In this blog, we will introduce the steps to initialize WafCharm.
WafCharm can be initialized by setting Web ACL Config and Web Site Config.
- 1. Initial setting (Web ACL Config registration)
- 2. Initial setting (Web Site Config registration)
- 3. Confirmation after the initial setting
1. Initial setting (Web ACL Config registration)
1-1. As you subscribe to a plan, you will be guided to the following page. Let's start with the setting of Web ACL Config.
WafCharm「Web ACL Config」Setting Menu
1-2. Click “Add ACL”.
1-3. Enter the required information (① 〜 ⑨) and click "Save".
|①Web ACL ID||Select AWS Management Console > WAF & Shield > Go to AWS WAF > Web ACLs
The "ID" enclosed in the red frame in the image below is "Web ACL ID".
|②Web ACL Name||Enter a Web ACL Name. It is not necessary to make it
the same as the name registered on the AWS console, but the same name is recommended.
|③Access key / Secret key||Input the key of the target user who has the IAM policy
Please refer to the following page when setting with
|④Rule limit||Set an upper limit to the number of rules that WafCharm
can apply to the target Web ACL.
・Rule limit：10 → WafCharm can apply up to 10 rules to
the target Web ACL.
・Rule limit：5 → WafCharm can only apply up to 5 rules
to the target web ACL and the remaining 5 rules can be
created and applied by the user.
|⑤Choose AWS service type||Select the resource to which the Web ACL is attached from the pull-down menu.|
|⑥Choose your AWS region||Select the "region" where the Web ACL and resource is
|⑦Blacklist||Input a blacklist if you want to set it up at the initial stage. It is also possible to add the blacklist setting later.|
|⑧Whitelist||Input a whitelist if you want to set it up at the initial stage. It is also possible to add the whitelist setting later.|
|⑨Default AWS WAF Action||You can set actions for when WafCharm applies rules to
the target Web ACL.
※The action of the rules that are already applied to
2. Initial setting (Web Site Config registration)
After the Web ACL Config registration (Step 1), in order to analyze the log, it is necessary to grant Read permission to WafCharm to access the log in S3 by performing necessary settings on the following page. Please enter the required information (① ~ ③, and ④ if necessary) and Click "Save".
|①Web ACL Config||Select the target Web ACL Config.
※For those creating Web ACL Config for the first time,
|②FQDN||Input the FQDN of the target Web application.|
|③S3 Path||Set the path of access log output destination for your
CloudFront log output destination confirmation
AWS Management Console > CloudFront > Select the
In the below example, the S3 path registered in WafCharm is "s3://Wafcharm.s3.amazonaws.com/cloudfrontlogs/".
ALB log output destination confirmation
AWS management console > EC2 > Click on the
In the below example,
・Access log: Location of S3 will be "WafCharm/alblogs"
Therefore, the S3 Path registered in the WafCharm is
※This time the region is set as "ap-northeast-1".
|④Access Key Option||Input the key of the target user who has the IAM policy
Please put a check if AWS WAF and S3 have the same
If AWS WAF and S3 have different Access key / Secret key, uncheck "Reuse Web ACL Access Key" and set Access Key / Secret key granting "Read" privilege to S3.
3. Confirmation after the initial setting
Completion of Web ACL Config. registration & WebSite Config. registration will initialize the automatic operation by WafCharm.
For confirmation, check whether WafCharm has applied a rule on registered WebACL.
3-1. On AWS Management Console, under "AWS WAF", click on "WebACLs" and select the registered WebACL and then click on the "Rules" tab.
3-2. Under the "Rules" tab, as long as there is a rule name starting with "wafcharm-", we can confirm that the automatic operation of WafCharm has been started.
3-3. Finally, check if the recommendation function (rule optimization) is working. Click on "Account" on WafCharm management screen.
3-4. Confirm that the count for "this month" of the log total enclosed in the red frame below goes up.
※If the log count doesn't go up even after waiting for about 1 hour, please contact at WafCharm Support (firstname.lastname@example.org).
3-5. Complete all registration and confirmation !
Recommendation (rule optimization) and automatic operation by WafCharm is in progress !!