It has been a while since this post has been published. This post may contain information that are not relevant anymore.
【Table of contents】
- 1.Introduction
- 2.What is new AWS WAF
- 3.Changes in WafCharm to be compatible with new the AWS WAF
- 4.About Managed Rules integration
- 5.Checking the rules registered by WafCharm
- 6.About migration of existing ACLs
1. Introduction
On Nov 25, 2019 AWS released the new AWS WAF.
Until now, it was not possible to use the new AWS WAF with WafCharm.
Now that WafCharm is compatible with the new AWS WAF, let us review the new AWS WAF features again.
AWS WAF Classic is still compatible with WafCharm.
※The previous version of AWS WAF is now known as AWS WAF Classic. The new version is known as AWS WAF.
In this blog, the new version is called new AWS WAF and the previous version as AWS WAF Classic.
2.What is new AWS WAF
We have already explained about the new AWS WAF in the following blogs, so please check it out.
-
Part 1: [new AWS WAF] Summary of Changes
Part 2: [new AWS WAF] AWS Management Console Operation (Managed Rules)
Part 3: [new AWS WAF] AWS Management Console Operation (Original Rules)
Part 4: [new AWS WAF] AWS Management Console Operation (Pattern Sets and Rule Groups)
Part 5: [new AWS WAF] JSON Explanation
3.Changes in WafCharm to be compatible with new the AWS WAF
Changes to restrictions on the rules that can be registered
In AWS WAF Classic, there was a limit on the number of rules, but with the new AWS WAF, it has changed to a cost-based limit called WCU (WAF Capacity Unit). As a result of this change, the number of available rules has increased significantly.
As a result, WafCharm is now able to offer a richer set of signatures than ever before.
Changes to rule structure
In AWS WAF Classic, the rules set in the Web ACL were registered as a single rule.
The new AWS WAF allows the use of rule groups like that of managing Managed Rules. As a result, the rules registered by WafCharm are basically in the form of rule groups with rules under them.
Changes to supportable rules
Rules can also be customized to support country-specific restricted rules and rate-based rules.
Rate-based rules are registered as normal rules, and not as rule groups.
If you would like to create a rule, please contact our support team.
※The customization of the rules is only available for users with a business plan or above.
Features not available in the new AWS WAF
WafCharm provides a rule group exception setting feature for our managed rules for AWS WAF Classic, and this feature will continue to be available for AWS WAF Classic users.
However, WafCharm does not offer this feature for the new AWS WAF users, as it is now very easy to set up in the AWS Management Console.
Features still available in the new AWS WAF
Automatic rule replacement, blacklisting, reporting, and email notification features will continue to be provided.
4.About Managed Rules integration
Our Managed Rules are also compatible with the new AWS WAF.
If you wish to use our Managed Rules together with WafCharm, please contact our support team. We will be happy to help with customization, so that they can be used effectively.
※This feature is only available for users with a business plan or above.
We are unable to integrate WafCharm effectively with AMR (AWS Managed Rules) or other companies' managed rules because the content of the rules has not been made public.
5.Checking the rules registered by WafCharm
Please check the official information. If necessary, use the CLI to check in your environment.
6.About migration of existing ACLs
WebACLs registered with AWS WAF Classic cannot be migrated to the new AWS WAF.
Please register the WebACL created with the new AWS WAF from the WafCharm management screen.
Also, WafCharm automatically identifies new AWS WAF and AWS WAF Classic, so there is no need to specify new AWS WAF and AWS WAF Classic.
参照:https://docs.aws.amazon.com/waf/latest/developerguide/waf-migrating-from-classic.html
