AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/web-acl-testing-view-sample.md

Summary

Updated documentation to include references to 'protection pack' alongside 'web ACL' throughout the file, indicating expanded support for protection packs in AWS WAF console features. Added a section introducing the new console experience.

Security assessment

The changes primarily involve terminology updates to include 'protection pack' as an additional resource type. There is no evidence of addressing a specific security vulnerability or weakness. The updates focus on feature parity between web ACLs and protection packs, not security enhancements or fixes.

Diff

diff --git a/waf/latest/developerguide/web-acl-testing-view-sample.md b/waf/latest/developerguide/web-acl-testing-view-sample.md
index 089447b42..4f03e5446 100644
--- a//waf/latest/developerguide/web-acl-testing-view-sample.md
+++ b//waf/latest/developerguide/web-acl-testing-view-sample.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -7 +11 @@
-This section describes the web ACL **Sampled requests** tab in the AWS WAF console. In this tab, you can view a graph of all of the rule matches for web requests that AWS WAF has inspected. Additionally, if you have request sampling enabled for the web ACL, you can see a table view of a sample of the web requests that AWS WAF has inspected. You can also retrieve sampled request information through the API call `GetSampledRequests`.
+This section describes the protection pack or web ACL **Sampled requests** tab in the AWS WAF console. In this tab, you can view a graph of all of the rule matches for web requests that AWS WAF has inspected. Additionally, if you have request sampling enabled for the protection pack or web ACL, you can see a table view of a sample of the web requests that AWS WAF has inspected. You can also retrieve sampled request information through the API call `GetSampledRequests`.
@@ -9 +13 @@ This section describes the web ACL **Sampled requests** tab in the AWS WAF conso
-The sample of requests contains up to 100 requests that matched the criteria for a rule in the web ACL and another 100 requests for requests that didn't match any rules and had the web ACL default action applied. The requests in the sample come from all the protected resources that have received requests for your content in the previous three hours. 
+The sample of requests contains up to 100 requests that matched the criteria for a rule in the protection pack or web ACL and another 100 requests for requests that didn't match any rules and had the protection pack or web ACL default action applied. The requests in the sample come from all the protected resources that have received requests for your content in the previous three hours. 
@@ -11 +15 @@ The sample of requests contains up to 100 requests that matched the criteria for
-When a web request matches the criteria in a rule and the action for that rule doesn't terminate the request evaluation, AWS WAF continues inspecting the web request using the subsequent rules in the web ACL. Because of this, a web request could appear multiple times. For information about rule action behaviors, see [Using rule actions in AWS WAF](./waf-rule-action.html).
+When a web request matches the criteria in a rule and the action for that rule doesn't terminate the request evaluation, AWS WAF continues inspecting the web request using the subsequent rules in the protection pack or web ACL. Because of this, a web request could appear multiple times. For information about rule action behaviors, see [Using rule actions in AWS WAF](./waf-rule-action.html).
@@ -17 +21 @@ When a web request matches the criteria in a rule and the action for that rule d
-  2. In the navigation pane, choose **Web ACLs**.
+  2. In the navigation pane, choose **protection pack or web ACLs**.
@@ -19 +23 @@ When a web request matches the criteria in a rule and the action for that rule d
-  3. Choose the name of the web ACL for which you want to view requests. The console takes you to the web ACL's description, where you can edit it.
+  3. Choose the name of the protection pack or web ACL for which you want to view requests. The console takes you to the protection pack or web ACL's description, where you can edit it.
@@ -27 +31 @@ When a web request matches the criteria in a rule and the action for that rule d
-The time range for this graph is set in the web ACL's **Traffic overview** tab, in the **Data filters** section. For information, see [Viewing the dashboards for a web ACL](./web-acl-dashboards-accessing.html). 
+The time range for this graph is set in the protection pack or web ACL's **Traffic overview** tab, in the **Data filters** section. For information, see [Viewing the dashboards for a protection pack or web ACL](./web-acl-dashboards-accessing.html). 
@@ -40 +44 @@ For each entry, the table displays the following data:
-The CloudWatch metric name for the rule in the web ACL that matched the request. If a web request doesn't match any rule in the web ACL, this value is **Default**.
+The CloudWatch metric name for the rule in the protection pack or web ACL that matched the request. If a web request doesn't match any rule in the protection pack or web ACL, this value is **Default**.
@@ -44 +48 @@ The CloudWatch metric name for the rule in the web ACL that matched the request.
-If you change the name of a rule and you want the rule's metric name to reflect the change, you must update the metric name as well. AWS WAF doesn't automatically update the metric name for a rule when you change the rule name. You can change the metric name when you edit the rule in the console, by using the rule JSON editor. You can also change both names through the APIs and in any JSON listing that you use to define your web ACL or rule group.
+If you change the name of a rule and you want the rule's metric name to reflect the change, you must update the metric name as well. AWS WAF doesn't automatically update the metric name for a rule when you change the rule name. You can change the metric name when you edit the rule in the console, by using the rule JSON editor. You can also change both names through the APIs and in any JSON listing that you use to define your protection pack or web ACL or rule group.
@@ -78 +82 @@ To display additional information about the components of a web request, choose
-In the console, sampled requests are available for managed rule group rules only if they either don't have action overrides or if the action overrides use the most recent override configuration setting, `RuleActionOverrides`. Rule action overrides that use the older `ExcludedRules` setting are not available through the console. If you're not seeing all of the managed rule group request samples that you expect, check your web ACL JSON for overrides that use the older setting. You can download the JSON from the web ACL's console page.
+In the console, sampled requests are available for managed rule group rules only if they either don't have action overrides or if the action overrides use the most recent override configuration setting, `RuleActionOverrides`. Rule action overrides that use the older `ExcludedRules` setting are not available through the console. If you're not seeing all of the managed rule group request samples that you expect, check your protection pack or web ACL JSON for overrides that use the older setting. You can download the JSON from the protection pack or web ACL's console page.
@@ -80 +84 @@ In the console, sampled requests are available for managed rule group rules only
-If you see the older settings, replace them with the new settings to start making the sampled requests available through the console. You can do this through the console by editing the managed rule group in the web ACL and saving it. AWS WAF automatically replaces any older settings with the `RuleActionOverrides` settings and sets the rule action override to Count. For more information about these two settings, see [JSON listing: RuleActionOverrides replaces ExcludedRules](./web-acl-rule-group-override-options.html#web-acl-rule-group-override-replaces-exclude).
+If you see the older settings, replace them with the new settings to start making the sampled requests available through the console. You can do this through the console by editing the managed rule group in the protection pack or web ACL and saving it. AWS WAF automatically replaces any older settings with the `RuleActionOverrides` settings and sets the rule action override to Count. For more information about these two settings, see [JSON listing: RuleActionOverrides replaces ExcludedRules](./web-acl-rule-group-override-options.html#web-acl-rule-group-override-replaces-exclude).
@@ -100 +104 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Examples of the web ACL traffic dashboards
+Examples of the protection pack or web ACL traffic dashboards