AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/waf-acfp-control-example-compromised-credentials.md

Summary

Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' for consistency. Clarified rule evaluation order and configuration for handling compromised credentials.

Security assessment

The changes clarify documentation about security features (handling compromised credentials) but do not address a specific security vulnerability. Updates focus on terminology consistency rather than introducing new security controls.

Diff

diff --git a/waf/latest/developerguide/waf-acfp-control-example-compromised-credentials.md b/waf/latest/developerguide/waf-acfp-control-example-compromised-credentials.md
index 2376ff316..f0214b680 100644
--- a//waf/latest/developerguide/waf-acfp-control-example-compromised-credentials.md
+++ b//waf/latest/developerguide/waf-acfp-control-example-compromised-credentials.md
@@ -22 +22 @@ To inform the user that the account credentials they've provided have been compr
-The following protection pack or web ACL listings shows the ACFP managed rule group from the prior example, with the `SignalCredentialCompromised` rule action overridden to count. With this configuration, when this rule group evaluates any web request that uses compromised credentials, it will label the request, but not block it. 
+The following protection pack (web ACL) listings shows the ACFP managed rule group from the prior example, with the `SignalCredentialCompromised` rule action overridden to count. With this configuration, when this rule group evaluates any web request that uses compromised credentials, it will label the request, but not block it. 
@@ -24 +24 @@ The following protection pack or web ACL listings shows the ACFP managed rule gr
-In addition, the protection pack or web ACL now has a custom response named `aws-waf-credential-compromised` and a new rule named `AccountSignupCompromisedCredentialsHandling`. The rule priority is a higher numeric setting than the rule group, so it runs after the rule group in the protection pack or web ACL evaluation. The new rule matches any request with the rule group's compromised credentials label. When the rule finds a match, it applies the Block action to the request with the custom response body. The custom response body provides information to the end user that their credentials have been compromised and proposes an action to take. 
+In addition, the protection pack (web ACL) now has a custom response named `aws-waf-credential-compromised` and a new rule named `AccountSignupCompromisedCredentialsHandling`. The rule priority is a higher numeric setting than the rule group, so it runs after the rule group in the protection pack (web ACL) evaluation. The new rule matches any request with the rule group's compromised credentials label. When the rule finds a match, it applies the Block action to the request with the custom response body. The custom response body provides information to the end user that their credentials have been compromised and proposes an action to take.