AWS waf documentation change
Summary
Added documentation about new console experience and expanded references to include 'protection pack' alongside web ACL in managed rule group usage, logging, and metrics sections
Security assessment
The changes introduce 'protection pack' as a new organizational structure alongside web ACLs for security configurations, but there's no evidence of addressing a specific vulnerability. The updates document expanded security feature usage options rather than patching a security issue.
Diff
diff --git a/waf/latest/developerguide/waf-acfp-components.md b/waf/latest/developerguide/waf-acfp-components.md index d44725186..2690dbec4 100644 --- a//waf/latest/developerguide/waf-acfp-components.md +++ b//waf/latest/developerguide/waf-acfp-components.md @@ -4,0 +5,4 @@ +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -9 +13 @@ The primary components of AWS WAF Fraud Control account creation fraud preventio - * **`AWSManagedRulesACFPRuleSet`** – The rules in this AWS Managed Rules rule group detect, label, and handle various types of fraudulent account creation activity. The rule group inspects HTTP `GET` text/html requests that clients send to the specified account registration endpoint and `POST` web requests that clients send to the specified account sign-up endpoint. For protected CloudFront distributions, the rule group also inspects the responses that the distribution sends back to account creation requests. For a list of this rule group's rules, see [AWS WAF Fraud Control account creation fraud prevention (ACFP) rule group](./aws-managed-rule-groups-acfp.html). You include this rule group in your web ACL using a managed rule group reference statement. For information about using this rule group, see [Adding the ACFP managed rule group to your web ACL](./waf-acfp-rg-using.html). + * **`AWSManagedRulesACFPRuleSet`** – The rules in this AWS Managed Rules rule group detect, label, and handle various types of fraudulent account creation activity. The rule group inspects HTTP `GET` text/html requests that clients send to the specified account registration endpoint and `POST` web requests that clients send to the specified account sign-up endpoint. For protected CloudFront distributions, the rule group also inspects the responses that the distribution sends back to account creation requests. For a list of this rule group's rules, see [AWS WAF Fraud Control account creation fraud prevention (ACFP) rule group](./aws-managed-rule-groups-acfp.html). You include this rule group in your protection pack or web ACL using a managed rule group reference statement. For information about using this rule group, see [Adding the ACFP managed rule group to your web ACL](./waf-acfp-rg-using.html). @@ -15 +19 @@ You are charged additional fees when you use this managed rule group. For more i - * **Details about your application's account registration and creation pages** – You must provide information about your account registration and creation pages when you add the `AWSManagedRulesACFPRuleSet` rule group to your web ACL. This lets the rule group narrow the scope of the requests it inspects and properly validate account creation web requests. The registration page must accept `GET` text/html requests. The account creation path must accept `POST` requests. The ACFP rule group works with usernames that are in email format. For more information, see [Adding the ACFP managed rule group to your web ACL](./waf-acfp-rg-using.html). + * **Details about your application's account registration and creation pages** – You must provide information about your account registration and creation pages when you add the `AWSManagedRulesACFPRuleSet` rule group to your protection pack or web ACL. This lets the rule group narrow the scope of the requests it inspects and properly validate account creation web requests. The registration page must accept `GET` text/html requests. The account creation path must accept `POST` requests. The ACFP rule group works with usernames that are in email format. For more information, see [Adding the ACFP managed rule group to your web ACL](./waf-acfp-rg-using.html). @@ -26 +30 @@ You can combine your ACFP implementation with the following to help you monitor, - * **Logging and metrics** – You can monitor your traffic, and understand how the ACFP managed rule group affects it, by configuring and enabling logs, Amazon Security Lake data collection, and Amazon CloudWatch metrics for your web ACL. The labels that `AWSManagedRulesACFPRuleSet` adds to your web requests are included in the data. For information about the options, see [Logging AWS WAF web ACL traffic](./logging.html), [Monitoring with Amazon CloudWatch](./monitoring-cloudwatch.html), and [What is Amazon Security Lake?](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html). + * **Logging and metrics** – You can monitor your traffic, and understand how the ACFP managed rule group affects it, by configuring and enabling logs, Amazon Security Lake data collection, and Amazon CloudWatch metrics for your protection pack or web ACL. The labels that `AWSManagedRulesACFPRuleSet` adds to your web requests are included in the data. For information about the options, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html), [Monitoring with Amazon CloudWatch](./monitoring-cloudwatch.html), and [What is Amazon Security Lake?](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html).