AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/waf-javascript-api.md

Summary

Added console experience note and updated references to include 'protection pack' in script URLs

Security assessment

Modifications focus on UI documentation and terminology updates (protection packs). Existing security mechanisms (CAPTCHA/token validation) documentation remains unchanged except for terminology. No new security features or vulnerability mitigations introduced.

Diff

diff --git a/waf/latest/developerguide/waf-javascript-api.md b/waf/latest/developerguide/waf-javascript-api.md
index a09c17bc7..ae3ce05ca 100644
--- a//waf/latest/developerguide/waf-javascript-api.md
+++ b//waf/latest/developerguide/waf-javascript-api.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -20 +24 @@ CAPTCHA puzzles and silent challenges can only run when browsers are accessing H
-By using these integrations, you ensure that the remote procedure calls by your client contain a valid token. When these integration APIs are in place on your application's pages, you can implement mitigating rules in your web ACL, such as blocking requests that don't contain a valid token. You can also implement rules that enforce the use of the tokens that your client applications obtain, by using the Challenge or CAPTCHA actions in your rules. 
+By using these integrations, you ensure that the remote procedure calls by your client contain a valid token. When these integration APIs are in place on your application's pages, you can implement mitigating rules in your protection pack or web ACL, such as blocking requests that don't contain a valid token. You can also implement rules that enforce the use of the tokens that your client applications obtain, by using the Challenge or CAPTCHA actions in your rules. 
@@ -28 +32 @@ The following listing shows basic components of a typical implementation of the
-    <script type="text/javascript" src="Web ACL integration URL/challenge.js" defer></script>
+    <script type="text/javascript" src="protection pack or web ACL integration URL/challenge.js" defer></script>