AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/waf-tokens-block-missing-tokens.md

Summary

Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' for consistency

Security assessment

The changes standardize terminology to 'protection pack (web ACL)' without altering security guidance. While the document discusses security mechanisms (token validation), the specific changes don't introduce new security information or address vulnerabilities.

Diff

diff --git a/waf/latest/developerguide/waf-tokens-block-missing-tokens.md b/waf/latest/developerguide/waf-tokens-block-missing-tokens.md
index 22964b1a5..df5e1042f 100644
--- a//waf/latest/developerguide/waf-tokens-block-missing-tokens.md
+++ b//waf/latest/developerguide/waf-tokens-block-missing-tokens.md
@@ -36 +36 @@ For additional details about the intelligent threat rule groups, see [AWS WAF Fr
-With the Bot Control and ATP rule groups, it's possible for a request without a valid token to exit the rule group evaluation and continue to be evaluated by the protection pack or web ACL. 
+With the Bot Control and ATP rule groups, it's possible for a request without a valid token to exit the rule group evaluation and continue to be evaluated by the protection pack (web ACL). 
@@ -40 +40 @@ To block all requests that are missing their token or whose token is rejected, a
-The following is an example JSON listing for a protection pack or web ACL that uses the ATP managed rule group. The protection pack or web ACL has an added rule to capture the `awswaf:managed:token:absent` label and handle it. The rule narrows its evaluation to web requests going to the login endpoint, to match the scope of the ATP rule group. The added rule is listed in bold. 
+The following is an example JSON listing for a protection pack (web ACL) that uses the ATP managed rule group. The protection pack (web ACL) has an added rule to capture the `awswaf:managed:token:absent` label and handle it. The rule narrows its evaluation to web requests going to the login endpoint, to match the scope of the ATP rule group. The added rule is listed in bold.