AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-12-25 · Documentation low

File: waf/latest/developerguide/waf-rate-based-example-limit-login-page.md

Summary

Clarifies that rate-based rules apply actions only to requests matching the scope-down statement when limits are exceeded

Security assessment

The change improves documentation about security feature configuration (rate limiting for login pages) but doesn't address a specific vulnerability. It adds precision about scope-down statement behavior without indicating any security incident or weakness.

Diff

diff --git a/waf/latest/developerguide/waf-rate-based-example-limit-login-page.md b/waf/latest/developerguide/waf-rate-based-example-limit-login-page.md
index 56e5a41e3..468b03129 100644
--- a//waf/latest/developerguide/waf-rate-based-example-limit-login-page.md
+++ b//waf/latest/developerguide/waf-rate-based-example-limit-login-page.md
@@ -13 +13 @@ To limit the number of requests to the login page on your website without affect
-The rate-based rule will count all requests for the login page in a single aggregation instance and apply the rule action when the requests exceed the limit. 
+The rate-based rule will count all requests for the login page in a single aggregation instance and apply the rule action to all requests matching the scope-down statement when the requests exceed the limit.