AWS cognito documentation change
Summary
Updated documentation about AWS WAF web ACL rule behavior for login pages
Security assessment
Clarifies security configuration details for WAF integration but doesn't indicate remediation of a specific security issue
Diff
diff --git a/cognito/latest/developerguide/user-pool-waf.md b/cognito/latest/developerguide/user-pool-waf.md index 8f1c56c5c..d19ec77d1 100644 --- a//cognito/latest/developerguide/user-pool-waf.md +++ b//cognito/latest/developerguide/user-pool-waf.md @@ -23 +23 @@ When you have an AWS WAF web ACL associated with a user pool, Amazon Cognito for - * The rule conditions in your web ACL must match users' **first** request to managed login. Their first request is typically to the [Authorize endpoint](./authorization-endpoint.html). The authorize endpoint always redirects requests; don't configure URL path matching in your web ACL rules. + * Web ACL rule conditions can only return custom block responses to users' **first** request to a user-interactive managed login page. When subsequent connections match a custom block response condition, they return your custom status code, header, and redirect responses, but a default block message.