XssMatchSet
The XssMatchSet resource allows you to configure and manage AWS WAF XssMatchSets, which are used to block or allow web requests based on cross-site scripting (XSS) attacks.
Minimal Example
Section titled “Minimal Example”Create a basic XssMatchSet with required properties:
import AWS from "alchemy/aws/control";
const xssMatchSet = await AWS.WAF.XssMatchSet("basicXssMatchSet", { name: "MyXssMatchSet", xssMatchTuples: [ { fieldToMatch: { type: "URI", }, textTransformation: "URL_DECODE", } ]});Advanced Configuration
Section titled “Advanced Configuration”Configure an XssMatchSet with multiple XSS match tuples for enhanced security:
const advancedXssMatchSet = await AWS.WAF.XssMatchSet("advancedXssMatchSet", { name: "AdvancedXssMatchSet", xssMatchTuples: [ { fieldToMatch: { type: "QUERY_STRING", }, textTransformation: "HTML_ENTITY_DECODE", }, { fieldToMatch: { type: "BODY", }, textTransformation: "URL_DECODE", } ], adopt: true // Adopt existing resource if it already exists});Using with WebACL
Section titled “Using with WebACL”Integrate the XssMatchSet with a WebACL to provide comprehensive protection for your application:
import AWS from "alchemy/aws/control";
const webAcl = await AWS.WAF.WebAcl("myWebAcl", { name: "MyWebAcl", defaultAction: { type: "ALLOW", }, rules: [ { priority: 1, ruleId: xssMatchSet.id, action: { type: "BLOCK", }, type: "REGULAR" } ]});Example with Multiple Text Transformations
Section titled “Example with Multiple Text Transformations”Demonstrate the use of an XssMatchSet with various text transformations for different fields:
const multiTransformXssMatchSet = await AWS.WAF.XssMatchSet("multiTransformXssMatchSet", { name: "MultiTransformXssMatchSet", xssMatchTuples: [ { fieldToMatch: { type: "HEADER", data: "User-Agent", }, textTransformation: "CLEAN_URL", }, { fieldToMatch: { type: "BODY", }, textTransformation: "HTML_ENTITY_DECODE", } ]});