type APIKeySummary struct {

	// The generated, encrypted API key. You can copy this for use in your JavaScript
	// CAPTCHA integration. For information about how to use this in your CAPTCHA
	// JavaScript integration, see WAF client application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html)
	// in the WAF Developer Guide.
	APIKey *string

	// The date and time that the key was created.
	CreationTimestamp *time.Time

	// The token domains that are defined in this API key.
	TokenDomains []string

	// Internal value used by WAF to manage the key.
	Version int32
	// contains filtered or unexported fields
}

type AWSManagedRulesATPRuleSet struct {

	// The path of the login endpoint for your application. For example, for the URL
	// https://example.com/web/login , you would provide the path /web/login . The rule
	// group inspects only HTTP POST requests to your specified login endpoint.
	//
	// This member is required.
	LoginPath *string

	// The criteria for inspecting login requests, used by the ATP rule group to
	// validate credentials usage.
	RequestInspection *RequestInspection

	// The criteria for inspecting responses to login requests, used by the ATP rule
	// group to track login failure rates. The ATP rule group evaluates the responses
	// that your protected resources send back to client login attempts, keeping count
	// of successful and failed attempts from each IP address and client session. Using
	// this information, the rule group labels and mitigates requests from client
	// sessions and IP addresses that submit too many failed login attempts in a short
	// amount of time. Response inspection is available only in web ACLs that protect
	// Amazon CloudFront distributions.
	ResponseInspection *ResponseInspection
	// contains filtered or unexported fields
}

type AWSManagedRulesBotControlRuleSet struct {

	// The inspection level to use for the Bot Control rule group. The common level is
	// the least expensive. The targeted level includes all common level rules and adds
	// rules with more advanced inspection criteria. For details, see WAF Bot Control
	// rule group (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html)
	// in the WAF Developer Guide.
	//
	// This member is required.
	InspectionLevel InspectionLevel
	// contains filtered or unexported fields
}

type ActionCondition struct {

	// The action setting that a log record must contain in order to meet the
	// condition. This is the action that WAF applied to the web request. For rule
	// groups, this is either the configured rule action setting, or if you've applied
	// a rule action override to the rule, it's the override action. The value
	// EXCLUDED_AS_COUNT matches on excluded rules and also on rules that have a rule
	// action override of Count.
	//
	// This member is required.
	Action ActionValue
	// contains filtered or unexported fields
}

type ActionValue string

const (
	ActionValueAllow           ActionValue = "ALLOW"
	ActionValueBlock           ActionValue = "BLOCK"
	ActionValueCount           ActionValue = "COUNT"
	ActionValueCaptcha         ActionValue = "CAPTCHA"
	ActionValueChallenge       ActionValue = "CHALLENGE"
	ActionValueExcludedAsCount ActionValue = "EXCLUDED_AS_COUNT"
)

type All struct {
	// contains filtered or unexported fields
}

type AllQueryArguments struct {
	// contains filtered or unexported fields
}

type AllowAction struct {

	// Defines custom handling for the web request. For information about customizing
	// web requests and responses, see Customizing web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide.
	CustomRequestHandling *CustomRequestHandling
	// contains filtered or unexported fields
}

type AndStatement struct {

	// The statements to combine with AND logic. You can use any statements that can
	// be nested.
	//
	// This member is required.
	Statements []Statement
	// contains filtered or unexported fields
}

type AssociatedResourceType string

const (
	AssociatedResourceTypeCloudfront AssociatedResourceType = "CLOUDFRONT"
)

type AssociationConfig struct {

	// Customizes the maximum size of the request body that your protected CloudFront
	// distributions forward to WAF for inspection. The default size is 16 KB (16,384
	// kilobytes). You are charged additional fees when your protected resources
	// forward body sizes that are larger than the default. For more information, see
	// WAF Pricing (http://aws.amazon.com/waf/pricing/) .
	RequestBody map[string]RequestBodyAssociatedResourceTypeConfig
	// contains filtered or unexported fields
}

type BlockAction struct {

	// Defines a custom response for the web request. For information about
	// customizing web requests and responses, see Customizing web requests and
	// responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide.
	CustomResponse *CustomResponse
	// contains filtered or unexported fields
}

type Body struct {

	// What WAF should do if the body is larger than WAF can inspect. WAF does not
	// support inspecting the entire contents of the web request body if the body
	// exceeds the limit for the resource type. If the body is larger than the limit,
	// the underlying host service only forwards the contents that are below the limit
	// to WAF for inspection. The default limit is 8 KB (8,192 kilobytes) for regional
	// resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For
	// CloudFront distributions, you can increase the limit in the web ACL
	// AssociationConfig , for additional processing fees. The options for oversize
	// handling are the following:
	//   - CONTINUE - Inspect the body normally, according to the rule inspection
	//   criteria.
	//   - MATCH - Treat the web request as matching the rule statement. WAF applies
	//   the rule action to the request.
	//   - NO_MATCH - Treat the web request as not matching the rule statement.
	// You can combine the MATCH or NO_MATCH settings for oversize handling with your
	// rule and web ACL action settings, so that you block any request whose body is
	// over the limit. Default: CONTINUE
	OversizeHandling OversizeHandling
	// contains filtered or unexported fields
}

type BodyParsingFallbackBehavior string

const (
	BodyParsingFallbackBehaviorMatch            BodyParsingFallbackBehavior = "MATCH"
	BodyParsingFallbackBehaviorNoMatch          BodyParsingFallbackBehavior = "NO_MATCH"
	BodyParsingFallbackBehaviorEvaluateAsString BodyParsingFallbackBehavior = "EVALUATE_AS_STRING"
)

type ByteMatchStatement struct {

	// The part of the web request that you want WAF to inspect.
	//
	// This member is required.
	FieldToMatch *FieldToMatch

	// The area within the portion of the web request that you want WAF to search for
	// SearchString . Valid values include the following: CONTAINS The specified part
	// of the web request must include the value of SearchString , but the location
	// doesn't matter. CONTAINS_WORD The specified part of the web request must include
	// the value of SearchString , and SearchString must contain only alphanumeric
	// characters or underscore (A-Z, a-z, 0-9, or _). In addition, SearchString must
	// be a word, which means that both of the following are true:
	//   - SearchString is at the beginning of the specified part of the web request or
	//   is preceded by a character other than an alphanumeric character or underscore
	//   (_). Examples include the value of a header and ;BadBot .
	//   - SearchString is at the end of the specified part of the web request or is
	//   followed by a character other than an alphanumeric character or underscore (_),
	//   for example, BadBot; and -BadBot; .
	// EXACTLY The value of the specified part of the web request must exactly match
	// the value of SearchString . STARTS_WITH The value of SearchString must appear
	// at the beginning of the specified part of the web request. ENDS_WITH The value
	// of SearchString must appear at the end of the specified part of the web request.
	//
	// This member is required.
	PositionalConstraint PositionalConstraint

	// A string value that you want WAF to search for. WAF searches only in the part
	// of web requests that you designate for inspection in FieldToMatch . The maximum
	// length of the value is 200 bytes. Valid values depend on the component that you
	// specify for inspection in FieldToMatch :
	//   - Method : The HTTP method that you want WAF to search for. This indicates the
	//   type of operation specified in the request.
	//   - UriPath : The value that you want WAF to search for in the URI path, for
	//   example, /images/daily-ad.jpg .
	// If SearchString includes alphabetic characters A-Z and a-z, note that the value
	// is case sensitive. If you're using the WAF API Specify a base64-encoded version
	// of the value. The maximum length of the value before you base64-encode it is 200
	// bytes. For example, suppose the value of Type is HEADER and the value of Data
	// is User-Agent . If you want to search the User-Agent header for the value BadBot
	// , you base64-encode BadBot using MIME base64-encoding and include the resulting
	// value, QmFkQm90 , in the value of SearchString . If you're using the CLI or one
	// of the Amazon Web Services SDKs The value that you want WAF to search for. The
	// SDK automatically base64 encodes the value.
	//
	// This member is required.
	SearchString []byte

	// Text transformations eliminate some of the unusual formatting that attackers
	// use in web requests in an effort to bypass detection. If you specify one or more
	// transformations in a rule statement, WAF performs all transformations on the
	// content of the request component identified by FieldToMatch , starting from the
	// lowest priority setting, before inspecting the content for a match.
	//
	// This member is required.
	TextTransformations []TextTransformation
	// contains filtered or unexported fields
}

type CaptchaAction struct {

	// Defines custom handling for the web request, used when the CAPTCHA inspection
	// determines that the request's token is valid and unexpired. For information
	// about customizing web requests and responses, see Customizing web requests and
	// responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide.
	CustomRequestHandling *CustomRequestHandling
	// contains filtered or unexported fields
}

type CaptchaConfig struct {

	// Determines how long a CAPTCHA timestamp in the token remains valid after the
	// client successfully solves a CAPTCHA puzzle.
	ImmunityTimeProperty *ImmunityTimeProperty
	// contains filtered or unexported fields
}

type CaptchaResponse struct {

	// The reason for failure, populated when the evaluation of the token fails.
	FailureReason FailureReason

	// The HTTP response code indicating the status of the CAPTCHA token in the web
	// request. If the token is missing, invalid, or expired, this code is 405 Method
	// Not Allowed .
	ResponseCode *int32

	// The time that the CAPTCHA was last solved for the supplied token.
	SolveTimestamp *int64
	// contains filtered or unexported fields
}

type ChallengeAction struct {

	// Defines custom handling for the web request, used when the challenge inspection
	// determines that the request's token is valid and unexpired. For information
	// about customizing web requests and responses, see Customizing web requests and
	// responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide.
	CustomRequestHandling *CustomRequestHandling
	// contains filtered or unexported fields
}

type ChallengeConfig struct {

	// Determines how long a challenge timestamp in the token remains valid after the
	// client successfully responds to a challenge.
	ImmunityTimeProperty *ImmunityTimeProperty
	// contains filtered or unexported fields
}

type ChallengeResponse struct {

	// The reason for failure, populated when the evaluation of the token fails.
	FailureReason FailureReason

	// The HTTP response code indicating the status of the challenge token in the web
	// request. If the token is missing, invalid, or expired, this code is 202 Request
	// Accepted .
	ResponseCode *int32

	// The time that the challenge was last solved for the supplied token.
	SolveTimestamp *int64
	// contains filtered or unexported fields
}

type ComparisonOperator string

const (
	ComparisonOperatorEq ComparisonOperator = "EQ"
	ComparisonOperatorNe ComparisonOperator = "NE"
	ComparisonOperatorLe ComparisonOperator = "LE"
	ComparisonOperatorLt ComparisonOperator = "LT"
	ComparisonOperatorGe ComparisonOperator = "GE"
	ComparisonOperatorGt ComparisonOperator = "GT"
)

type Condition struct {

	// A single action condition. This is the action setting that a log record must
	// contain in order to meet the condition.
	ActionCondition *ActionCondition

	// A single label name condition. This is the fully qualified label name that a
	// log record must contain in order to meet the condition. Fully qualified labels
	// have a prefix, optional namespaces, and label name. The prefix identifies the
	// rule group or web ACL context of the rule that added the label.
	LabelNameCondition *LabelNameCondition
	// contains filtered or unexported fields
}

type CookieMatchPattern struct {

	// Inspect all cookies.
	All *All

	// Inspect only the cookies whose keys don't match any of the strings specified
	// here.
	ExcludedCookies []string

	// Inspect only the cookies that have a key that matches one of the strings
	// specified here.
	IncludedCookies []string
	// contains filtered or unexported fields
}

type Cookies struct {

	// The filter to use to identify the subset of cookies to inspect in a web
	// request. You must specify exactly one setting: either All , IncludedCookies , or
	// ExcludedCookies . Example JSON: "MatchPattern": { "IncludedCookies":
	// {"KeyToInclude1", "KeyToInclude2", "KeyToInclude3"} }
	//
	// This member is required.
	MatchPattern *CookieMatchPattern

	// The parts of the cookies to inspect with the rule inspection criteria. If you
	// specify All , WAF inspects both keys and values.
	//
	// This member is required.
	MatchScope MapMatchScope

	// What WAF should do if the cookies of the request are larger than WAF can
	// inspect. WAF does not support inspecting the entire contents of request cookies
	// when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host
	// service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to
	// WAF. The options for oversize handling are the following:
	//   - CONTINUE - Inspect the cookies normally, according to the rule inspection
	//   criteria.
	//   - MATCH - Treat the web request as matching the rule statement. WAF applies
	//   the rule action to the request.
	//   - NO_MATCH - Treat the web request as not matching the rule statement.
	//
	// This member is required.
	OversizeHandling OversizeHandling
	// contains filtered or unexported fields
}

type CountAction struct {

	// Defines custom handling for the web request. For information about customizing
	// web requests and responses, see Customizing web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide.
	CustomRequestHandling *CustomRequestHandling
	// contains filtered or unexported fields
}

type CountryCode string

const (
	CountryCodeAf CountryCode = "AF"
	CountryCodeAx CountryCode = "AX"
	CountryCodeAl CountryCode = "AL"
	CountryCodeDz CountryCode = "DZ"
	CountryCodeAs CountryCode = "AS"
	CountryCodeAd CountryCode = "AD"
	CountryCodeAo CountryCode = "AO"
	CountryCodeAi CountryCode = "AI"
	CountryCodeAq CountryCode = "AQ"
	CountryCodeAg CountryCode = "AG"
	CountryCodeAr CountryCode = "AR"
	CountryCodeAm CountryCode = "AM"
	CountryCodeAw CountryCode = "AW"
	CountryCodeAu CountryCode = "AU"
	CountryCodeAt CountryCode = "AT"
	CountryCodeAz CountryCode = "AZ"
	CountryCodeBs CountryCode = "BS"
	CountryCodeBh CountryCode = "BH"
	CountryCodeBd CountryCode = "BD"
	CountryCodeBb CountryCode = "BB"
	CountryCodeBy CountryCode = "BY"
	CountryCodeBe CountryCode = "BE"
	CountryCodeBz CountryCode = "BZ"
	CountryCodeBj CountryCode = "BJ"
	CountryCodeBm CountryCode = "BM"
	CountryCodeBt CountryCode = "BT"
	CountryCodeBo CountryCode = "BO"
	CountryCodeBq CountryCode = "BQ"
	CountryCodeBa CountryCode = "BA"
	CountryCodeBw CountryCode = "BW"
	CountryCodeBv CountryCode = "BV"
	CountryCodeBr CountryCode = "BR"
	CountryCodeIo CountryCode = "IO"
	CountryCodeBn CountryCode = "BN"
	CountryCodeBg CountryCode = "BG"
	CountryCodeBf CountryCode = "BF"
	CountryCodeBi CountryCode = "BI"
	CountryCodeKh CountryCode = "KH"
	CountryCodeCm CountryCode = "CM"
	CountryCodeCa CountryCode = "CA"
	CountryCodeCv CountryCode = "CV"
	CountryCodeKy CountryCode = "KY"
	CountryCodeCf CountryCode = "CF"
	CountryCodeTd CountryCode = "TD"
	CountryCodeCl CountryCode = "CL"
	CountryCodeCn CountryCode = "CN"
	CountryCodeCx CountryCode = "CX"
	CountryCodeCc CountryCode = "CC"
	CountryCodeCo CountryCode = "CO"
	CountryCodeKm CountryCode = "KM"
	CountryCodeCg CountryCode = "CG"
	CountryCodeCd CountryCode = "CD"
	CountryCodeCk CountryCode = "CK"
	CountryCodeCr CountryCode = "CR"
	CountryCodeCi CountryCode = "CI"
	CountryCodeHr CountryCode = "HR"
	CountryCodeCu CountryCode = "CU"
	CountryCodeCw CountryCode = "CW"
	CountryCodeCy CountryCode = "CY"
	CountryCodeCz CountryCode = "CZ"
	CountryCodeDk CountryCode = "DK"
	CountryCodeDj CountryCode = "DJ"
	CountryCodeDm CountryCode = "DM"
	CountryCodeDo CountryCode = "DO"
	CountryCodeEc CountryCode = "EC"
	CountryCodeEg CountryCode = "EG"
	CountryCodeSv CountryCode = "SV"
	CountryCodeGq CountryCode = "GQ"
	CountryCodeEr CountryCode = "ER"
	CountryCodeEe CountryCode = "EE"
	CountryCodeEt CountryCode = "ET"
	CountryCodeFk CountryCode = "FK"
	CountryCodeFo CountryCode = "FO"
	CountryCodeFj CountryCode = "FJ"
	CountryCodeFi CountryCode = "FI"
	CountryCodeFr CountryCode = "FR"
	CountryCodeGf CountryCode = "GF"
	CountryCodePf CountryCode = "PF"
	CountryCodeTf CountryCode = "TF"
	CountryCodeGa CountryCode = "GA"
	CountryCodeGm CountryCode = "GM"
	CountryCodeGe CountryCode = "GE"
	CountryCodeDe CountryCode = "DE"
	CountryCodeGh CountryCode = "GH"
	CountryCodeGi CountryCode = "GI"
	CountryCodeGr CountryCode = "GR"
	CountryCodeGl CountryCode = "GL"
	CountryCodeGd CountryCode = "GD"
	CountryCodeGp CountryCode = "GP"
	CountryCodeGu CountryCode = "GU"
	CountryCodeGt CountryCode = "GT"
	CountryCodeGg CountryCode = "GG"
	CountryCodeGn CountryCode = "GN"
	CountryCodeGw CountryCode = "GW"
	CountryCodeGy CountryCode = "GY"
	CountryCodeHt CountryCode = "HT"
	CountryCodeHm CountryCode = "HM"
	CountryCodeVa CountryCode = "VA"
	CountryCodeHn CountryCode = "HN"
	CountryCodeHk CountryCode = "HK"
	CountryCodeHu CountryCode = "HU"
	CountryCodeIs CountryCode = "IS"
	CountryCodeIn CountryCode = "IN"
	CountryCodeId CountryCode = "ID"
	CountryCodeIr CountryCode = "IR"
	CountryCodeIq CountryCode = "IQ"
	CountryCodeIe CountryCode = "IE"
	CountryCodeIm CountryCode = "IM"
	CountryCodeIl CountryCode = "IL"
	CountryCodeIt CountryCode = "IT"
	CountryCodeJm CountryCode = "JM"
	CountryCodeJp CountryCode = "JP"
	CountryCodeJe CountryCode = "JE"
	CountryCodeJo CountryCode = "JO"
	CountryCodeKz CountryCode = "KZ"
	CountryCodeKe CountryCode = "KE"
	CountryCodeKi CountryCode = "KI"
	CountryCodeKp CountryCode = "KP"
	CountryCodeKr CountryCode = "KR"
	CountryCodeKw CountryCode = "KW"
	CountryCodeKg CountryCode = "KG"
	CountryCodeLa CountryCode = "LA"
	CountryCodeLv CountryCode = "LV"
	CountryCodeLb CountryCode = "LB"
	CountryCodeLs CountryCode = "LS"
	CountryCodeLr CountryCode = "LR"
	CountryCodeLy CountryCode = "LY"
	CountryCodeLi CountryCode = "LI"
	CountryCodeLt CountryCode = "LT"
	CountryCodeLu CountryCode = "LU"
	CountryCodeMo CountryCode = "MO"
	CountryCodeMk CountryCode = "MK"
	CountryCodeMg CountryCode = "MG"
	CountryCodeMw CountryCode = "MW"
	CountryCodeMy CountryCode = "MY"
	CountryCodeMv CountryCode = "MV"
	CountryCodeMl CountryCode = "ML"
	CountryCodeMt CountryCode = "MT"
	CountryCodeMh CountryCode = "MH"
	CountryCodeMq CountryCode = "MQ"
	CountryCodeMr CountryCode = "MR"
	CountryCodeMu CountryCode = "MU"
	CountryCodeYt CountryCode = "YT"
	CountryCodeMx CountryCode = "MX"
	CountryCodeFm CountryCode = "FM"
	CountryCodeMd CountryCode = "MD"
	CountryCodeMc CountryCode = "MC"
	CountryCodeMn CountryCode = "MN"
	CountryCodeMe CountryCode = "ME"
	CountryCodeMs CountryCode = "MS"
	CountryCodeMa CountryCode = "MA"
	CountryCodeMz CountryCode = "MZ"
	CountryCodeMm CountryCode = "MM"
	CountryCodeNa CountryCode = "NA"
	CountryCodeNr CountryCode = "NR"
	CountryCodeNp CountryCode = "NP"
	CountryCodeNl CountryCode = "NL"
	CountryCodeNc CountryCode = "NC"
	CountryCodeNz CountryCode = "NZ"
	CountryCodeNi CountryCode = "NI"
	CountryCodeNe CountryCode = "NE"
	CountryCodeNg CountryCode = "NG"
	CountryCodeNu CountryCode = "NU"
	CountryCodeNf CountryCode = "NF"
	CountryCodeMp CountryCode = "MP"
	CountryCodeNo CountryCode = "NO"
	CountryCodeOm CountryCode = "OM"
	CountryCodePk CountryCode = "PK"
	CountryCodePw CountryCode = "PW"
	CountryCodePs CountryCode = "PS"
	CountryCodePa CountryCode = "PA"
	CountryCodePg CountryCode = "PG"
	CountryCodePy CountryCode = "PY"
	CountryCodePe CountryCode = "PE"
	CountryCodePh CountryCode = "PH"
	CountryCodePn CountryCode = "PN"
	CountryCodePl CountryCode = "PL"
	CountryCodePt CountryCode = "PT"
	CountryCodePr CountryCode = "PR"
	CountryCodeQa CountryCode = "QA"
	CountryCodeRe CountryCode = "RE"
	CountryCodeRo CountryCode = "RO"
	CountryCodeRu CountryCode = "RU"
	CountryCodeRw CountryCode = "RW"
	CountryCodeBl CountryCode = "BL"
	CountryCodeSh CountryCode = "SH"
	CountryCodeKn CountryCode = "KN"
	CountryCodeLc CountryCode = "LC"
	CountryCodeMf CountryCode = "MF"
	CountryCodePm CountryCode = "PM"
	CountryCodeVc CountryCode = "VC"
	CountryCodeWs CountryCode = "WS"
	CountryCodeSm CountryCode = "SM"
	CountryCodeSt CountryCode = "ST"
	CountryCodeSa CountryCode = "SA"
	CountryCodeSn CountryCode = "SN"
	CountryCodeRs CountryCode = "RS"
	CountryCodeSc CountryCode = "SC"
	CountryCodeSl CountryCode = "SL"
	CountryCodeSg CountryCode = "SG"
	CountryCodeSx CountryCode = "SX"
	CountryCodeSk CountryCode = "SK"
	CountryCodeSi CountryCode = "SI"
	CountryCodeSb CountryCode = "SB"
	CountryCodeSo CountryCode = "SO"
	CountryCodeZa CountryCode = "ZA"
	CountryCodeGs CountryCode = "GS"
	CountryCodeSs CountryCode = "SS"
	CountryCodeEs CountryCode = "ES"
	CountryCodeLk CountryCode = "LK"
	CountryCodeSd CountryCode = "SD"
	CountryCodeSr CountryCode = "SR"
	CountryCodeSj CountryCode = "SJ"
	CountryCodeSz CountryCode = "SZ"
	CountryCodeSe CountryCode = "SE"
	CountryCodeCh CountryCode = "CH"
	CountryCodeSy CountryCode = "SY"
	CountryCodeTw CountryCode = "TW"
	CountryCodeTj CountryCode = "TJ"
	CountryCodeTz CountryCode = "TZ"
	CountryCodeTh CountryCode = "TH"
	CountryCodeTl CountryCode = "TL"
	CountryCodeTg CountryCode = "TG"
	CountryCodeTk CountryCode = "TK"
	CountryCodeTo CountryCode = "TO"
	CountryCodeTt CountryCode = "TT"
	CountryCodeTn CountryCode = "TN"
	CountryCodeTr CountryCode = "TR"
	CountryCodeTm CountryCode = "TM"
	CountryCodeTc CountryCode = "TC"
	CountryCodeTv CountryCode = "TV"
	CountryCodeUg CountryCode = "UG"
	CountryCodeUa CountryCode = "UA"
	CountryCodeAe CountryCode = "AE"
	CountryCodeGb CountryCode = "GB"
	CountryCodeUs CountryCode = "US"
	CountryCodeUm CountryCode = "UM"
	CountryCodeUy CountryCode = "UY"
	CountryCodeUz CountryCode = "UZ"
	CountryCodeVu CountryCode = "VU"
	CountryCodeVe CountryCode = "VE"
	CountryCodeVn CountryCode = "VN"
	CountryCodeVg CountryCode = "VG"
	CountryCodeVi CountryCode = "VI"
	CountryCodeWf CountryCode = "WF"
	CountryCodeEh CountryCode = "EH"
	CountryCodeYe CountryCode = "YE"
	CountryCodeZm CountryCode = "ZM"
	CountryCodeZw CountryCode = "ZW"
	CountryCodeXk CountryCode = "XK"
)

type CustomHTTPHeader struct {

	// The name of the custom header. For custom request header insertion, when WAF
	// inserts the header into the request, it prefixes this name x-amzn-waf- , to
	// avoid confusion with the headers that are already in the request. For example,
	// for the header name sample , WAF inserts the header x-amzn-waf-sample .
	//
	// This member is required.
	Name *string

	// The value of the custom header.
	//
	// This member is required.
	Value *string
	// contains filtered or unexported fields
}

type CustomRequestHandling struct {

	// The HTTP headers to insert into the request. Duplicate header names are not
	// allowed. For information about the limits on count and size for custom request
	// and response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
	// in the WAF Developer Guide.
	//
	// This member is required.
	InsertHeaders []CustomHTTPHeader
	// contains filtered or unexported fields
}

type CustomResponse struct {

	// The HTTP status code to return to the client. For a list of status codes that
	// you can use in your custom responses, see Supported status codes for custom
	// response (https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html)
	// in the WAF Developer Guide.
	//
	// This member is required.
	ResponseCode *int32

	// References the response body that you want WAF to return to the web request
	// client. You can define a custom response for a rule action or a default web ACL
	// action that is set to block. To do this, you first define the response body key
	// and value in the CustomResponseBodies setting for the WebACL or RuleGroup where
	// you want to use it. Then, in the rule action or web ACL default action
	// BlockAction setting, you reference the response body using this key.
	CustomResponseBodyKey *string

	// The HTTP headers to use in the response. Duplicate header names are not
	// allowed. For information about the limits on count and size for custom request
	// and response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
	// in the WAF Developer Guide.
	ResponseHeaders []CustomHTTPHeader
	// contains filtered or unexported fields
}

type CustomResponseBody struct {

	// The payload of the custom response. You can use JSON escape strings in JSON
	// content. To do this, you must specify JSON content in the ContentType setting.
	// For information about the limits on count and size for custom request and
	// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
	// in the WAF Developer Guide.
	//
	// This member is required.
	Content *string

	// The type of content in the payload that you are defining in the Content string.
	//
	// This member is required.
	ContentType ResponseContentType
	// contains filtered or unexported fields
}

type DefaultAction struct {

	// Specifies that WAF should allow requests by default.
	Allow *AllowAction

	// Specifies that WAF should block requests by default.
	Block *BlockAction
	// contains filtered or unexported fields
}

type ExcludedRule struct {

	// The name of the rule whose action you want to override to Count .
	//
	// This member is required.
	Name *string
	// contains filtered or unexported fields
}

type FailureReason string

const (
	FailureReasonTokenMissing        FailureReason = "TOKEN_MISSING"
	FailureReasonTokenExpired        FailureReason = "TOKEN_EXPIRED"
	FailureReasonTokenInvalid        FailureReason = "TOKEN_INVALID"
	FailureReasonTokenDomainMismatch FailureReason = "TOKEN_DOMAIN_MISMATCH"
)

type FallbackBehavior string

const (
	FallbackBehaviorMatch   FallbackBehavior = "MATCH"
	FallbackBehaviorNoMatch FallbackBehavior = "NO_MATCH"
)

type FieldToMatch struct {

	// Inspect all query arguments.
	AllQueryArguments *AllQueryArguments

	// Inspect the request body as plain text. The request body immediately follows
	// the request headers. This is the part of a request that contains any additional
	// data that you want to send to your web server as the HTTP request body, such as
	// data from a form. A limited amount of the request body is forwarded to WAF for
	// inspection by the underlying host service. For regional resources, the limit is
	// 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB
	// (16,384 kilobytes). For CloudFront distributions, you can increase the limit in
	// the web ACL's AssociationConfig , for additional processing fees. For
	// information about how to handle oversized request bodies, see the Body object
	// configuration.
	Body *Body

	// Inspect the request cookies. You must configure scope and pattern matching
	// filters in the Cookies object, to define the set of cookies and the parts of
	// the cookies that WAF inspects. Only the first 8 KB (8192 bytes) of a request's
	// cookies and only the first 200 cookies are forwarded to WAF for inspection by
	// the underlying host service. You must configure how to handle any oversize
	// cookie content in the Cookies object. WAF applies the pattern matching filters
	// to the cookies that it receives from the underlying host service.
	Cookies *Cookies

	// Inspect the request headers. You must configure scope and pattern matching
	// filters in the Headers object, to define the set of headers to and the parts of
	// the headers that WAF inspects. Only the first 8 KB (8192 bytes) of a request's
	// headers and only the first 200 headers are forwarded to WAF for inspection by
	// the underlying host service. You must configure how to handle any oversize
	// header content in the Headers object. WAF applies the pattern matching filters
	// to the headers that it receives from the underlying host service.
	Headers *Headers

	// Inspect the request body as JSON. The request body immediately follows the
	// request headers. This is the part of a request that contains any additional data
	// that you want to send to your web server as the HTTP request body, such as data
	// from a form. A limited amount of the request body is forwarded to WAF for
	// inspection by the underlying host service. For regional resources, the limit is
	// 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB
	// (16,384 kilobytes). For CloudFront distributions, you can increase the limit in
	// the web ACL's AssociationConfig , for additional processing fees. For
	// information about how to handle oversized request bodies, see the JsonBody
	// object configuration.
	JsonBody *JsonBody

	// Inspect the HTTP method. The method indicates the type of operation that the
	// request is asking the origin to perform.
	Method *Method

	// Inspect the query string. This is the part of a URL that appears after a ?
	// character, if any.
	QueryString *QueryString

	// Inspect a single header. Provide the name of the header to inspect, for
	// example, User-Agent or Referer . This setting isn't case sensitive. Example
	// JSON: "SingleHeader": { "Name": "haystack" } Alternately, you can filter and
	// inspect all headers with the Headers FieldToMatch setting.
	SingleHeader *SingleHeader

	// Inspect a single query argument. Provide the name of the query argument to
	// inspect, such as UserName or SalesRegion. The name can be up to 30 characters
	// long and isn't case sensitive. Example JSON: "SingleQueryArgument": { "Name":
	// "myArgument" }
	SingleQueryArgument *SingleQueryArgument

	// Inspect the request URI path. This is the part of the web request that
	// identifies a resource, for example, /images/daily-ad.jpg .
	UriPath *UriPath
	// contains filtered or unexported fields
}

type Filter struct {

	// How to handle logs that satisfy the filter's conditions and requirement.
	//
	// This member is required.
	Behavior FilterBehavior

	// Match conditions for the filter.
	//
	// This member is required.
	Conditions []Condition

	// Logic to apply to the filtering conditions. You can specify that, in order to
	// satisfy the filter, a log must match all conditions or must match at least one
	// condition.
	//
	// This member is required.
	Requirement FilterRequirement
	// contains filtered or unexported fields
}

type FilterBehavior string

const (
	FilterBehaviorKeep FilterBehavior = "KEEP"
	FilterBehaviorDrop FilterBehavior = "DROP"
)

type FilterRequirement string

const (
	FilterRequirementMeetsAll FilterRequirement = "MEETS_ALL"
	FilterRequirementMeetsAny FilterRequirement = "MEETS_ANY"
)

type FirewallManagerRuleGroup struct {

	// The processing guidance for an Firewall Manager rule. This is like a regular
	// rule Statement , but it can only contain a rule group reference.
	//
	// This member is required.
	FirewallManagerStatement *FirewallManagerStatement

	// The name of the rule group. You cannot change the name of a rule group after
	// you create it.
	//
	// This member is required.
	Name *string

	// The action to use in the place of the action that results from the rule group
	// evaluation. Set the override action to none to leave the result of the rule
	// group alone. Set it to count to override the result to count only. You can only
	// use this for rule statements that reference a rule group, like
	// RuleGroupReferenceStatement and ManagedRuleGroupStatement . This option is
	// usually set to none. It does not affect how the rules in the rule group are
	// evaluated. If you want the rules in the rule group to only count matches, do not
	// use this and instead use the rule action override option, with Count action, in
	// your rule group reference statement settings.
	//
	// This member is required.
	OverrideAction *OverrideAction

	// If you define more than one rule group in the first or last Firewall Manager
	// rule groups, WAF evaluates each request against the rule groups in order,
	// starting from the lowest priority setting. The priorities don't need to be
	// consecutive, but they must all be different.
	//
	// This member is required.
	Priority int32

	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	//
	// This member is required.
	VisibilityConfig *VisibilityConfig
	// contains filtered or unexported fields
}

type FirewallManagerStatement struct {

	// A statement used by Firewall Manager to run the rules that are defined in a
	// managed rule group. This is managed by Firewall Manager for an Firewall Manager
	// WAF policy.
	ManagedRuleGroupStatement *ManagedRuleGroupStatement

	// A statement used by Firewall Manager to run the rules that are defined in a
	// rule group. This is managed by Firewall Manager for an Firewall Manager WAF
	// policy.
	RuleGroupReferenceStatement *RuleGroupReferenceStatement
	// contains filtered or unexported fields
}

type ForwardedIPConfig struct {

	// The match status to assign to the web request if the request doesn't have a
	// valid IP address in the specified position. If the specified header isn't
	// present in the request, WAF doesn't apply the rule to the web request at all.
	// You can specify the following fallback behaviors:
	//   - MATCH - Treat the web request as matching the rule statement. WAF applies
	//   the rule action to the request.
	//   - NO_MATCH - Treat the web request as not matching the rule statement.
	//
	// This member is required.
	FallbackBehavior FallbackBehavior

	// The name of the HTTP header to use for the IP address. For example, to use the
	// X-Forwarded-For (XFF) header, set this to X-Forwarded-For . If the specified
	// header isn't present in the request, WAF doesn't apply the rule to the web
	// request at all.
	//
	// This member is required.
	HeaderName *string
	// contains filtered or unexported fields
}

type ForwardedIPPosition string

const (
	ForwardedIPPositionFirst ForwardedIPPosition = "FIRST"
	ForwardedIPPositionLast  ForwardedIPPosition = "LAST"
	ForwardedIPPositionAny   ForwardedIPPosition = "ANY"
)

type GeoMatchStatement struct {

	// An array of two-character country codes that you want to match against, for
	// example, [ "US", "CN" ] , from the alpha-2 country ISO codes of the ISO 3166
	// international standard. When you use a geo match statement just for the region
	// and country labels that it adds to requests, you still have to supply a country
	// code for the rule to evaluate. In this case, you configure the rule to only
	// count matching requests, but it will still generate logging and count metrics
	// for any matches. You can reduce the logging and metrics that the rule produces
	// by specifying a country that's unlikely to be a source of traffic to your site.
	CountryCodes []CountryCode

	// The configuration for inspecting IP addresses in an HTTP header that you
	// specify, instead of using the IP address that's reported by the web request
	// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
	// any header name. If the specified header isn't present in the request, WAF
	// doesn't apply the rule to the web request at all.
	ForwardedIPConfig *ForwardedIPConfig
	// contains filtered or unexported fields
}

type HTTPHeader struct {

	// The name of the HTTP header.
	Name *string

	// The value of the HTTP header.
	Value *string
	// contains filtered or unexported fields
}

type HTTPRequest struct {

	// The IP address that the request originated from. If the web ACL is associated
	// with a CloudFront distribution, this is the value of one of the following fields
	// in CloudFront access logs:
	//   - c-ip , if the viewer did not use an HTTP proxy or a load balancer to send
	//   the request
	//   - x-forwarded-for , if the viewer did use an HTTP proxy or a load balancer to
	//   send the request
	ClientIP *string

	// The two-letter country code for the country that the request originated from.
	// For a current list of country codes, see the Wikipedia entry ISO 3166-1 alpha-2 (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2)
	// .
	Country *string

	// The HTTP version specified in the sampled web request, for example, HTTP/1.1 .
	HTTPVersion *string

	// A complex type that contains the name and value for each header in the sampled
	// web request.
	Headers []HTTPHeader

	// The HTTP method specified in the sampled web request.
	Method *string

	// The URI path of the request, which identifies the resource, for example,
	// /images/daily-ad.jpg .
	URI *string
	// contains filtered or unexported fields
}

type HeaderMatchPattern struct {

	// Inspect all headers.
	All *All

	// Inspect only the headers whose keys don't match any of the strings specified
	// here.
	ExcludedHeaders []string

	// Inspect only the headers that have a key that matches one of the strings
	// specified here.
	IncludedHeaders []string
	// contains filtered or unexported fields
}

type Headers struct {

	// The filter to use to identify the subset of headers to inspect in a web
	// request. You must specify exactly one setting: either All , IncludedHeaders , or
	// ExcludedHeaders . Example JSON: "MatchPattern": { "ExcludedHeaders":
	// {"KeyToExclude1", "KeyToExclude2"} }
	//
	// This member is required.
	MatchPattern *HeaderMatchPattern

	// The parts of the headers to match with the rule inspection criteria. If you
	// specify All , WAF inspects both keys and values.
	//
	// This member is required.
	MatchScope MapMatchScope

	// What WAF should do if the headers of the request are larger than WAF can
	// inspect. WAF does not support inspecting the entire contents of request headers
	// when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host
	// service forwards a maximum of 200 headers and at most 8 KB of header contents to
	// WAF. The options for oversize handling are the following:
	//   - CONTINUE - Inspect the headers normally, according to the rule inspection
	//   criteria.
	//   - MATCH - Treat the web request as matching the rule statement. WAF applies
	//   the rule action to the request.
	//   - NO_MATCH - Treat the web request as not matching the rule statement.
	//
	// This member is required.
	OversizeHandling OversizeHandling
	// contains filtered or unexported fields
}

type IPAddressVersion string

const (
	IPAddressVersionIpv4 IPAddressVersion = "IPV4"
	IPAddressVersionIpv6 IPAddressVersion = "IPV6"
)

type IPSet struct {

	// The Amazon Resource Name (ARN) of the entity.
	//
	// This member is required.
	ARN *string

	// Contains an array of strings that specifies zero or more IP addresses or blocks
	// of IP addresses. All addresses must be specified using Classless Inter-Domain
	// Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for
	// /0 . Example address strings:
	//   - To configure WAF to allow, block, or count requests that originated from
	//   the IP address 192.0.2.44, specify 192.0.2.44/32 .
	//   - To configure WAF to allow, block, or count requests that originated from IP
	//   addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24 .
	//   - To configure WAF to allow, block, or count requests that originated from
	//   the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
	//   1111:0000:0000:0000:0000:0000:0000:0111/128 .
	//   - To configure WAF to allow, block, or count requests that originated from IP
	//   addresses 1111:0000:0000:0000:0000:0000:0000:0000 to
	//   1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
	//   1111:0000:0000:0000:0000:0000:0000:0000/64 .
	// For more information about CIDR notation, see the Wikipedia entry Classless
	// Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
	// . Example JSON Addresses specifications:
	//   - Empty array: "Addresses": []
	//   - Array with one address: "Addresses": ["192.0.2.44/32"]
	//   - Array with three addresses: "Addresses": ["192.0.2.44/32", "192.0.2.0/24",
	//   "192.0.0.0/16"]
	//   - INVALID specification: "Addresses": [""] INVALID
	//
	// This member is required.
	Addresses []string

	// The version of the IP addresses, either IPV4 or IPV6 .
	//
	// This member is required.
	IPAddressVersion IPAddressVersion

	// A unique identifier for the set. This ID is returned in the responses to create
	// and list commands. You provide it to operations like update and delete.
	//
	// This member is required.
	Id *string

	// The name of the IP set. You cannot change the name of an IPSet after you create
	// it.
	//
	// This member is required.
	Name *string

	// A description of the IP set that helps with identification.
	Description *string
	// contains filtered or unexported fields
}

type IPSetForwardedIPConfig struct {

	// The match status to assign to the web request if the request doesn't have a
	// valid IP address in the specified position. If the specified header isn't
	// present in the request, WAF doesn't apply the rule to the web request at all.
	// You can specify the following fallback behaviors:
	//   - MATCH - Treat the web request as matching the rule statement. WAF applies
	//   the rule action to the request.
	//   - NO_MATCH - Treat the web request as not matching the rule statement.
	//
	// This member is required.
	FallbackBehavior FallbackBehavior

	// The name of the HTTP header to use for the IP address. For example, to use the
	// X-Forwarded-For (XFF) header, set this to X-Forwarded-For . If the specified
	// header isn't present in the request, WAF doesn't apply the rule to the web
	// request at all.
	//
	// This member is required.
	HeaderName *string

	// The position in the header to search for the IP address. The header can contain
	// IP addresses of the original client and also of proxies. For example, the header
	// value could be 10.1.1.1, 127.0.0.0, 10.10.10.10 where the first IP address
	// identifies the original client and the rest identify proxies that the request
	// went through. The options for this setting are the following:
	//   - FIRST - Inspect the first IP address in the list of IP addresses in the
	//   header. This is usually the client's original IP.
	//   - LAST - Inspect the last IP address in the list of IP addresses in the
	//   header.
	//   - ANY - Inspect all IP addresses in the header for a match. If the header
	//   contains more than 10 IP addresses, WAF inspects the last 10.
	//
	// This member is required.
	Position ForwardedIPPosition
	// contains filtered or unexported fields
}

type IPSetReferenceStatement struct {

	// The Amazon Resource Name (ARN) of the IPSet that this statement references.
	//
	// This member is required.
	ARN *string

	// The configuration for inspecting IP addresses in an HTTP header that you
	// specify, instead of using the IP address that's reported by the web request
	// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
	// any header name. If the specified header isn't present in the request, WAF
	// doesn't apply the rule to the web request at all.
	IPSetForwardedIPConfig *IPSetForwardedIPConfig
	// contains filtered or unexported fields
}

type IPSetSummary struct {

	// The Amazon Resource Name (ARN) of the entity.
	ARN *string

	// A description of the IP set that helps with identification.
	Description *string

	// A unique identifier for the set. This ID is returned in the responses to create
	// and list commands. You provide it to operations like update and delete.
	Id *string

	// A token used for optimistic locking. WAF returns a token to your get and list
	// requests, to mark the state of the entity at the time of the request. To make
	// changes to the entity associated with the token, you provide the token to
	// operations like update and delete . WAF uses the token to ensure that no changes
	// have been made to the entity since you last retrieved it. If a change has been
	// made, the update fails with a WAFOptimisticLockException . If this happens,
	// perform another get , and use the new token returned by that operation.
	LockToken *string

	// The name of the IP set. You cannot change the name of an IPSet after you create
	// it.
	Name *string
	// contains filtered or unexported fields
}

type ImmunityTimeProperty struct {

	// The amount of time, in seconds, that a CAPTCHA or challenge timestamp is
	// considered valid by WAF. The default setting is 300. For the Challenge action,
	// the minimum setting is 300.
	//
	// This member is required.
	ImmunityTime *int64
	// contains filtered or unexported fields
}

type InspectionLevel string

const (
	InspectionLevelCommon   InspectionLevel = "COMMON"
	InspectionLevelTargeted InspectionLevel = "TARGETED"
)

type JsonBody struct {

	// The patterns to look for in the JSON body. WAF inspects the results of these
	// pattern matches against the rule inspection criteria.
	//
	// This member is required.
	MatchPattern *JsonMatchPattern

	// The parts of the JSON to match against using the MatchPattern . If you specify
	// All , WAF matches against keys and values.
	//
	// This member is required.
	MatchScope JsonMatchScope

	// What WAF should do if it fails to completely parse the JSON body. The options
	// are the following:
	//   - EVALUATE_AS_STRING - Inspect the body as plain text. WAF applies the text
	//   transformations and inspection criteria that you defined for the JSON inspection
	//   to the body text string.
	//   - MATCH - Treat the web request as matching the rule statement. WAF applies
	//   the rule action to the request.
	//   - NO_MATCH - Treat the web request as not matching the rule statement.
	// If you don't provide this setting, WAF parses and evaluates the content only up
	// to the first parsing failure that it encounters. WAF does its best to parse the
	// entire JSON body, but might be forced to stop for reasons such as invalid
	// characters, duplicate keys, truncation, and any content whose root node isn't an
	// object or an array. WAF parses the JSON in the following examples as two valid
	// key, value pairs:
	//   - Missing comma: {"key1":"value1""key2":"value2"}
	//   - Missing colon: {"key1":"value1","key2""value2"}
	//   - Extra colons: {"key1"::"value1","key2""value2"}
	InvalidFallbackBehavior BodyParsingFallbackBehavior

	// What WAF should do if the body is larger than WAF can inspect. WAF does not
	// support inspecting the entire contents of the web request body if the body
	// exceeds the limit for the resource type. If the body is larger than the limit,
	// the underlying host service only forwards the contents that are below the limit
	// to WAF for inspection. The default limit is 8 KB (8,192 kilobytes) for regional
	// resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For
	// CloudFront distributions, you can increase the limit in the web ACL
	// AssociationConfig , for additional processing fees. The options for oversize
	// handling are the following:
	//   - CONTINUE - Inspect the body normally, according to the rule inspection
	//   criteria.
	//   - MATCH - Treat the web request as matching the rule statement. WAF applies
	//   the rule action to the request.
	//   - NO_MATCH - Treat the web request as not matching the rule statement.
	// You can combine the MATCH or NO_MATCH settings for oversize handling with your
	// rule and web ACL action settings, so that you block any request whose body is
	// over the limit. Default: CONTINUE
	OversizeHandling OversizeHandling
	// contains filtered or unexported fields
}

type JsonMatchPattern struct {

	// Match all of the elements. See also MatchScope in JsonBody . You must specify
	// either this setting or the IncludedPaths setting, but not both.
	All *All

	// Match only the specified include paths. See also MatchScope in JsonBody .
	// Provide the include paths using JSON Pointer syntax. For example,
	// "IncludedPaths": ["/dogs/0/name", "/dogs/1/name"] . For information about this
	// syntax, see the Internet Engineering Task Force (IETF) documentation JavaScript
	// Object Notation (JSON) Pointer (https://tools.ietf.org/html/rfc6901) . You must
	// specify either this setting or the All setting, but not both. Don't use this
	// option to include all paths. Instead, use the All setting.
	IncludedPaths []string
	// contains filtered or unexported fields
}

type JsonMatchScope string

const (
	JsonMatchScopeAll   JsonMatchScope = "ALL"
	JsonMatchScopeKey   JsonMatchScope = "KEY"
	JsonMatchScopeValue JsonMatchScope = "VALUE"
)

type Label struct {

	// The label string.
	//
	// This member is required.
	Name *string
	// contains filtered or unexported fields
}

type LabelMatchScope string

const (
	LabelMatchScopeLabel     LabelMatchScope = "LABEL"
	LabelMatchScopeNamespace LabelMatchScope = "NAMESPACE"
)

type LabelMatchStatement struct {

	// The string to match against. The setting you provide for this depends on the
	// match statement's Scope setting:
	//   - If the Scope indicates LABEL , then this specification must include the name
	//   and can include any number of preceding namespace specifications and prefix up
	//   to providing the fully qualified label name.
	//   - If the Scope indicates NAMESPACE , then this specification can include any
	//   number of contiguous namespace strings, and can include the entire label
	//   namespace prefix from the rule group or web ACL where the label originates.
	// Labels are case sensitive and components of a label must be separated by colon,
	// for example NS1:NS2:name .
	//
	// This member is required.
	Key *string

	// Specify whether you want to match using the label name or just the namespace.
	//
	// This member is required.
	Scope LabelMatchScope
	// contains filtered or unexported fields
}

type LabelNameCondition struct {

	// The label name that a log record must contain in order to meet the condition.
	// This must be a fully qualified label name. Fully qualified labels have a prefix,
	// optional namespaces, and label name. The prefix identifies the rule group or web
	// ACL context of the rule that added the label.
	//
	// This member is required.
	LabelName *string
	// contains filtered or unexported fields
}

type LabelSummary struct {

	// An individual label specification.
	Name *string
	// contains filtered or unexported fields
}

type LoggingConfiguration struct {

	// The logging destination configuration that you want to associate with the web
	// ACL. You can associate one logging destination to a web ACL.
	//
	// This member is required.
	LogDestinationConfigs []string

	// The Amazon Resource Name (ARN) of the web ACL that you want to associate with
	// LogDestinationConfigs .
	//
	// This member is required.
	ResourceArn *string

	// Filtering that specifies which web requests are kept in the logs and which are
	// dropped. You can filter on the rule action and on the web request labels that
	// were applied by matching rules during web ACL evaluation.
	LoggingFilter *LoggingFilter

	// Indicates whether the logging configuration was created by Firewall Manager, as
	// part of an WAF policy configuration. If true, only Firewall Manager can modify
	// or delete the configuration.
	ManagedByFirewallManager bool

	// The parts of the request that you want to keep out of the logs. For example, if
	// you redact the SingleHeader field, the HEADER field in the logs will be REDACTED
	// . You can specify only the following fields for redaction: UriPath , QueryString
	// , SingleHeader , Method , and JsonBody .
	RedactedFields []FieldToMatch
	// contains filtered or unexported fields
}

type LoggingFilter struct {

	// Default handling for logs that don't match any of the specified filtering
	// conditions.
	//
	// This member is required.
	DefaultBehavior FilterBehavior

	// The filters that you want to apply to the logs.
	//
	// This member is required.
	Filters []Filter
	// contains filtered or unexported fields
}

type ManagedRuleGroupConfig struct {

	// Additional configuration for using the account takeover prevention (ATP)
	// managed rule group, AWSManagedRulesATPRuleSet . Use this to provide login
	// request information to the rule group. For web ACLs that protect CloudFront
	// distributions, use this to also provide the information about how your
	// distribution responds to login requests. This configuration replaces the
	// individual configuration fields in ManagedRuleGroupConfig and provides
	// additional feature configuration. For information about using the ATP managed
	// rule group, see WAF Fraud Control account takeover prevention (ATP) rule group (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-atp.html)
	// and WAF Fraud Control account takeover prevention (ATP) (https://docs.aws.amazon.com/waf/latest/developerguide/waf-atp.html)
	// in the WAF Developer Guide.
	AWSManagedRulesATPRuleSet *AWSManagedRulesATPRuleSet

	// Additional configuration for using the Bot Control managed rule group. Use this
	// to specify the inspection level that you want to use. For information about
	// using the Bot Control managed rule group, see WAF Bot Control rule group (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html)
	// and WAF Bot Control (https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html)
	// in the WAF Developer Guide.
	AWSManagedRulesBotControlRuleSet *AWSManagedRulesBotControlRuleSet

	// Instead of this setting, provide your configuration under
	// AWSManagedRulesATPRuleSet .
	//
	// Deprecated: Deprecated. Use AWSManagedRulesATPRuleSet LoginPath
	LoginPath *string

	// Instead of this setting, provide your configuration under
	// AWSManagedRulesATPRuleSet RequestInspection .
	//
	// Deprecated: Deprecated. Use AWSManagedRulesATPRuleSet RequestInspection
	// PasswordField
	PasswordField *PasswordField

	// Instead of this setting, provide your configuration under
	// AWSManagedRulesATPRuleSet RequestInspection .
	//
	// Deprecated: Deprecated. Use AWSManagedRulesATPRuleSet RequestInspection
	// PayloadType
	PayloadType PayloadType

	// Instead of this setting, provide your configuration under
	// AWSManagedRulesATPRuleSet RequestInspection .
	//
	// Deprecated: Deprecated. Use AWSManagedRulesATPRuleSet RequestInspection
	// UsernameField
	UsernameField *UsernameField
	// contains filtered or unexported fields
}

type ManagedRuleGroupStatement struct {

	// The name of the managed rule group. You use this, along with the vendor name,
	// to identify the rule group.
	//
	// This member is required.
	Name *string

	// The name of the managed rule group vendor. You use this, along with the rule
	// group name, to identify the rule group.
	//
	// This member is required.
	VendorName *string

	// Rules in the referenced rule group whose actions are set to Count . Instead of
	// this option, use RuleActionOverrides . It accepts any valid action setting,
	// including Count .
	ExcludedRules []ExcludedRule

	// Additional information that's used by a managed rule group. Many managed rule
	// groups don't require this. Use the AWSManagedRulesATPRuleSet configuration
	// object for the account takeover prevention managed rule group, to provide
	// information such as the sign-in page of your application and the type of content
	// to accept or reject from the client. Use the AWSManagedRulesBotControlRuleSet
	// configuration object to configure the protection level that you want the Bot
	// Control rule group to use.
	ManagedRuleGroupConfigs []ManagedRuleGroupConfig

	// Action settings to use in the place of the rule actions that are configured
	// inside the rule group. You specify one override for each rule whose action you
	// want to change. You can use overrides for testing, for example you can override
	// all of rule actions to Count and then monitor the resulting count metrics to
	// understand how the rule group would handle your web traffic. You can also
	// permanently override some or all actions, to modify how the rule group manages
	// your web traffic.
	RuleActionOverrides []RuleActionOverride

	// An optional nested statement that narrows the scope of the web requests that
	// are evaluated by the managed rule group. Requests are only evaluated by the rule
	// group if they match the scope-down statement. You can use any nestable Statement
	// in the scope-down statement, and you can nest statements at any level, the same
	// as you can for a rule statement.
	ScopeDownStatement *Statement

	// The version of the managed rule group to use. If you specify this, the version
	// setting is fixed until you change it. If you don't specify this, WAF uses the
	// vendor's default version, and then keeps the version at the vendor's default
	// when the vendor updates the managed rule group settings.
	Version *string
	// contains filtered or unexported fields
}

type ManagedRuleGroupSummary struct {

	// The description of the managed rule group, provided by Amazon Web Services
	// Managed Rules or the Amazon Web Services Marketplace seller who manages it.
	Description *string

	// The name of the managed rule group. You use this, along with the vendor name,
	// to identify the rule group.
	Name *string

	// The name of the managed rule group vendor. You use this, along with the rule
	// group name, to identify the rule group.
	VendorName *string

	// Indicates whether the managed rule group is versioned. If it is, you can
	// retrieve the versions list by calling ListAvailableManagedRuleGroupVersions .
	VersioningSupported bool
	// contains filtered or unexported fields
}

type ManagedRuleGroupVersion struct {

	// The date and time that the managed rule group owner updated the rule group
	// version information.
	LastUpdateTimestamp *time.Time

	// The version name.
	Name *string
	// contains filtered or unexported fields
}

type ManagedRuleSet struct {

	// The Amazon Resource Name (ARN) of the entity.
	//
	// This member is required.
	ARN *string

	// A unique identifier for the managed rule set. The ID is returned in the
	// responses to commands like list . You provide it to operations like get and
	// update .
	//
	// This member is required.
	Id *string

	// The name of the managed rule set. You use this, along with the rule set ID, to
	// identify the rule set. This name is assigned to the corresponding managed rule
	// group, which your customers can access and use.
	//
	// This member is required.
	Name *string

	// A description of the set that helps with identification.
	Description *string

	// The label namespace prefix for the managed rule groups that are offered to
	// customers from this managed rule set. All labels that are added by rules in the
	// managed rule group have this prefix.
	//   - The syntax for the label namespace prefix for a managed rule group is the
	//   following: awswaf:managed:: :
	//   - When a rule with a label matches a web request, WAF adds the fully
	//   qualified label to the request. A fully qualified label is made up of the label
	//   namespace from the rule group or web ACL where the rule is defined and the label
	//   from the rule, separated by a colon: :
	LabelNamespace *string

	// The versions of this managed rule set that are available for use by customers.
	PublishedVersions map[string]ManagedRuleSetVersion

	// The version that you would like your customers to use.
	RecommendedVersion *string
	// contains filtered or unexported fields
}

type ManagedRuleSetSummary struct {

	// The Amazon Resource Name (ARN) of the entity.
	ARN *string

	// A description of the set that helps with identification.
	Description *string

	// A unique identifier for the managed rule set. The ID is returned in the
	// responses to commands like list . You provide it to operations like get and
	// update .
	Id *string

	// The label namespace prefix for the managed rule groups that are offered to
	// customers from this managed rule set. All labels that are added by rules in the
	// managed rule group have this prefix.
	//   - The syntax for the label namespace prefix for a managed rule group is the
	//   following: awswaf:managed:: :
	//   - When a rule with a label matches a web request, WAF adds the fully
	//   qualified label to the request. A fully qualified label is made up of the label
	//   namespace from the rule group or web ACL where the rule is defined and the label
	//   from the rule, separated by a colon: :
	LabelNamespace *string

	// A token used for optimistic locking. WAF returns a token to your get and list
	// requests, to mark the state of the entity at the time of the request. To make
	// changes to the entity associated with the token, you provide the token to
	// operations like update and delete . WAF uses the token to ensure that no changes
	// have been made to the entity since you last retrieved it. If a change has been
	// made, the update fails with a WAFOptimisticLockException . If this happens,
	// perform another get , and use the new token returned by that operation.
	LockToken *string

	// The name of the managed rule set. You use this, along with the rule set ID, to
	// identify the rule set. This name is assigned to the corresponding managed rule
	// group, which your customers can access and use.
	Name *string
	// contains filtered or unexported fields
}

type ManagedRuleSetVersion struct {

	// The Amazon Resource Name (ARN) of the vendor rule group that's used to define
	// the published version of your managed rule group.
	AssociatedRuleGroupArn *string

	// The web ACL capacity units (WCUs) required for this rule group. WAF uses WCUs
	// to calculate and control the operating resources that are used to run your
	// rules, rule groups, and web ACLs. WAF calculates capacity differently for each
	// rule type, to reflect the relative cost of each rule. Simple rules that cost
	// little to run use fewer WCUs than more complex rules that use more processing
	// power. Rule group capacity is fixed at creation, which helps users plan their
	// web ACL WCU usage when they use a rule group. For more information, see WAF web
	// ACL capacity units (WCU) (https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html)
	// in the WAF Developer Guide.
	Capacity int64

	// The time that this version is set to expire. Times are in Coordinated Universal
	// Time (UTC) format. UTC format includes the special designator, Z. For example,
	// "2016-09-27T14:50Z".
	ExpiryTimestamp *time.Time

	// The amount of time you expect this version of your managed rule group to last,
	// in days.
	ForecastedLifetime *int32

	// The last time that you updated this version. Times are in Coordinated Universal
	// Time (UTC) format. UTC format includes the special designator, Z. For example,
	// "2016-09-27T14:50Z".
	LastUpdateTimestamp *time.Time

	// The time that you first published this version. Times are in Coordinated
	// Universal Time (UTC) format. UTC format includes the special designator, Z. For
	// example, "2016-09-27T14:50Z".
	PublishTimestamp *time.Time
	// contains filtered or unexported fields
}

type MapMatchScope string

const (
	MapMatchScopeAll   MapMatchScope = "ALL"
	MapMatchScopeKey   MapMatchScope = "KEY"
	MapMatchScopeValue MapMatchScope = "VALUE"
)

type Method struct {
	// contains filtered or unexported fields
}

type MobileSdkRelease struct {

	// Notes describing the release.
	ReleaseNotes *string

	// The release version.
	ReleaseVersion *string

	// Tags that are associated with the release.
	Tags []Tag

	// The timestamp of the release.
	Timestamp *time.Time
	// contains filtered or unexported fields
}

type NoneAction struct {
	// contains filtered or unexported fields
}

type NotStatement struct {

	// The statement to negate. You can use any statement that can be nested.
	//
	// This member is required.
	Statement *Statement
	// contains filtered or unexported fields
}

type OrStatement struct {

	// The statements to combine with OR logic. You can use any statements that can be
	// nested.
	//
	// This member is required.
	Statements []Statement
	// contains filtered or unexported fields
}

type OverrideAction struct {

	// Override the rule group evaluation result to count only. This option is usually
	// set to none. It does not affect how the rules in the rule group are evaluated.
	// If you want the rules in the rule group to only count matches, do not use this
	// and instead use the rule action override option, with Count action, in your
	// rule group reference statement settings.
	Count *CountAction

	// Don't override the rule group evaluation result. This is the most common
	// setting.
	None *NoneAction
	// contains filtered or unexported fields
}

type OversizeHandling string

const (
	OversizeHandlingContinue OversizeHandling = "CONTINUE"
	OversizeHandlingMatch    OversizeHandling = "MATCH"
	OversizeHandlingNoMatch  OversizeHandling = "NO_MATCH"
)

type ParameterExceptionField string

const (
	ParameterExceptionFieldWebAcl                         ParameterExceptionField = "WEB_ACL"
	ParameterExceptionFieldRuleGroup                      ParameterExceptionField = "RULE_GROUP"
	ParameterExceptionFieldRegexPatternSet                ParameterExceptionField = "REGEX_PATTERN_SET"
	ParameterExceptionFieldIpSet                          ParameterExceptionField = "IP_SET"
	ParameterExceptionFieldManagedRuleSet                 ParameterExceptionField = "MANAGED_RULE_SET"
	ParameterExceptionFieldRule                           ParameterExceptionField = "RULE"
	ParameterExceptionFieldExcludedRule                   ParameterExceptionField = "EXCLUDED_RULE"
	ParameterExceptionFieldStatement                      ParameterExceptionField = "STATEMENT"
	ParameterExceptionFieldByteMatchStatement             ParameterExceptionField = "BYTE_MATCH_STATEMENT"
	ParameterExceptionFieldSqliMatchStatement             ParameterExceptionField = "SQLI_MATCH_STATEMENT"
	ParameterExceptionFieldXssMatchStatement              ParameterExceptionField = "XSS_MATCH_STATEMENT"
	ParameterExceptionFieldSizeConstraintStatement        ParameterExceptionField = "SIZE_CONSTRAINT_STATEMENT"
	ParameterExceptionFieldGeoMatchStatement              ParameterExceptionField = "GEO_MATCH_STATEMENT"
	ParameterExceptionFieldRateBasedStatement             ParameterExceptionField = "RATE_BASED_STATEMENT"
	ParameterExceptionFieldRuleGroupReferenceStatement    ParameterExceptionField = "RULE_GROUP_REFERENCE_STATEMENT"
	ParameterExceptionFieldRegexPatternReferenceStatement ParameterExceptionField = "REGEX_PATTERN_REFERENCE_STATEMENT"
	ParameterExceptionFieldIpSetReferenceStatement        ParameterExceptionField = "IP_SET_REFERENCE_STATEMENT"
	ParameterExceptionFieldManagedRuleSetStatement        ParameterExceptionField = "MANAGED_RULE_SET_STATEMENT"
	ParameterExceptionFieldLabelMatchStatement            ParameterExceptionField = "LABEL_MATCH_STATEMENT"
	ParameterExceptionFieldAndStatement                   ParameterExceptionField = "AND_STATEMENT"
	ParameterExceptionFieldOrStatement                    ParameterExceptionField = "OR_STATEMENT"
	ParameterExceptionFieldNotStatement                   ParameterExceptionField = "NOT_STATEMENT"
	ParameterExceptionFieldIpAddress                      ParameterExceptionField = "IP_ADDRESS"
	ParameterExceptionFieldIpAddressVersion               ParameterExceptionField = "IP_ADDRESS_VERSION"
	ParameterExceptionFieldFieldToMatch                   ParameterExceptionField = "FIELD_TO_MATCH"
	ParameterExceptionFieldTextTransformation             ParameterExceptionField = "TEXT_TRANSFORMATION"
	ParameterExceptionFieldSingleQueryArgument            ParameterExceptionField = "SINGLE_QUERY_ARGUMENT"
	ParameterExceptionFieldSingleHeader                   ParameterExceptionField = "SINGLE_HEADER"
	ParameterExceptionFieldDefaultAction                  ParameterExceptionField = "DEFAULT_ACTION"
	ParameterExceptionFieldRuleAction                     ParameterExceptionField = "RULE_ACTION"
	ParameterExceptionFieldEntityLimit                    ParameterExceptionField = "ENTITY_LIMIT"
	ParameterExceptionFieldOverrideAction                 ParameterExceptionField = "OVERRIDE_ACTION"
	ParameterExceptionFieldScopeValue                     ParameterExceptionField = "SCOPE_VALUE"
	ParameterExceptionFieldResourceArn                    ParameterExceptionField = "RESOURCE_ARN"
	ParameterExceptionFieldResourceType                   ParameterExceptionField = "RESOURCE_TYPE"
	ParameterExceptionFieldTags                           ParameterExceptionField = "TAGS"
	ParameterExceptionFieldTagKeys                        ParameterExceptionField = "TAG_KEYS"
	ParameterExceptionFieldMetricName                     ParameterExceptionField = "METRIC_NAME"
	ParameterExceptionFieldFirewallManagerStatement       ParameterExceptionField = "FIREWALL_MANAGER_STATEMENT"
	ParameterExceptionFieldFallbackBehavior               ParameterExceptionField = "FALLBACK_BEHAVIOR"
	ParameterExceptionFieldPosition                       ParameterExceptionField = "POSITION"
	ParameterExceptionFieldForwardedIpConfig              ParameterExceptionField = "FORWARDED_IP_CONFIG"
	ParameterExceptionFieldIpSetForwardedIpConfig         ParameterExceptionField = "IP_SET_FORWARDED_IP_CONFIG"
	ParameterExceptionFieldHeaderName                     ParameterExceptionField = "HEADER_NAME"
	ParameterExceptionFieldCustomRequestHandling          ParameterExceptionField = "CUSTOM_REQUEST_HANDLING"
	ParameterExceptionFieldResponseContentType            ParameterExceptionField = "RESPONSE_CONTENT_TYPE"
	ParameterExceptionFieldCustomResponse                 ParameterExceptionField = "CUSTOM_RESPONSE"
	ParameterExceptionFieldCustomResponseBody             ParameterExceptionField = "CUSTOM_RESPONSE_BODY"
	ParameterExceptionFieldJsonMatchPattern               ParameterExceptionField = "JSON_MATCH_PATTERN"
	ParameterExceptionFieldJsonMatchScope                 ParameterExceptionField = "JSON_MATCH_SCOPE"
	ParameterExceptionFieldBodyParsingFallbackBehavior    ParameterExceptionField = "BODY_PARSING_FALLBACK_BEHAVIOR"
	ParameterExceptionFieldLoggingFilter                  ParameterExceptionField = "LOGGING_FILTER"
	ParameterExceptionFieldFilterCondition                ParameterExceptionField = "FILTER_CONDITION"
	ParameterExceptionFieldExpireTimestamp                ParameterExceptionField = "EXPIRE_TIMESTAMP"
	ParameterExceptionFieldChangePropagationStatus        ParameterExceptionField = "CHANGE_PROPAGATION_STATUS"
	ParameterExceptionFieldAssociableResource             ParameterExceptionField = "ASSOCIABLE_RESOURCE"
	ParameterExceptionFieldLogDestination                 ParameterExceptionField = "LOG_DESTINATION"
	ParameterExceptionFieldManagedRuleGroupConfig         ParameterExceptionField = "MANAGED_RULE_GROUP_CONFIG"
	ParameterExceptionFieldPayloadType                    ParameterExceptionField = "PAYLOAD_TYPE"
	ParameterExceptionFieldHeaderMatchPattern             ParameterExceptionField = "HEADER_MATCH_PATTERN"
	ParameterExceptionFieldCookieMatchPattern             ParameterExceptionField = "COOKIE_MATCH_PATTERN"
	ParameterExceptionFieldMapMatchScope                  ParameterExceptionField = "MAP_MATCH_SCOPE"
	ParameterExceptionFieldOversizeHandling               ParameterExceptionField = "OVERSIZE_HANDLING"
	ParameterExceptionFieldChallengeConfig                ParameterExceptionField = "CHALLENGE_CONFIG"
	ParameterExceptionFieldTokenDomain                    ParameterExceptionField = "TOKEN_DOMAIN"
	ParameterExceptionFieldAtpRuleSetResponseInspection   ParameterExceptionField = "ATP_RULE_SET_RESPONSE_INSPECTION"
	ParameterExceptionFieldAssociatedResourceType         ParameterExceptionField = "ASSOCIATED_RESOURCE_TYPE"
)

type PasswordField struct {

	// The name of the password field. For example /form/password .
	//
	// This member is required.
	Identifier *string
	// contains filtered or unexported fields
}

type PayloadType string

const (
	PayloadTypeJson        PayloadType = "JSON"
	PayloadTypeFormEncoded PayloadType = "FORM_ENCODED"
)

type Platform string

const (
	PlatformIos     Platform = "IOS"
	PlatformAndroid Platform = "ANDROID"
)

type PositionalConstraint string

const (
	PositionalConstraintExactly      PositionalConstraint = "EXACTLY"
	PositionalConstraintStartsWith   PositionalConstraint = "STARTS_WITH"
	PositionalConstraintEndsWith     PositionalConstraint = "ENDS_WITH"
	PositionalConstraintContains     PositionalConstraint = "CONTAINS"
	PositionalConstraintContainsWord PositionalConstraint = "CONTAINS_WORD"
)

type QueryString struct {
	// contains filtered or unexported fields
}

type RateBasedStatement struct {

	// Setting that indicates how to aggregate the request counts. The options are the
	// following:
	//   - IP - Aggregate the request counts on the IP address from the web request
	//   origin.
	//   - FORWARDED_IP - Aggregate the request counts on the first IP address in an
	//   HTTP header. If you use this, configure the ForwardedIPConfig , to specify the
	//   header to use.
	//
	// This member is required.
	AggregateKeyType RateBasedStatementAggregateKeyType

	// The limit on requests per 5-minute period for a single originating IP address.
	// If the statement includes a ScopeDownStatement , this limit is applied only to
	// the requests that match the statement.
	//
	// This member is required.
	Limit int64

	// The configuration for inspecting IP addresses in an HTTP header that you
	// specify, instead of using the IP address that's reported by the web request
	// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
	// any header name. If the specified header isn't present in the request, WAF
	// doesn't apply the rule to the web request at all. This is required if
	// AggregateKeyType is set to FORWARDED_IP .
	ForwardedIPConfig *ForwardedIPConfig

	// An optional nested statement that narrows the scope of the web requests that
	// are evaluated by the rate-based statement. Requests are only tracked by the
	// rate-based statement if they match the scope-down statement. You can use any
	// nestable Statement in the scope-down statement, and you can nest statements at
	// any level, the same as you can for a rule statement.
	ScopeDownStatement *Statement
	// contains filtered or unexported fields
}

type RateBasedStatementAggregateKeyType string

const (
	RateBasedStatementAggregateKeyTypeIp          RateBasedStatementAggregateKeyType = "IP"
	RateBasedStatementAggregateKeyTypeForwardedIp RateBasedStatementAggregateKeyType = "FORWARDED_IP"
)

type RateBasedStatementManagedKeysIPSet struct {

	// The IP addresses that are currently blocked.
	Addresses []string

	// The version of the IP addresses, either IPV4 or IPV6 .
	IPAddressVersion IPAddressVersion
	// contains filtered or unexported fields
}

type Regex struct {

	// The string representing the regular expression.
	RegexString *string
	// contains filtered or unexported fields
}

type RegexMatchStatement struct {

	// The part of the web request that you want WAF to inspect.
	//
	// This member is required.
	FieldToMatch *FieldToMatch

	// The string representing the regular expression.
	//
	// This member is required.
	RegexString *string

	// Text transformations eliminate some of the unusual formatting that attackers
	// use in web requests in an effort to bypass detection. If you specify one or more
	// transformations in a rule statement, WAF performs all transformations on the
	// content of the request component identified by FieldToMatch , starting from the
	// lowest priority setting, before inspecting the content for a match.
	//
	// This member is required.
	TextTransformations []TextTransformation
	// contains filtered or unexported fields
}

type RegexPatternSet struct {

	// The Amazon Resource Name (ARN) of the entity.
	ARN *string

	// A description of the set that helps with identification.
	Description *string

	// A unique identifier for the set. This ID is returned in the responses to create
	// and list commands. You provide it to operations like update and delete.
	Id *string

	// The name of the set. You cannot change the name after you create the set.
	Name *string

	// The regular expression patterns in the set.
	RegularExpressionList []Regex
	// contains filtered or unexported fields
}

type RegexPatternSetReferenceStatement struct {

	// The Amazon Resource Name (ARN) of the RegexPatternSet that this statement
	// references.
	//
	// This member is required.
	ARN *string

	// The part of the web request that you want WAF to inspect.
	//
	// This member is required.
	FieldToMatch *FieldToMatch

	// Text transformations eliminate some of the unusual formatting that attackers
	// use in web requests in an effort to bypass detection. If you specify one or more
	// transformations in a rule statement, WAF performs all transformations on the
	// content of the request component identified by FieldToMatch , starting from the
	// lowest priority setting, before inspecting the content for a match.
	//
	// This member is required.
	TextTransformations []TextTransformation
	// contains filtered or unexported fields
}

type RegexPatternSetSummary struct {

	// The Amazon Resource Name (ARN) of the entity.
	ARN *string

	// A description of the set that helps with identification.
	Description *string

	// A unique identifier for the set. This ID is returned in the responses to create
	// and list commands. You provide it to operations like update and delete.
	Id *string

	// A token used for optimistic locking. WAF returns a token to your get and list
	// requests, to mark the state of the entity at the time of the request. To make
	// changes to the entity associated with the token, you provide the token to
	// operations like update and delete . WAF uses the token to ensure that no changes
	// have been made to the entity since you last retrieved it. If a change has been
	// made, the update fails with a WAFOptimisticLockException . If this happens,
	// perform another get , and use the new token returned by that operation.
	LockToken *string

	// The name of the data type instance. You cannot change the name after you create
	// the instance.
	Name *string
	// contains filtered or unexported fields
}

type ReleaseSummary struct {

	// The release version.
	ReleaseVersion *string

	// The timestamp of the release.
	Timestamp *time.Time
	// contains filtered or unexported fields
}

type RequestBodyAssociatedResourceTypeConfig struct {

	// Specifies the maximum size of the web request body component that an associated
	// CloudFront distribution should send to WAF for inspection. This applies to
	// statements in the web ACL that inspect the body or JSON body. Default: 16 KB
	// (16,384 kilobytes)
	//
	// This member is required.
	DefaultSizeInspectionLimit SizeInspectionLimit
	// contains filtered or unexported fields
}

type RequestInspection struct {

	// Details about your login page password field. How you specify this depends on
	// the payload type.
	//   - For JSON payloads, specify the field name in JSON pointer syntax. For
	//   information about the JSON Pointer syntax, see the Internet Engineering Task
	//   Force (IETF) documentation JavaScript Object Notation (JSON) Pointer (https://tools.ietf.org/html/rfc6901)
	//   . For example, for the JSON payload { "login": { "username": "THE_USERNAME",
	//   "password": "THE_PASSWORD" } } , the username field specification is
	//   /login/username and the password field specification is /login/password .
	//   - For form encoded payload types, use the HTML form names. For example, for
	//   an HTML form with input elements named username1 and password1 , the username
	//   field specification is username1 and the password field specification is
	//   password1 .
	//
	// This member is required.
	PasswordField *PasswordField

	// The payload type for your login endpoint, either JSON or form encoded.
	//
	// This member is required.
	PayloadType PayloadType

	// Details about your login page username field. How you specify this depends on
	// the payload type.
	//   - For JSON payloads, specify the field name in JSON pointer syntax. For
	//   information about the JSON Pointer syntax, see the Internet Engineering Task
	//   Force (IETF) documentation JavaScript Object Notation (JSON) Pointer (https://tools.ietf.org/html/rfc6901)
	//   . For example, for the JSON payload { "login": { "username": "THE_USERNAME",
	//   "password": "THE_PASSWORD" } } , the username field specification is
	//   /login/username and the password field specification is /login/password .
	//   - For form encoded payload types, use the HTML form names. For example, for
	//   an HTML form with input elements named username1 and password1 , the username
	//   field specification is username1 and the password field specification is
	//   password1 .
	//
	// This member is required.
	UsernameField *UsernameField
	// contains filtered or unexported fields
}

type ResourceType string

const (
	ResourceTypeApplicationLoadBalancer ResourceType = "APPLICATION_LOAD_BALANCER"
	ResourceTypeApiGateway              ResourceType = "API_GATEWAY"
	ResourceTypeAppsync                 ResourceType = "APPSYNC"
	ResourceTypeCognitioUserPool        ResourceType = "COGNITO_USER_POOL"
	ResourceTypeAppRunnerService        ResourceType = "APP_RUNNER_SERVICE"
)

type ResponseContentType string

const (
	ResponseContentTypeTextPlain       ResponseContentType = "TEXT_PLAIN"
	ResponseContentTypeTextHtml        ResponseContentType = "TEXT_HTML"
	ResponseContentTypeApplicationJson ResponseContentType = "APPLICATION_JSON"
)

type ResponseInspection struct {

	// Configures inspection of the response body. WAF can inspect the first 65,536
	// bytes (64 KB) of the response body.
	BodyContains *ResponseInspectionBodyContains

	// Configures inspection of the response header.
	Header *ResponseInspectionHeader

	// Configures inspection of the response JSON. WAF can inspect the first 65,536
	// bytes (64 KB) of the response JSON.
	Json *ResponseInspectionJson

	// Configures inspection of the response status code.
	StatusCode *ResponseInspectionStatusCode
	// contains filtered or unexported fields
}

type ResponseInspectionBodyContains struct {

	// Strings in the body of the response that indicate a failed login attempt. To be
	// counted as a failed login, the string can be anywhere in the body and must be an
	// exact match, including case. Each string must be unique among the success and
	// failure strings. JSON example: "FailureStrings": [ "Login failed" ]
	//
	// This member is required.
	FailureStrings []string

	// Strings in the body of the response that indicate a successful login attempt.
	// To be counted as a successful login, the string can be anywhere in the body and
	// must be an exact match, including case. Each string must be unique among the
	// success and failure strings. JSON example: "SuccessStrings": [ "Login
	// successful", "Welcome to our site!" ]
	//
	// This member is required.
	SuccessStrings []string
	// contains filtered or unexported fields
}

type ResponseInspectionHeader struct {

	// Values in the response header with the specified name that indicate a failed
	// login attempt. To be counted as a failed login, the value must be an exact
	// match, including case. Each value must be unique among the success and failure
	// values. JSON example: "FailureValues": [ "LoginFailed", "Failed login" ]
	//
	// This member is required.
	FailureValues []string

	// The name of the header to match against. The name must be an exact match,
	// including case. JSON example: "Name": [ "LoginResult" ]
	//
	// This member is required.
	Name *string

	// Values in the response header with the specified name that indicate a
	// successful login attempt. To be counted as a successful login, the value must be
	// an exact match, including case. Each value must be unique among the success and
	// failure values. JSON example: "SuccessValues": [ "LoginPassed", "Successful
	// login" ]
	//
	// This member is required.
	SuccessValues []string
	// contains filtered or unexported fields
}

type ResponseInspectionJson struct {

	// Values for the specified identifier in the response JSON that indicate a failed
	// login attempt. To be counted as a failed login, the value must be an exact
	// match, including case. Each value must be unique among the success and failure
	// values. JSON example: "FailureValues": [ "False", "Failed" ]
	//
	// This member is required.
	FailureValues []string

	// The identifier for the value to match against in the JSON. The identifier must
	// be an exact match, including case. JSON example: "Identifier": [
	// "/login/success" ]
	//
	// This member is required.
	Identifier *string

	// Values for the specified identifier in the response JSON that indicate a
	// successful login attempt. To be counted as a successful login, the value must be
	// an exact match, including case. Each value must be unique among the success and
	// failure values. JSON example: "SuccessValues": [ "True", "Succeeded" ]
	//
	// This member is required.
	SuccessValues []string
	// contains filtered or unexported fields
}

type ResponseInspectionStatusCode struct {

	// Status codes in the response that indicate a failed login attempt. To be
	// counted as a failed login, the response status code must match one of these.
	// Each code must be unique among the success and failure status codes. JSON
	// example: "FailureCodes": [ 400, 404 ]
	//
	// This member is required.
	FailureCodes []int32

	// Status codes in the response that indicate a successful login attempt. To be
	// counted as a successful login, the response status code must match one of these.
	// Each code must be unique among the success and failure status codes. JSON
	// example: "SuccessCodes": [ 200, 201 ]
	//
	// This member is required.
	SuccessCodes []int32
	// contains filtered or unexported fields
}

type Rule struct {

	// The name of the rule. You can't change the name of a Rule after you create it.
	//
	// This member is required.
	Name *string

	// If you define more than one Rule in a WebACL , WAF evaluates each request
	// against the Rules in order based on the value of Priority . WAF processes rules
	// with lower priority first. The priorities don't need to be consecutive, but they
	// must all be different.
	//
	// This member is required.
	Priority int32

	// The WAF processing statement for the rule, for example ByteMatchStatement or
	// SizeConstraintStatement .
	//
	// This member is required.
	Statement *Statement

	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	//
	// This member is required.
	VisibilityConfig *VisibilityConfig

	// The action that WAF should take on a web request when it matches the rule
	// statement. Settings at the web ACL level can override the rule action setting.
	// This is used only for rules whose statements do not reference a rule group. Rule
	// statements that reference a rule group include RuleGroupReferenceStatement and
	// ManagedRuleGroupStatement . You must specify either this Action setting or the
	// rule OverrideAction setting, but not both:
	//   - If the rule statement does not reference a rule group, use this rule action
	//   setting and not the rule override action setting.
	//   - If the rule statement references a rule group, use the override action
	//   setting and not this action setting.
	Action *RuleAction

	// Specifies how WAF should handle CAPTCHA evaluations. If you don't specify this,
	// WAF uses the CAPTCHA configuration that's defined for the web ACL.
	CaptchaConfig *CaptchaConfig

	// Specifies how WAF should handle Challenge evaluations. If you don't specify
	// this, WAF uses the challenge configuration that's defined for the web ACL.
	ChallengeConfig *ChallengeConfig

	// The action to use in the place of the action that results from the rule group
	// evaluation. Set the override action to none to leave the result of the rule
	// group alone. Set it to count to override the result to count only. You can only
	// use this for rule statements that reference a rule group, like
	// RuleGroupReferenceStatement and ManagedRuleGroupStatement . This option is
	// usually set to none. It does not affect how the rules in the rule group are
	// evaluated. If you want the rules in the rule group to only count matches, do not
	// use this and instead use the rule action override option, with Count action, in
	// your rule group reference statement settings.
	OverrideAction *OverrideAction

	// Labels to apply to web requests that match the rule match statement. WAF
	// applies fully qualified labels to matching web requests. A fully qualified label
	// is the concatenation of a label namespace and a rule label. The rule's rule
	// group or web ACL defines the label namespace. Rules that run after this rule in
	// the web ACL can match against these labels using a LabelMatchStatement . For
	// each label, provide a case-sensitive string containing optional namespaces and a
	// label name, according to the following guidelines:
	//   - Separate each component of the label with a colon.
	//   - Each namespace or name can have up to 128 characters.
	//   - You can specify up to 5 namespaces in a label.
	//   - Don't use the following reserved words in your label specification: aws ,
	//   waf , managed , rulegroup , webacl , regexpatternset , or ipset .
	// For example, myLabelName or nameSpace1:nameSpace2:myLabelName .
	RuleLabels []Label
	// contains filtered or unexported fields
}

type RuleAction struct {

	// Instructs WAF to allow the web request.
	Allow *AllowAction

	// Instructs WAF to block the web request.
	Block *BlockAction

	// Instructs WAF to run a CAPTCHA check against the web request.
	Captcha *CaptchaAction

	// Instructs WAF to run a Challenge check against the web request.
	Challenge *ChallengeAction

	// Instructs WAF to count the web request and then continue evaluating the request
	// using the remaining rules in the web ACL.
	Count *CountAction
	// contains filtered or unexported fields
}

type RuleActionOverride struct {

	// The override action to use, in place of the configured action of the rule in
	// the rule group.
	//
	// This member is required.
	ActionToUse *RuleAction

	// The name of the rule to override.
	//
	// This member is required.
	Name *string
	// contains filtered or unexported fields
}

type RuleGroup struct {

	// The Amazon Resource Name (ARN) of the entity.
	//
	// This member is required.
	ARN *string

	// The web ACL capacity units (WCUs) required for this rule group. When you create
	// your own rule group, you define this, and you cannot change it after creation.
	// When you add or modify the rules in a rule group, WAF enforces this limit. You
	// can check the capacity for a set of rules using CheckCapacity . WAF uses WCUs to
	// calculate and control the operating resources that are used to run your rules,
	// rule groups, and web ACLs. WAF calculates capacity differently for each rule
	// type, to reflect the relative cost of each rule. Simple rules that cost little
	// to run use fewer WCUs than more complex rules that use more processing power.
	// Rule group capacity is fixed at creation, which helps users plan their web ACL
	// WCU usage when they use a rule group. For more information, see WAF web ACL
	// capacity units (WCU) (https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html)
	// in the WAF Developer Guide.
	//
	// This member is required.
	Capacity int64

	// A unique identifier for the rule group. This ID is returned in the responses to
	// create and list commands. You provide it to operations like update and delete.
	//
	// This member is required.
	Id *string

	// The name of the rule group. You cannot change the name of a rule group after
	// you create it.
	//
	// This member is required.
	Name *string

	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	//
	// This member is required.
	VisibilityConfig *VisibilityConfig

	// The labels that one or more rules in this rule group add to matching web
	// requests. These labels are defined in the RuleLabels for a Rule .
	AvailableLabels []LabelSummary

	// The labels that one or more rules in this rule group match against in label
	// match statements. These labels are defined in a LabelMatchStatement
	// specification, in the Statement definition of a rule.
	ConsumedLabels []LabelSummary

	// A map of custom response keys and content bodies. When you create a rule with a
	// block action, you can send a custom response to the web request. You define
	// these for the rule group, and then use them in the rules that you define in the
	// rule group. For information about customizing web requests and responses, see
	// Customizing web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide. For information about the limits on count and size
	// for custom request and response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
	// in the WAF Developer Guide.
	CustomResponseBodies map[string]CustomResponseBody

	// A description of the rule group that helps with identification.
	Description *string

	// The label namespace prefix for this rule group. All labels added by rules in
	// this rule group have this prefix.
	//   - The syntax for the label namespace prefix for your rule groups is the
	//   following: awswaf::rulegroup::
	//   - When a rule with a label matches a web request, WAF adds the fully
	//   qualified label to the request. A fully qualified label is made up of the label
	//   namespace from the rule group or web ACL where the rule is defined and the label
	//   from the rule, separated by a colon: :
	LabelNamespace *string

	// The Rule statements used to identify the web requests that you want to allow,
	// block, or count. Each rule includes one top-level statement that WAF uses to
	// identify matching web requests, and parameters that govern how WAF handles them.
	Rules []Rule
	// contains filtered or unexported fields
}

type RuleGroupReferenceStatement struct {

	// The Amazon Resource Name (ARN) of the entity.
	//
	// This member is required.
	ARN *string

	// Rules in the referenced rule group whose actions are set to Count . Instead of
	// this option, use RuleActionOverrides . It accepts any valid action setting,
	// including Count .
	ExcludedRules []ExcludedRule

	// Action settings to use in the place of the rule actions that are configured
	// inside the rule group. You specify one override for each rule whose action you
	// want to change. You can use overrides for testing, for example you can override
	// all of rule actions to Count and then monitor the resulting count metrics to
	// understand how the rule group would handle your web traffic. You can also
	// permanently override some or all actions, to modify how the rule group manages
	// your web traffic.
	RuleActionOverrides []RuleActionOverride
	// contains filtered or unexported fields
}

type RuleGroupSummary struct {

	// The Amazon Resource Name (ARN) of the entity.
	ARN *string

	// A description of the rule group that helps with identification.
	Description *string

	// A unique identifier for the rule group. This ID is returned in the responses to
	// create and list commands. You provide it to operations like update and delete.
	Id *string

	// A token used for optimistic locking. WAF returns a token to your get and list
	// requests, to mark the state of the entity at the time of the request. To make
	// changes to the entity associated with the token, you provide the token to
	// operations like update and delete . WAF uses the token to ensure that no changes
	// have been made to the entity since you last retrieved it. If a change has been
	// made, the update fails with a WAFOptimisticLockException . If this happens,
	// perform another get , and use the new token returned by that operation.
	LockToken *string

	// The name of the data type instance. You cannot change the name after you create
	// the instance.
	Name *string
	// contains filtered or unexported fields
}

type RuleSummary struct {

	// The action that WAF should take on a web request when it matches a rule's
	// statement. Settings at the web ACL level can override the rule action setting.
	Action *RuleAction

	// The name of the rule.
	Name *string
	// contains filtered or unexported fields
}

type SampledHTTPRequest struct {

	// A complex type that contains detailed information about the request.
	//
	// This member is required.
	Request *HTTPRequest

	// A value that indicates how one result in the response relates proportionally to
	// other results in the response. For example, a result that has a weight of 2
	// represents roughly twice as many web requests as a result that has a weight of 1
	// .
	//
	// This member is required.
	Weight int64

	// The action that WAF applied to the request.
	Action *string

	// The CAPTCHA response for the request.
	CaptchaResponse *CaptchaResponse

	// The Challenge response for the request.
	ChallengeResponse *ChallengeResponse

	// Labels applied to the web request by matching rules. WAF applies fully
	// qualified labels to matching web requests. A fully qualified label is the
	// concatenation of a label namespace and a rule label. The rule's rule group or
	// web ACL defines the label namespace. For example,
	// awswaf:111122223333:myRuleGroup:testRules:testNS1:testNS2:labelNameA or
	// awswaf:managed:aws:managed-rule-set:header:encoding:utf8 .
	Labels []Label

	// Used only for rule group rules that have a rule action override in place in the
	// web ACL. This is the action that the rule group rule is configured for, and not
	// the action that was applied to the request. The action that WAF applied is the
	// Action value.
	OverriddenAction *string

	// Custom request headers inserted by WAF into the request, according to the
	// custom request configuration for the matching rule action.
	RequestHeadersInserted []HTTPHeader

	// The response code that was sent for the request.
	ResponseCodeSent *int32

	// The name of the Rule that the request matched. For managed rule groups, the
	// format for this name is ## . For your own rule groups, the format for this name
	// is # . If the rule is not in a rule group, this field is absent.
	RuleNameWithinRuleGroup *string

	// The time at which WAF received the request from your Amazon Web Services
	// resource, in Unix time format (in seconds).
	Timestamp *time.Time
	// contains filtered or unexported fields
}

type Scope string

const (
	ScopeCloudfront Scope = "CLOUDFRONT"
	ScopeRegional   Scope = "REGIONAL"
)

type SensitivityLevel string

const (
	SensitivityLevelLow  SensitivityLevel = "LOW"
	SensitivityLevelHigh SensitivityLevel = "HIGH"
)

type SingleHeader struct {

	// The name of the query header to inspect.
	//
	// This member is required.
	Name *string
	// contains filtered or unexported fields
}

type SingleQueryArgument struct {

	// The name of the query argument to inspect.
	//
	// This member is required.
	Name *string
	// contains filtered or unexported fields
}

type SizeConstraintStatement struct {

	// The operator to use to compare the request part to the size setting.
	//
	// This member is required.
	ComparisonOperator ComparisonOperator

	// The part of the web request that you want WAF to inspect.
	//
	// This member is required.
	FieldToMatch *FieldToMatch

	// The size, in byte, to compare to the request part, after any transformations.
	//
	// This member is required.
	Size int64

	// Text transformations eliminate some of the unusual formatting that attackers
	// use in web requests in an effort to bypass detection. If you specify one or more
	// transformations in a rule statement, WAF performs all transformations on the
	// content of the request component identified by FieldToMatch , starting from the
	// lowest priority setting, before inspecting the content for a match.
	//
	// This member is required.
	TextTransformations []TextTransformation
	// contains filtered or unexported fields
}

type SizeInspectionLimit string

const (
	SizeInspectionLimitKb16 SizeInspectionLimit = "KB_16"
	SizeInspectionLimitKb32 SizeInspectionLimit = "KB_32"
	SizeInspectionLimitKb48 SizeInspectionLimit = "KB_48"
	SizeInspectionLimitKb64 SizeInspectionLimit = "KB_64"
)

type SqliMatchStatement struct {

	// The part of the web request that you want WAF to inspect.
	//
	// This member is required.
	FieldToMatch *FieldToMatch

	// Text transformations eliminate some of the unusual formatting that attackers
	// use in web requests in an effort to bypass detection. If you specify one or more
	// transformations in a rule statement, WAF performs all transformations on the
	// content of the request component identified by FieldToMatch , starting from the
	// lowest priority setting, before inspecting the content for a match.
	//
	// This member is required.
	TextTransformations []TextTransformation

	// The sensitivity that you want WAF to use to inspect for SQL injection attacks.
	// HIGH detects more attacks, but might generate more false positives, especially
	// if your web requests frequently contain unusual strings. For information about
	// identifying and mitigating false positives, see Testing and tuning (https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-testing.html)
	// in the WAF Developer Guide. LOW is generally a better choice for resources that
	// already have other protections against SQL injection attacks or that have a low
	// tolerance for false positives. Default: LOW
	SensitivityLevel SensitivityLevel
	// contains filtered or unexported fields
}

type Statement struct {

	// A logical rule statement used to combine other rule statements with AND logic.
	// You provide more than one Statement within the AndStatement .
	AndStatement *AndStatement

	// A rule statement that defines a string match search for WAF to apply to web
	// requests. The byte match statement provides the bytes to search for, the
	// location in requests that you want WAF to search, and other settings. The bytes
	// to search for are typically a string that corresponds with ASCII characters. In
	// the WAF console and the developer guide, this is called a string match
	// statement.
	ByteMatchStatement *ByteMatchStatement

	// A rule statement that labels web requests by country and region and that
	// matches against web requests based on country code. A geo match rule labels
	// every request that it inspects regardless of whether it finds a match.
	//   - To manage requests only by country, you can use this statement by itself
	//   and specify the countries that you want to match against in the CountryCodes
	//   array.
	//   - Otherwise, configure your geo match rule with Count action so that it only
	//   labels requests. Then, add one or more label match rules to run after the geo
	//   match rule and configure them to match against the geographic labels and handle
	//   the requests as needed.
	// WAF labels requests using the alpha-2 country and region codes from the
	// International Organization for Standardization (ISO) 3166 standard. WAF
	// determines the codes using either the IP address in the web request origin or,
	// if you specify it, the address in the geo match ForwardedIPConfig . If you use
	// the web request origin, the label formats are awswaf:clientip:geo:region:- and
	// awswaf:clientip:geo:country: . If you use a forwarded IP address, the label
	// formats are awswaf:forwardedip:geo:region:- and awswaf:forwardedip:geo:country:
	// . For additional details, see Geographic match rule statement (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html)
	// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html)
	// .
	GeoMatchStatement *GeoMatchStatement

	// A rule statement used to detect web requests coming from particular IP
	// addresses or address ranges. To use this, create an IPSet that specifies the
	// addresses you want to detect, then use the ARN of that set in this statement. To
	// create an IP set, see CreateIPSet . Each IP set rule statement references an IP
	// set. You create and maintain the set independent of your rules. This allows you
	// to use the single set in multiple rules. When you update the referenced set, WAF
	// automatically updates all rules that reference it.
	IPSetReferenceStatement *IPSetReferenceStatement

	// A rule statement to match against labels that have been added to the web
	// request by rules that have already run in the web ACL. The label match statement
	// provides the label or namespace string to search for. The label string can
	// represent a part or all of the fully qualified label name that had been added to
	// the web request. Fully qualified labels have a prefix, optional namespaces, and
	// label name. The prefix identifies the rule group or web ACL context of the rule
	// that added the label. If you do not provide the fully qualified name in your
	// label match string, WAF performs the search for labels that were added in the
	// same context as the label match statement.
	LabelMatchStatement *LabelMatchStatement

	// A rule statement used to run the rules that are defined in a managed rule
	// group. To use this, provide the vendor name and the name of the rule group in
	// this statement. You can retrieve the required names by calling
	// ListAvailableManagedRuleGroups . You cannot nest a ManagedRuleGroupStatement ,
	// for example for use inside a NotStatement or OrStatement . It can only be
	// referenced as a top-level statement within a rule. You are charged additional
	// fees when you use the WAF Bot Control managed rule group
	// AWSManagedRulesBotControlRuleSet or the WAF Fraud Control account takeover
	// prevention (ATP) managed rule group AWSManagedRulesATPRuleSet . For more
	// information, see WAF Pricing (http://aws.amazon.com/waf/pricing/) .
	ManagedRuleGroupStatement *ManagedRuleGroupStatement

	// A logical rule statement used to negate the results of another rule statement.
	// You provide one Statement within the NotStatement .
	NotStatement *NotStatement

	// A logical rule statement used to combine other rule statements with OR logic.
	// You provide more than one Statement within the OrStatement .
	OrStatement *OrStatement

	// A rate-based rule tracks the rate of requests for each originating IP address,
	// and triggers the rule action when the rate exceeds a limit that you specify on
	// the number of requests in any 5-minute time span. You can use this to put a
	// temporary block on requests from an IP address that is sending excessive
	// requests. WAF tracks and manages web requests separately for each instance of a
	// rate-based rule that you use. For example, if you provide the same rate-based
	// rule settings in two web ACLs, each of the two rule statements represents a
	// separate instance of the rate-based rule and gets its own tracking and
	// management by WAF. If you define a rate-based rule inside a rule group, and then
	// use that rule group in multiple places, each use creates a separate instance of
	// the rate-based rule that gets its own tracking and management by WAF. When the
	// rule action triggers, WAF blocks additional requests from the IP address until
	// the request rate falls below the limit. You can optionally nest another
	// statement inside the rate-based statement, to narrow the scope of the rule so
	// that it only counts requests that match the nested statement. For example, based
	// on recent requests that you have seen from an attacker, you might create a
	// rate-based rule with a nested AND rule statement that contains the following
	// nested statements:
	//   - An IP match statement with an IP set that specifies the address 192.0.2.44.
	//   - A string match statement that searches in the User-Agent header for the
	//   string BadBot.
	// In this rate-based rule, you also define a rate limit. For this example, the
	// rate limit is 1,000. Requests that meet the criteria of both of the nested
	// statements are counted. If the count exceeds 1,000 requests per five minutes,
	// the rule action triggers. Requests that do not meet the criteria of both of the
	// nested statements are not counted towards the rate limit and are not affected by
	// this rule. You cannot nest a RateBasedStatement inside another statement, for
	// example inside a NotStatement or OrStatement . You can define a
	// RateBasedStatement inside a web ACL and inside a rule group.
	RateBasedStatement *RateBasedStatement

	// A rule statement used to search web request components for a match against a
	// single regular expression.
	RegexMatchStatement *RegexMatchStatement

	// A rule statement used to search web request components for matches with regular
	// expressions. To use this, create a RegexPatternSet that specifies the
	// expressions that you want to detect, then use the ARN of that set in this
	// statement. A web request matches the pattern set rule statement if the request
	// component matches any of the patterns in the set. To create a regex pattern set,
	// see CreateRegexPatternSet . Each regex pattern set rule statement references a
	// regex pattern set. You create and maintain the set independent of your rules.
	// This allows you to use the single set in multiple rules. When you update the
	// referenced set, WAF automatically updates all rules that reference it.
	RegexPatternSetReferenceStatement *RegexPatternSetReferenceStatement

	// A rule statement used to run the rules that are defined in a RuleGroup . To use
	// this, create a rule group with your rules, then provide the ARN of the rule
	// group in this statement. You cannot nest a RuleGroupReferenceStatement , for
	// example for use inside a NotStatement or OrStatement . You can only use a rule
	// group reference statement at the top level inside a web ACL.
	RuleGroupReferenceStatement *RuleGroupReferenceStatement

	// A rule statement that compares a number of bytes against the size of a request
	// component, using a comparison operator, such as greater than (>) or less than
	// (<). For example, you can use a size constraint statement to look for query
	// strings that are longer than 100 bytes. If you configure WAF to inspect the
	// request body, WAF inspects only the number of bytes of the body up to the limit
	// for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192
	// kilobytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes).
	// For CloudFront web ACLs, you can increase the limit in the web ACL
	// AssociationConfig , for additional fees. If you know that the request body for
	// your web requests should never exceed the inspection limit, you could use a size
	// constraint statement to block requests that have a larger request body size. If
	// you choose URI for the value of Part of the request to filter on, the slash (/)
	// in the URI counts as one character. For example, the URI /logo.jpg is nine
	// characters long.
	SizeConstraintStatement *SizeConstraintStatement

	// A rule statement that inspects for malicious SQL code. Attackers insert
	// malicious SQL code into web requests to do things like modify your database or
	// extract data from it.
	SqliMatchStatement *SqliMatchStatement

	// A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS
	// attacks, the attacker uses vulnerabilities in a benign website as a vehicle to
	// inject malicious client-site scripts into other legitimate web browsers.
	XssMatchStatement *XssMatchStatement
	// contains filtered or unexported fields
}

type Tag struct {

	// Part of the key:value pair that defines a tag. You can use a tag key to
	// describe a category of information, such as "customer." Tag keys are
	// case-sensitive.
	//
	// This member is required.
	Key *string

	// Part of the key:value pair that defines a tag. You can use a tag value to
	// describe a specific value within a category, such as "companyA" or "companyB."
	// Tag values are case-sensitive.
	//
	// This member is required.
	Value *string
	// contains filtered or unexported fields
}

type TagInfoForResource struct {

	// The Amazon Resource Name (ARN) of the resource.
	ResourceARN *string

	// The array of Tag objects defined for the resource.
	TagList []Tag
	// contains filtered or unexported fields
}

type TextTransformation struct {

	// Sets the relative processing order for multiple transformations that are
	// defined for a rule statement. WAF processes all transformations, from lowest
	// priority to highest, before inspecting the transformed content. The priorities
	// don't need to be consecutive, but they must all be different.
	//
	// This member is required.
	Priority int32

	// You can specify the following transformation types: BASE64_DECODE - Decode a
	// Base64 -encoded string. BASE64_DECODE_EXT - Decode a Base64 -encoded string, but
	// use a forgiving implementation that ignores characters that aren't valid.
	// CMD_LINE - Command-line transformations. These are helpful in reducing
	// effectiveness of attackers who inject an operating system command-line command
	// and use unusual formatting to disguise some or all of the command.
	//   - Delete the following characters: \ " ' ^
	//   - Delete spaces before the following characters: / (
	//   - Replace the following characters with a space: , ;
	//   - Replace multiple spaces with one space
	//   - Convert uppercase letters (A-Z) to lowercase (a-z)
	// COMPRESS_WHITE_SPACE - Replace these characters with a space character (decimal
	// 32):
	//   - \f , formfeed, decimal 12
	//   - \t , tab, decimal 9
	//   - \n , newline, decimal 10
	//   - \r , carriage return, decimal 13
	//   - \v , vertical tab, decimal 11
	//   - Non-breaking space, decimal 160
	// COMPRESS_WHITE_SPACE also replaces multiple spaces with one space. CSS_DECODE -
	// Decode characters that were encoded using CSS 2.x escape rules
	// syndata.html#characters . This function uses up to two bytes in the decoding
	// process, so it can help to uncover ASCII characters that were encoded using CSS
	// encoding that wouldn’t typically be encoded. It's also useful in countering
	// evasion, which is a combination of a backslash and non-hexadecimal characters.
	// For example, ja\vascript for javascript. ESCAPE_SEQ_DECODE - Decode the
	// following ANSI C escape sequences: \a , \b , \f , \n , \r , \t , \v , \\ , \? ,
	// \' , \" , \xHH (hexadecimal), \0OOO (octal). Encodings that aren't valid remain
	// in the output. HEX_DECODE - Decode a string of hexadecimal characters into a
	// binary. HTML_ENTITY_DECODE - Replace HTML-encoded characters with unencoded
	// characters. HTML_ENTITY_DECODE performs these operations:
	//   - Replaces (ampersand)quot; with "
	//   - Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
	//   - Replaces (ampersand)lt; with a "less than" symbol
	//   - Replaces (ampersand)gt; with >
	//   - Replaces characters that are represented in hexadecimal format,
	//   (ampersand)#xhhhh; , with the corresponding characters
	//   - Replaces characters that are represented in decimal format,
	//   (ampersand)#nnnn; , with the corresponding characters
	// JS_DECODE - Decode JavaScript escape sequences. If a \
	//     u
	// HHHH code is in the full-width ASCII code range of FF01-FF5E , then the higher
	// byte is used to detect and adjust the lower byte. If not, only the lower byte is
	// used and the higher byte is zeroed, causing a possible loss of information.
	// LOWERCASE - Convert uppercase letters (A-Z) to lowercase (a-z). MD5 - Calculate
	// an MD5 hash from the data in the input. The computed hash is in a raw binary
	// form. NONE - Specify NONE if you don't want any text transformations.
	// NORMALIZE_PATH - Remove multiple slashes, directory self-references, and
	// directory back-references that are not at the beginning of the input from an
	// input string. NORMALIZE_PATH_WIN - This is the same as NORMALIZE_PATH , but
	// first converts backslash characters to forward slashes. REMOVE_NULLS - Remove
	// all NULL bytes from the input. REPLACE_COMMENTS - Replace each occurrence of a
	// C-style comment ( /* ... */ ) with a single space. Multiple consecutive
	// occurrences are not compressed. Unterminated comments are also replaced with a
	// space (ASCII 0x20). However, a standalone termination of a comment ( */ ) is not
	// acted upon. REPLACE_NULLS - Replace NULL bytes in the input with space
	// characters (ASCII 0x20 ). SQL_HEX_DECODE - Decode SQL hex data. Example (
	// 0x414243 ) will be decoded to ( ABC ). URL_DECODE - Decode a URL-encoded value.
	// URL_DECODE_UNI - Like URL_DECODE , but with support for Microsoft-specific %u
	// encoding. If the code is in the full-width ASCII code range of FF01-FF5E , the
	// higher byte is used to detect and adjust the lower byte. Otherwise, only the
	// lower byte is used and the higher byte is zeroed. UTF8_TO_UNICODE - Convert all
	// UTF-8 character sequences to Unicode. This helps input normalization, and
	// minimizing false-positives and false-negatives for non-English languages.
	//
	// This member is required.
	Type TextTransformationType
	// contains filtered or unexported fields
}

type TextTransformationType string

const (
	TextTransformationTypeNone               TextTransformationType = "NONE"
	TextTransformationTypeCompressWhiteSpace TextTransformationType = "COMPRESS_WHITE_SPACE"
	TextTransformationTypeHtmlEntityDecode   TextTransformationType = "HTML_ENTITY_DECODE"
	TextTransformationTypeLowercase          TextTransformationType = "LOWERCASE"
	TextTransformationTypeCmdLine            TextTransformationType = "CMD_LINE"
	TextTransformationTypeUrlDecode          TextTransformationType = "URL_DECODE"
	TextTransformationTypeBase64Decode       TextTransformationType = "BASE64_DECODE"
	TextTransformationTypeHexDecode          TextTransformationType = "HEX_DECODE"
	TextTransformationTypeMd5                TextTransformationType = "MD5"
	TextTransformationTypeReplaceComments    TextTransformationType = "REPLACE_COMMENTS"
	TextTransformationTypeEscapeSeqDecode    TextTransformationType = "ESCAPE_SEQ_DECODE"
	TextTransformationTypeSqlHexDecode       TextTransformationType = "SQL_HEX_DECODE"
	TextTransformationTypeCssDecode          TextTransformationType = "CSS_DECODE"
	TextTransformationTypeJsDecode           TextTransformationType = "JS_DECODE"
	TextTransformationTypeNormalizePath      TextTransformationType = "NORMALIZE_PATH"
	TextTransformationTypeNormalizePathWin   TextTransformationType = "NORMALIZE_PATH_WIN"
	TextTransformationTypeRemoveNulls        TextTransformationType = "REMOVE_NULLS"
	TextTransformationTypeReplaceNulls       TextTransformationType = "REPLACE_NULLS"
	TextTransformationTypeBase64DecodeExt    TextTransformationType = "BASE64_DECODE_EXT"
	TextTransformationTypeUrlDecodeUni       TextTransformationType = "URL_DECODE_UNI"
	TextTransformationTypeUtf8ToUnicode      TextTransformationType = "UTF8_TO_UNICODE"
)

type TimeWindow struct {

	// The end of the time range from which you want GetSampledRequests to return a
	// sample of the requests that your Amazon Web Services resource received. You must
	// specify the times in Coordinated Universal Time (UTC) format. UTC format
	// includes the special designator, Z . For example, "2016-09-27T14:50Z" . You can
	// specify any time range in the previous three hours.
	//
	// This member is required.
	EndTime *time.Time

	// The beginning of the time range from which you want GetSampledRequests to
	// return a sample of the requests that your Amazon Web Services resource received.
	// You must specify the times in Coordinated Universal Time (UTC) format. UTC
	// format includes the special designator, Z . For example, "2016-09-27T14:50Z" .
	// You can specify any time range in the previous three hours.
	//
	// This member is required.
	StartTime *time.Time
	// contains filtered or unexported fields
}

type UriPath struct {
	// contains filtered or unexported fields
}

type UsernameField struct {

	// The name of the username field. For example /form/username .
	//
	// This member is required.
	Identifier *string
	// contains filtered or unexported fields
}

type VersionToPublish struct {

	// The Amazon Resource Name (ARN) of the vendor's rule group that's used in the
	// published managed rule group version.
	AssociatedRuleGroupArn *string

	// The amount of time the vendor expects this version of the managed rule group to
	// last, in days.
	ForecastedLifetime *int32
	// contains filtered or unexported fields
}

type VisibilityConfig struct {

	// A boolean indicating whether the associated resource sends metrics to Amazon
	// CloudWatch. For the list of available metrics, see WAF Metrics (https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics)
	// in the WAF Developer Guide.
	//
	// This member is required.
	CloudWatchMetricsEnabled bool

	// A name of the Amazon CloudWatch metric dimension. The name can contain only the
	// characters: A-Z, a-z, 0-9, - (hyphen), and _ (underscore). The name can be from
	// one to 128 characters long. It can't contain whitespace or metric names that are
	// reserved for WAF, for example All and Default_Action .
	//
	// This member is required.
	MetricName *string

	// A boolean indicating whether WAF should store a sampling of the web requests
	// that match the rules. You can view the sampled requests through the WAF console.
	//
	// This member is required.
	SampledRequestsEnabled bool
	// contains filtered or unexported fields
}

type WAFAssociatedItemException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFConfigurationWarningException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFDuplicateItemException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFExpiredManagedRuleGroupVersionException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFInternalErrorException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFInvalidOperationException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFInvalidParameterException struct {
	Message *string

	ErrorCodeOverride *string

	Field     ParameterExceptionField
	Parameter *string
	Reason    *string
	// contains filtered or unexported fields
}

type WAFInvalidPermissionPolicyException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFInvalidResourceException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFLimitsExceededException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFLogDestinationPermissionIssueException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFNonexistentItemException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFOptimisticLockException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFServiceLinkedRoleErrorException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFSubscriptionNotFoundException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFTagOperationException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFTagOperationInternalErrorException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WAFUnavailableEntityException struct {
	Message *string

	ErrorCodeOverride *string
	// contains filtered or unexported fields
}

type WebACL struct {

	// The Amazon Resource Name (ARN) of the web ACL that you want to associate with
	// the resource.
	//
	// This member is required.
	ARN *string

	// The action to perform if none of the Rules contained in the WebACL match.
	//
	// This member is required.
	DefaultAction *DefaultAction

	// A unique identifier for the WebACL . This ID is returned in the responses to
	// create and list commands. You use this ID to do things like get, update, and
	// delete a WebACL .
	//
	// This member is required.
	Id *string

	// The name of the web ACL. You cannot change the name of a web ACL after you
	// create it.
	//
	// This member is required.
	Name *string

	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	//
	// This member is required.
	VisibilityConfig *VisibilityConfig

	// Specifies custom configurations for the associations between the web ACL and
	// protected resources. Use this to customize the maximum size of the request body
	// that your protected CloudFront distributions forward to WAF for inspection. The
	// default is 16 KB (16,384 kilobytes). You are charged additional fees when your
	// protected resources forward body sizes that are larger than the default. For
	// more information, see WAF Pricing (http://aws.amazon.com/waf/pricing/) .
	AssociationConfig *AssociationConfig

	// The web ACL capacity units (WCUs) currently being used by this web ACL. WAF
	// uses WCUs to calculate and control the operating resources that are used to run
	// your rules, rule groups, and web ACLs. WAF calculates capacity differently for
	// each rule type, to reflect the relative cost of each rule. Simple rules that
	// cost little to run use fewer WCUs than more complex rules that use more
	// processing power. Rule group capacity is fixed at creation, which helps users
	// plan their web ACL WCU usage when they use a rule group. For more information,
	// see WAF web ACL capacity units (WCU) (https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html)
	// in the WAF Developer Guide.
	Capacity int64

	// Specifies how WAF should handle CAPTCHA evaluations for rules that don't have
	// their own CaptchaConfig settings. If you don't specify this, WAF uses its
	// default settings for CaptchaConfig .
	CaptchaConfig *CaptchaConfig

	// Specifies how WAF should handle challenge evaluations for rules that don't have
	// their own ChallengeConfig settings. If you don't specify this, WAF uses its
	// default settings for ChallengeConfig .
	ChallengeConfig *ChallengeConfig

	// A map of custom response keys and content bodies. When you create a rule with a
	// block action, you can send a custom response to the web request. You define
	// these for the web ACL, and then use them in the rules and default actions that
	// you define in the web ACL. For information about customizing web requests and
	// responses, see Customizing web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the WAF Developer Guide. For information about the limits on count and size
	// for custom request and response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
	// in the WAF Developer Guide.
	CustomResponseBodies map[string]CustomResponseBody

	// A description of the web ACL that helps with identification.
	Description *string

	// The label namespace prefix for this web ACL. All labels added by rules in this
	// web ACL have this prefix.
	//   - The syntax for the label namespace prefix for a web ACL is the following:
	//   awswaf::webacl::
	//   - When a rule with a label matches a web request, WAF adds the fully
	//   qualified label to the request. A fully qualified label is made up of the label
	//   namespace from the rule group or web ACL where the rule is defined and the label
	//   from the rule, separated by a colon: :
	LabelNamespace *string

	// Indicates whether this web ACL is managed by Firewall Manager. If true, then
	// only Firewall Manager can delete the web ACL or any Firewall Manager rule groups
	// in the web ACL.
	ManagedByFirewallManager bool

	// The last set of rules for WAF to process in the web ACL. This is defined in an
	// Firewall Manager WAF policy and contains only rule group references. You can't
	// alter these. Any rules and rule groups that you define for the web ACL are
	// prioritized before these. In the Firewall Manager WAF policy, the Firewall
	// Manager administrator can define a set of rule groups to run first in the web
	// ACL and a set of rule groups to run last. Within each set, the administrator
	// prioritizes the rule groups, to determine their relative processing order.
	PostProcessFirewallManagerRuleGroups []FirewallManagerRuleGroup

	// The first set of rules for WAF to process in the web ACL. This is defined in an
	// Firewall Manager WAF policy and contains only rule group references. You can't
	// alter these. Any rules and rule groups that you define for the web ACL are
	// prioritized after these. In the Firewall Manager WAF policy, the Firewall
	// Manager administrator can define a set of rule groups to run first in the web
	// ACL and a set of rule groups to run last. Within each set, the administrator
	// prioritizes the rule groups, to determine their relative processing order.
	PreProcessFirewallManagerRuleGroups []FirewallManagerRuleGroup

	// The Rule statements used to identify the web requests that you want to allow,
	// block, or count. Each rule includes one top-level statement that WAF uses to
	// identify matching web requests, and parameters that govern how WAF handles them.
	Rules []Rule

	// Specifies the domains that WAF should accept in a web request token. This
	// enables the use of tokens across multiple protected websites. When WAF provides
	// a token, it uses the domain of the Amazon Web Services resource that the web ACL
	// is protecting. If you don't specify a list of token domains, WAF accepts tokens
	// only for the domain of the protected resource. With a token domain list, WAF
	// accepts the resource's host domain plus all domains in the token domain list,
	// including their prefixed subdomains.
	TokenDomains []string
	// contains filtered or unexported fields
}

type WebACLSummary struct {

	// The Amazon Resource Name (ARN) of the entity.
	ARN *string

	// A description of the web ACL that helps with identification.
	Description *string

	// The unique identifier for the web ACL. This ID is returned in the responses to
	// create and list commands. You provide it to operations like update and delete.
	Id *string

	// A token used for optimistic locking. WAF returns a token to your get and list
	// requests, to mark the state of the entity at the time of the request. To make
	// changes to the entity associated with the token, you provide the token to
	// operations like update and delete . WAF uses the token to ensure that no changes
	// have been made to the entity since you last retrieved it. If a change has been
	// made, the update fails with a WAFOptimisticLockException . If this happens,
	// perform another get , and use the new token returned by that operation.
	LockToken *string

	// The name of the web ACL. You cannot change the name of a web ACL after you
	// create it.
	Name *string
	// contains filtered or unexported fields
}

type XssMatchStatement struct {

	// The part of the web request that you want WAF to inspect.
	//
	// This member is required.
	FieldToMatch *FieldToMatch

	// Text transformations eliminate some of the unusual formatting that attackers
	// use in web requests in an effort to bypass detection. If you specify one or more
	// transformations in a rule statement, WAF performs all transformations on the
	// content of the request component identified by FieldToMatch , starting from the
	// lowest priority setting, before inspecting the content for a match.
	//
	// This member is required.
	TextTransformations []TextTransformation
	// contains filtered or unexported fields
}