Waf Charm



How to check if the rules are applied in AWS WAF


In this post, we will take a look at how to check if the rules are applied after you have completed the setting in WafCharm.

Time it takes to apply rules

Firstly, the rules will be applied immediately after the configuration is complete on average, but it may take a little longer, depending on the situation.

How to check if the rules are applied properly

In order to check that the rules are applied correctly, follow the steps below.

  1. Rules are applied to the Web ACL in AWS WAF (You can check from the AWS management console)
  2. Test the rules by sending attack-like requests and check the console for the log (refer to the steps below to test the rules)

*When you test the rules by attacking the environment, the IP address you used for the request will be added to WafCharm's blacklist. Ensure to use the IP address that can be added to the blacklist.

Steps to test the rules

  1. Access the URL: http(s)://your-server/?pw=%27%20or%201=1
  2. 403 error will be returned
  3. Check the AWS management consle after 15 minutes

Refer to the blog post below to see how to check the detection status.
How to Check the AWS WAF Detection Status