SqlInjectionMatchSet
The SqlInjectionMatchSet resource allows you to define a set of SQL injection match tuples that can be used to identify SQL injection attacks in web requests. For more information, refer to the AWS WAFRegional SqlInjectionMatchSets documentation.
Minimal Example
Create a basic SqlInjectionMatchSet with one SQL injection match tuple.
ts
import AWS from "alchemy/aws/control";
const sqlInjectionMatchSet = await AWS.WAFRegional.SqlInjectionMatchSet("basicSqlInjectionMatchSet", {
Name: "BasicSQLInjectionSet",
SqlInjectionMatchTuples: [{
FieldToMatch: {
Type: "QUERY_STRING"
},
TextTransformation: "URL_DECODE",
TargetString: "SELECT * FROM"
}]
});Advanced Configuration
Configure a SqlInjectionMatchSet with multiple SQL injection match tuples for enhanced protection.
ts
const advancedSqlInjectionMatchSet = await AWS.WAFRegional.SqlInjectionMatchSet("advancedSqlInjectionMatchSet", {
Name: "AdvancedSQLInjectionSet",
SqlInjectionMatchTuples: [
{
FieldToMatch: {
Type: "BODY"
},
TextTransformation: "URL_DECODE",
TargetString: "DROP TABLE"
},
{
FieldToMatch: {
Type: "HEADER",
Data: "User-Agent"
},
TextTransformation: "LOWERCASE",
TargetString: "UNION SELECT"
}
]
});Adoption of Existing Resource
If you want to adopt an existing SqlInjectionMatchSet without creating a new one, use the adopt property.
ts
const existingSqlInjectionMatchSet = await AWS.WAFRegional.SqlInjectionMatchSet("existingSqlInjectionMatchSet", {
Name: "ExistingSQLInjectionSet",
adopt: true
});Use Case: Associating with WebACL
Demonstrate how to associate a SqlInjectionMatchSet with a WebACL for comprehensive security.
ts
const webAclWithSqlInjectionProtection = await AWS.WAFRegional.WebACL("webAclWithSqlInjectionProtection", {
Name: "WebAclWithSQLInjectionProtection",
DefaultAction: {
Type: "ALLOW"
},
Rules: [{
Type: "REGULAR",
Priority: 1,
RuleId: sqlInjectionMatchSet.id, // Assuming this matches the ID of the created SqlInjectionMatchSet
Action: {
Type: "BLOCK"
}
}]
});