AWS waf documentation change
Summary
Updated documentation to introduce new console experience and expand coverage to include 'protection pack' terminology alongside web ACL default actions. Changed focus from pure web ACL configuration to include protection packs, with updated instructions and terminology throughout.
Security assessment
The changes primarily introduce new terminology (protection packs) and console navigation guidance. While default actions are security controls, there's no evidence of addressing a specific vulnerability. The updates expand documentation about existing security features (default allow/block actions) rather than patching weaknesses.
Diff
diff --git a/waf/latest/developerguide/web-acl-default-action.md b/waf/latest/developerguide/web-acl-default-action.md index da7e0156f..89c53fe6c 100644 --- a//waf/latest/developerguide/web-acl-default-action.md +++ b//waf/latest/developerguide/web-acl-default-action.md @@ -5 +5 @@ -# Setting the web ACL default action in AWS WAF +**Introducing a new console experience for AWS WAF** @@ -7 +7 @@ -This section explains how web ACL default actions work. +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). @@ -9 +9 @@ This section explains how web ACL default actions work. -When you create and configure a web ACL, you must set the web ACL default action. AWS WAF applies this action to any web request that makes it through all of the web ACL's rule evaluations without having a terminating action applied to it. A terminating action stops the web ACL evaluation of the request and either lets it continue to your protected application or blocks it. For information about rule actions, see [Using rule actions in AWS WAF](./waf-rule-action.html). +# Setting the protection pack or web ACL default action in AWS WAF @@ -11 +11 @@ When you create and configure a web ACL, you must set the web ACL default action -The web ACL default action must determine the final disposition of the web request, so it's a terminating action: +This section explains how protection pack or web ACL default actions work. @@ -13 +13 @@ The web ACL default action must determine the final disposition of the web reque - * **Allow** – If you want to allow most users to access your website, but you want to block access to attackers whose requests originate from specified IP addresses, or whose requests appear to contain malicious SQL code or specified values, choose Allow for the default action. Then, when you add rules to your web ACL, add rules that identify and block the specific requests that you want to block. With this action, you can insert custom headers into the request before forwarding it to the protected resource. +When you create and configure a protection pack or web ACL, you must set the protection pack or web ACL default action. AWS WAF applies this action to any web request that makes it through all of the protection pack or web ACL's rule evaluations without having a terminating action applied to it. A terminating action stops the protection pack or web ACL evaluation of the request and either lets it continue to your protected application or blocks it. For information about rule actions, see [Using rule actions in AWS WAF](./waf-rule-action.html). @@ -15 +15,5 @@ The web ACL default action must determine the final disposition of the web reque - * **Block** – If you want to prevent most users from accessing your website, but you want to allow access to users whose requests originate from specified IP addresses, or whose requests contain specified values, choose Block for the default action. Then when you add rules to your web ACL, add rules that identify and allow the specific requests that you want to allow in. By default, for the Block action, the AWS resource responds with an HTTP `403 (Forbidden)` status code, but you can customize the response. +The protection pack or web ACL default action must determine the final disposition of the web request, so it's a terminating action: + + * **Allow** – If you want to allow most users to access your website, but you want to block access to attackers whose requests originate from specified IP addresses, or whose requests appear to contain malicious SQL code or specified values, choose Allow for the default action. Then, when you add rules to your protection pack or web ACL, add rules that identify and block the specific requests that you want to block. With this action, you can insert custom headers into the request before forwarding it to the protected resource. + + * **Block** – If you want to prevent most users from accessing your website, but you want to allow access to users whose requests originate from specified IP addresses, or whose requests contain specified values, choose Block for the default action. Then when you add rules to your protection pack or web ACL, add rules that identify and allow the specific requests that you want to allow in. By default, for the Block action, the AWS resource responds with an HTTP `403 (Forbidden)` status code, but you can customize the response. @@ -22 +26 @@ For information about customizing requests and responses, see [Customized web re -Your configuration of your own rules and rule groups depends in part on whether you want to allow or block most web requests. For example, if you want to _allow_ most requests, you would set the web ACL default action to Allow, and then add rules that identify web requests that you want to _block_ , such as the following: +Your configuration of your own rules and rule groups depends in part on whether you want to allow or block most web requests. For example, if you want to _allow_ most requests, you would set the protection pack or web ACL default action to Allow, and then add rules that identify web requests that you want to _block_ , such as the following: