AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/waf-captcha-and-challenge-actions.md

Summary

Added announcement about new console experience and updated references from 'web ACL' to 'protection pack or web ACL' in rule evaluation context

Security assessment

Changes primarily introduce terminology updates ('protection pack') and console navigation guidance without addressing specific vulnerabilities or security mechanisms. No evidence of security vulnerability fixes or new security features added.

Diff

diff --git a/waf/latest/developerguide/waf-captcha-and-challenge-actions.md b/waf/latest/developerguide/waf-captcha-and-challenge-actions.md
index 0227bf7c2..97f2cdef8 100644
--- a//waf/latest/developerguide/waf-captcha-and-challenge-actions.md
+++ b//waf/latest/developerguide/waf-captcha-and-challenge-actions.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -19 +23 @@ AWS WAF applies the CAPTCHA or Challenge action to a web request as follows:
-  * **Valid token** – AWS WAF handles this similar to a Count action. AWS WAF applies any labels and request customizations that you've configured for the rule action, and then continues evaluating the request using the remaining rules in the web ACL. 
+  * **Valid token** – AWS WAF handles this similar to a Count action. AWS WAF applies any labels and request customizations that you've configured for the rule action, and then continues evaluating the request using the remaining rules in the protection pack or web ACL. 
@@ -21 +25 @@ AWS WAF applies the CAPTCHA or Challenge action to a web request as follows:
-  * **Missing, invalid, or expired token** – AWS WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination. 
+  * **Missing, invalid, or expired token** – AWS WAF discontinues the protection pack or web ACL evaluation of the request and blocks it from going to its intended destination. 
@@ -52 +56 @@ For Javascript applications running in the client browser, this header is only a
-To configure the timing of token expiration at the web ACL or rule level, see [Setting timestamp expiration and token immunity times in AWS WAF](./waf-tokens-immunity-times.html).
+To configure the timing of token expiration at the protection pack or web ACL or rule level, see [Setting timestamp expiration and token immunity times in AWS WAF](./waf-tokens-immunity-times.html).