In this blog, we will introduce the steps to initialize WafCharm. 

WafCharm can be initialized by setting Web ACL Config and Web Site Config.

Contents

  1. 1. Initial setting (Web ACL Config registration)
  2. 2. Initial setting (Web Site Config registration)
  3. 3. Confirmation after the initial setting

1. Initial setting (Web ACL Config registration)

1-1. As you subscribe to a plan, you will be guided to the following page. Let's start with the setting of Web ACL Config.

WafCharm「Web ACL Config」Setting Menu

 

1-2. Click “Add ACL”.

 

1-3. Enter the required information (① 〜 ⑨) and click "Save".

①Web ACL ID Select AWS Management Console > WAF & Shield > Go to AWS WAF > Web ACLs

The "ID" enclosed in the red frame in the image below is "Web ACL ID".

②Web ACL Name Enter a Web ACL Name. It is not necessary to make it
the same as the name registered on the AWS console, but the same name is recommended.
③Access key / Secret key Input the key of the target user who has the IAM policy
"AWSWAFFullAccess".

Please refer to the following page when setting with
custom policy.

Reference URL:https://www.wafcharm.com/en/wp/blog/aws-iam-setting-for-wafcharm/

④Rule limit Set an upper limit to the number of rules that WafCharm
can apply to the target Web ACL.

Example)
・Rule limit:10 → WafCharm can apply up to 10 rules to
the target Web ACL.

・Rule limit:5 → WafCharm can only apply up to 5 rules
to the target web ACL and the remaining 5 rules can be
created and applied by the user.
⑤Choose AWS service type Select the resource to which the Web ACL is attached from the pull-down menu.
⑥Choose your AWS region Select the "region" where the Web ACL and resource is
created.
⑦Blacklist Input a blacklist if you want to set it up at the initial stage. It is also possible to add the blacklist setting later.
⑧Whitelist Input a whitelist if you want to set it up at the initial stage. It is also possible to add the whitelist setting later.
⑨Default AWS WAF Action You can set actions for when WafCharm applies rules to
the target Web ACL.

※The action of the rules that are already applied to
the target Web ACL can not be changed with this setting.

 

 

2. Initial setting (Web Site Config registration)

After the Web ACL Config registration (Step 1), in order to analyze the log, it is necessary to grant Read permission to WafCharm to access the log in S3 by performing necessary settings on the following page. Please enter the required information (① ~ ③, and ④ if necessary) and Click "Save".

WafCharm「Web Site Config」Setting Menu
①Web ACL Config Select the target Web ACL Config.

※For those creating Web ACL Config for the first time,
it has already been selected.

②FQDN Input the FQDN of the target Web application.
③S3 Path Set the path of access log output destination for your
resource.

 

CloudFront log output destination confirmation

AWS Management Console > CloudFront > Select the
target "CloudFront" > Select "Distribution Setting" > Click "Edit" > Confirm the part surrounded by red frame in the
image below.

In the below example, the S3 path registered in WafCharm is "s3://Wafcharm.s3.amazonaws.com/cloudfrontlogs/".
CloudFront log output destination confirmation screen

 

ALB log output destination confirmation

AWS management console > EC2 > Click on the
"load balancer" in the sidebar > Check target ALB > At the bottom, check the explanation tab (default) in the load
balancer information > Confirm context

 

In the below example,

・Access log: Location of S3 will be "WafCharm/alblogs"

 

Therefore, the S3 Path registered in the WafCharm is
"s3://WafCharm/alblogs/AWSLogs/<AWSaccountID>/elasticloadbalancing/ap-northeast-1/".

※This time the region is set as "ap-northeast-1".


ALB log output destination confirmation screen

④Access Key Option Input the key of the target user who has the IAM policy
"AmazonS3ReadOnlyAccess".

Please put a check if AWS WAF and S3 have the same
Access key / Secret key.

If AWS WAF and S3 have different Access key / Secret key, uncheck "Reuse Web ACL Access Key" and set Access Key / Secret key granting "Read" privilege to S3.

Reference URL:https://www.wafcharm.com/en/wp/blog/aws-iam-setting-for-wafcharm/

 

 

3. Confirmation after the initial setting

Completion of Web ACL Config. registration & WebSite Config. registration will initialize the automatic operation by WafCharm.

For confirmation, check whether WafCharm has applied a rule on registered WebACL.

 

3-1. On AWS Management Console, under "AWS WAF", click on "WebACLs" and select the registered WebACL and then click on the "Rules" tab.

 

3-2. Under the "Rules" tab, as long as there is a rule name starting with "wafcharm-", we can confirm that the automatic operation of WafCharm has been started.

 

3-3. Finally, check if the recommendation function (rule optimization) is working. Click on "Account" on WafCharm management screen.

 

3-4. Confirm that the count for "this month" of the log total enclosed in the red frame below goes up.

 

※If the log count doesn't go up even after waiting for about 1 hour, please contact at WafCharm Support (wafcharm-support@cscloud.co.jp).

 

3-5. Complete all registration and confirmation !

Recommendation (rule optimization) and automatic operation by WafCharm is in progress !!