AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/waf-tokens-block-missing-tokens.md

Summary

Added announcement about new console experience and updated terminology from 'web ACL' to 'protection pack or web ACL' in multiple sections

Security assessment

Changes focus on UI updates and terminology expansion to include 'protection packs' without addressing specific vulnerabilities or security mechanisms. The token handling documentation remains functionally equivalent.

Diff

diff --git a/waf/latest/developerguide/waf-tokens-block-missing-tokens.md b/waf/latest/developerguide/waf-tokens-block-missing-tokens.md
index 26d7c99f0..22964b1a5 100644
--- a//waf/latest/developerguide/waf-tokens-block-missing-tokens.md
+++ b//waf/latest/developerguide/waf-tokens-block-missing-tokens.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -32 +36 @@ For additional details about the intelligent threat rule groups, see [AWS WAF Fr
-With the Bot Control and ATP rule groups, it's possible for a request without a valid token to exit the rule group evaluation and continue to be evaluated by the web ACL. 
+With the Bot Control and ATP rule groups, it's possible for a request without a valid token to exit the rule group evaluation and continue to be evaluated by the protection pack or web ACL. 
@@ -36 +40 @@ To block all requests that are missing their token or whose token is rejected, a
-The following is an example JSON listing for a web ACL that uses the ATP managed rule group. The web ACL has an added rule to capture the `awswaf:managed:token:absent` label and handle it. The rule narrows its evaluation to web requests going to the login endpoint, to match the scope of the ATP rule group. The added rule is listed in bold. 
+The following is an example JSON listing for a protection pack or web ACL that uses the ATP managed rule group. The protection pack or web ACL has an added rule to capture the `awswaf:managed:token:absent` label and handle it. The rule narrows its evaluation to web requests going to the login endpoint, to match the scope of the ATP rule group. The added rule is listed in bold.