AWS waf documentation change
Summary
Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' throughout the document to clarify the relationship between protection packs and web ACLs.
Security assessment
The changes are editorial clarifications to standardize terminology and improve documentation consistency. There is no evidence of addressing a security vulnerability, weakness, or incident. The updates focus on terminology alignment rather than introducing or modifying security-related content.
Diff
diff --git a/waf/latest/developerguide/waf-managed-protections-best-practices.md b/waf/latest/developerguide/waf-managed-protections-best-practices.md index 23ad2a818..fbe352b41 100644 --- a//waf/latest/developerguide/waf-managed-protections-best-practices.md +++ b//waf/latest/developerguide/waf-managed-protections-best-practices.md @@ -23 +23 @@ Use the integrations to implement challenges in your client and, for JavaScript, -If you customize CAPTCHA puzzles using the JavaScript API and you use the CAPTCHA rule action anywhere in your protection pack or web ACL, follow the guidance for handling the AWS WAF CAPTCHA response in your client at [Handling a CAPTCHA response from AWS WAF](./waf-js-captcha-api-conditional.html). This guidance applies to any rules that use the CAPTCHA action, including those in the ACFP managed rule group and the targeted protection level of the Bot Control managed rule group. +If you customize CAPTCHA puzzles using the JavaScript API and you use the CAPTCHA rule action anywhere in your protection pack (web ACL), follow the guidance for handling the AWS WAF CAPTCHA response in your client at [Handling a CAPTCHA response from AWS WAF](./waf-js-captcha-api-conditional.html). This guidance applies to any rules that use the CAPTCHA action, including those in the ACFP managed rule group and the targeted protection level of the Bot Control managed rule group. @@ -25 +25 @@ If you customize CAPTCHA puzzles using the JavaScript API and you use the CAPTCH - * **Limit the requests that you send to the ACFP, ATP, and Bot Control rule groups** – You incur additional fees for using the intelligent threat mitigation AWS Managed Rules rule groups. The ACFP rule group inspects requests to the account registration and creation endpoints that you specify. The ATP rule group inspects requests to the login endpoint that you specify. The Bot Control rule group inspects every request that reaches it in the protection pack or web ACL evaluation. + * **Limit the requests that you send to the ACFP, ATP, and Bot Control rule groups** – You incur additional fees for using the intelligent threat mitigation AWS Managed Rules rule groups. The ACFP rule group inspects requests to the account registration and creation endpoints that you specify. The ATP rule group inspects requests to the login endpoint that you specify. The Bot Control rule group inspects every request that reaches it in the protection pack (web ACL) evaluation. @@ -61 +61 @@ When you use Shield Advanced with automatic application layer DDoS mitigation en - * **Tune and configure token handling** – Adjust the protection pack or web ACL's token handling for the best user experience. + * **Tune and configure token handling** – Adjust the protection pack (web ACL)'s token handling for the best user experience. @@ -65 +65 @@ When you use Shield Advanced with automatic application layer DDoS mitigation en - * To enable token sharing between protected applications, configure a token domain list for your protection pack or web ACL. For information, see [Specifying token domains and domain lists in AWS WAF](./waf-tokens-domains.html). + * To enable token sharing between protected applications, configure a token domain list for your protection pack (web ACL). For information, see [Specifying token domains and domain lists in AWS WAF](./waf-tokens-domains.html). @@ -69 +69 @@ When you use Shield Advanced with automatic application layer DDoS mitigation en - * **For Application Load Balancers that are origins for CloudFront distributions, configure CloudFront and AWS WAF for proper token handling** – If you associate your protection pack or web ACL to an Application Load Balancer and you deploy the Application Load Balancer as the origin for a CloudFront distribution, see [Required configuration for Application Load Balancers that are CloudFront origins](./waf-tokens-with-alb-and-cf.html). + * **For Application Load Balancers that are origins for CloudFront distributions, configure CloudFront and AWS WAF for proper token handling** – If you associate your protection pack (web ACL) to an Application Load Balancer and you deploy the Application Load Balancer as the origin for a CloudFront distribution, see [Required configuration for Application Load Balancers that are CloudFront origins](./waf-tokens-with-alb-and-cf.html). @@ -71 +71 @@ When you use Shield Advanced with automatic application layer DDoS mitigation en - * **Test and tune before deploying** – Before you implement any changes to your protection pack or web ACL, follow the testing and tuning procedures in this guide to be sure that you're getting the behavior you expect. This is especially important for these paid features. For general guidance, see [Testing and tuning your AWS WAF protections](./web-acl-testing.html). For information specific to the paid managed rule groups, see [Testing and deploying ACFP](./waf-acfp-deploying.html), [Testing and deploying ATP](./waf-atp-deploying.html), and [Testing and deploying AWS WAF Bot Control](./waf-bot-control-deploying.html). + * **Test and tune before deploying** – Before you implement any changes to your protection pack (web ACL), follow the testing and tuning procedures in this guide to be sure that you're getting the behavior you expect. This is especially important for these paid features. For general guidance, see [Testing and tuning your AWS WAF protections](./web-acl-testing.html). For information specific to the paid managed rule groups, see [Testing and deploying ACFP](./waf-acfp-deploying.html), [Testing and deploying ATP](./waf-atp-deploying.html), and [Testing and deploying AWS WAF Bot Control](./waf-bot-control-deploying.html).