Skip to content
Alchemy
GitHubXDiscordRSS

ByteMatchSet

Learn how to create, update, and manage AWS WAFRegional ByteMatchSets using Alchemy Cloud Control.

The ByteMatchSet resource lets you manage AWS WAFRegional ByteMatchSets which are used to specify a sequence of bytes that you want AWS WAF to search for in web requests.

Minimal Example

Section titled “Minimal Example”

Create a basic ByteMatchSet with a name and a single ByteMatchTuple.

import AWS from "alchemy/aws/control";


const basicByteMatchSet = await AWS.WAFRegional.ByteMatchSet("basicByteMatchSet", {
  Name: "BasicByteMatchSet",
  ByteMatchTuples: [{
    FieldToMatch: {
      Type: "HEADER",
      Data: "User-Agent"
    },
    TargetString: "BadBot",
    PositionalConstraint: "CONTAINS",
    TextTransformation: "NONE"
  }]
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a ByteMatchSet with multiple ByteMatchTuples and various settings.

const advancedByteMatchSet = await AWS.WAFRegional.ByteMatchSet("advancedByteMatchSet", {
  Name: "AdvancedByteMatchSet",
  ByteMatchTuples: [
    {
      FieldToMatch: {
        Type: "URI",
        Data: "/login"
      },
      TargetString: "malicious",
      PositionalConstraint: "EXACTLY",
      TextTransformation: "NONE"
    },
    {
      FieldToMatch: {
        Type: "BODY",
        Data: ""
      },
      TargetString: "attack",
      PositionalConstraint: "CONTAINS",
      TextTransformation: "URL_DECODE"
    }
  ]
});

Use Case: Protect Against SQL Injection

Section titled “Use Case: Protect Against SQL Injection”

Create a ByteMatchSet specifically designed to protect against SQL injection attacks.

const sqlInjectionByteMatchSet = await AWS.WAFRegional.ByteMatchSet("sqlInjectionByteMatchSet", {
  Name: "SQLInjectionProtectionSet",
  ByteMatchTuples: [
    {
      FieldToMatch: {
        Type: "QUERY_STRING",
        Data: ""
      },
      TargetString: "' OR '1'='1",
      PositionalConstraint: "CONTAINS",
      TextTransformation: "URL_DECODE"
    },
    {
      FieldToMatch: {
        Type: "BODY",
        Data: ""
      },
      TargetString: "--",
      PositionalConstraint: "CONTAINS",
      TextTransformation: "NONE"
    }
  ]
});

Use Case: Block Specific User Agents

Section titled “Use Case: Block Specific User Agents”

Define a ByteMatchSet to block requests from specific user agents.

const userAgentBlockSet = await AWS.WAFRegional.ByteMatchSet("userAgentBlockSet", {
  Name: "UserAgentBlockSet",
  ByteMatchTuples: [
    {
      FieldToMatch: {
        Type: "HEADER",
        Data: "User-Agent"
      },
      TargetString: "BadBot",
      PositionalConstraint: "CONTAINS",
      TextTransformation: "NONE"
    },
    {
      FieldToMatch: {
        Type: "HEADER",
        Data: "User-Agent"
      },
      TargetString: "Scraper",
      PositionalConstraint: "CONTAINS",
      TextTransformation: "NONE"
    }
  ]
});