AWS waf documentation change
Summary
Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' across multiple rule descriptions and introductory sections for consistency.
Security assessment
The changes are purely terminological updates clarifying that 'protection pack' refers to a web ACL. No new security features, vulnerabilities, or mitigations are introduced. The updates maintain existing security documentation without altering security implications or addressing any specific security incident.
Diff
diff --git a/waf/latest/developerguide/aws-managed-rule-groups-baseline.md b/waf/latest/developerguide/aws-managed-rule-groups-baseline.md index d41fee327..b031d527f 100644 --- a//waf/latest/developerguide/aws-managed-rule-groups-baseline.md +++ b//waf/latest/developerguide/aws-managed-rule-groups-baseline.md @@ -29 +29 @@ The core rule set (CRS) rule group contains rules that are generally applicable -This managed rule group adds labels to the web requests that it evaluates, which are available to rules that run after this rule group in your protection pack or web ACL. AWS WAF also records the labels to Amazon CloudWatch metrics. For general information about labels and label metrics, see [Web request labeling](./waf-labels.html) and [Label metrics and dimensions](./waf-metrics.html#waf-metrics-label). +This managed rule group adds labels to the web requests that it evaluates, which are available to rules that run after this rule group in your protection pack (web ACL). AWS WAF also records the labels to Amazon CloudWatch metrics. For general information about labels and label metrics, see [Web request labeling](./waf-labels.html) and [Label metrics and dimensions](./waf-metrics.html#waf-metrics-label). @@ -43 +43 @@ Rule name | Description and label -This rule only inspects the request body up to the body size limit for the protection pack or web ACL and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack or web ACL configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:core-rule-set:EC2MetaDataSSRF_Body` +This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:core-rule-set:EC2MetaDataSSRF_Body` @@ -53 +53 @@ This rule only inspects the request body up to the body size limit for the prote -This rule only inspects the request body up to the body size limit for the protection pack or web ACL and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack or web ACL configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:core-rule-set:GenericLFI_Body` +This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:core-rule-set:GenericLFI_Body` @@ -61 +61 @@ This rule only inspects the request body up to the body size limit for the prote -This rule only inspects the request body up to the body size limit for the protection pack or web ACL and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack or web ACL configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:core-rule-set:GenericRFI_Body` +This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:core-rule-set:GenericRFI_Body` @@ -81 +81 @@ The rule match details in the AWS WAF logs is not populated for version 2.0 of t -This rule only inspects the request body up to the body size limit for the protection pack or web ACL and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack or web ACL configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:core-rule-set:CrossSiteScripting_Body` +This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:core-rule-set:CrossSiteScripting_Body` @@ -102 +102 @@ The Admin protection rule group contains rules that allow you to block external -This managed rule group adds labels to the web requests that it evaluates, which are available to rules that run after this rule group in your protection pack or web ACL. AWS WAF also records the labels to Amazon CloudWatch metrics. For general information about labels and label metrics, see [Web request labeling](./waf-labels.html) and [Label metrics and dimensions](./waf-metrics.html#waf-metrics-label). +This managed rule group adds labels to the web requests that it evaluates, which are available to rules that run after this rule group in your protection pack (web ACL). AWS WAF also records the labels to Amazon CloudWatch metrics. For general information about labels and label metrics, see [Web request labeling](./waf-labels.html) and [Label metrics and dimensions](./waf-metrics.html#waf-metrics-label). @@ -122 +122 @@ The Known bad inputs rule group contains rules to block request patterns that ar -This managed rule group adds labels to the web requests that it evaluates, which are available to rules that run after this rule group in your protection pack or web ACL. AWS WAF also records the labels to Amazon CloudWatch metrics. For general information about labels and label metrics, see [Web request labeling](./waf-labels.html) and [Label metrics and dimensions](./waf-metrics.html#waf-metrics-label). +This managed rule group adds labels to the web requests that it evaluates, which are available to rules that run after this rule group in your protection pack (web ACL). AWS WAF also records the labels to Amazon CloudWatch metrics. For general information about labels and label metrics, see [Web request labeling](./waf-labels.html) and [Label metrics and dimensions](./waf-metrics.html#waf-metrics-label). @@ -135 +135 @@ This rule only inspects the first 8 KB of the request headers or the first 200 h -This rule only inspects the request body up to the body size limit for the protection pack or web ACL and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack or web ACL configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_Body` +This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:known-bad-inputs:JavaDeserializationRCE_Body` @@ -151 +151 @@ This rule only inspects the first 8 KB of the request headers or the first 200 h -This rule only inspects the request body up to the body size limit for the protection pack or web ACL and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack or web ACL configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:known-bad-inputs:Log4JRCE_Body` +This rule only inspects the request body up to the body size limit for the protection pack (web ACL) and resource type. For Application Load Balancer and AWS AppSync, the limit is fixed at 8 KB. For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB and you can increase the limit up to 64 KB in your protection pack (web ACL) configuration. This rule uses the `Continue` option for oversize content handling. For more information, see [Oversize web request components in AWS WAF](./waf-oversize-request-components.html). Rule action: Block Label: `awswaf:managed:aws:known-bad-inputs:Log4JRCE_Body`