AWS waf documentation change
Summary
Added console announcement and updated references from 'web ACL' to 'protection pack or web ACL' in multiple sections
Security assessment
Introduces 'protection pack' terminology alongside existing web ACL references, indicating expanded security configuration options. While this documents security features, there's no evidence of addressing a specific vulnerability.
Diff
diff --git a/waf/latest/developerguide/customizing-the-incoming-request.md b/waf/latest/developerguide/customizing-the-incoming-request.md index 1873774d5..40c77ee89 100644 --- a//waf/latest/developerguide/customizing-the-incoming-request.md +++ b//waf/latest/developerguide/customizing-the-incoming-request.md @@ -4,0 +5,4 @@ +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -9 +13 @@ This section explains how to instruct AWS WAF to insert custom headers into the -This option applies to the rule actions Allow, Count, CAPTCHA, and Challenge and to web ACL default actions that are set to Allow. For more information about rule actions, see [Using rule actions in AWS WAF](./waf-rule-action.html). For more information about default web ACL actions, see [Setting the web ACL default action in AWS WAF](./web-acl-default-action.html). +This option applies to the rule actions Allow, Count, CAPTCHA, and Challenge and to protection pack or web ACL default actions that are set to Allow. For more information about rule actions, see [Using rule actions in AWS WAF](./waf-rule-action.html). For more information about default protection pack or web ACL actions, see [Setting the protection pack or web ACL default action in AWS WAF](./web-acl-default-action.html). @@ -21 +25 @@ If the request already has a header with the same name that AWS WAF is inserting -Unlike the Allow action, the Count action doesn't stop AWS WAF from processing the web request using the rest of the rules in the web ACL. Similarly, when CAPTCHA and Challenge determine that the request token is valid, these actions don't stop AWS WAF from processing the web request. So, if you insert custom headers using a rule with one of these actions, subsequent rules might also insert custom headers. For more information about rule action behavior, see [Using rule actions in AWS WAF](./waf-rule-action.html). +Unlike the Allow action, the Count action doesn't stop AWS WAF from processing the web request using the rest of the rules in the protection pack or web ACL. Similarly, when CAPTCHA and Challenge determine that the request token is valid, these actions don't stop AWS WAF from processing the web request. So, if you insert custom headers using a rule with one of these actions, subsequent rules might also insert custom headers. For more information about rule action behavior, see [Using rule actions in AWS WAF](./waf-rule-action.html). @@ -38 +42 @@ AWS WAF inserts custom headers into a web request when it finishes inspecting th -You define custom request handling for a rule's action or for a web ACL's default action. The following listing shows the JSON for custom handling added to the default action for a web ACL. +You define custom request handling for a rule's action or for a protection pack or web ACL's default action. The following listing shows the JSON for custom handling added to the default action for a protection pack or web ACL. @@ -59 +63 @@ You define custom request handling for a rule's action or for a web ACL's defaul - "Description": "Sample web ACL with custom request handling configured for default action.", + "Description": "Sample protection pack or web ACL with custom request handling configured for default action.",