AWS waf documentation change
Summary
Updated documentation to include 'protection pack' terminology alongside web ACLs in traffic overview dashboards, added section about new console experience
Security assessment
Changes primarily expand terminology to include 'protection packs' as a new entity type alongside web ACLs. No specific security vulnerabilities or mitigations are mentioned. Updates focus on dashboard functionality and console navigation rather than security controls.
Diff
diff --git a/waf/latest/developerguide/web-acl-dashboards.md b/waf/latest/developerguide/web-acl-dashboards.md index 48f98dee7..880a86d41 100644 --- a//waf/latest/developerguide/web-acl-dashboards.md +++ b//waf/latest/developerguide/web-acl-dashboards.md @@ -5 +5 @@ -# Web ACL traffic overview dashboards +**Introducing a new console experience for AWS WAF** @@ -7 +7,5 @@ -This section describes the web ACL traffic overview dashboards in the AWS WAF console. After you associate a web ACL with one or more AWS resources and enable metrics for the web ACL, you can access summaries of the web traffic that the web ACL evaluates by going to the web ACL's **Traffic overview** tab in the AWS WAF console. The dashboards include near real-time summaries of the Amazon CloudWatch metrics that AWS WAF collects when it evaluates your application web traffic. +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + +# Traffic overview dashboards for protection pack or web ACLs + +This section describes the protection pack or web ACL traffic overview dashboards in the AWS WAF console. After you associate a protection pack or web ACL with one or more AWS resources and enable metrics for the protection pack or web ACL, you can access summaries of the web traffic that the protection pack or web ACL evaluates by going to the protection pack or web ACL's **Traffic overview** tab in the AWS WAF console. The dashboards include near real-time summaries of the Amazon CloudWatch metrics that AWS WAF collects when it evaluates your application web traffic. @@ -11 +15 @@ This section describes the web ACL traffic overview dashboards in the AWS WAF co -If you don't see anything on the dashboards, make sure you have metrics enabled for the web ACL. +If you don't see anything on the dashboards, make sure you have metrics enabled for the protection pack or web ACL. @@ -13 +17 @@ If you don't see anything on the dashboards, make sure you have metrics enabled -The web ACL's **Traffic overview** tab contains tabbed dashboards with the following categories of information: +The protection pack or web ACL's **Traffic overview** tab contains tabbed dashboards with the following categories of information: @@ -17 +21 @@ The web ACL's **Traffic overview** tab contains tabbed dashboards with the follo - * **All traffic** – All web requests that the web ACL evaluates. + * **All traffic** – All web requests that the protection pack or web ACL evaluates. @@ -23 +27 @@ The dashboard focus is on terminating actions, but you can view the matches for - * **Sampled requests** tab of the web ACL page. This new tab includes a graph of all rule matches. For information, see [Viewing a sample of web requests](./web-acl-testing-view-sample.html). + * **Sampled requests** tab of the protection pack or web ACL page. This new tab includes a graph of all rule matches. For information, see [Viewing a sample of web requests](./web-acl-testing-view-sample.html). @@ -25 +29 @@ The dashboard focus is on terminating actions, but you can view the matches for - * **Anti-DDoS** – Web requests that the web ACL evaluates using the `AntiDDoSRuleSet` Anti-DDoS managed rule group. + * **Anti-DDoS** – Web requests that the protection pack or web ACL evaluates using the `AntiDDoSRuleSet` Anti-DDoS managed rule group. @@ -27 +31 @@ The dashboard focus is on terminating actions, but you can view the matches for -This tab is only available if you're using this rule group in your web ACL. +This tab is only available if you're using this rule group in your protection pack or web ACL. @@ -29 +33 @@ This tab is only available if you're using this rule group in your web ACL. - * **Bot Control** – Web requests that the web ACL evaluates using the Bot Control managed rule group. + * **Bot Control** – Web requests that the protection pack or web ACL evaluates using the Bot Control managed rule group. @@ -31 +35 @@ This tab is only available if you're using this rule group in your web ACL. -If you aren't using this rule group in your web ACL, this tab shows the results of evaluating a sampling of your web traffic against the Bot Control rules. This gives you an idea of the bot traffic that your application receives and it's free of charge. + * If you aren't using this rule group in your protection pack or web ACL, this tab shows the results of evaluating a sampling of your web traffic against the Bot Control rules. This gives you an idea of the bot traffic that your application receives and it's free of charge. @@ -35 +39 @@ This rule group is part of the intelligent threat mitigation options that AWS WA - * **Account takeover prevention** – Web requests that the web ACL evaluates using the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group. This tab is only available if you're using this rule group in your web ACL. + * **Account takeover prevention** – Web requests that the protection pack or web ACL evaluates using the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group. This tab is only available if you're using this rule group in your protection pack or web ACL. @@ -39 +43 @@ The ATP rule group is part of the AWS WAF intelligent threat mitigation offering - * **Account creation fraud prevention** – Web requests that the web ACL evaluates using the AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule group. This tab is only available if you're using this rule group in your web ACL. + * **Account creation fraud prevention** – Web requests that the protection pack or web ACL evaluates using the AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule group. This tab is only available if you're using this rule group in your protection pack or web ACL. @@ -46 +50 @@ The ACFP rule group is part of the AWS WAF intelligent threat mitigation offerin -The dashboards are based on the web ACL's CloudWatch metrics, and the graphs provide access to the corresponding metrics in CloudWatch. For the intelligent threat mitigation dashboards, like Bot Control, the metrics used are primarily the label metrics. +The dashboards are based on the protection pack or web ACL's CloudWatch metrics, and the graphs provide access to the corresponding metrics in CloudWatch. For the intelligent threat mitigation dashboards, like Bot Control, the metrics used are primarily the label metrics. @@ -55 +59 @@ The dashboards are based on the web ACL's CloudWatch metrics, and the graphs pro -The dashboards provide summaries of your traffic patterns for the terminating actions and date range that you select. The intelligent threat mitigation dashboards include requests that the corresponding managed rule group evaluated, regardless of whether the managed rule group itself applied the terminating action. For example, if Block is selected, the **Account takeover prevention** dashboard includes information for all web requests that were both evaluated by the ATP managed rule group and blocked at some point during the web ACL evaluation. The requests can be blocked by the ATP managed rule group, by a rule that ran after the rule group in the web ACL, or by the web ACL default action. +The dashboards provide summaries of your traffic patterns for the terminating actions and date range that you select. The intelligent threat mitigation dashboards include requests that the corresponding managed rule group evaluated, regardless of whether the managed rule group itself applied the terminating action. For example, if Block is selected, the **Account takeover prevention** dashboard includes information for all web requests that were both evaluated by the ATP managed rule group and blocked at some point during the protection pack or web ACL evaluation. The requests can be blocked by the ATP managed rule group, by a rule that ran after the rule group in the protection pack or web ACL, or by the protection pack or web ACL default action. @@ -63 +67 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Viewing web ACL metrics +Viewing protection pack or web ACL metrics @@ -65 +69 @@ Viewing web ACL metrics -Viewing the dashboards for a web ACL +Viewing the dashboards for a protection pack or web ACL