AWS waf documentation change
Summary
Added console notice and updated terminology to include 'protection pack' references alongside web ACLs in rule action processing documentation
Security assessment
The change introduces 'protection pack' terminology in security control context (rule processing), documenting expanded security architecture. While security-related, there's no evidence of addressing a specific vulnerability.
Diff
diff --git a/waf/latest/developerguide/waf-rule-action.md b/waf/latest/developerguide/waf-rule-action.md index 22433a413..757a7d9a2 100644 --- a//waf/latest/developerguide/waf-rule-action.md +++ b//waf/latest/developerguide/waf-rule-action.md @@ -4,0 +5,4 @@ +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -13 +17 @@ The rule action tells AWS WAF what to do with a web request when it matches the -Rule actions can be terminating or non-terminating. A terminating action stops the web ACL evaluation of the request and either lets it continue to your protected application or blocks it. +Rule actions can be terminating or non-terminating. A terminating action stops the protection pack or web ACL evaluation of the request and either lets it continue to your protected application or blocks it. @@ -21 +25 @@ Here are the rule action options: - * **Count** – AWS WAF counts the request but does not determine whether to allow it or block it. This is a non-terminating action. AWS WAF continues processing the remaining rules in the web ACL. In rules that you define, you can insert custom headers into the request and you can add labels that other rules can match against. + * **Count** – AWS WAF counts the request but does not determine whether to allow it or block it. This is a non-terminating action. AWS WAF continues processing the remaining rules in the protection pack or web ACL. In rules that you define, you can insert custom headers into the request and you can add labels that other rules can match against. @@ -33 +37 @@ These rule actions can be terminating or non-terminating, depending on the state - * **Non-terminating for valid, unexpired token** – If the token is valid and unexpired according to the configured CAPTCHA or challenge immunity time, AWS WAF handles the request similar to the Count action. AWS WAF continues to inspect the web request based on the remaining rules in the web ACL. Similar to the Count configuration, in rules that you define, you can optionally configure these actions with custom headers to insert into the request, and you can add labels that other rules can match against. + * **Non-terminating for valid, unexpired token** – If the token is valid and unexpired according to the configured CAPTCHA or challenge immunity time, AWS WAF handles the request similar to the Count action. AWS WAF continues to inspect the web request based on the remaining rules in the protection pack or web ACL. Similar to the Count configuration, in rules that you define, you can optionally configure these actions with custom headers to insert into the request, and you can add labels that other rules can match against. @@ -46 +50 @@ For information about adding labels to matching requests, see [Web request label -For information about how web ACL and rule settings interact, see [Using web ACLs with rules and rule groups in AWS WAF](./web-acl-processing.html). +For information about how protection pack or web ACL and rule settings interact, see [Using protection pack or web ACLs with rules and rule groups in AWS WAF](./web-acl-processing.html).