AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/waf-js-captcha-api.md

Summary

Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' for consistency

Security assessment

The changes are purely terminological clarifications to align with AWS WAF's naming conventions. No security vulnerabilities or new security features are introduced.

Diff

diff --git a/waf/latest/developerguide/waf-js-captcha-api.md b/waf/latest/developerguide/waf-js-captcha-api.md
index 0273be75e..f59bf6c23 100644
--- a//waf/latest/developerguide/waf-js-captcha-api.md
+++ b//waf/latest/developerguide/waf-js-captcha-api.md
@@ -39 +39 @@ The CAPTCHA script also automatically loads the intelligent threat integration s
-  2. **(Optional) Add domain configuration for the client's tokens** – By default, when AWS WAF creates a token, it uses the host domain of the resource that’s associated with the protection pack or web ACL. To provide additional domains for the JavaScript APIs, follow the guidance at [Providing domains for use in the tokens](./waf-js-challenge-api-set-token-domain.html). 
+  2. **(Optional) Add domain configuration for the client's tokens** – By default, when AWS WAF creates a token, it uses the host domain of the resource that’s associated with the protection pack (web ACL). To provide additional domains for the JavaScript APIs, follow the guidance at [Providing domains for use in the tokens](./waf-js-challenge-api-set-token-domain.html). 
@@ -47 +47 @@ The CAPTCHA implementation integrates with the intelligent threat integration AP
-  5. **Add token verification in your protection pack or web ACL** – Add at least one rule to your protection pack or web ACL that checks for a valid CAPTCHA token in the web requests that your client sends. You can use the CAPTCHA rule action to check, as described in [CAPTCHA and Challenge in AWS WAF](./waf-captcha-and-challenge.html). 
+  5. **Add token verification in your protection pack (web ACL)** – Add at least one rule to your protection pack (web ACL) that checks for a valid CAPTCHA token in the web requests that your client sends. You can use the CAPTCHA rule action to check, as described in [CAPTCHA and Challenge in AWS WAF](./waf-captcha-and-challenge.html). 
@@ -49 +49 @@ The CAPTCHA implementation integrates with the intelligent threat integration AP
-The protection pack or web ACL additions verify that requests going to your protected endpoints include the token that you've acquired in your client integration. Requests that include a valid, unexpired CAPTCHA token pass the CAPTCHA rule action inspection and do not present your end user with another CAPTCHA puzzle. 
+The protection pack (web ACL) additions verify that requests going to your protected endpoints include the token that you've acquired in your client integration. Requests that include a valid, unexpired CAPTCHA token pass the CAPTCHA rule action inspection and do not present your end user with another CAPTCHA puzzle.