AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/web-acl-rule-group-override-options.md

Summary

Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' throughout the document for consistency and clarity

Security assessment

The changes are purely terminological updates replacing 'protection pack or web ACL' with 'protection pack (web ACL)' without altering any security concepts, configurations, or behaviors. There is no evidence of vulnerability fixes, security incidents, or new security features being documented.

Diff

diff --git a/waf/latest/developerguide/web-acl-rule-group-override-options.md b/waf/latest/developerguide/web-acl-rule-group-override-options.md
index b51974983..b2b0ccbf0 100644
--- a//waf/latest/developerguide/web-acl-rule-group-override-options.md
+++ b//waf/latest/developerguide/web-acl-rule-group-override-options.md
@@ -15 +15 @@ This section explains how to override rule group actions.
-When you add a rule group to your protection pack or web ACL, you can override the actions it takes on matching web requests. Overriding the actions for a rule group inside your protection pack or web ACL configuration doesn't alter the rule group itself. It only alters how AWS WAF uses the rule group in the context of the protection pack or web ACL. 
+When you add a rule group to your protection pack (web ACL), you can override the actions it takes on matching web requests. Overriding the actions for a rule group inside your protection pack (web ACL) configuration doesn't alter the rule group itself. It only alters how AWS WAF uses the rule group in the context of the protection pack (web ACL). 
@@ -23 +23 @@ You can override the actions of the rules inside a rule group to any valid rule
-Rule actions can be terminating or non-terminating. A terminating action stops the protection pack or web ACL evaluation of the request and either lets it continue to your protected application or blocks it. 
+Rule actions can be terminating or non-terminating. A terminating action stops the protection pack (web ACL) evaluation of the request and either lets it continue to your protected application or blocks it. 
@@ -31 +31 @@ Here are the rule action options:
-  * **Count** – AWS WAF counts the request but does not determine whether to allow it or block it. This is a non-terminating action. AWS WAF continues processing the remaining rules in the protection pack or web ACL. In rules that you define, you can insert custom headers into the request and you can add labels that other rules can match against.
+  * **Count** – AWS WAF counts the request but does not determine whether to allow it or block it. This is a non-terminating action. AWS WAF continues processing the remaining rules in the protection pack (web ACL). In rules that you define, you can insert custom headers into the request and you can add labels that other rules can match against.
@@ -43 +43 @@ These rule actions can be terminating or non-terminating, depending on the state
-    * **Non-terminating for valid, unexpired token** – If the token is valid and unexpired according to the configured CAPTCHA or challenge immunity time, AWS WAF handles the request similar to the Count action. AWS WAF continues to inspect the web request based on the remaining rules in the protection pack or web ACL. Similar to the Count configuration, in rules that you define, you can optionally configure these actions with custom headers to insert into the request, and you can add labels that other rules can match against. 
+    * **Non-terminating for valid, unexpired token** – If the token is valid and unexpired according to the configured CAPTCHA or challenge immunity time, AWS WAF handles the request similar to the Count action. AWS WAF continues to inspect the web request based on the remaining rules in the protection pack (web ACL). Similar to the Count configuration, in rules that you define, you can optionally configure these actions with custom headers to insert into the request, and you can add labels that other rules can match against. 
@@ -64 +64 @@ For more information about using the rule action override in testing, see [Testi
-If you set rule group rule actions to Count in your protection pack or web ACL configuration before October 27, 2022, AWS WAF saved your overrides in the protection pack or web ACL JSON as `ExcludedRules`. Now, the JSON setting for overriding a rule to Count is in the `RuleActionOverrides` settings. 
+If you set rule group rule actions to Count in your protection pack (web ACL) configuration before October 27, 2022, AWS WAF saved your overrides in the protection pack (web ACL) JSON as `ExcludedRules`. Now, the JSON setting for overriding a rule to Count is in the `RuleActionOverrides` settings. 
@@ -70 +70 @@ We recommend that you update all of your `ExcludedRules` settings in your JSON l
-In the AWS WAF console, the protection pack or web ACL **Sampled requests** tab doesn't show samples for rules with the old setting. For more information, see [Viewing a sample of web requests](./web-acl-testing-view-sample.html). 
+In the AWS WAF console, the protection pack (web ACL) **Sampled requests** tab doesn't show samples for rules with the old setting. For more information, see [Viewing a sample of web requests](./web-acl-testing-view-sample.html). 
@@ -110 +110 @@ You can override the action that the rule group returns, setting it to Count.
-This is not a good option for testing the rules in a rule group, because it doesn't alter how AWS WAF evaluates the rule group itself. It only affects how AWS WAF handles results that are returned to the protection pack or web ACL from the rule group evaluation. If you want to test the rules in a rule group, use the option described in the preceding section, Rule group rule action overrides.
+This is not a good option for testing the rules in a rule group, because it doesn't alter how AWS WAF evaluates the rule group itself. It only affects how AWS WAF handles results that are returned to the protection pack (web ACL) from the rule group evaluation. If you want to test the rules in a rule group, use the option described in the preceding section, Rule group rule action overrides.
@@ -114 +114 @@ When you override the rule group action to Count, AWS WAF processes the rule gro
-If no rules in the rule group match or if all matching rules have a Count action, then this override has no effect on the processing of the rule group or the protection pack or web ACL.
+If no rules in the rule group match or if all matching rules have a Count action, then this override has no effect on the processing of the rule group or the protection pack (web ACL).
@@ -116 +116 @@ If no rules in the rule group match or if all matching rules have a Count action
-The first rule in the rule group that matches a web request and that has a terminating rule action causes AWS WAF to stop evaluating the rule group and return the terminating action result to the protection pack or web ACL evaluation level. At this point, in the protection pack or web ACL evaluation, this override takes effect. AWS WAF overrides the terminating action so that the result of the rule group evaluation is only a Count action. AWS WAF then continues processing the rest of the rules in the protection pack or web ACL.
+The first rule in the rule group that matches a web request and that has a terminating rule action causes AWS WAF to stop evaluating the rule group and return the terminating action result to the protection pack (web ACL) evaluation level. At this point, in the protection pack (web ACL) evaluation, this override takes effect. AWS WAF overrides the terminating action so that the result of the rule group evaluation is only a Count action. AWS WAF then continues processing the rest of the rules in the protection pack (web ACL).
@@ -128 +128 @@ Rule and rule group actions
-Setting the protection pack or web ACL default action
+Setting the protection pack (web ACL) default action