AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-05-13 · Documentation low

File: waf/latest/developerguide/waf-metrics.md

Summary

Updated metric descriptions for CaptchaRequests and ChallengeRequests to clarify token validation scope (expired/invalid/absent tokens now explicitly mentioned).

Security assessment

Provides clearer documentation about security feature telemetry but does not indicate a security vulnerability. Enhances understanding of security control metrics.

Diff

diff --git a/waf/latest/developerguide/waf-metrics.md b/waf/latest/developerguide/waf-metrics.md
index 20dcce795..032aff0c4 100644
--- a//waf/latest/developerguide/waf-metrics.md
+++ b//waf/latest/developerguide/waf-metrics.md
@@ -50 +50 @@ AWS WAF core metrics Metric | Description
-`CaptchaRequests` |  The number of web requests that had CAPTCHA controls applied. Reporting criteria: There is a nonzero value. A CAPTCHA web request is one that matches a rule that has a CAPTCHA action setting. This metric records all requests that match, regardless of whether they have a valid CAPTCHA token. Valid statistics: Sum  
+`CaptchaRequests` |  The number of web requests that had CAPTCHA controls applied. Reporting criteria: There is a nonzero value. A CAPTCHA web request is one that matches a rule that has a CAPTCHA action setting. This metric records all requests that match, regardless of whether the CAPTCHA token is expired, invalid, absent, or has a domain mismatch. Valid statistics: Sum  
@@ -54 +54 @@ AWS WAF core metrics Metric | Description
-`ChallengeRequests` |  The number of web requests that had challenge controls applied. Reporting criteria: There is a nonzero value. A challenge web request is one that matches a rule that has a Challenge action setting. This metric records all requests that match, regardless of whether they have a valid challenge token. Valid statistics: Sum  
+`ChallengeRequests` |  The number of web requests that had challenge controls applied. Reporting criteria: There is a nonzero value. A challenge web request is one that matches a rule that has a Challenge action setting. This metric records all requests that match, regardless of whether the challenge token is expired, invalid, absent, or has a domain mismatch. Valid statistics: Sum