AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/waf-tokens-immunity-times.md

Summary

Added references to 'protection pack' alongside web ACL in immunity time configuration documentation and introduced new console experience note

Security assessment

The changes clarify configuration options for challenge/CAPTCHA immunity times through protection packs, which relates to security feature configuration but doesn't address a specific vulnerability. The updates enhance documentation about existing security controls without indicating any patched issues.

Diff

diff --git a/waf/latest/developerguide/waf-tokens-immunity-times.md b/waf/latest/developerguide/waf-tokens-immunity-times.md
index e9782075a..5765bdf43 100644
--- a//waf/latest/developerguide/waf-tokens-immunity-times.md
+++ b//waf/latest/developerguide/waf-tokens-immunity-times.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -17 +21 @@ AWS WAF records a successful response to a challenge or CAPTCHA by updating the
-You can configure the challenge and CAPTCHA immunity times in the web ACL and also in any rule that uses the CAPTCHA or Challenge rule action. 
+You can configure the challenge and CAPTCHA immunity times in the protection pack or web ACL and also in any rule that uses the CAPTCHA or Challenge rule action. 
@@ -19 +23 @@ You can configure the challenge and CAPTCHA immunity times in the web ACL and al
-  * The default web ACL setting for both immunity times is 300 seconds. 
+  * The default protection pack or web ACL setting for both immunity times is 300 seconds. 
@@ -21 +25 @@ You can configure the challenge and CAPTCHA immunity times in the web ACL and al
-  * You can specify the immunity time for any rule that uses the CAPTCHA or Challenge action. If you don't specify the immunity time for the rule, it inherits the setting from the web ACL. 
+  * You can specify the immunity time for any rule that uses the CAPTCHA or Challenge action. If you don't specify the immunity time for the rule, it inherits the setting from the protection pack or web ACL. 
@@ -23 +27 @@ You can configure the challenge and CAPTCHA immunity times in the web ACL and al
-  * For a rule inside a rule group that uses the CAPTCHA or Challenge action, if you don't specify the immunity time for the rule, it will inherit the setting from each web ACL where you use the rule group.
+  * For a rule inside a rule group that uses the CAPTCHA or Challenge action, if you don't specify the immunity time for the rule, it will inherit the setting from each protection pack or web ACL where you use the rule group.
@@ -25 +29 @@ You can configure the challenge and CAPTCHA immunity times in the web ACL and al
-  * The application integration SDKs use the web ACL's challenge immunity time. 
+  * The application integration SDKs use the protection pack or web ACL's challenge immunity time. 
@@ -32 +36 @@ You can configure the challenge and CAPTCHA immunity times in the web ACL and al
-You can use the web ACL and rule level immunity time settings to tune the CAPTCHA action, Challenge, or SDK challenge management behavior. For example, you might configure rules that control access to highly sensitive data with low immunity times, and then set higher immunity times in your web ACL for your other rules and the SDKs to inherit. 
+You can use the protection pack or web ACL and rule level immunity time settings to tune the CAPTCHA action, Challenge, or SDK challenge management behavior. For example, you might configure rules that control access to highly sensitive data with low immunity times, and then set higher immunity times in your protection pack or web ACL for your other rules and the SDKs to inherit.