AWS waf documentation change
Summary
Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' throughout the document for consistency and clarity
Security assessment
The changes are purely terminological clarifications replacing 'protection pack or web ACL' with 'protection pack (web ACL)'. There is no indication of addressing security vulnerabilities or weaknesses. The updates improve documentation consistency but don't introduce new security features or address specific security incidents.
Diff
diff --git a/waf/latest/developerguide/waf-anti-ddos-deploying.md b/waf/latest/developerguide/waf-anti-ddos-deploying.md index bc910c4d4..f525ec390 100644 --- a//waf/latest/developerguide/waf-anti-ddos-deploying.md +++ b//waf/latest/developerguide/waf-anti-ddos-deploying.md @@ -23 +23 @@ Test and tune your anti-DDoS implementation in a staging or testing environment -This guidance is intended for users who know generally how to create and manage AWS WAF protection pack or web ACLs, rules, and rule groups. Those topics are covered in prior sections of this guide. +This guidance is intended for users who know generally how to create and manage AWS WAF protection packs (web ACLs), rules, and rule groups. Those topics are covered in prior sections of this guide. @@ -35 +35 @@ You are charged additional fees when you use this managed rule group. For more i -Add the AWS Managed Rules rule group `AWSManagedRulesAntiDDoSRuleSet` to a new or existing protection pack or web ACL and configure it so that it doesn't alter the current protection pack or web ACL behavior. For details about the rules and labels for this rule group, see [AWS WAF Distributed Denial of Service (DDoS) prevention rule group](./aws-managed-rule-groups-anti-ddos.html). +Add the AWS Managed Rules rule group `AWSManagedRulesAntiDDoSRuleSet` to a new or existing protection pack (web ACL) and configure it so that it doesn't alter the current protection pack (web ACL) behavior. For details about the rules and labels for this rule group, see [AWS WAF Distributed Denial of Service (DDoS) prevention rule group](./aws-managed-rule-groups-anti-ddos.html). @@ -39 +39 @@ Add the AWS Managed Rules rule group `AWSManagedRulesAntiDDoSRuleSet` to a new o - * In the **Rule group configuration** pane, provide the details needed to perform anti-DDoS activities for your web traffic. For more information, see [Adding the Anti-DDoS managed rule group to your protection pack or web ACL](./waf-anti-ddos-rg-using.html). + * In the **Rule group configuration** pane, provide the details needed to perform anti-DDoS activities for your web traffic. For more information, see [Adding the Anti-DDoS managed rule group to your protection pack (web ACL)](./waf-anti-ddos-rg-using.html). @@ -47 +47 @@ With this override, you can monitor the potential impact of the Anti-DDoS manage - 2. ###### Enable logging and metrics for the protection pack or web ACL + 2. ###### Enable logging and metrics for the protection pack (web ACL) @@ -49 +49 @@ With this override, you can monitor the potential impact of the Anti-DDoS manage -As needed, configure logging, Amazon Security Lake data collection, request sampling, and Amazon CloudWatch metrics for the protection pack or web ACL. You can use these visibility tools to monitor the interaction of the Anti-DDoS managed rule group with your traffic. +As needed, configure logging, Amazon Security Lake data collection, request sampling, and Amazon CloudWatch metrics for the protection pack (web ACL). You can use these visibility tools to monitor the interaction of the Anti-DDoS managed rule group with your traffic. @@ -51 +51 @@ As needed, configure logging, Amazon Security Lake data collection, request samp - * For information about configuring and using logging, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). + * For information about configuring and using logging, see [Logging AWS WAF protection pack (web ACL) traffic](./logging.html). @@ -59 +59 @@ As needed, configure logging, Amazon Security Lake data collection, request samp - 3. ###### Associate the protection pack or web ACL with a resource + 3. ###### Associate the protection pack (web ACL) with a resource @@ -61 +61 @@ As needed, configure logging, Amazon Security Lake data collection, request samp -If the protection pack or web ACL isn't already associated with a test resource, associate it. For information, see [Associating or disassociating protection with an AWS resource](./web-acl-associating-aws-resource.html). +If the protection pack (web ACL) isn't already associated with a test resource, associate it. For information, see [Associating or disassociating protection with an AWS resource](./web-acl-associating-aws-resource.html). @@ -75 +75 @@ For example, you can use Anti-DDoS labels to allow or block requests or to custo -Review your testing results to determine which Anti-DDoS rules you want to keep in count mode for monitoring only. For any rules you want to run with active protection, disable count mode in the protection pack or web ACL rule group configuration to allow them to perform their configured actions. Once you've finalized these settings, remove any temporary test label match rules while retaining any custom rules you created for production use. For additional Anti-DDoS configuration considerations, see [Best practices for intelligent threat mitigation in AWS WAF](./waf-managed-protections-best-practices.html). +Review your testing results to determine which Anti-DDoS rules you want to keep in count mode for monitoring only. For any rules you want to run with active protection, disable count mode in the protection pack (web ACL) rule group configuration to allow them to perform their configured actions. Once you've finalized these settings, remove any temporary test label match rules while retaining any custom rules you created for production use. For additional Anti-DDoS configuration considerations, see [Best practices for intelligent threat mitigation in AWS WAF](./waf-managed-protections-best-practices.html). @@ -90 +90 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Adding the Anti-DDoS managed rule group to your protection pack or web ACL +Adding the Anti-DDoS managed rule group to your protection pack (web ACL)