AWS waf documentation change
Summary
Updated documentation to include references to 'protection pack' alongside existing 'web ACL' terminology, introduced new console experience information, and adjusted related links/headings.
Security assessment
The changes introduce 'protection pack' as a new security control component in AWS WAF documentation, indicating expanded security feature coverage. However, there is no evidence of addressing a specific vulnerability or security incident. The updates primarily enhance documentation for existing security features (web ACLs) and introduce terminology for a new security-related capability (protection packs).
Diff
diff --git a/waf/latest/developerguide/web-acl-testing-activities.md b/waf/latest/developerguide/web-acl-testing-activities.md index 9b6a1cacc..adb5828e2 100644 --- a//waf/latest/developerguide/web-acl-testing-activities.md +++ b//waf/latest/developerguide/web-acl-testing-activities.md @@ -4,0 +5,4 @@ +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -11 +15 @@ Monitor and tune your AWS WAF protections. -To follow the guidance in this section, you need to understand generally how to create and manage AWS WAF protections like web ACLs, rules, and rule groups. That information is covered in earlier sections of this guide. +To follow the guidance in this section, you need to understand generally how to create and manage AWS WAF protections like protection pack or web ACLs, rules, and rule groups. That information is covered in earlier sections of this guide. @@ -13 +17 @@ To follow the guidance in this section, you need to understand generally how to -Monitor web traffic and rule matches to verify the behavior of the web ACL. If you find problems, adjust your rules to correct and then monitor to verify the adjustments. +Monitor web traffic and rule matches to verify the behavior of the protection pack or web ACL. If you find problems, adjust your rules to correct and then monitor to verify the adjustments. @@ -15 +19 @@ Monitor web traffic and rule matches to verify the behavior of the web ACL. If y -Repeat the following procedure until the web ACL is managing your web traffic as you need it to. +Repeat the following procedure until the protection pack or web ACL is managing your web traffic as you need it to. @@ -27 +31 @@ Look for the following information for the protections that you're testing: - * **Your rules** \- Rules in the web ACL that have Count action are listed under `nonTerminatingMatchingRules`. Rules with Allow or Block are listed as the `terminatingRule`. Rules with CAPTCHA or Challenge can be either terminating or non-terminating, and so are listed under one of the two categories, according to the result of the rule match. + * **Your rules** \- Rules in the protection pack or web ACL that have Count action are listed under `nonTerminatingMatchingRules`. Rules with Allow or Block are listed as the `terminatingRule`. Rules with CAPTCHA or Challenge can be either terminating or non-terminating, and so are listed under one of the two categories, according to the result of the rule match. @@ -33 +37 @@ Look for the following information for the protections that you're testing: -For more information, see [Log fields for web ACL traffic](./logging-fields.html). +For more information, see [Log fields for protection pack or web ACL traffic](./logging-fields.html). @@ -35 +39 @@ For more information, see [Log fields for web ACL traffic](./logging-fields.html - * **Amazon CloudWatch metrics** – You can access the following metrics for your web ACL request evaluation. + * **Amazon CloudWatch metrics** – You can access the following metrics for your protection pack or web ACL request evaluation. @@ -37 +41 @@ For more information, see [Log fields for web ACL traffic](./logging-fields.html - * **Your rules** – Metrics are grouped by the rule action. For example, when you test a rule in Count mode, its matches are listed as `Count` metrics for the web ACL. + * **Your rules** – Metrics are grouped by the rule action. For example, when you test a rule in Count mode, its matches are listed as `Count` metrics for the protection pack or web ACL. @@ -41 +45 @@ For more information, see [Log fields for web ACL traffic](./logging-fields.html - * **Rule groups owned by another account** – Rule group metrics are generally visible only to the rule group owner. However, if you override the rule action for a rule, the metrics for that rule will be listed under your web ACL metrics. Additionally, labels added by any rule group are listed in your web ACL metrics + * **Rule groups owned by another account** – Rule group metrics are generally visible only to the rule group owner. However, if you override the rule action for a rule, the metrics for that rule will be listed under your protection pack or web ACL metrics. Additionally, labels added by any rule group are listed in your protection pack or web ACL metrics @@ -45 +49 @@ Rule groups in this category are [AWS Managed Rules for AWS WAF](./aws-managed-r - * **Labels** \- Labels that were added to a web request during evaluation are listed in the web ACL label metrics. You can access the metrics for all labels, regardless of whether they were added by your rules and rule groups or by rules in a rule group that another account owns. + * **Labels** \- Labels that were added to a web request during evaluation are listed in the protection pack or web ACL label metrics. You can access the metrics for all labels, regardless of whether they were added by your rules and rule groups or by rules in a rule group that another account owns. @@ -49 +53 @@ For more information, see [Viewing metrics for your web ACL](./web-acl-testing-v - * **Web ACL traffic overview dashboards** – Access summaries of the web traffic that a web ACL has evaluated by going to the web ACL's page in the AWS WAF console and opening the **Traffic overview** tab. + * **protection pack or web ACL traffic overview dashboards** – Access summaries of the web traffic that a protection pack or web ACL has evaluated by going to the protection pack or web ACL's page in the AWS WAF console and opening the **Traffic overview** tab. @@ -53 +57 @@ The traffic overview dashboards provide near real-time summaries of the Amazon C -For more information, see [Web ACL traffic overview dashboards](./web-acl-dashboards.html). +For more information, see [Traffic overview dashboards for protection pack or web ACLs](./web-acl-dashboards.html). @@ -55 +59 @@ For more information, see [Web ACL traffic overview dashboards](./web-acl-dashbo - * **Sampled web requests** – Access information for the rules that match a sampling of the web requests. The sample information identifies matching rules by the metric name for the rule in the web ACL. For rule groups, the metric identifies the rule group reference statement. For rules inside rule groups, the sample lists the matching rule name in `RuleWithinRuleGroup`. + * **Sampled web requests** – Access information for the rules that match a sampling of the web requests. The sample information identifies matching rules by the metric name for the rule in the protection pack or web ACL. For rule groups, the metric identifies the rule group reference statement. For rules inside rule groups, the sample lists the matching rule name in `RuleWithinRuleGroup`. @@ -61 +65 @@ For more information, see [Viewing a sample of web requests](./web-acl-testing-v -If you determine that a rule is generating false positives, by matching web requests when it shouldn't, the following options can help you tune your web ACL protections to mitigate. +If you determine that a rule is generating false positives, by matching web requests when it shouldn't, the following options can help you tune your protection pack or web ACL protections to mitigate. @@ -73 +77 @@ What you do to mitigate false positives depends on your use case. The following - * **Add a mitigating rule** – Add a rule that runs before the new rule and that explicitly allows requests that are causing false positives. For information about rule evaluation order in a web ACL, see [Setting rule priority in a web ACL](./web-acl-processing-order.html). + * **Add a mitigating rule** – Add a rule that runs before the new rule and that explicitly allows requests that are causing false positives. For information about rule evaluation order in a web ACL, see [Setting rule priority](./web-acl-processing-order.html). @@ -106 +110 @@ Preparing for testing -Viewing web ACL metrics +Viewing protection pack or web ACL metrics