AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/waf-rule-label-overview.md

Summary

Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' throughout the document for consistency and clarity.

Security assessment

The changes are purely terminological updates replacing 'protection pack or web ACL' with 'protection pack (web ACL)' to standardize phrasing. No security vulnerabilities, weaknesses, or incidents are mentioned or addressed. The modifications clarify existing functionality without altering security implications of label handling in AWS WAF.

Diff

diff --git a/waf/latest/developerguide/waf-rule-label-overview.md b/waf/latest/developerguide/waf-rule-label-overview.md
index e0fb4ac11..72e733385 100644
--- a//waf/latest/developerguide/waf-rule-label-overview.md
+++ b//waf/latest/developerguide/waf-rule-label-overview.md
@@ -13 +13 @@ This section explains how AWS WAF labels work.
-When a rule matches a web request, if the rule has labels defined, AWS WAF adds the labels to the request at the end of the rule evaluation. Rules that are evaluated after the matching rule in the protection pack or web ACL can match against the labels that the rule has added. 
+When a rule matches a web request, if the rule has labels defined, AWS WAF adds the labels to the request at the end of the rule evaluation. Rules that are evaluated after the matching rule in the protection pack (web ACL) can match against the labels that the rule has added. 
@@ -17 +17 @@ When a rule matches a web request, if the rule has labels defined, AWS WAF adds
-The protection pack or web ACL components that evaluate requests can add labels to the requests. 
+The protection pack (web ACL) components that evaluate requests can add labels to the requests. 
@@ -32 +32 @@ AWS WAF adds the rule's labels to the request at the end of the rule's inspectio
-Labels don't persist with the web request after the protection pack or web ACL evaluation ends. In order for other rules to match against a label that your rule adds, your rule action must not terminate the evaluation of the web request by the protection pack or web ACL. The rule action must be set to Count, CAPTCHA, or Challenge. When the protection pack or web ACL evaluation doesn't terminate, subsequent rules in the protection pack or web ACL can run their label matching criteria against the request. For more information about rule actions, see [Using rule actions in AWS WAF](./waf-rule-action.html). 
+Labels don't persist with the web request after the protection pack (web ACL) evaluation ends. In order for other rules to match against a label that your rule adds, your rule action must not terminate the evaluation of the web request by the protection pack (web ACL). The rule action must be set to Count, CAPTCHA, or Challenge. When the protection pack (web ACL) evaluation doesn't terminate, subsequent rules in the protection pack (web ACL) can run their label matching criteria against the request. For more information about rule actions, see [Using rule actions in AWS WAF](./waf-rule-action.html). 
@@ -34 +34 @@ Labels don't persist with the web request after the protection pack or web ACL e
-###### Access to labels during protection pack or web ACL evaluation
+###### Access to labels during protection pack (web ACL) evaluation
@@ -36 +36 @@ Labels don't persist with the web request after the protection pack or web ACL e
-Once added, labels remain available on the request as long as AWS WAF is evaluating the request against the protection pack or web ACL. Any rule in a protection pack or web ACL can access labels that have been added by the rules that have already run in the same protection pack or web ACL. This includes rules that are defined directly inside the protection pack or web ACL and rules defined inside rule groups that are used in the protection pack or web ACL. 
+Once added, labels remain available on the request as long as AWS WAF is evaluating the request against the protection pack (web ACL). Any rule in a protection pack (web ACL) can access labels that have been added by the rules that have already run in the same protection pack (web ACL). This includes rules that are defined directly inside the protection pack (web ACL) and rules defined inside rule groups that are used in the protection pack (web ACL). 
@@ -40 +40 @@ Once added, labels remain available on the request as long as AWS WAF is evaluat
-  * The geographic match statement adds labels with or without a match, but they're only available after the statement's containing protection pack or web ACL rule has completed the request evaluation. 
+  * The geographic match statement adds labels with or without a match, but they're only available after the statement's containing protection pack (web ACL) rule has completed the request evaluation. 
@@ -49 +49 @@ Once added, labels remain available on the request as long as AWS WAF is evaluat
-###### Access to label information outside of protection pack or web ACL evaluation
+###### Access to label information outside of protection pack (web ACL) evaluation
@@ -51 +51 @@ Once added, labels remain available on the request as long as AWS WAF is evaluat
-Labels don't persist with the web request after the protection pack or web ACL evaluation ends, but AWS WAF records label information in the logs and in metrics. 
+Labels don't persist with the web request after the protection pack (web ACL) evaluation ends, but AWS WAF records label information in the logs and in metrics. 
@@ -55 +55 @@ Labels don't persist with the web request after the protection pack or web ACL e
-  * AWS WAF summarizes CloudWatch label metrics in the protection pack or web ACL traffic overview dashboards in the AWS WAF console. You can access the dashboards on any protection pack or web ACL page. For more information, see [Traffic overview dashboards for protection pack or web ACLs](./web-acl-dashboards.html).
+  * AWS WAF summarizes CloudWatch label metrics in the protection pack (web ACL) traffic overview dashboards in the AWS WAF console. You can access the dashboards on any protection pack (web ACL) page. For more information, see [Traffic overview dashboards for protection packs (web ACLs)](./web-acl-dashboards.html).
@@ -57 +57 @@ Labels don't persist with the web request after the protection pack or web ACL e
-  * AWS WAF records labels in the logs for the first 100 labels on a request. You can use labels, along with the rule action, to filter the logs that AWS WAF records. For information, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html).
+  * AWS WAF records labels in the logs for the first 100 labels on a request. You can use labels, along with the rule action, to filter the logs that AWS WAF records. For information, see [Logging AWS WAF protection pack (web ACL) traffic](./logging.html).
@@ -62 +62 @@ Labels don't persist with the web request after the protection pack or web ACL e
-Your protection pack or web ACL evaluation can apply more than 100 labels to a web request and match against more than 100 labels, but AWS WAF only records the first 100 in the logs and metrics. 
+Your protection pack (web ACL) evaluation can apply more than 100 labels to a web request and match against more than 100 labels, but AWS WAF only records the first 100 in the logs and metrics.