AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/listing-managed-ips.md

Summary

Added references to 'protection pack' alongside existing 'web ACL' terminology in rate-based rule documentation and introduced a new console experience announcement

Security assessment

The changes primarily introduce 'protection pack' as a new organizational construct alongside web ACLs in AWS WAF documentation. While protection packs are likely a security-related feature (given WAF's security context), there is no evidence in the diff that this change addresses a specific security vulnerability or weakness. The updates expand documentation about existing security features rather than patching vulnerabilities.

Diff

diff --git a/waf/latest/developerguide/listing-managed-ips.md b/waf/latest/developerguide/listing-managed-ips.md
index ee6636555..fecea0015 100644
--- a//waf/latest/developerguide/listing-managed-ips.md
+++ b//waf/latest/developerguide/listing-managed-ips.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -23 +27 @@ For the AWS WAF CLI, the command is [get-rate-based-statement-managed-keys](http
-The following shows the syntax for retrieving the list of rate limited IP addresses for a rate-based rule that's being used in a web ACL on an Amazon CloudFront distribution.
+The following shows the syntax for retrieving the list of rate limited IP addresses for a rate-based rule that's being used in a protection pack or web ACL on an Amazon CloudFront distribution.
@@ -33 +37 @@ The following shows the syntax for a regional application, an Amazon API Gateway
-AWS WAF monitors web requests and manages keys independently for each unique combination of web ACL, optional rule group, and rate-based rule. For example, if you define a rate-based rule inside a rule group, and then use the rule group in a web ACL, AWS WAF monitors web requests and manages keys for that web ACL, rule group reference statement, and rate-based rule instance. If you use the same rule group in a second web ACL, AWS WAF monitors web requests and manages keys for this second usage completely independent of your first.
+AWS WAF monitors web requests and manages keys independently for each unique combination of protection pack or web ACL, optional rule group, and rate-based rule. For example, if you define a rate-based rule inside a rule group, and then use the rule group in a protection pack or web ACL, AWS WAF monitors web requests and manages keys for that protection pack or web ACL, rule group reference statement, and rate-based rule instance. If you use the same rule group in a second protection pack or web ACL, AWS WAF monitors web requests and manages keys for this second usage completely independent of your first.
@@ -35 +39 @@ AWS WAF monitors web requests and manages keys independently for each unique com
-For a rate-based rule that you've defined inside a rule group, you need to provide the name of the rule group reference statement in your request, in addition to the web ACL name and the name of the rate-based rule inside the rule group. The following shows the syntax for a regional application where the rate-based rule is defined inside a rule group, and the rule group is used in a web ACL. 
+For a rate-based rule that you've defined inside a rule group, you need to provide the name of the rule group reference statement in your request, in addition to the protection pack or web ACL name and the name of the rate-based rule inside the rule group. The following shows the syntax for a regional application where the rate-based rule is defined inside a rule group, and the rule group is used in a protection pack or web ACL.