AWS waf documentation change
Summary
Updated documentation to include 'protection pack' terminology alongside existing 'web ACL' references throughout testing preparation steps
Security assessment
The changes introduce 'protection pack' as a new security configuration option alongside web ACLs, expanding documentation for security features like logging, monitoring, and rule management. However, there is no evidence of addressing a specific vulnerability or security incident.
Diff
diff --git a/waf/latest/developerguide/web-acl-testing-prep.md b/waf/latest/developerguide/web-acl-testing-prep.md index 6835e0567..3e0b6f35d 100644 --- a//waf/latest/developerguide/web-acl-testing-prep.md +++ b//waf/latest/developerguide/web-acl-testing-prep.md @@ -4,0 +5,4 @@ +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -11 +15 @@ This section describes how to get set up to test and tune your AWS WAF protectio -To follow the guidance in this section, you need to understand generally how to create and manage AWS WAF protections like web ACLs, rules, and rule groups. That information is covered in earlier sections of this guide. +To follow the guidance in this section, you need to understand generally how to create and manage AWS WAF protections like protection pack or web ACLs, rules, and rule groups. That information is covered in earlier sections of this guide. @@ -15 +19 @@ To follow the guidance in this section, you need to understand generally how to - 1. ###### Enable web ACL logging, Amazon CloudWatch metrics, and web request sampling for the web ACL + 1. ###### Enable protection pack or web ACL logging, Amazon CloudWatch metrics, and web request sampling for the protection pack or web ACL @@ -17 +21 @@ To follow the guidance in this section, you need to understand generally how to -Use logging, metrics, and sampling to monitor the interaction of the web ACL rules with your web traffic. +Use logging, metrics, and sampling to monitor the interaction of the protection pack or web ACL rules with your web traffic. @@ -19 +23 @@ Use logging, metrics, and sampling to monitor the interaction of the web ACL rul - * **Logging** – You can configure AWS WAF to log the web requests that a web ACL evaluates. You can send logs to CloudWatch logs, an Amazon S3 bucket, or an Amazon Data Firehose delivery stream. You can redact fields and apply filtering. For more information, see [Logging AWS WAF web ACL traffic](./logging.html). + * **Logging** – You can configure AWS WAF to log the web requests that a protection pack or web ACL evaluates. You can send logs to CloudWatch logs, an Amazon S3 bucket, or an Amazon Data Firehose delivery stream. You can redact fields and apply filtering. For more information, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). @@ -21 +25 @@ Use logging, metrics, and sampling to monitor the interaction of the web ACL rul - * **Amazon Security Lake** – You can configure Security Lake to collect web ACL data. Security Lake collects log and event data from various sources for normalization, analysis, and management. For information about this option, see [What is Amazon Security Lake?](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html) and [Collecting data from AWS services](https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html) in the _Amazon Security Lake user guide_. + * **Amazon Security Lake** – You can configure Security Lake to collect protection pack or web ACL data. Security Lake collects log and event data from various sources for normalization, analysis, and management. For information about this option, see [What is Amazon Security Lake?](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html) and [Collecting data from AWS services](https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html) in the _Amazon Security Lake user guide_. @@ -23 +27 @@ Use logging, metrics, and sampling to monitor the interaction of the web ACL rul - * **Amazon CloudWatch metrics** – In your web ACL configuration, provide metric specifications for everything that you want to monitor. You can view metrics through the AWS WAF and CloudWatch consoles. For more information, see [Monitoring with Amazon CloudWatch](./monitoring-cloudwatch.html). + * **Amazon CloudWatch metrics** – In your protection pack or web ACL configuration, provide metric specifications for everything that you want to monitor. You can view metrics through the AWS WAF and CloudWatch consoles. For more information, see [Monitoring with Amazon CloudWatch](./monitoring-cloudwatch.html). @@ -25 +29 @@ Use logging, metrics, and sampling to monitor the interaction of the web ACL rul - * **Web request sampling** – You can view a sample of all web requests that your web ACL evaluates. For information about web request sampling, see [Viewing a sample of web requests](./web-acl-testing-view-sample.html). + * **Web request sampling** – You can view a sample of all web requests that your protection pack or web ACL evaluates. For information about web request sampling, see [Viewing a sample of web requests](./web-acl-testing-view-sample.html). @@ -29 +33 @@ Use logging, metrics, and sampling to monitor the interaction of the web ACL rul -In your web ACL configuration, switch anything that you want to test to count mode. This causes the test protections to record matches against web requests without altering how the requests are handled. You'll be able to see the matches in your metrics, logs, and sampled requests, to verify the match criteria and to understand what the effects might be on your web traffic. Rules that add labels to matching requests will add labels regardless of the rule action. +In your protection pack or web ACL configuration, switch anything that you want to test to count mode. This causes the test protections to record matches against web requests without altering how the requests are handled. You'll be able to see the matches in your metrics, logs, and sampled requests, to verify the match criteria and to understand what the effects might be on your web traffic. Rules that add labels to matching requests will add labels regardless of the rule action. @@ -31 +35 @@ In your web ACL configuration, switch anything that you want to test to count mo - * **Rule defined in the web ACL** – Edit the rules in the web ACL and set their actions to Count. + * **Rule defined in the protection pack or web ACL** – Edit the rules in the protection pack or web ACL and set their actions to Count. @@ -33 +37 @@ In your web ACL configuration, switch anything that you want to test to count mo - * **Rule group** – In your web ACL configuration, edit the rule statement for the rule group and, in the **Rules** pane, open the **Override all rule actions** dropdown and choose **Count**. If you manage the web ACL in JSON, add the rules to the `RuleActionOverrides` settings in the rule group reference statement, with `ActionToUse` set to Count. The following example listing shows overrides for two rules in the `AWSManagedRulesAnonymousIpList` AWS Managed Rules rule group. + * **Rule group** – In your protection pack or web ACL configuration, edit the rule statement for the rule group and, in the **Rules** pane, open the **Override all rule actions** dropdown and choose **Count**. If you manage the protection pack or web ACL in JSON, add the rules to the `RuleActionOverrides` settings in the rule group reference statement, with `ActionToUse` set to Count. The following example listing shows overrides for two rules in the `AWSManagedRulesAnonymousIpList` AWS Managed Rules rule group. @@ -58 +62 @@ For more information about rule action overrides, see [Overriding rule actions i -For your own rule group, don't modify the rule actions in the rule group itself. Rule group rules with Count action don't generate the metrics or other artifacts that you need for your testing. In addition, changing a rule group affects all web ACLs that use it, while the changes inside the web ACL configuration only affect the single web ACL. +For your own rule group, don't modify the rule actions in the rule group itself. Rule group rules with Count action don't generate the metrics or other artifacts that you need for your testing. In addition, changing a rule group affects all protection pack or web ACLs that use it, while the changes inside the protection pack or web ACL configuration only affect the single protection pack or web ACL. @@ -60 +64 @@ For your own rule group, don't modify the rule actions in the rule group itself. - * **Web ACL** – If you're testing a new web ACL, set the default action for the web ACL to allow requests. This lets you try out the web ACL without affecting traffic in any way. + * **protection pack or web ACL** – If you're testing a new protection pack or web ACL, set the default action for the protection pack or web ACL to allow requests. This lets you try out the web ACL without affecting traffic in any way. @@ -62 +66 @@ For your own rule group, don't modify the rule actions in the rule group itself. -In general, count mode generates more matches than production. This is because a rule that counts requests doesn't stop the evaluation of the request by the web ACL, so rules that run later in the web ACL might also match the request. When you change your rule actions to their production settings, rules that allow or block requests will terminate the evaluation of requests that they match. As a result, matching requests will generally be inspected by fewer rules in the web ACL. For more information about the effects of rule actions on the overall evaluation of a web request, see [Using rule actions in AWS WAF](./waf-rule-action.html). +In general, count mode generates more matches than production. This is because a rule that counts requests doesn't stop the evaluation of the request by the protection pack or web ACL, so rules that run later in the protection pack or web ACL might also match the request. When you change your rule actions to their production settings, rules that allow or block requests will terminate the evaluation of requests that they match. As a result, matching requests will generally be inspected by fewer rules in the protection pack or web ACL. For more information about the effects of rule actions on the overall evaluation of a web request, see [Using rule actions in AWS WAF](./waf-rule-action.html). @@ -64 +68 @@ In general, count mode generates more matches than production. This is because a -With these settings, your new protections won't alter web traffic, but will generate match information in metrics, web ACL logs, and request samples. +With these settings, your new protections won't alter web traffic, but will generate match information in metrics, protection pack or web ACL logs, and request samples. @@ -66 +70 @@ With these settings, your new protections won't alter web traffic, but will gene - 3. ###### Associate the web ACL with a resource + 3. ###### Associate the protection pack or web ACL with a resource @@ -68 +72 @@ With these settings, your new protections won't alter web traffic, but will gene -If the web ACL isn't already associated with the resource, associate it. +If the protection pack or web ACL isn't already associated with the resource, associate it. @@ -70 +74 @@ If the web ACL isn't already associated with the resource, associate it. -See [Associating or disassociating a web ACL with an AWS resource](./web-acl-associating-aws-resource.html). +See [Associating or disassociating protection with an AWS resource](./web-acl-associating-aws-resource.html). @@ -75 +79 @@ See [Associating or disassociating a web ACL with an AWS resource](./web-acl-ass -You're now ready to monitor and tune your web ACL. +You're now ready to monitor and tune your protection pack or web ACL.