AWS waf documentation change
Summary
Added section about new console experience and updated references from 'web ACL' to 'protection pack or web ACL' throughout the document
Security assessment
Changes introduce terminology for 'protection packs' alongside web ACLs, indicating expanded security configuration options. No evidence of addressing specific vulnerabilities, but documents security feature usage.
Diff
diff --git a/waf/latest/developerguide/waf-bot-control-example-allow-blocked-bot.md b/waf/latest/developerguide/waf-bot-control-example-allow-blocked-bot.md index d74118f40..e0ad3b7b9 100644 --- a//waf/latest/developerguide/waf-bot-control-example-allow-blocked-bot.md +++ b//waf/latest/developerguide/waf-bot-control-example-allow-blocked-bot.md @@ -4,0 +5,4 @@ +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -11 +15 @@ If an AWS WAF Bot Control rule is blocking a bot that you do not want to block, - 1. Identify the Bot Control rule that's blocking the bot by checking the logs. The blocking rule will be specified in the logs in the fields whose names start with `terminatingRule`. For information about the web ACL logs, see [Logging AWS WAF web ACL traffic](./logging.html). Note the label that the rule is adds to the requests. + 1. Identify the Bot Control rule that's blocking the bot by checking the logs. The blocking rule will be specified in the logs in the fields whose names start with `terminatingRule`. For information about the protection pack or web ACL logs, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). Note the label that the rule is adds to the requests. @@ -13 +17 @@ If an AWS WAF Bot Control rule is blocking a bot that you do not want to block, - 2. In your web ACL, override the action of the blocking rule to count. To do this in the console, edit the rule group rule in the web ACL and choose a rule action override of Count for the rule. This ensures that the bot is not blocked by the rule, but the rule will still apply its label to matching requests. + 2. In your protection pack or web ACL, override the action of the blocking rule to count. To do this in the console, edit the rule group rule in the protection pack or web ACL and choose a rule action override of Count for the rule. This ensures that the bot is not blocked by the rule, but the rule will still apply its label to matching requests. @@ -15 +19 @@ If an AWS WAF Bot Control rule is blocking a bot that you do not want to block, - 3. Add a label matching rule to your web ACL, after the Bot Control managed rule group. Configure the rule to match against the overridden rule's label and to block all matching requests except for the bot that you don't want to block. + 3. Add a label matching rule to your protection pack or web ACL, after the Bot Control managed rule group. Configure the rule to match against the overridden rule's label and to block all matching requests except for the bot that you don't want to block. @@ -17 +21 @@ If an AWS WAF Bot Control rule is blocking a bot that you do not want to block, -Your web ACL is now configured so that the bot you want to allow is no longer blocked by the blocking rule that you identified through the logs. +Your protection pack or web ACL is now configured so that the bot you want to allow is no longer blocked by the blocking rule that you identified through the logs. @@ -63 +67 @@ The following rule matches against the category monitoring label that the preced -The following rule must run after the preceding Bot Control managed rule group in the web ACL processing order. +The following rule must run after the preceding Bot Control managed rule group in the protection pack or web ACL processing order.