AWS waf documentation change
Summary
Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' throughout the document, clarifying terminology consistency.
Security assessment
The changes are purely terminological clarifications (replacing 'or' with parentheses) without altering security guidance. There is no evidence of addressing a specific vulnerability or security incident. The content still describes existing security configuration options (Allow/Block actions) without introducing new security features or addressing vulnerabilities.
Diff
diff --git a/waf/latest/developerguide/web-acl-default-action.md b/waf/latest/developerguide/web-acl-default-action.md index 89c53fe6c..6ca6876bc 100644 --- a//waf/latest/developerguide/web-acl-default-action.md +++ b//waf/latest/developerguide/web-acl-default-action.md @@ -9 +9 @@ You can now use the updated experience to access AWS WAF functionality anywhere -# Setting the protection pack or web ACL default action in AWS WAF +# Setting the protection pack (web ACL) default action in AWS WAF @@ -11 +11 @@ You can now use the updated experience to access AWS WAF functionality anywhere -This section explains how protection pack or web ACL default actions work. +This section explains how protection pack (web ACL) default actions work. @@ -13 +13 @@ This section explains how protection pack or web ACL default actions work. -When you create and configure a protection pack or web ACL, you must set the protection pack or web ACL default action. AWS WAF applies this action to any web request that makes it through all of the protection pack or web ACL's rule evaluations without having a terminating action applied to it. A terminating action stops the protection pack or web ACL evaluation of the request and either lets it continue to your protected application or blocks it. For information about rule actions, see [Using rule actions in AWS WAF](./waf-rule-action.html). +When you create and configure a protection pack (web ACL), you must set the protection pack (web ACL) default action. AWS WAF applies this action to any web request that makes it through all of the protection pack (web ACL)'s rule evaluations without having a terminating action applied to it. A terminating action stops the protection pack (web ACL) evaluation of the request and either lets it continue to your protected application or blocks it. For information about rule actions, see [Using rule actions in AWS WAF](./waf-rule-action.html). @@ -15 +15 @@ When you create and configure a protection pack or web ACL, you must set the pro -The protection pack or web ACL default action must determine the final disposition of the web request, so it's a terminating action: +The protection pack (web ACL) default action must determine the final disposition of the web request, so it's a terminating action: @@ -17 +17 @@ The protection pack or web ACL default action must determine the final dispositi - * **Allow** – If you want to allow most users to access your website, but you want to block access to attackers whose requests originate from specified IP addresses, or whose requests appear to contain malicious SQL code or specified values, choose Allow for the default action. Then, when you add rules to your protection pack or web ACL, add rules that identify and block the specific requests that you want to block. With this action, you can insert custom headers into the request before forwarding it to the protected resource. + * **Allow** – If you want to allow most users to access your website, but you want to block access to attackers whose requests originate from specified IP addresses, or whose requests appear to contain malicious SQL code or specified values, choose Allow for the default action. Then, when you add rules to your protection pack (web ACL), add rules that identify and block the specific requests that you want to block. With this action, you can insert custom headers into the request before forwarding it to the protected resource. @@ -19 +19 @@ The protection pack or web ACL default action must determine the final dispositi - * **Block** – If you want to prevent most users from accessing your website, but you want to allow access to users whose requests originate from specified IP addresses, or whose requests contain specified values, choose Block for the default action. Then when you add rules to your protection pack or web ACL, add rules that identify and allow the specific requests that you want to allow in. By default, for the Block action, the AWS resource responds with an HTTP `403 (Forbidden)` status code, but you can customize the response. + * **Block** – If you want to prevent most users from accessing your website, but you want to allow access to users whose requests originate from specified IP addresses, or whose requests contain specified values, choose Block for the default action. Then when you add rules to your protection pack (web ACL), add rules that identify and allow the specific requests that you want to allow in. By default, for the Block action, the AWS resource responds with an HTTP `403 (Forbidden)` status code, but you can customize the response. @@ -26 +26 @@ For information about customizing requests and responses, see [Customized web re -Your configuration of your own rules and rule groups depends in part on whether you want to allow or block most web requests. For example, if you want to _allow_ most requests, you would set the protection pack or web ACL default action to Allow, and then add rules that identify web requests that you want to _block_ , such as the following: +Your configuration of your own rules and rule groups depends in part on whether you want to allow or block most web requests. For example, if you want to _allow_ most requests, you would set the protection pack (web ACL) default action to Allow, and then add rules that identify web requests that you want to _block_ , such as the following: