AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/web-acl-captcha-challenge-token-domains.md

Summary

Consistently updated references from 'protection pack or web ACL' to 'protection pack (web ACL)' in CAPTCHA/challenge token documentation

Security assessment

While the changes document existing security features (CAPTCHA/challenge mechanisms and token domain configuration), they only clarify terminology without introducing new security concepts or addressing specific vulnerabilities. The updates maintain documentation about security controls but don't indicate response to security incidents.

Diff

diff --git a/waf/latest/developerguide/web-acl-captcha-challenge-token-domains.md b/waf/latest/developerguide/web-acl-captcha-challenge-token-domains.md
index 9f7336633..f75c043e0 100644
--- a//waf/latest/developerguide/web-acl-captcha-challenge-token-domains.md
+++ b//waf/latest/developerguide/web-acl-captcha-challenge-token-domains.md
@@ -11 +11 @@ You can now use the updated experience to access AWS WAF functionality anywhere
-You can configure options in your protection pack or web ACL for the rules that use the CAPTCHA or Challenge rule actions and for the application integration SDKs that manage silent client challenges for AWS WAF managed protections. 
+You can configure options in your protection pack (web ACL) for the rules that use the CAPTCHA or Challenge rule actions and for the application integration SDKs that manage silent client challenges for AWS WAF managed protections. 
@@ -15 +15 @@ These features mitigate bot activity by challenging end users with CAPTCHA puzzl
-In your protection pack or web ACL configuration, you can configure how AWS WAF manages these tokens: 
+In your protection pack (web ACL) configuration, you can configure how AWS WAF manages these tokens: 
@@ -17 +17 @@ In your protection pack or web ACL configuration, you can configure how AWS WAF
-  * **CAPTCHA and challenge immunity times** – These specify how long a CAPTCHA or challenge timestamp remains valid. The protection pack or web ACL settings are inherited by all rules that don't have their own immunity time settings configured and also by the application integration SDKs. For more information, see [Setting timestamp expiration and token immunity times in AWS WAF](./waf-tokens-immunity-times.html).
+  * **CAPTCHA and challenge immunity times** – These specify how long a CAPTCHA or challenge timestamp remains valid. The protection pack (web ACL) settings are inherited by all rules that don't have their own immunity time settings configured and also by the application integration SDKs. For more information, see [Setting timestamp expiration and token immunity times in AWS WAF](./waf-tokens-immunity-times.html).
@@ -19 +19 @@ In your protection pack or web ACL configuration, you can configure how AWS WAF
-  * **Token domains** – By default, AWS WAF accepts tokens only for the domain of the resource that the protection pack or web ACL is associated with. If you configure a token domain list, AWS WAF accepts tokens for all domains in the list and for the domain of the associated resource. For more information, see [AWS WAF protection pack or web ACL token domain list configuration](./waf-tokens-domains.html#waf-tokens-domain-lists).
+  * **Token domains** – By default, AWS WAF accepts tokens only for the domain of the resource that the protection pack (web ACL) is associated with. If you configure a token domain list, AWS WAF accepts tokens for all domains in the list and for the domain of the associated resource. For more information, see [AWS WAF protection pack (web ACL) token domain list configuration](./waf-tokens-domains.html#waf-tokens-domain-lists).