AWS waf documentation change
Summary
Added optional monetization configuration for AI bot traffic during web ACL creation and renumbered subsequent steps
Security assessment
The changes introduce monetization capabilities for AI bot traffic through payment networks and wallet addresses, which is a business feature rather than a security feature. There is no mention of security vulnerabilities, threat mitigation, or access controls. The existing security-related sections (token domain list, rule priorities) were only renumbered without content changes.
Diff
diff --git a/waf/latest/developerguide/web-acl-creating.md b/waf/latest/developerguide/web-acl-creating.md index 37227342a..6d95acbfe 100644 --- a//waf/latest/developerguide/web-acl-creating.md +++ b//waf/latest/developerguide/web-acl-creating.md @@ -120 +120,3 @@ You can't change the name after you create the protection pack (web ACL). - 12. Review your settings and choose **Add protection pack (web ACL)**. + 12. (Optional) If you want to monetize AI bot traffic, expand **Monetization configuration** and configure your payment networks, wallet addresses, and base price. You can skip this step and add a MonetizationConfig later. + + 13. Review your settings and choose **Add protection pack (web ACL)**. @@ -174 +176,3 @@ When you choose to associate an Application Load Balancer with your web ACL, **R - 10. Choose **Next**. + 10. (Optional) If you want to monetize AI bot traffic, expand **Monetization configuration** and configure your payment networks, wallet addresses, and base price. You can skip this step and add a MonetizationConfig later. + + 11. Choose **Next**. @@ -176 +180 @@ When you choose to associate an Application Load Balancer with your web ACL, **R - 11. (Optional) If you want to add managed rule groups, on the **Add rules and rule groups** page, choose **Add rules** , and then choose **Add managed rule groups**. Do the following for each managed rule group that you want to add: + 12. (Optional) If you want to add managed rule groups, on the **Add rules and rule groups** page, choose **Add rules** , and then choose **Add managed rule groups**. Do the following for each managed rule group that you want to add: @@ -198 +202 @@ If you add more than one rule to a web ACL, AWS WAF evaluates the rules in the o - 12. (Optional) If you want to add your own rule group, on the **Add rules and rule groups** page, choose **Add rules** , and then choose **Add my own rules and rule groups**. Do the following for each rule group that you want to add: + 13. (Optional) If you want to add your own rule group, on the **Add rules and rule groups** page, choose **Add rules** , and then choose **Add my own rules and rule groups**. Do the following for each rule group that you want to add: @@ -212 +216 @@ If you want to override the rule actions for a rule group of your own, first sav - 13. (Optional) If you want to add your own rule, on the **Add rules and rule groups** page, choose **Add rules** , **Add my own rules and rule groups** , **Rule builder** , then **Rule visual editor**. + 14. (Optional) If you want to add your own rule, on the **Add rules and rule groups** page, choose **Add rules** , **Add my own rules and rule groups** , **Rule builder** , then **Rule visual editor**. @@ -238 +242 @@ If you want to have your rule add labels to matching web requests, choose the op - 14. Choose the default action for the web ACL, either Block or Allow. This is the action that AWS WAF takes on a request when the rules in the web ACL don't explicitly allow or block it. For more information, see [Setting the protection pack (web ACL) default action in AWS WAF](./web-acl-default-action.html). + 15. Choose the default action for the web ACL, either Block or Allow. This is the action that AWS WAF takes on a request when the rules in the web ACL don't explicitly allow or block it. For more information, see [Setting the protection pack (web ACL) default action in AWS WAF](./web-acl-default-action.html). @@ -242 +246 @@ If you want to customize the default action, choose the options for that and fil - 15. You can define a **Token domain list** to enable token sharing between protected applications. Tokens are used by the CAPTCHA and Challenge actions and by the application integration SDKs that you implement when you use the AWS Managed Rules rule groups for AWS WAF Fraud Control account creation fraud prevention (ACFP), AWS WAF Fraud Control account takeover prevention (ATP), and AWS WAF Bot Control. + 16. You can define a **Token domain list** to enable token sharing between protected applications. Tokens are used by the CAPTCHA and Challenge actions and by the application integration SDKs that you implement when you use the AWS Managed Rules rule groups for AWS WAF Fraud Control account creation fraud prevention (ACFP), AWS WAF Fraud Control account takeover prevention (ATP), and AWS WAF Bot Control. @@ -248 +252 @@ By default, AWS WAF accepts tokens only for the domain of the protected resource - 16. Choose **Next**. + 17. Choose **Next**. @@ -250 +254 @@ By default, AWS WAF accepts tokens only for the domain of the protected resource - 17. In the **Set rule priority** page, select and move your rules and rule groups to the order that you want AWS WAF to process them. AWS WAF processes rules starting from the top of the list. When you save the web ACL AWS WAF assigns numeric priority settings to the rules, in the order that you have them listed. For more information, see [Setting rule priority](./web-acl-processing-order.html). + 18. In the **Set rule priority** page, select and move your rules and rule groups to the order that you want AWS WAF to process them. AWS WAF processes rules starting from the top of the list. When you save the web ACL AWS WAF assigns numeric priority settings to the rules, in the order that you have them listed. For more information, see [Setting rule priority](./web-acl-processing-order.html). @@ -252 +256 @@ By default, AWS WAF accepts tokens only for the domain of the protected resource - 18. Choose **Next**. + 19. Choose **Next**. @@ -254 +258 @@ By default, AWS WAF accepts tokens only for the domain of the protected resource - 19. In the **Configure metrics** page, review the options and apply any updates that you need. You can combine metrics from multiple sources by providing the same **CloudWatch metric name** for them. + 20. In the **Configure metrics** page, review the options and apply any updates that you need. You can combine metrics from multiple sources by providing the same **CloudWatch metric name** for them. @@ -256 +260 @@ By default, AWS WAF accepts tokens only for the domain of the protected resource - 20. Choose **Next**. + 21. Choose **Next**. @@ -258 +262 @@ By default, AWS WAF accepts tokens only for the domain of the protected resource - 21. In the **Review and create web ACL** page, check over your definitions. If you want to change any area, choose **Edit** for the area. This returns you to the page in the web ACL wizard. Make any changes, then choose **Next** through the pages until you come back to the **Review and create web ACL** page. + 22. In the **Review and create web ACL** page, check over your definitions. If you want to change any area, choose **Edit** for the area. This returns you to the page in the web ACL wizard. Make any changes, then choose **Next** through the pages until you come back to the **Review and create web ACL** page. @@ -260 +264 @@ By default, AWS WAF accepts tokens only for the domain of the protected resource - 22. Choose **Create web ACL**. Your new web ACL is listed in the **web ACLs** page. + 23. Choose **Create web ACL**. Your new web ACL is listed in the **web ACLs** page.