AWS waf documentation change
Summary
Updated terminology to consistently use 'protection pack (web ACL)' instead of 'protection pack or web ACL' throughout the document for clarity and consistency
Security assessment
The changes are purely terminological clarifications without introducing new security concepts, addressing vulnerabilities, or modifying security guidance. The updates standardize references to WAF components but contain no evidence of patching vulnerabilities or responding to security incidents.
Diff
diff --git a/waf/latest/developerguide/web-acl-testing-activities.md b/waf/latest/developerguide/web-acl-testing-activities.md index adb5828e2..80d9ddb6d 100644 --- a//waf/latest/developerguide/web-acl-testing-activities.md +++ b//waf/latest/developerguide/web-acl-testing-activities.md @@ -15 +15 @@ Monitor and tune your AWS WAF protections. -To follow the guidance in this section, you need to understand generally how to create and manage AWS WAF protections like protection pack or web ACLs, rules, and rule groups. That information is covered in earlier sections of this guide. +To follow the guidance in this section, you need to understand generally how to create and manage AWS WAF protections like protection packs (web ACLs), rules, and rule groups. That information is covered in earlier sections of this guide. @@ -17 +17 @@ To follow the guidance in this section, you need to understand generally how to -Monitor web traffic and rule matches to verify the behavior of the protection pack or web ACL. If you find problems, adjust your rules to correct and then monitor to verify the adjustments. +Monitor web traffic and rule matches to verify the behavior of the protection pack (web ACL). If you find problems, adjust your rules to correct and then monitor to verify the adjustments. @@ -19 +19 @@ Monitor web traffic and rule matches to verify the behavior of the protection pa -Repeat the following procedure until the protection pack or web ACL is managing your web traffic as you need it to. +Repeat the following procedure until the protection pack (web ACL) is managing your web traffic as you need it to. @@ -31 +31 @@ Look for the following information for the protections that you're testing: - * **Your rules** \- Rules in the protection pack or web ACL that have Count action are listed under `nonTerminatingMatchingRules`. Rules with Allow or Block are listed as the `terminatingRule`. Rules with CAPTCHA or Challenge can be either terminating or non-terminating, and so are listed under one of the two categories, according to the result of the rule match. + * **Your rules** \- Rules in the protection pack (web ACL) that have Count action are listed under `nonTerminatingMatchingRules`. Rules with Allow or Block are listed as the `terminatingRule`. Rules with CAPTCHA or Challenge can be either terminating or non-terminating, and so are listed under one of the two categories, according to the result of the rule match. @@ -37 +37 @@ Look for the following information for the protections that you're testing: -For more information, see [Log fields for protection pack or web ACL traffic](./logging-fields.html). +For more information, see [Log fields for protection pack (web ACL) traffic](./logging-fields.html). @@ -39 +39 @@ For more information, see [Log fields for protection pack or web ACL traffic](./ - * **Amazon CloudWatch metrics** – You can access the following metrics for your protection pack or web ACL request evaluation. + * **Amazon CloudWatch metrics** – You can access the following metrics for your protection pack (web ACL) request evaluation. @@ -41 +41 @@ For more information, see [Log fields for protection pack or web ACL traffic](./ - * **Your rules** – Metrics are grouped by the rule action. For example, when you test a rule in Count mode, its matches are listed as `Count` metrics for the protection pack or web ACL. + * **Your rules** – Metrics are grouped by the rule action. For example, when you test a rule in Count mode, its matches are listed as `Count` metrics for the protection pack (web ACL). @@ -45 +45 @@ For more information, see [Log fields for protection pack or web ACL traffic](./ - * **Rule groups owned by another account** – Rule group metrics are generally visible only to the rule group owner. However, if you override the rule action for a rule, the metrics for that rule will be listed under your protection pack or web ACL metrics. Additionally, labels added by any rule group are listed in your protection pack or web ACL metrics + * **Rule groups owned by another account** – Rule group metrics are generally visible only to the rule group owner. However, if you override the rule action for a rule, the metrics for that rule will be listed under your protection pack (web ACL) metrics. Additionally, labels added by any rule group are listed in your protection pack (web ACL) metrics @@ -49 +49 @@ Rule groups in this category are [AWS Managed Rules for AWS WAF](./aws-managed-r - * **Labels** \- Labels that were added to a web request during evaluation are listed in the protection pack or web ACL label metrics. You can access the metrics for all labels, regardless of whether they were added by your rules and rule groups or by rules in a rule group that another account owns. + * **Labels** \- Labels that were added to a web request during evaluation are listed in the protection pack (web ACL) label metrics. You can access the metrics for all labels, regardless of whether they were added by your rules and rule groups or by rules in a rule group that another account owns. @@ -53 +53 @@ For more information, see [Viewing metrics for your web ACL](./web-acl-testing-v - * **protection pack or web ACL traffic overview dashboards** – Access summaries of the web traffic that a protection pack or web ACL has evaluated by going to the protection pack or web ACL's page in the AWS WAF console and opening the **Traffic overview** tab. + * **protection pack (web ACL) traffic overview dashboards** – Access summaries of the web traffic that a protection pack (web ACL) has evaluated by going to the protection pack (web ACL)'s page in the AWS WAF console and opening the **Traffic overview** tab. @@ -57 +57 @@ The traffic overview dashboards provide near real-time summaries of the Amazon C -For more information, see [Traffic overview dashboards for protection pack or web ACLs](./web-acl-dashboards.html). +For more information, see [Traffic overview dashboards for protection packs (web ACLs)](./web-acl-dashboards.html). @@ -59 +59 @@ For more information, see [Traffic overview dashboards for protection pack or we - * **Sampled web requests** – Access information for the rules that match a sampling of the web requests. The sample information identifies matching rules by the metric name for the rule in the protection pack or web ACL. For rule groups, the metric identifies the rule group reference statement. For rules inside rule groups, the sample lists the matching rule name in `RuleWithinRuleGroup`. + * **Sampled web requests** – Access information for the rules that match a sampling of the web requests. The sample information identifies matching rules by the metric name for the rule in the protection pack (web ACL). For rule groups, the metric identifies the rule group reference statement. For rules inside rule groups, the sample lists the matching rule name in `RuleWithinRuleGroup`. @@ -65 +65 @@ For more information, see [Viewing a sample of web requests](./web-acl-testing-v -If you determine that a rule is generating false positives, by matching web requests when it shouldn't, the following options can help you tune your protection pack or web ACL protections to mitigate. +If you determine that a rule is generating false positives, by matching web requests when it shouldn't, the following options can help you tune your protection pack (web ACL) protections to mitigate. @@ -110 +110 @@ Preparing for testing -Viewing protection pack or web ACL metrics +Viewing protection pack (web ACL) metrics