AWS waf documentation change
Summary
Added minimum integration guidance for Bot Control script placement on critical pages.
Security assessment
Documents security feature (Bot Control) implementation best practices but doesn't fix a security vulnerability.
Diff
diff --git a/waf/latest/developerguide/waf-bot-with-tokens.md b/waf/latest/developerguide/waf-bot-with-tokens.md index 67be8d44d..f16a8c931 100644 --- a//waf/latest/developerguide/waf-bot-with-tokens.md +++ b//waf/latest/developerguide/waf-bot-with-tokens.md @@ -18,0 +19,2 @@ We highly recommend implementing the application integration SDKs, for the most +At minimum, add the JavaScript challenge script tag to your most critical pages such as login, checkout, and account creation. For the strongest detection, integrate the SDK more broadly across pages that serve dynamic content. The more behavioral data Bot Control has, the better it can distinguish real users from advanced bots. For detailed integration guidance, see [Integrating the client application integration SDKs](./waf-bot-control-use-cases.html#waf-bot-control-sdk-guidance). +