AWS waf documentation change
Summary
Clarifies that rate-based rules apply actions only to requests matching the scope-down statement when limits are exceeded
Security assessment
The change improves documentation about security feature configuration (rate limiting for login pages) but doesn't address a specific vulnerability. It adds precision about scope-down statement behavior without indicating any security incident or weakness.
Diff
diff --git a/waf/latest/developerguide/waf-rate-based-example-limit-login-page.md b/waf/latest/developerguide/waf-rate-based-example-limit-login-page.md index 56e5a41e3..468b03129 100644 --- a//waf/latest/developerguide/waf-rate-based-example-limit-login-page.md +++ b//waf/latest/developerguide/waf-rate-based-example-limit-login-page.md @@ -13 +13 @@ To limit the number of requests to the login page on your website without affect -The rate-based rule will count all requests for the login page in a single aggregation instance and apply the rule action when the requests exceed the limit. +The rate-based rule will count all requests for the login page in a single aggregation instance and apply the rule action to all requests matching the scope-down statement when the requests exceed the limit.