AWS waf documentation change
Summary
Added documentation about new console experience and replaced 'web ACL' with 'protection pack or web ACL' in multiple contexts
Security assessment
The changes introduce 'protection pack' terminology alongside existing security controls (web ACLs) but do not address vulnerabilities. Updates focus on feature documentation rather than security fixes. WAF label matching is a security feature, so documentation additions qualify as security documentation.
Diff
diff --git a/waf/latest/developerguide/waf-rule-label-match-examples.md b/waf/latest/developerguide/waf-rule-label-match-examples.md index 85560890f..9669e6d1b 100644 --- a//waf/latest/developerguide/waf-rule-label-match-examples.md +++ b//waf/latest/developerguide/waf-rule-label-match-examples.md @@ -6,0 +7,4 @@ Match against a local labelMatch against a label from another contextMatch again +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -13 +17 @@ This section provides examples of match specifications, for the label match rule -These JSON listings were created in the console by adding a rule to a web ACL with the label match specifications and then editing the rule and switching to the **Rule JSON editor**. You can also get the JSON for a rule group or web ACL through the APIs or the command line interface. +These JSON listings were created in the console by adding a rule to a protection pack or web ACL with the label match specifications and then editing the rule and switching to the **Rule JSON editor**. You can also get the JSON for a rule group or protection pack or web ACL through the APIs or the command line interface. @@ -49 +53 @@ The following JSON listing shows a label match statement for a label that's been -If you use this match statement in account 111122223333, in a rule that you define for web ACL `testWebACL`, it would match the following labels. +If you use this match statement in account 111122223333, in a rule that you define for protection pack or web ACL `testWebACL`, it would match the following labels. @@ -62 +66 @@ It wouldn't match the following label, because the label string isn't an exact m -It wouldn't match the following label, because the context isn't the same, so the prefix doesn't match. This is true even if you added the rule group `productionRules` to the web ACL `testWebACL`, where the rule is defined. +It wouldn't match the following label, because the context isn't the same, so the prefix doesn't match. This is true even if you added the rule group `productionRules` to the protection pack or web ACL `testWebACL`, where the rule is defined. @@ -69 +73 @@ It wouldn't match the following label, because the context isn't the same, so th -The following JSON listing shows a label match rule that matches against a label from a rule inside a user-created rule group. The prefix is required in the specification for all rules running in the web ACL that aren't part of the named rule group. This example label specification matches only the exact label. +The following JSON listing shows a label match rule that matches against a label from a rule inside a user-created rule group. The prefix is required in the specification for all rules running in the protection pack or web ACL that aren't part of the named rule group. This example label specification matches only the exact label. @@ -126 +130 @@ The following JSON listing shows a label match statement for a local namespace. -Similar to the local `Label` match, if you use this statement in account 111122223333, in a rule that you define for web ACL `testWebACL`, it would match the following label. +Similar to the local `Label` match, if you use this statement in account 111122223333, in a rule that you define for protection pack or web ACL `testWebACL`, it would match the following label.