AWS waf documentation change
Summary
Updated documentation to include 'protection pack' terminology alongside web ACL references, added section about new console experience, and expanded logging configuration details
Security assessment
Changes primarily involve terminology updates (adding 'protection pack') and console experience documentation. While field redaction is mentioned, this is existing security documentation being updated with new terminology rather than addressing a new security issue or adding security features.
Diff
diff --git a/waf/latest/developerguide/logging-management.md b/waf/latest/developerguide/logging-management.md index be32c9f96..6272c8c3b 100644 --- a//waf/latest/developerguide/logging-management.md +++ b//waf/latest/developerguide/logging-management.md @@ -5 +5 @@ -# Finding your web ACL records +**Introducing a new console experience for AWS WAF** @@ -7 +7,5 @@ -This section explains how to find your web ACL records. +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + +# Finding your protection pack or web ACL records + +This section explains how to find your protection pack or web ACL records. @@ -11 +15 @@ This section explains how to find your web ACL records. -You are charged for logging in addition to the charges for using AWS WAF. For information, see [Pricing for logging web ACL traffic information](./logging-pricing.html). +You are charged for logging in addition to the charges for using AWS WAF. For information, see [Pricing for logging protection pack or web ACL traffic information](./logging-pricing.html). @@ -17 +21 @@ On rare occasions, it's possible for AWS WAF log delivery to fall below 100%, wi -In the logging configuration for your web ACL, you can customize what AWS WAF sends to the logs. +In the logging configuration for your protection pack or web ACL, you can customize what AWS WAF sends to the logs. @@ -19 +23 @@ In the logging configuration for your web ACL, you can customize what AWS WAF se - * **Field redaction** – You can redact the following fields from the log records for the rules that use the corresponding match settings: **URI path** , **Query string** , **Single header** , and **HTTP method**. Redacted fields appear as `REDACTED` in the logs. For example, if you redact the **Query string** field, in the logs, it will be listed as `REDACTED` for all rules that use the **Query string** match component setting. Redaction applies only to the request component that you specify for matching in the rule, so the redaction of the **Single header** component doesn't apply to rules that match on **Headers**. For a list of the log fields, see [Log fields for web ACL traffic](./logging-fields.html). + * **Field redaction** – You can redact the following fields from the log records for the rules that use the corresponding match settings: **URI path** , **Query string** , **Single header** , and **HTTP method**. Redacted fields appear as `REDACTED` in the logs. For example, if you redact the **Query string** field, in the logs, it will be listed as `REDACTED` for all rules that use the **Query string** match component setting. Redaction applies only to the request component that you specify for matching in the rule, so the redaction of the **Single header** component doesn't apply to rules that match on **Headers**. For a list of the log fields, see [Log fields for protection pack or web ACL traffic](./logging-fields.html). @@ -23 +27 @@ In the logging configuration for your web ACL, you can customize what AWS WAF se -This setting has no impact on request sampling. You can exclude fields from request sampling by configuring web ACL data protection or by disabling sampling for the web ACL. +This setting has no impact on request sampling. You can exclude fields from request sampling by configuring protection pack or web ACL data protection or by disabling sampling for the protection pack or web ACL. @@ -27 +31 @@ This setting has no impact on request sampling. You can exclude fields from requ - * **Fully qualified label** – Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. For information about labels, see [Web request labeling in AWS WAF](./waf-labels.html). + * **Fully qualified label** – Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or protection pack or web ACL context of the rule that added the label. For information about labels, see [Web request labeling in AWS WAF](./waf-labels.html).