AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/waf-bot-control-components.md

Summary

Added references to 'protection pack' throughout documentation alongside existing 'web ACL' references, updated console experience information, and modified logging section links

Security assessment

The changes primarily expand documentation to include a new 'protection pack' concept alongside existing web ACL references. While Bot Control is a security feature, these updates appear to document feature integration rather than address specific vulnerabilities. No security patches or vulnerability mitigations are mentioned.

Diff

diff --git a/waf/latest/developerguide/waf-bot-control-components.md b/waf/latest/developerguide/waf-bot-control-components.md
index 665167479..481898bfa 100644
--- a//waf/latest/developerguide/waf-bot-control-components.md
+++ b//waf/latest/developerguide/waf-bot-control-components.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -27 +31 @@ For details including information about the rule group's rules, see [AWS WAF Bot
-You include this rule group in your web ACL using a managed rule group reference statement and indicating the inspection level that you want to use. For the targeted level, you also indicate whether to enable machine learning. For more information about adding this managed rule group to your web ACL, see [Adding the AWS WAF Bot Control managed rule group to your web ACL](./waf-bot-control-rg-using.html). 
+You include this rule group in your protection pack or web ACL using a managed rule group reference statement and indicating the inspection level that you want to use. For the targeted level, you also indicate whether to enable machine learning. For more information about adding this managed rule group to your protection pack or web ACL, see [Adding the AWS WAF Bot Control managed rule group to your web ACL](./waf-bot-control-rg-using.html). 
@@ -29 +33 @@ You include this rule group in your web ACL using a managed rule group reference
-  * **Bot Control dashboard** – The bot monitoring dashboard for your web ACL, available through the web ACL Bot Control tab. Use this dashboard to monitor your traffic and understand how much of it comes from various types of bots. This can be a starting point for customizing your bot management, as described in this topic. You can also use it to verify your changes and monitor activity for various bots and bot categories. 
+  * **Bot Control dashboard** – The bot monitoring dashboard for your protection pack or web ACL, available through the protection pack or web ACL Bot Control tab. Use this dashboard to monitor your traffic and understand how much of it comes from various types of bots. This can be a starting point for customizing your bot management, as described in this topic. You can also use it to verify your changes and monitor activity for various bots and bot categories. 
@@ -33 +37 @@ You include this rule group in your web ACL using a managed rule group reference
-  * **Logging and metrics** – You can monitor your bot traffic and understand how the Bot Control managed rule group evaluates and handles your traffic by studying the data that's collected for your web ACL by AWS WAF logs, Amazon Security Lake, and Amazon CloudWatch. The labels that Bot Control adds to your web requests are included in the data. For information about these options, see [Logging AWS WAF web ACL traffic](./logging.html), [Monitoring with Amazon CloudWatch](./monitoring-cloudwatch.html), and [What is Amazon Security Lake?](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html). 
+  * **Logging and metrics** – You can monitor your bot traffic and understand how the Bot Control managed rule group evaluates and handles your traffic by studying the data that's collected for your protection pack or web ACL by AWS WAF logs, Amazon Security Lake, and Amazon CloudWatch. The labels that Bot Control adds to your web requests are included in the data. For information about these options, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html), [Monitoring with Amazon CloudWatch](./monitoring-cloudwatch.html), and [What is Amazon Security Lake?](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html).