AWS waf documentation change
Summary
Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' throughout the document to clarify relationship between protection packs and web ACLs
Security assessment
The changes are purely terminological clarifications without introducing new security features or addressing vulnerabilities. While the document discusses security-related features (like Anti-DDoS and Bot Control), the edits only refine existing descriptions rather than adding security documentation or fixing security issues.
Diff
diff --git a/waf/latest/developerguide/web-acl-dashboards.md b/waf/latest/developerguide/web-acl-dashboards.md index 880a86d41..35c8f5038 100644 --- a//waf/latest/developerguide/web-acl-dashboards.md +++ b//waf/latest/developerguide/web-acl-dashboards.md @@ -9 +9 @@ You can now use the updated experience to access AWS WAF functionality anywhere -# Traffic overview dashboards for protection pack or web ACLs +# Traffic overview dashboards for protection packs (web ACLs) @@ -11 +11 @@ You can now use the updated experience to access AWS WAF functionality anywhere -This section describes the protection pack or web ACL traffic overview dashboards in the AWS WAF console. After you associate a protection pack or web ACL with one or more AWS resources and enable metrics for the protection pack or web ACL, you can access summaries of the web traffic that the protection pack or web ACL evaluates by going to the protection pack or web ACL's **Traffic overview** tab in the AWS WAF console. The dashboards include near real-time summaries of the Amazon CloudWatch metrics that AWS WAF collects when it evaluates your application web traffic. +This section describes the protection pack (web ACL) traffic overview dashboards in the AWS WAF console. After you associate a protection pack (web ACL) with one or more AWS resources and enable metrics for the protection pack (web ACL), you can access summaries of the web traffic that the protection pack (web ACL) evaluates by going to the protection pack (web ACL)'s **Traffic overview** tab in the AWS WAF console. The dashboards include near real-time summaries of the Amazon CloudWatch metrics that AWS WAF collects when it evaluates your application web traffic. @@ -15 +15 @@ This section describes the protection pack or web ACL traffic overview dashboard -If you don't see anything on the dashboards, make sure you have metrics enabled for the protection pack or web ACL. +If you don't see anything on the dashboards, make sure you have metrics enabled for the protection pack (web ACL). @@ -17 +17 @@ If you don't see anything on the dashboards, make sure you have metrics enabled -The protection pack or web ACL's **Traffic overview** tab contains tabbed dashboards with the following categories of information: +The protection pack (web ACL)'s **Traffic overview** tab contains tabbed dashboards with the following categories of information: @@ -21 +21 @@ The protection pack or web ACL's **Traffic overview** tab contains tabbed dashbo - * **All traffic** – All web requests that the protection pack or web ACL evaluates. + * **All traffic** – All web requests that the protection pack (web ACL) evaluates. @@ -27 +27 @@ The dashboard focus is on terminating actions, but you can view the matches for - * **Sampled requests** tab of the protection pack or web ACL page. This new tab includes a graph of all rule matches. For information, see [Viewing a sample of web requests](./web-acl-testing-view-sample.html). + * **Sampled requests** tab of the protection pack (web ACL) page. This new tab includes a graph of all rule matches. For information, see [Viewing a sample of web requests](./web-acl-testing-view-sample.html). @@ -29 +29 @@ The dashboard focus is on terminating actions, but you can view the matches for - * **Anti-DDoS** – Web requests that the protection pack or web ACL evaluates using the `AntiDDoSRuleSet` Anti-DDoS managed rule group. + * **Anti-DDoS** – Web requests that the protection pack (web ACL) evaluates using the `AntiDDoSRuleSet` Anti-DDoS managed rule group. @@ -31 +31 @@ The dashboard focus is on terminating actions, but you can view the matches for -This tab is only available if you're using this rule group in your protection pack or web ACL. +This tab is only available if you're using this rule group in your protection pack (web ACL). @@ -33 +33 @@ This tab is only available if you're using this rule group in your protection pa - * **Bot Control** – Web requests that the protection pack or web ACL evaluates using the Bot Control managed rule group. + * **Bot Control** – Web requests that the protection pack (web ACL) evaluates using the Bot Control managed rule group. @@ -35 +35 @@ This tab is only available if you're using this rule group in your protection pa - * If you aren't using this rule group in your protection pack or web ACL, this tab shows the results of evaluating a sampling of your web traffic against the Bot Control rules. This gives you an idea of the bot traffic that your application receives and it's free of charge. + * If you aren't using this rule group in your protection pack (web ACL), this tab shows the results of evaluating a sampling of your web traffic against the Bot Control rules. This gives you an idea of the bot traffic that your application receives and it's free of charge. @@ -39 +39 @@ This rule group is part of the intelligent threat mitigation options that AWS WA - * **Account takeover prevention** – Web requests that the protection pack or web ACL evaluates using the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group. This tab is only available if you're using this rule group in your protection pack or web ACL. + * **Account takeover prevention** – Web requests that the protection pack (web ACL) evaluates using the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group. This tab is only available if you're using this rule group in your protection pack (web ACL). @@ -43 +43 @@ The ATP rule group is part of the AWS WAF intelligent threat mitigation offering - * **Account creation fraud prevention** – Web requests that the protection pack or web ACL evaluates using the AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule group. This tab is only available if you're using this rule group in your protection pack or web ACL. + * **Account creation fraud prevention** – Web requests that the protection pack (web ACL) evaluates using the AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule group. This tab is only available if you're using this rule group in your protection pack (web ACL). @@ -50 +50 @@ The ACFP rule group is part of the AWS WAF intelligent threat mitigation offerin -The dashboards are based on the protection pack or web ACL's CloudWatch metrics, and the graphs provide access to the corresponding metrics in CloudWatch. For the intelligent threat mitigation dashboards, like Bot Control, the metrics used are primarily the label metrics. +The dashboards are based on the protection pack (web ACL)'s CloudWatch metrics, and the graphs provide access to the corresponding metrics in CloudWatch. For the intelligent threat mitigation dashboards, like Bot Control, the metrics used are primarily the label metrics. @@ -59 +59 @@ The dashboards are based on the protection pack or web ACL's CloudWatch metrics, -The dashboards provide summaries of your traffic patterns for the terminating actions and date range that you select. The intelligent threat mitigation dashboards include requests that the corresponding managed rule group evaluated, regardless of whether the managed rule group itself applied the terminating action. For example, if Block is selected, the **Account takeover prevention** dashboard includes information for all web requests that were both evaluated by the ATP managed rule group and blocked at some point during the protection pack or web ACL evaluation. The requests can be blocked by the ATP managed rule group, by a rule that ran after the rule group in the protection pack or web ACL, or by the protection pack or web ACL default action. +The dashboards provide summaries of your traffic patterns for the terminating actions and date range that you select. The intelligent threat mitigation dashboards include requests that the corresponding managed rule group evaluated, regardless of whether the managed rule group itself applied the terminating action. For example, if Block is selected, the **Account takeover prevention** dashboard includes information for all web requests that were both evaluated by the ATP managed rule group and blocked at some point during the protection pack (web ACL) evaluation. The requests can be blocked by the ATP managed rule group, by a rule that ran after the rule group in the protection pack (web ACL), or by the protection pack (web ACL) default action. @@ -67 +67 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Viewing protection pack or web ACL metrics +Viewing protection pack (web ACL) metrics @@ -69 +69 @@ Viewing protection pack or web ACL metrics -Viewing the dashboards for a protection pack or web ACL +Viewing the dashboards for a protection pack (web ACL)