AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/aws-managed-rule-groups-bot.md

Summary

Added information about new console experience and updated references from 'web ACL' to 'protection pack or web ACL' in multiple sections

Security assessment

Changes primarily update terminology to include 'protection pack' references and announce UI changes. No evidence of addressing specific vulnerabilities or adding new security capabilities.

Diff

diff --git a/waf/latest/developerguide/aws-managed-rule-groups-bot.md b/waf/latest/developerguide/aws-managed-rule-groups-bot.md
index e261a1ea9..0f294470d 100644
--- a//waf/latest/developerguide/aws-managed-rule-groups-bot.md
+++ b//waf/latest/developerguide/aws-managed-rule-groups-bot.md
@@ -6,0 +7,4 @@ Protection levelsUsing this rule groupLabels added by this rule groupRules listi
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -54 +58 @@ We periodically update our machine learning (ML) models for the targeted protect
-This managed rule group adds labels to the web requests that it evaluates, which are available to rules that run after this rule group in your web ACL. AWS WAF also records the labels to Amazon CloudWatch metrics. For general information about labels and label metrics, see [Web request labeling](./waf-labels.html) and [Label metrics and dimensions](./waf-metrics.html#waf-metrics-label). 
+This managed rule group adds labels to the web requests that it evaluates, which are available to rules that run after this rule group in your protection pack or web ACL. AWS WAF also records the labels to Amazon CloudWatch metrics. For general information about labels and label metrics, see [Web request labeling](./waf-labels.html) and [Label metrics and dimensions](./waf-metrics.html#waf-metrics-label). 
@@ -103 +107 @@ Following the prefix, the rest of the label provides detailed token status infor
-    * A domain specification that's valid for the web ACL. 
+    * A domain specification that's valid for the protection pack or web ACL. 
@@ -113 +117 @@ Along with the rejected label, token management adds a custom label namespace an
-    * `rejected:expired` – The token's challenge or CAPTCHA timestamp has expired, according to your web ACL's configured token immunity times. 
+    * `rejected:expired` – The token's challenge or CAPTCHA timestamp has expired, according to your protection pack or web ACL's configured token immunity times. 
@@ -115 +119 @@ Along with the rejected label, token management adds a custom label namespace an
-    * `rejected:domain_mismatch` – The token's domain isn't a match for your web ACL's token domain configuration. 
+    * `rejected:domain_mismatch` – The token's domain isn't a match for your protection pack or web ACL's token domain configuration. 
@@ -119 +123 @@ Along with the rejected label, token management adds a custom label namespace an
-Example: The labels `awswaf:managed:captcha:rejected` and `awswaf:managed:captcha:rejected:expired` together indicate that the request didn't have a valid CAPTCHA solve because the CAPTCHA timestamp in the token has exceeded the CAPTCHA token immunity time that's configured in the web ACL.
+Example: The labels `awswaf:managed:captcha:rejected` and `awswaf:managed:captcha:rejected:expired` together indicate that the request didn't have a valid CAPTCHA solve because the CAPTCHA timestamp in the token has exceeded the CAPTCHA token immunity time that's configured in the protection pack or web ACL.