AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/waf-captcha-and-challenge-best-practices.md

Summary

Added console announcement and updated rule configuration references to include 'protection pack' terminology

Security assessment

Documentation updates focus on organizational structure (protection packs) rather than security controls. No changes to security recommendations or vulnerability mitigations.

Diff

diff --git a/waf/latest/developerguide/waf-captcha-and-challenge-best-practices.md b/waf/latest/developerguide/waf-captcha-and-challenge-best-practices.md
index f16f3f41b..35182b345 100644
--- a//waf/latest/developerguide/waf-captcha-and-challenge-best-practices.md
+++ b//waf/latest/developerguide/waf-captcha-and-challenge-best-practices.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -29 +33 @@ For example, if you implement the JavaScript client application CAPTCHA API, and
-For this situation, in your web ACL, you can add a rule that matches against this first call and configure it with the Challenge or CAPTCHA rule action. When the rule matches for a legitimate end user and browser, the action will find a valid token, and therefore will not block the request or send a challenge or CAPTCHA puzzle in response. For more information about how the rule actions work, see [CAPTCHA and Challenge action behavior](./waf-captcha-and-challenge-actions.html).
+For this situation, in your protection pack or web ACL, you can add a rule that matches against this first call and configure it with the Challenge or CAPTCHA rule action. When the rule matches for a legitimate end user and browser, the action will find a valid token, and therefore will not block the request or send a challenge or CAPTCHA puzzle in response. For more information about how the rule actions work, see [CAPTCHA and Challenge action behavior](./waf-captcha-and-challenge-actions.html).