AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2026-05-28 · Documentation low

File: waf/latest/developerguide/waf-managed-protections-comparison-table-rg.md

Summary

Added note about common protection limitations against advanced bots and targeted protection necessity.

Security assessment

Documents security feature (Bot Control) selection criteria without evidence of a specific vulnerability being addressed.

Diff

diff --git a/waf/latest/developerguide/waf-managed-protections-comparison-table-rg.md b/waf/latest/developerguide/waf-managed-protections-comparison-table-rg.md
index 8020e238f..d79da2055 100644
--- a//waf/latest/developerguide/waf-managed-protections-comparison-table-rg.md
+++ b//waf/latest/developerguide/waf-managed-protections-comparison-table-rg.md
@@ -28,0 +29,2 @@ For details about costs associated with these options, see the intelligent threa
+If your application faces bots that rotate IP addresses and mimic browser behavior, the common protection level alone won't detect them. These bots don't self-identify and require the behavioral analysis and machine learning that targeted protection provides. For guidance on choosing the right protection level for your specific application, see [Choosing and configuring Bot Control for your use case](./waf-bot-control-use-cases.html).
+