:doc:`WAFRegional <../../waf-regional>` / Client / update_rate_based_rule

**********************
update_rate_based_rule
**********************



.. py:method:: WAFRegional.Client.update_rate_based_rule(**kwargs)

  

  .. note::

    

    This is **AWS WAF Classic** documentation. For more information, see `AWS WAF Classic <https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html>`__ in the developer guide.

     

    **For the latest version of AWS WAF**, use the AWS WAFV2 API and see the `AWS WAF Developer Guide <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html>`__. With the latest version, AWS WAF has a single set of endpoints for regional and global use.

    

   

  Inserts or deletes  Predicate objects in a rule and updates the ``RateLimit`` in the rule.

   

  Each ``Predicate`` object identifies a predicate, such as a  ByteMatchSet or an  IPSet, that specifies the web requests that you want to block or count. The ``RateLimit`` specifies the number of requests every five minutes that triggers the rule.

   

  If you add more than one predicate to a ``RateBasedRule``, a request must match all the predicates and exceed the ``RateLimit`` to be counted or blocked. For example, suppose you add the following to a ``RateBasedRule``:

   

  
  * An ``IPSet`` that matches the IP address ``192.0.2.44/32``
   
  * A ``ByteMatchSet`` that matches ``BadBot`` in the ``User-Agent`` header
  

   

  Further, you specify a ``RateLimit`` of 1,000.

   

  You then add the ``RateBasedRule`` to a ``WebACL`` and specify that you want to block requests that satisfy the rule. For a request to be blocked, it must come from the IP address 192.0.2.44 *and* the ``User-Agent`` header in the request must contain the value ``BadBot``. Further, requests that match these two conditions much be received at a rate of more than 1,000 every five minutes. If the rate drops below this limit, AWS WAF no longer blocks the requests.

   

  As a second example, suppose you want to limit requests to a particular page on your site. To do this, you could add the following to a ``RateBasedRule``:

   

  
  * A ``ByteMatchSet`` with ``FieldToMatch`` of ``URI``
   
  * A ``PositionalConstraint`` of ``STARTS_WITH``
   
  * A ``TargetString`` of ``login``
  

   

  Further, you specify a ``RateLimit`` of 1,000.

   

  By adding this ``RateBasedRule`` to a ``WebACL``, you could limit requests to your login page without affecting the rest of your site.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateRateBasedRule>`_  


  **Request Syntax**
  ::

    response = client.update_rate_based_rule(
        RuleId='string',
        ChangeToken='string',
        Updates=[
            {
                'Action': 'INSERT'|'DELETE',
                'Predicate': {
                    'Negated': True|False,
                    'Type': 'IPMatch'|'ByteMatch'|'SqlInjectionMatch'|'GeoMatch'|'SizeConstraint'|'XssMatch'|'RegexMatch',
                    'DataId': 'string'
                }
            },
        ],
        RateLimit=123
    )
    
  :type RuleId: string
  :param RuleId: **[REQUIRED]** 

    The ``RuleId`` of the ``RateBasedRule`` that you want to update. ``RuleId`` is returned by ``CreateRateBasedRule`` and by  ListRateBasedRules.

    

  
  :type ChangeToken: string
  :param ChangeToken: **[REQUIRED]** 

    The value returned by the most recent call to  GetChangeToken.

    

  
  :type Updates: list
  :param Updates: **[REQUIRED]** 

    An array of ``RuleUpdate`` objects that you want to insert into or delete from a  RateBasedRule.

    

  
    - *(dict) --* 

      .. note::

        

        This is **AWS WAF Classic** documentation. For more information, see `AWS WAF Classic <https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html>`__ in the developer guide.

         

        **For the latest version of AWS WAF**, use the AWS WAFV2 API and see the `AWS WAF Developer Guide <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html>`__. With the latest version, AWS WAF has a single set of endpoints for regional and global use.

        

       

      Specifies a ``Predicate`` (such as an ``IPSet``) and indicates whether you want to add it to a ``Rule`` or delete it from a ``Rule``.

      

    
      - **Action** *(string) --* **[REQUIRED]** 

        Specify ``INSERT`` to add a ``Predicate`` to a ``Rule``. Use ``DELETE`` to remove a ``Predicate`` from a ``Rule``.

        

      
      - **Predicate** *(dict) --* **[REQUIRED]** 

        The ID of the ``Predicate`` (such as an ``IPSet``) that you want to add to a ``Rule``.

        

      
        - **Negated** *(boolean) --* **[REQUIRED]** 

          Set ``Negated`` to ``False`` if you want AWS WAF to allow, block, or count requests based on the settings in the specified  ByteMatchSet,  IPSet,  SqlInjectionMatchSet,  XssMatchSet,  RegexMatchSet,  GeoMatchSet, or  SizeConstraintSet. For example, if an ``IPSet`` includes the IP address ``192.0.2.44``, AWS WAF will allow or block requests based on that IP address.

           

          Set ``Negated`` to ``True`` if you want AWS WAF to allow or block a request based on the negation of the settings in the  ByteMatchSet,  IPSet,  SqlInjectionMatchSet,  XssMatchSet,  RegexMatchSet,  GeoMatchSet, or  SizeConstraintSet. For example, if an ``IPSet`` includes the IP address ``192.0.2.44``, AWS WAF will allow, block, or count requests based on all IP addresses *except* ``192.0.2.44``.

          

        
        - **Type** *(string) --* **[REQUIRED]** 

          The type of predicate in a ``Rule``, such as ``ByteMatch`` or ``IPSet``.

          

        
        - **DataId** *(string) --* **[REQUIRED]** 

          A unique identifier for a predicate in a ``Rule``, such as ``ByteMatchSetId`` or ``IPSetId``. The ID is returned by the corresponding ``Create`` or ``List`` command.

          

        
      
    

  :type RateLimit: integer
  :param RateLimit: **[REQUIRED]** 

    The maximum number of requests, which have an identical value in the field specified by the ``RateKey``, allowed in a five-minute period. If the number of requests exceeds the ``RateLimit`` and the other predicates specified in the rule are also met, AWS WAF triggers the action that is specified for this rule.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'ChangeToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **ChangeToken** *(string) --* 

        The ``ChangeToken`` that you used to submit the ``UpdateRateBasedRule`` request. You can also use this value to query the status of the request. For more information, see  GetChangeTokenStatus.

        
  
  **Exceptions**
  
  *   :py:class:`WAFRegional.Client.exceptions.WAFStaleDataException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFInternalErrorException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFInvalidAccountException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFInvalidOperationException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFInvalidParameterException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFNonexistentContainerException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFNonexistentItemException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFReferencedItemException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFLimitsExceededException`

  