AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/web-acl-creating.md

Summary

Updated terminology from 'protection pack' to 'protection pack (web ACL)' throughout the document, changed console navigation paths, and added references to the new AWS WAF console experience.

Security assessment

The changes are primarily terminological updates and console navigation adjustments. There is no evidence of a specific security vulnerability being addressed. References to security features like CAPTCHA actions and immunity times remain unchanged in functionality, only updated with new terminology. No new security guidance or vulnerability fixes were introduced.

Diff

diff --git a/waf/latest/developerguide/web-acl-creating.md b/waf/latest/developerguide/web-acl-creating.md
index 02b811f45..7e07b41f4 100644
--- a//waf/latest/developerguide/web-acl-creating.md
+++ b//waf/latest/developerguide/web-acl-creating.md
@@ -9 +9 @@ You can now use the updated experience to access AWS WAF functionality anywhere
-# Creating a protection pack or web ACL in AWS WAF
+# Creating a protection pack (web ACL) in AWS WAF
@@ -11 +11 @@ You can now use the updated experience to access AWS WAF functionality anywhere
-Creating a protection pack
+Using the new console
@@ -14 +14 @@ Creating a protection pack
-This section provides procedures for creating protection packs through the AWS console. 
+This section provides procedures for creating protection packs (web ACLs) through the new AWS console. 
@@ -16 +16 @@ This section provides procedures for creating protection packs through the AWS c
-To create a new protection pack, use the protection pack creation wizard following the procedure on this page. 
+To create a new protection pack (web ACL), use the protection pack (web ACL) creation wizard following the procedure on this page. 
@@ -20 +20 @@ To create a new protection pack, use the protection pack creation wizard followi
-Before you deploy changes in your protection pack for production traffic, test and tune them in a staging or testing environment until you are comfortable with the potential impact to your traffic. Then test and tune your updated rules in count mode with your production traffic before enabling them. For guidance, see [Testing and tuning your AWS WAF protections](./web-acl-testing.html).
+Before you deploy changes in your protection pack (web ACL) for production traffic, test and tune them in a staging or testing environment until you are comfortable with the potential impact to your traffic. Then test and tune your updated rules in count mode with your production traffic before enabling them. For guidance, see [Testing and tuning your AWS WAF protections](./web-acl-testing.html).
@@ -24 +24 @@ Before you deploy changes in your protection pack for production traffic, test a
-Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond the basic protection pack or web ACL price. For more information, see [Web ACL capacity units (WCUs) in AWS WAF](./aws-waf-capacity-units.html) and [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/).
+Using more than 1,500 WCUs in a protection pack (web ACL) incurs costs beyond the basic protection pack (web ACL) price. For more information, see [Web ACL capacity units (WCUs) in AWS WAF](./aws-waf-capacity-units.html) and [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/).
@@ -26 +26 @@ Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond t
-  1. Sign in to the AWS Management Console and open the AWS WAF console at [https://console.aws.amazon.com/wafv2/homev2](https://console.aws.amazon.com/wafv2/homev2). 
+  1. Sign in to the new AWS Management Console and open the AWS WAF console at [https://console.aws.amazon.com/wafv2-pro](https://console.aws.amazon.com/wafv2-pro). 
@@ -28 +28 @@ Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond t
-  2. In the navigation pane, choose **Resources & protections**.
+  2. In the navigation pane, choose **Resources & protection packs (web ACLs)**.
@@ -30 +30 @@ Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond t
-  3. On the **Resources & protections** page, choose **Add protection pack**.
+  3. On the **Resources & protection packs (web ACLs)** page, choose **Add protection pack (web ACL)**.
@@ -38 +38 @@ Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond t
-  7. Choose the category of AWS resource that you want to associate with this protection pack, either Amazon CloudFront distributions or Regional resources. For more information, see [Associating or disassociating protection with an AWS resource](./web-acl-associating-aws-resource.html). 
+  7. Choose the category of AWS resource that you want to associate with this protection pack (web ACL), either Amazon CloudFront distributions or Regional resources. For more information, see [Associating or disassociating protection with an AWS resource](./web-acl-associating-aws-resource.html). 
@@ -40 +40 @@ Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond t
-  8. Under **Choose rule protections,** select your preferred protection level: **Recommended** , **Essentials** , or **You build it**. 
+  8. Under **Choose initial protections,** select your preferred protection level: **Recommended** , **Essentials** , or **You build it**. 
@@ -48 +48 @@ Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond t
-      2. For **Action** , select the action you want the rule to take when it matches a web request. For information on your choices, see [Using rule actions in AWS WAF](./waf-rule-action.html) and [Using protection pack or web ACLs with rules and rule groups in AWS WAF](./web-acl-processing.html).
+      2. For **Action** , select the action you want the rule to take when it matches a web request. For information on your choices, see [Using rule actions in AWS WAF](./waf-rule-action.html) and [Using protection packs (web ACLs) with rules and rule groups in AWS WAF](./web-acl-processing.html).
@@ -50 +50 @@ Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond t
-If you are using the **CAPTCHA** or **Challenge** action, adjust the **Immunity time** configuration as needed for the rule. If you don't specify the setting, the rule inherits it from the protection pack. To modify the protection pack immunity time settings, edit the protection pack after you create it. For more information about immunity times, see [Setting timestamp expiration and token immunity times in AWS WAF](./waf-tokens-immunity-times.html).
+If you are using the **CAPTCHA** or **Challenge** action, adjust the **Immunity time** configuration as needed for the rule. If you don't specify the setting, the rule inherits it from the protection pack (web ACL). To modify the protection pack (web ACL) immunity time settings, edit the protection pack (web ACL) after you create it. For more information about immunity times, see [Setting timestamp expiration and token immunity times in AWS WAF](./waf-tokens-immunity-times.html).
@@ -68 +68 @@ If you want to have your rule add labels to matching web requests, choose the op
-If you add more than one rule to a protection pack, AWS WAF evaluates the rules in the order that they're listed for the protection pack. For more information, see [Using protection pack or web ACLs with rules and rule groups in AWS WAF](./web-acl-processing.html).
+If you add more than one rule to a protection pack (web ACL), AWS WAF evaluates the rules in the order that they're listed for the protection pack (web ACL). For more information, see [Using protection packs (web ACLs) with rules and rule groups in AWS WAF](./web-acl-processing.html).
@@ -76 +76 @@ If you add more than one rule to a protection pack, AWS WAF evaluates the rules
-      3. To customize how your protection pack uses the rule group, choose **Edit**. The following are common customization settings: 
+      3. To customize how your protection pack (web ACL) uses the rule group, choose **Edit**. The following are common customization settings: 
@@ -88 +88 @@ If you add more than one rule to a protection pack, AWS WAF evaluates the rules
-      1. For **Name** , enter the name that you want to use for the rule group rule in this protection pack. Don't use names that start with `AWS`, `Shield`, `PreFM`, or `PostFM`. These strings are either reserved or could cause confusion with rule groups that are managed for you by other services. See [Recognizing rule groups provided by other services](./waf-service-owned-rule-groups.html). 
+      1. For **Name** , enter the name that you want to use for the rule group rule in this protection pack (web ACL). Don't use names that start with `AWS`, `Shield`, `PreFM`, or `PostFM`. These strings are either reserved or could cause confusion with rule groups that are managed for you by other services. See [Recognizing rule groups provided by other services](./waf-service-owned-rule-groups.html). 
@@ -94 +94 @@ If you add more than one rule to a protection pack, AWS WAF evaluates the rules
-      4. (Optional) Under **Add labels** , choose **Add label** and then enter any labels you want to add to requests that match the rule. Rules that are evaluated later in the same protection pack can reference the labels this rule adds.
+      4. (Optional) Under **Add labels** , choose **Add label** and then enter any labels you want to add to requests that match the rule. Rules that are evaluated later in the same protection pack (web ACL) can reference the labels this rule adds.
@@ -98 +98 @@ If you add more than one rule to a protection pack, AWS WAF evaluates the rules
-  10. Under **Name and description** , enter a name for your protection pack. Optionally, enter a description.
+  10. Under **Name and description** , enter a name for your protection pack (web ACL). Optionally, enter a description.
@@ -102 +102 @@ If you add more than one rule to a protection pack, AWS WAF evaluates the rules
-You can't change the name after you create the protection pack.
+You can't change the name after you create the protection pack (web ACL).
@@ -104 +104 @@ You can't change the name after you create the protection pack.
-  11. (Optional) Under **Customize protection pack** , configure default rule actions, configurations, and logging destination:
+  11. (Optional) Under **Customize protection pack (web ACL)** , configure default rule actions, configurations, and logging destination:
@@ -106 +106 @@ You can't change the name after you create the protection pack.
-    1. (Optional) Under **Default rule actions** , choose the default action for the protection pack. This is the action that AWS WAF takes on a request when the rules in the protection pack don't explicitly take an action. For more information, see [Customized web requests and responses in AWS WAF](./waf-custom-request-response.html).
+    1. (Optional) Under **Default rule actions** , choose the default action for the protection pack (web ACL). This is the action that AWS WAF takes on a request when the rules in the protection pack (web ACL) don't explicitly take an action. For more information, see [Customized web requests and responses in AWS WAF](./waf-custom-request-response.html).
@@ -108 +108 @@ You can't change the name after you create the protection pack.
-    2. (Optional) Under Rule configuration, customize settings for rules in the protection pack:
+    2. (Optional) Under Rule configuration, customize settings for rules in the protection pack (web ACL):
@@ -112 +112 @@ You can't change the name after you create the protection pack.
-       * **IP Addresses** \- Enter IP addresses to block or allow. This setting overrides other protection rules.
+       * **IP Addresses** \- Enter IP addresses to block or allow. This setting overrides other rules.
@@ -118 +118 @@ You can't change the name after you create the protection pack.
-  12. Review your settings and choose **Add protection pack**.
+  12. Review your settings and choose **Add protection pack (web ACL)**.
@@ -123 +123 @@ You can't change the name after you create the protection pack.
-Creating a web ACL
+Using the standard console
@@ -136 +136 @@ Before you deploy changes in your web ACL for production traffic, test and tune
-Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond the basic protection pack or web ACL price. For more information, see [Web ACL capacity units (WCUs) in AWS WAF](./aws-waf-capacity-units.html) and [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/).
+Using more than 1,500 WCUs in a protection pack (web ACL) incurs costs beyond the basic protection pack (web ACL) price. For more information, see [Web ACL capacity units (WCUs) in AWS WAF](./aws-waf-capacity-units.html) and [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/).
@@ -194 +194 @@ Choose **Add rules** to finish adding managed rules and return to the **Add rule
-If you add more than one rule to a web ACL, AWS WAF evaluates the rules in the order that they're listed for the web ACL. For more information, see [Using protection pack or web ACLs with rules and rule groups in AWS WAF](./web-acl-processing.html).
+If you add more than one rule to a web ACL, AWS WAF evaluates the rules in the order that they're listed for the web ACL. For more information, see [Using protection packs (web ACLs) with rules and rule groups in AWS WAF](./web-acl-processing.html).
@@ -222 +222 @@ This procedure covers the **Rule visual editor**.
-    3. For **Action** , select the action you want the rule to take when it matches a web request. For information on your choices, see [Using rule actions in AWS WAF](./waf-rule-action.html) and [Using protection pack or web ACLs with rules and rule groups in AWS WAF](./web-acl-processing.html).
+    3. For **Action** , select the action you want the rule to take when it matches a web request. For information on your choices, see [Using rule actions in AWS WAF](./waf-rule-action.html) and [Using protection packs (web ACLs) with rules and rule groups in AWS WAF](./web-acl-processing.html).
@@ -236 +236 @@ If you want to have your rule add labels to matching web requests, choose the op
-  14. Choose the default action for the web ACL, either Block or Allow. This is the action that AWS WAF takes on a request when the rules in the web ACL don't explicitly allow or block it. For more information, see [Setting the protection pack or web ACL default action in AWS WAF](./web-acl-default-action.html).
+  14. Choose the default action for the web ACL, either Block or Allow. This is the action that AWS WAF takes on a request when the rules in the web ACL don't explicitly allow or block it. For more information, see [Setting the protection pack (web ACL) default action in AWS WAF](./web-acl-default-action.html).
@@ -244 +244 @@ Public suffixes aren't allowed. For example, you can't use `gov.au` or `co.uk` a
-By default, AWS WAF accepts tokens only for the domain of the protected resource. If you add token domains in this list, AWS WAF accepts tokens for all domains in the list and for the domain of the associated resource. For more information, see [AWS WAF protection pack or web ACL token domain list configuration](./waf-tokens-domains.html#waf-tokens-domain-lists).
+By default, AWS WAF accepts tokens only for the domain of the protected resource. If you add token domains in this list, AWS WAF accepts tokens for all domains in the list and for the domain of the associated resource. For more information, see [AWS WAF protection pack (web ACL) token domain list configuration](./waf-tokens-domains.html#waf-tokens-domain-lists).
@@ -271 +271 @@ Configuring protection
-Editing a protection pack or web ACL
+Editing a protection pack (web ACL)