Top / Amazon Web Service / AWS WAF / XSS Match Set

AWS WAF XSS Match Set

This page shows how to write Terraform and CloudFormation for AWS WAF XSS Match Set and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_waf_xss_match_set (Terraform)

The XSS Match Set in AWS WAF can be configured in Terraform with the resource name aws_waf_xss_match_set. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L7
resource "aws_waf_xss_match_set" "this" {
  name = var.name

  dynamic "xss_match_tuples" {
    for_each = var.xss_match_tuples
    content {

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides a WAF XSS Match Set Resource

>> from Terraform Registry

AWS::WAF::XssMatchSet (CloudFormation)

The XssMatchSet in WAF can be configured in CloudFormation with the resource name AWS::WAF::XssMatchSet. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

waf_web_acl.cfn.yml#L26
    Type: "AWS::WAF::XssMatchSet"
    Properties:
      Name: !Sub "${Environment} ${Platform} XssMatchSet"
      XssMatchTuples:
        -
          FieldToMatch:
waf-udagram.yml#L163
    Type: 'AWS::WAF::XssMatchSet'

Outputs:
  UdagramACL:
    Description: The Waf rule name
    Value: !Ref UdagramACL
waf.yml#L161
    Type: 'AWS::WAF::XssMatchSet'

Outputs:
  UdagramACL:
    Description: The Waf rule name
    Value: !Ref UdagramACL
aws-waf-cloudfront.yml#L143
    Type: 'AWS::WAF::XssMatchSet'
    Condition: CrossSiteScriptingProtectionActivated
    Properties:
      Name: !Join [' - ', [!Ref 'AWS::StackName', 'XSS Detection Detection']]
      XssMatchTuples:
        - FieldToMatch:
api.yml#L110
    Type: AWS::WAF::XssMatchSet
    Condition: CrossSiteScriptingProtectionActivated
    Properties:
      Name:
        !Join
        - " - "
WAFXssMatchSetSpecification.json#L3
    "AWS::WAF::XssMatchSet.FieldToMatch": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-xssmatchset-xssmatchtuple-fieldtomatch.html",
      "Properties": {
        "Data": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-xssmatchset-xssmatchtuple-fieldtomatch.html#cfn-waf-xssmatchset-xssmatchtuple-fieldtomatch-data",
          "PrimitiveType": "String",
WAFXssMatchSetSpecification.json#L3
    "AWS::WAF::XssMatchSet.FieldToMatch": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-xssmatchset-xssmatchtuple-fieldtomatch.html",
      "Properties": {
        "Data": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-waf-xssmatchset-xssmatchtuple-fieldtomatch.html#cfn-waf-xssmatchset-xssmatchtuple-fieldtomatch-data",
          "PrimitiveType": "String",
WAF.json#L230
  "resourceType" : "AWS::WAF::XssMatchSet",
  "properties" : [ {
    "propertyName" : "Name",
    "propertyType" : "String",
    "required" : true
  }, {
cfn_waf-xss_1_v1.json#L22
      "Type": "AWS::WAF::XssMatchSet",
      "Properties": {
        "Name": {
          "Ref": "XssCondition1"
        },
        "XssMatchTuples": [
cfn_waf-xss_1_v1.json#L22
      "Type": "AWS::WAF::XssMatchSet",
      "Properties": {
        "Name": {
          "Ref": "XssCondition1"
        },
        "XssMatchTuples": [

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

Note This is AWS WAF Classic documentation. For more information, see AWS WAF Classic in the developer guide. For the latest version of AWS WAF , use the AWS WAFV2 API and see the AWS WAF Developer Guide. With the latest version, AWS WAF has a single set of endpoints for regional and global use. A complex type that contains XssMatchTuple objects, which specify the parts of web requests that you want AWS WAF to inspect for cross-site scripting attacks and, if you want AWS WAF to inspect a header, the name of the header. If a XssMatchSet contains more than one XssMatchTuple object, a request needs to include cross-site scripting attacks in only one of the specified parts of the request to be considered a match.

>> from AWS CloudFormation Documentation

The Other Related AWS WAF Resources

Frequently asked questions

What is AWS WAF XSS Match Set?

AWS WAF XSS Match Set is a resource for WAF of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS WAF XSS Match Set?

For Terraform, the niveklabs/aws source code example is useful. See the Terraform Example section for further details.

For CloudFormation, the qld-gov-au/ckan-qld-infrastructure, divuu/CloudFormation-Scripts and ade-mola/Deploy-Web-App-Using-CloudFormation source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents