AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/create-policy.md

Summary

Consistently updated references from 'protection pack or web ACL' to 'protection pack (web ACL)' in multiple sections

Security assessment

Terminology standardization for web ACL configuration documentation. Changes relate to documentation structure rather than security controls or vulnerabilities.

Diff

diff --git a/waf/latest/developerguide/create-policy.md b/waf/latest/developerguide/create-policy.md
index caa7d10c9..8f831d097 100644
--- a//waf/latest/developerguide/create-policy.md
+++ b//waf/latest/developerguide/create-policy.md
@@ -88 +88 @@ When you're finished with your settings, choose **Save rule**.
-  10. Set the default action for the web ACL. This is the action that AWS WAF takes when a web request doesn't match any of the rules in the web ACL. You can add custom headers with the **Allow** action, or custom responses for the **Block** action. For more information about default web ACL actions, see [Setting the protection pack or web ACL default action in AWS WAF](./web-acl-default-action.html). For information about setting custom web requests and responses, see [Customized web requests and responses in AWS WAF](./waf-custom-request-response.html).
+  10. Set the default action for the web ACL. This is the action that AWS WAF takes when a web request doesn't match any of the rules in the web ACL. You can add custom headers with the **Allow** action, or custom responses for the **Block** action. For more information about default web ACL actions, see [Setting the protection pack (web ACL) default action in AWS WAF](./web-acl-default-action.html). For information about setting custom web requests and responses, see [Customized web requests and responses in AWS WAF](./waf-custom-request-response.html).
@@ -94 +94 @@ When you're finished with your settings, choose **Save rule**.
-  13. (Optional) If you don't want to send all requests to the logs, add your filtering criteria and behavior. Under **Filter logs** , for each filter that you want to apply, choose **Add filter** , then choose your filtering criteria and specify whether you want to keep or drop requests that match the criteria. When you finish adding filters, if needed, modify the **Default logging behavior**. For more information, see [Finding your protection pack or web ACL records](./logging-management.html) in the _AWS WAF Developer Guide_.
+  13. (Optional) If you don't want to send all requests to the logs, add your filtering criteria and behavior. Under **Filter logs** , for each filter that you want to apply, choose **Add filter** , then choose your filtering criteria and specify whether you want to keep or drop requests that match the criteria. When you finish adding filters, if needed, modify the **Default logging behavior**. For more information, see [Finding your protection pack (web ACL) records](./logging-management.html) in the _AWS WAF Developer Guide_.
@@ -100 +100 @@ Public suffixes aren't allowed. For example, you can't use `gov.au` or `co.uk` a
-By default, AWS WAF accepts tokens only for the domain of the protected resource. If you add token domains in this list, AWS WAF accepts tokens for all domains in the list and for the domain of the associated resource. For more information, see [AWS WAF protection pack or web ACL token domain list configuration](./waf-tokens-domains.html#waf-tokens-domain-lists) in the _AWS WAF Developer Guide_.
+By default, AWS WAF accepts tokens only for the domain of the protected resource. If you add token domains in this list, AWS WAF accepts tokens for all domains in the list and for the domain of the associated resource. For more information, see [AWS WAF protection pack (web ACL) token domain list configuration](./waf-tokens-domains.html#waf-tokens-domain-lists) in the _AWS WAF Developer Guide_.