AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/customizing-the-response-for-blocked-requests.md

Summary

Added new console experience announcement and expanded references to include 'protection pack' alongside web ACL in block action configurations

Security assessment

The changes integrate 'protection pack' terminology into existing security-focused documentation about custom block responses. While this expands documentation scope for security features (block actions), there's no evidence of addressing a specific vulnerability.

Diff

diff --git a/waf/latest/developerguide/customizing-the-response-for-blocked-requests.md b/waf/latest/developerguide/customizing-the-response-for-blocked-requests.md
index 2c11fd0c1..e021ee2be 100644
--- a//waf/latest/developerguide/customizing-the-response-for-blocked-requests.md
+++ b//waf/latest/developerguide/customizing-the-response-for-blocked-requests.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -7 +11 @@
-This section explains how to instruct AWS WAF to send a custom HTTP response back to the client for rule actions or web ACL default actions that are set to Block. For more information about rule actions, see [Using rule actions in AWS WAF](./waf-rule-action.html). For more information about default web ACL actions, see [Setting the web ACL default action in AWS WAF](./web-acl-default-action.html).
+This section explains how to instruct AWS WAF to send a custom HTTP response back to the client for rule actions or protection pack or web ACL default actions that are set to Block. For more information about rule actions, see [Using rule actions in AWS WAF](./waf-rule-action.html). For more information about default protection pack or web ACL actions, see [Setting the protection pack or web ACL default action in AWS WAF](./web-acl-default-action.html).
@@ -60 +64 @@ You can specify any header name except for `content-type`.
-You define the body of a custom response within the context of the web ACL or rule group where you want to use it. After you've defined a custom response body, you can use it by reference anywhere else in the web ACL or rule group where you created it. In the individual Block action settings, you reference the custom body that you want to use and you define the status code and header of the custom response. 
+You define the body of a custom response within the context of the protection pack or web ACL or rule group where you want to use it. After you've defined a custom response body, you can use it by reference anywhere else in the protection pack or web ACL or rule group where you created it. In the individual Block action settings, you reference the custom body that you want to use and you define the status code and header of the custom response. 
@@ -62 +66 @@ You define the body of a custom response within the context of the web ACL or ru
-When you create a custom response in the console, you can choose from response bodies that you've already defined or you can create a new body. Outside of the console, you define your custom response bodies at the web ACL or rule group level, and then reference them from the action settings within the web ACL or rule group. This is shown in the example JSON in the following section. 
+When you create a custom response in the console, you can choose from response bodies that you've already defined or you can create a new body. Outside of the console, you define your custom response bodies at the protection pack or web ACL or rule group level, and then reference them from the action settings within the protection pack or web ACL or rule group. This is shown in the example JSON in the following section.