AWS waf documentation change
Summary
Added documentation for new protection packs concept, updated console experience, and detailed new security monitoring dashboards with traffic insights, protection activity visualization, and DDoS/bot detection metrics
Security assessment
The changes introduce new security monitoring capabilities (traffic analysis, bot detection, DDoS metrics) and protection packs as a security control mechanism. While these enhance security visibility and configuration options, there's no evidence they address specific vulnerabilities or security incidents.
Diff
diff --git a/waf/latest/developerguide/how-aws-waf-works.md b/waf/latest/developerguide/how-aws-waf-works.md index 3365966d2..ce92947e4 100644 --- a//waf/latest/developerguide/how-aws-waf-works.md +++ b//waf/latest/developerguide/how-aws-waf-works.md @@ -4,0 +5,6 @@ +Understanding the new dashboards + +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -7 +13 @@ -You use AWS WAF to control how your protected resources respond to HTTP(S) web requests. You do this by defining a web access control list (ACL) and then associating it with one or more web application resources that you want to protect. The associated resources forward incoming requests to AWS WAF for inspection by the web ACL. +You use AWS WAF to control how your protected resources respond to HTTP(S) web requests. You do this by defining a web access control list (web ACL) or protection pack and then associating it with one or more web application resources that you want to protect. The associated resources forward incoming requests to AWS WAF for inspection by the protection pack or web ACL. @@ -9 +15 @@ You use AWS WAF to control how your protected resources respond to HTTP(S) web r -In your web ACL, you create rules to define traffic patterns to look for in requests and to specify the actions to take on matching requests. The action choices include the following: +In your protection pack or web ACL, you create rules to define traffic patterns to look for in requests and to specify the actions to take on matching requests. The action choices include the following: @@ -26 +32 @@ The following are the central components of AWS WAF: - * **Web ACLs** – You use a web access control list (ACL) to protect a set of AWS resources. You create a web ACL and define its protection strategy by adding rules. Rules define criteria for inspecting web requests and they specify the action to take on requests that match their criteria. You also set a default action for the web ACL that indicates whether to block or allow through any requests that the rules haven't already blocked or allowed. For more information about web ACLs, see [Using web ACLs in AWS WAF](./web-acl.html). + * **web ACLs** – You use a web access control list (web ACL) to protect a set of AWS resources. You create a web ACL and define its protection strategy by adding rules. Rules define criteria for inspecting web requests and they specify the action to take on requests that match their criteria. You also set a default action for the web ACL that indicates whether to block or allow through any requests that the rules haven't already blocked or allowed. For more information about web ACLs, see [Configuring protection in AWS WAF](./web-acl.html). @@ -29,0 +36,4 @@ A web ACL is an AWS WAF resource. + * **Protection packs** – You use a protection pack to protect a set of AWS resources. Protection packs perform essentially the same function in the new console as web ACLs. You create a protection pack and define its protection strategy by adding rules. Rules define criteria for inspecting web requests and they specify the action to take on requests that match their criteria. You also set a default action for the protection pack that indicates whether to block or allow through any requests that the rules haven't already blocked or allowed. For more information about protection packs, see [Configuring protection in AWS WAF](./web-acl.html). + +A protection pack is an AWS WAF resource. + @@ -32 +42 @@ A web ACL is an AWS WAF resource. -A rule is not an AWS WAF resource. It only exists in the context of a web ACL or rule group. +A rule is not an AWS WAF resource. It only exists in the context of a protection pack or web ACL or rule group. @@ -34 +44 @@ A rule is not an AWS WAF resource. It only exists in the context of a web ACL or - * **Rule groups** – You can define rules directly inside a web ACL or in reusable rule groups. AWS Managed Rules and AWS Marketplace sellers provide managed rule groups for your use. You can also define your own rule groups. For more information about rule groups, see [AWS WAF rule groups](./waf-rule-groups.html). + * **Rule groups** – You can define rules directly inside a protection pack or web ACL or in reusable rule groups. AWS Managed Rules and AWS Marketplace sellers provide managed rule groups for your use. You can also define your own rule groups. For more information about rule groups, see [AWS WAF rule groups](./waf-rule-groups.html). @@ -38 +48,81 @@ A rule group is an AWS WAF resource. - * **Web ACL capacity units (WCUs)** – AWS WAF uses WCUs to calculate and control the operating resources that are required to run your rules, rule groups, and web ACLs. + * **web ACL capacity units (WCUs)** – AWS WAF uses WCUs to calculate and control the operating resources that are required to run your rules, rule groups, protection packs, or web ACLs. + +A WCU is not an AWS WAF resource. It only exists in the context of a protection pack or web ACL, rule, or rule group. + + + + +## Understanding the new dashboards + +Dashboards available through updated provide unified visibility into your security posture through these visualizations: + +**Traffic insight recommendations** – AWS Threat Intelligence monitors your previous 2 weeks of allowed traffic, analyzes vulnerabilities, and provides the following: + + + * Traffic-based rule suggestions + + * Application-specific security recommendations + + * Protection optimization guidance + + + + +**Summary** – Shows request counts for all traffic during a specified time range. You can use the following criteria to filter traffic data: + + + * **Rule** – Filter by the individual rules in the protection pack. + + * **Actions** – Show counts for specific actions taken on traffic like Allow, Block, Captcha, and Challenge. + + * **Traffic type** – Only show counts for specific traffic types like anti-DDoS or bots. + + * **Time range** – Choose from a selection of predefined time ranges, or set a custom range. + + * **Local or UTC time** – You can set your preferred time format. + + + + +**Protection activity** – Visualizes your protection rules and how their order contributes to terminating actions. + + + * **Traffic flow through your rules** – Show the traffic flow through your rules. Switch from **Sequential rules view** to **Non-sequential rules view** to see how rule order affects outcomes. + + * **Rule actions and their outcomes** – Shows the terminating actions that a rule took on traffic in the specified time period. + + + + +**Action totals** – A chart that visualizes the total number of actions taken on requests during a specified time range. Use the **Overlay last 3 hours** option to compare the current time range with the previous 3 hour time window. You can filter data by: + + + * **Allow action** + + * **Total actions** + + * **Captcha actions** + + * **Challenge actions** + + * **Block actions** + + + + +**All rules** – A chart that visualizes metrics for all rules in the protection pack. + + + * Use the **Overlay last 3 hours** option to compare the current time range with the previous 3 hour time window. + + + + +**Overview Dashboard** – Provides a comprehensive, graphical view of your security status, including the following: + + + * **Traffic characteristics** – See an overview of traffic by origin, attack types, or by the device type of the clients that sent requests. + + * **Rule characteristics** – A breakdown of attacks by the 10 most common rules and termnating actions. + + * **Bots** – Visualize bot activity, detection, categories, and bot-related signal labels. @@ -40 +130 @@ A rule group is an AWS WAF resource. -A WCU is not an AWS WAF resource. It only exists in the context of a web ACL, rule, or rule group. + * **Anti-DDoS** – An overview of detected and mitigated layer 7 DDoS activity. @@ -51 +141 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Setting up AWS WAF +Set up AWS WAF (standard console)