AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/waf-rules.md

Summary

Updated documentation to clarify terminology by standardizing references to 'protection pack (web ACL)' instead of 'protection pack or web ACL' throughout the text. Changes are editorial to improve consistency in describing where rules are defined and managed.

Security assessment

The changes are purely terminological clarifications and structural phrasing improvements. There is no evidence of addressing a security vulnerability, patching an issue, or describing new security controls. The updates focus on documentation consistency rather than security implications.

Diff

diff --git a/waf/latest/developerguide/waf-rules.md b/waf/latest/developerguide/waf-rules.md
index 5d8665541..86462a37d 100644
--- a//waf/latest/developerguide/waf-rules.md
+++ b//waf/latest/developerguide/waf-rules.md
@@ -13 +13 @@ This section explains what an AWS WAF rule is and how it works.
-An AWS WAF rule defines how to inspect HTTP(S) web requests and the action to take on a request when it matches the inspection criteria. You define rules only in the context of a rule group or protection pack or web ACL. 
+An AWS WAF rule defines how to inspect HTTP(S) web requests and the action to take on a request when it matches the inspection criteria. You define rules only in the context of a rule group or protection pack (web ACL). 
@@ -15 +15 @@ An AWS WAF rule defines how to inspect HTTP(S) web requests and the action to ta
-Rules don't exist in AWS WAF on their own. They aren't AWS resources, and they don't have Amazon Resource Names (ARNs). You can access a rule by name in the rule group or protection pack or web ACL where it's defined. You can manage rules and copy them to other protection pack or web ACLs by using the JSON view of the rule group or protection pack or web ACL that contains the rule. You can also manage them through the AWS WAF console rule builder, which is available for protection pack or web ACLs and rule groups.
+Rules don't exist in AWS WAF on their own. They aren't AWS resources, and they don't have Amazon Resource Names (ARNs). You can access a rule by name in the rule group or protection pack (web ACL) where it's defined. You can manage rules and copy them to other protection packs (web ACLs) by using the JSON view of the rule group or protection pack (web ACL) that contains the rule. You can also manage them through the AWS WAF console rule builder, which is available for protection packs (web ACLs) and rule groups.
@@ -23 +23 @@ Each rule requires a name. Avoid names that start with `AWS` and names that are
-If you change the name of a rule and you want the rule's metric name to reflect the change, you must update the metric name as well. AWS WAF doesn't automatically update the metric name for a rule when you change the rule name. You can change the metric name when you edit the rule in the console, by using the rule JSON editor. You can also change both names through the APIs and in any JSON listing that you use to define your protection pack or web ACL or rule group.
+If you change the name of a rule and you want the rule's metric name to reflect the change, you must update the metric name as well. AWS WAF doesn't automatically update the metric name for a rule when you change the rule name. You can change the metric name when you edit the rule in the console, by using the rule JSON editor. You can also change both names through the APIs and in any JSON listing that you use to define your protection pack (web ACL) or rule group.
@@ -43 +43 @@ You can define rules that inspect for criteria like the following:
-  * Labels that prior rules in the protection pack or web ACL have added to the request.
+  * Labels that prior rules in the protection pack (web ACL) have added to the request.
@@ -86 +86 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Deleting a protection pack or web ACL
+Deleting a protection pack (web ACL)