultActionProperty {
Block = true
},
Name = "Allow_Post",
Rules = new [] { new Amazon.CDK.AWS.WAFv2.CfnWebACL.RuleProperty {
Name = "Allow_Post",
Priority = 1,
Statement = new Amazon.CDK.AWS.WAFv2.CfnWebACL.StatementProperty {
ByteMatchStatement = new Amazon.CDK.AWS.WAFv2.CfnWebACL.ByteMatchStatementProperty {
FieldToMatch = new Amazon.CDK.AWS.WAFv2.CfnWebACL.FieldToMatchProperty {
Method = HttpMethod.Post
},
PositionalConstraint = "EXACTLY",
SearchString = "POST",
TextTransformations = new [] { new Amazon.CDK.AWS.WAFv2.CfnWebACL.TextTransformationProperty {
Priority = 1,
Type = "NONE"
} },
}
},
VisibilityConfig = new Amazon.CDK.AWS.WAFv2.CfnWebACL.VisibilityConfigProperty {
CloudWatchMetricsEnabled = false,
MetricName = "metricName",
SampledRequestsEnabled = false
}}},
VisibilityConfig = new Amazon.CDK.AWS.WAFv2.CfnWebACL.VisibilityConfigProperty {
CloudWatchMetricsEnabled = false,
MetricName = "metricName",
SampledRequestsEnabled = false
},
Scope = "REGIONAL",
});
Finally got this working:
Amazon.CDK.AWS.WAFv2.CfnWebACL cfnWebACL = new Amazon.CDK.AWS.WAFv2.CfnWebACL(this, "MyCfnWebACLw", new Amazon.CDK.AWS.WAFv2.CfnWebACLProps {
DefaultAction = new Amazon.CDK.AWS.WAFv2.CfnWebACL.DefaultActionProperty {
Block = new Amazon.CDK.AWS.WAFv2.CfnWebACL.BlockActionProperty {
CustomResponse = new Amazon.CDK.AWS.WAFv2.CfnWebACL.CustomResponseProperty {
ResponseCode = 403,
}
}
},
Scope = "REGIONAL",
VisibilityConfig = new Amazon.CDK.AWS.WAFv2.CfnWebACL.VisibilityConfigProperty {
MetricName = "test",
SampledRequestsEnabled = false,
CloudWatchMetricsEnabled = false
},
Rules = new [] { new Amazon.CDK.AWS.WAFv2.CfnWebACL.RuleProperty {
Name = "myRule",
Priority = 0,
Statement = new Amazon.CDK.AWS.WAFv2.CfnWebACL.StatementProperty {
ByteMatchStatement = new Amazon.CDK.AWS.WAFv2.CfnWebACL.ByteMatchStatementProperty {
PositionalConstraint = "EXACTLY",
SearchString = "POST",
TextTransformations = new [] {new Amazon.CDK.AWS.WAFv2.CfnWebACL.TextTransformationProperty {
Priority = 0,
Type = "NONE"
}},
FieldToMatch = new Amazon.CDK.AWS.WAFv2.CfnWebACL.FieldToMatchProperty {
Method = new Dictionary<string, object> {{ "name", "Post" }}
}
}
},
VisibilityConfig = new Amazon.CDK.AWS.WAFv2.CfnWebACL.VisibilityConfigProperty {
MetricName = "myMEtric",
SampledRequestsEnabled = false,
CloudWatchMetricsEnabled = false
},
Action = new Amazon.CDK.AWS.WAFv2.CfnWebACL.RuleActionProperty {
Allow = new Amazon.CDK.AWS.WAFv2.CfnWebACL.AllowActionProperty {
CustomRequestHandling = new Amazon.CDK.AWS.WAFv2.CfnWebACL.CustomRequestHandlingProperty {
InsertHeaders = new [] { new Amazon.CDK.AWS.WAFv2.CfnWebACL.CustomHTTPHeaderProperty {
Name = "name",
Value = "value"
} }
}
}
}
}}
});