AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/waf-acfp-control-example-compromised-credentials.md

Summary

Added notice about new console experience and updated terminology from 'web ACL' to 'protection pack or web ACL' in multiple sections

Security assessment

Changes focus on UI updates and terminology expansion (protection pack references). No evidence of addressing vulnerabilities or adding security features. The compromised credentials handling documentation remains similar in functionality.

Diff

diff --git a/waf/latest/developerguide/waf-acfp-control-example-compromised-credentials.md b/waf/latest/developerguide/waf-acfp-control-example-compromised-credentials.md
index 5f13d6d47..2376ff316 100644
--- a//waf/latest/developerguide/waf-acfp-control-example-compromised-credentials.md
+++ b//waf/latest/developerguide/waf-acfp-control-example-compromised-credentials.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -18 +22 @@ To inform the user that the account credentials they've provided have been compr
-The following web ACL listings shows the ACFP managed rule group from the prior example, with the `SignalCredentialCompromised` rule action overridden to count. With this configuration, when this rule group evaluates any web request that uses compromised credentials, it will label the request, but not block it. 
+The following protection pack or web ACL listings shows the ACFP managed rule group from the prior example, with the `SignalCredentialCompromised` rule action overridden to count. With this configuration, when this rule group evaluates any web request that uses compromised credentials, it will label the request, but not block it. 
@@ -20 +24 @@ The following web ACL listings shows the ACFP managed rule group from the prior
-In addition, the web ACL now has a custom response named `aws-waf-credential-compromised` and a new rule named `AccountSignupCompromisedCredentialsHandling`. The rule priority is a higher numeric setting than the rule group, so it runs after the rule group in the web ACL evaluation. The new rule matches any request with the rule group's compromised credentials label. When the rule finds a match, it applies the Block action to the request with the custom response body. The custom response body provides information to the end user that their credentials have been compromised and proposes an action to take. 
+In addition, the protection pack or web ACL now has a custom response named `aws-waf-credential-compromised` and a new rule named `AccountSignupCompromisedCredentialsHandling`. The rule priority is a higher numeric setting than the rule group, so it runs after the rule group in the protection pack or web ACL evaluation. The new rule matches any request with the rule group's compromised credentials label. When the rule finds a match, it applies the Block action to the request with the custom response body. The custom response body provides information to the end user that their credentials have been compromised and proposes an action to take.