AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/logging-management.md

Summary

Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' throughout the document for consistency. Modified link references and clarified redaction context.

Security assessment

Changes are terminological clarifications rather than addressing security vulnerabilities. While the document discusses security-related features like field redaction, these were already present in previous versions. The updates improve clarity but don't introduce new security controls or address specific vulnerabilities.

Diff

diff --git a/waf/latest/developerguide/logging-management.md b/waf/latest/developerguide/logging-management.md
index 6272c8c3b..db1ec34c1 100644
--- a//waf/latest/developerguide/logging-management.md
+++ b//waf/latest/developerguide/logging-management.md
@@ -9 +9 @@ You can now use the updated experience to access AWS WAF functionality anywhere
-# Finding your protection pack or web ACL records
+# Finding your protection pack (web ACL) records
@@ -11 +11 @@ You can now use the updated experience to access AWS WAF functionality anywhere
-This section explains how to find your protection pack or web ACL records.
+This section explains how to find your protection pack (web ACL) records.
@@ -15 +15 @@ This section explains how to find your protection pack or web ACL records.
-You are charged for logging in addition to the charges for using AWS WAF. For information, see [Pricing for logging protection pack or web ACL traffic information](./logging-pricing.html).
+You are charged for logging in addition to the charges for using AWS WAF. For information, see [Pricing for logging protection pack (web ACL) traffic information](./logging-pricing.html).
@@ -21 +21 @@ On rare occasions, it's possible for AWS WAF log delivery to fall below 100%, wi
-In the logging configuration for your protection pack or web ACL, you can customize what AWS WAF sends to the logs.
+In the logging configuration for your protection pack (web ACL), you can customize what AWS WAF sends to the logs.
@@ -23 +23 @@ In the logging configuration for your protection pack or web ACL, you can custom
-  * **Field redaction** – You can redact the following fields from the log records for the rules that use the corresponding match settings: **URI path** , **Query string** , **Single header** , and **HTTP method**. Redacted fields appear as `REDACTED` in the logs. For example, if you redact the **Query string** field, in the logs, it will be listed as `REDACTED` for all rules that use the **Query string** match component setting. Redaction applies only to the request component that you specify for matching in the rule, so the redaction of the **Single header** component doesn't apply to rules that match on **Headers**. For a list of the log fields, see [Log fields for protection pack or web ACL traffic](./logging-fields.html).
+  * **Field redaction** – You can redact the following fields from the log records for the rules that use the corresponding match settings: **URI path** , **Query string** , **Single header** , and **HTTP method**. Redacted fields appear as `REDACTED` in the logs. For example, if you redact the **Query string** field, in the logs, it will be listed as `REDACTED` for all rules that use the **Query string** match component setting. Redaction applies only to the request component that you specify for matching in the rule, so the redaction of the **Single header** component doesn't apply to rules that match on **Headers**. For a list of the log fields, see [Log fields for protection pack (web ACL) traffic](./logging-fields.html).
@@ -27 +27 @@ In the logging configuration for your protection pack or web ACL, you can custom
-This setting has no impact on request sampling. You can exclude fields from request sampling by configuring protection pack or web ACL data protection or by disabling sampling for the protection pack or web ACL. 
+This setting has no impact on request sampling. You can exclude fields from request sampling by configuring protection pack (web ACL) data protection or by disabling sampling for the protection pack (web ACL). 
@@ -31 +31 @@ This setting has no impact on request sampling. You can exclude fields from requ
-    * **Fully qualified label** – Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or protection pack or web ACL context of the rule that added the label. For information about labels, see [Web request labeling in AWS WAF](./waf-labels.html).
+    * **Fully qualified label** – Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or protection pack (web ACL) context of the rule that added the label. For information about labels, see [Web request labeling in AWS WAF](./waf-labels.html).