AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2026-06-10 · Documentation low

File: waf/latest/developerguide/ddos-event-mitigation-features.md

Summary

Added AWS Global Accelerator to services supporting TCP SYN proxy DDoS protection.

Security assessment

Documents expanded availability of existing security feature (SYN flood protection) without addressing vulnerabilities.

Diff

diff --git a/waf/latest/developerguide/ddos-event-mitigation-features.md b/waf/latest/developerguide/ddos-event-mitigation-features.md
index 9c0215026..5f4540fdd 100644
--- a//waf/latest/developerguide/ddos-event-mitigation-features.md
+++ b//waf/latest/developerguide/ddos-event-mitigation-features.md
@@ -21 +21 @@ The main features of AWS Shield DDoS mitigation are the following:
-  * **TCP SYN proxy** – This provides protection against TCP SYN floods by sending TCP SYN cookies to challenge new connections before allowing them to pass to the protected service. The TCP SYN proxy provided by Shield DDoS mitigation is stateless, which allows it to mitigate the largest known TCP SYN flood attacks without reaching state exhaustion. This is achieved by integrating with AWS services to hand off connection state instead of maintaining a continuous proxy between the client and the protected service. TCP SYN proxy is currently available on Amazon CloudFront and Amazon Route 53. 
+  * **TCP SYN proxy** – This provides protection against TCP SYN floods by sending TCP SYN cookies to challenge new connections before allowing them to pass to the protected service. The TCP SYN proxy provided by Shield DDoS mitigation is stateless, which allows it to mitigate the largest known TCP SYN flood attacks without reaching state exhaustion. This is achieved by integrating with AWS services to hand off connection state instead of maintaining a continuous proxy between the client and the protected service. TCP SYN proxy is currently available on Amazon CloudFront, Amazon Route 53, and AWS Global Accelerator.