About function

What is WafCharm?

WafCharm is a service for optimization of AWS WAF rules.

How often are rules updated?

Please allow us to have 1 day to update rules as the optimization of the rule differs depending on the amount of data.

※ This only applies for AWS WAF Classic environment.

AWS WAF does not have reporting or notification capabilities, but is there any such functionality in WafCharm?

Yes, both reporting function & email notification function is available in WafCharm regardless of the plan chosen by user.
The monthly reporting function provides a detailed summary of detection status of the previous month. For each WebACL, you can check the number of detections per rule, attack type, attack source country, and attack source IP address.

Email notification function is a function to notify the detected content in real time via email.

Is there any way to safely check the effectiveness of the rules on the service in operation?

Yes, in AWS WAF, you can specify ALLOW mode, COUNT mode, and BLOCK mode for each rule. On the WafCharm dashboard, it is possible to use WafCharm in detection mode by specifying COUNT as Default Action.

What does the “Default action” specify in “If a request does not match any rules, take the default action” of the Web ACL of AWS WAF?

It determines the handling of requests that did not match any rules.
WafCharm users should set the default action to “Allow” for these requests that do not match any rules, as these are normal requests.

Is it possible to set a custom rule on the Web ACL?

Yes, it is possible.
Since WafCharm can only manage rules registered with a prefix “wafcharm-“, users can create a custom rule with a different prefix, and it won’t be modified or deleted by WafCharm.

Is it possible to check the response data?

Unfortunately, as a specification of AWS WAF, it is not possible to check the response data.

How long does it take to reflect Blocklist / Allowed list registered from the WafCharm management screen?

Although it differs somewhat depending on the load on the server, it takes around 5 to 10 minutes to reflect.

Is it possible to change the mode of the rule applied to WebACL to Count or Block?

Yes, it is possible to change the mode of the rule applied to WebACL from AWS Management Console.
You can also delete the “Action” for each rule from the same page.

What is the Blacklist function provided by WafCharm?

There are three main Blocklist features.
・The access log is re-matched to hundreds of signatures and those identified as attacks are Blocked each time (Every hour).
・Blocklist function with CSC's unique IP reputation (Every day)
・Blocklist function that allows customers to register IP addresses on the WafCharm management screen on their own. (Reflects in about 5 to 10 minutes after setting)

In CloudFront, in order to allow POST requests, DELETE, PATCH, OPTIONS, etc. are also set to be permitted. Is it possible to create a rule that allows only POST requests with the same setting in WafCharm?

Yes, it is possible.
WafCharm support will create a rule to reject anything other than the required HTTP method.

Is country-level IP restriction possible with WafCharm?

Yes, it is possible.
Please contact WafCharm support.

I want to put a usage restriction on the access key, secret key. As we want to control with GIP on WafCharm side, is it possible to disclose the GIP?

Yes, it is possible.
Please contact WafCharm support

About implementation

What are the implementation requirements?

① Availability of AWS WAF.
② Output the access log of the resource that has WAF applied to S3 bucket and give WafCharm Read permission to that S3 bucket.
③ Give full access to the AWS WAF to update rules using the API.

Please refer to the following blog posts to provide the necessary permissions.
*We recommend using AssumeRole.

About AssumeRole configuration and IAM policy: 
https://www.wafcharm.com/en/blog/about-assume-role-config-and-iam-policy/

WafCharm Access Key / Secret Key Setup Manual: 
https://www.wafcharm.com/en/blog/aws-iam-setting-for-wafcharm/

※ Credentials to access your resources must be registered in WafCharm dashboard to accomplish ② and ③.
※ AWS WAF can be used with CloudFront, ALB (Application Load Balancer) or Amazon API Gateway.

How to perform the initial setup of WafCharm?

Please refer to the following blog for initial setting manual of WafCharm.
Reference blog: https://www.wafcharm.com/en/blog/check-wafcharm-setting/

Is it necessary to set rules on the created Web ACL?

There is no need for such a setting, and therefore you can start using WafCharm immediately.
After completing the initial setup on WafCharm management screen, WafCharm will automatically update the rules in WebACL in about 5 to 10 minutes.

About subscription/payment

Where can I apply to start using WafCharm?

Please contact us from the following form and our sales representative will get back to you ASAP.
https://www.wafcharm.com/en/contact-us/

How can I pay for this service? What are my payment options?

Payment can only be made with a credit card.

When is the payment due each month?

Fee is charged monthly on 1st of each month. It will be charged under credit card on file.
example: Service fee for November 2021 will be charged on December 1st 2021.

Before selecting a plan, we would like to confirm the current number of web requests. Is there any way to confirm it?

【User who can log in to WafCharm management screen during the free trial】
Number of web requests for the past 3 months can be confirmed from the “Account” page accessible from the “Menu” on top right corner of the WafCharm management screen.

【Other users】
・Confirm on AWS Management Console
On AWS Management Console, under Billing > Invoices > WAF Items, it is displayed as “Price per HTTP request” , “1,713,241 Requests” , “$1.03”

・Confirm from the number of rows in the Web server’s access log
There is a method to estimate the number of web requests by the number of rows in the access log as a guide.
Example）# cat /var/log/httpd/access_log | wc -l

Is there a detailed document regarding fees and tax related matters?

Please refer to plan explanation listed below.
https://dashboard.wafcharm.com/us/important-info

Is there Terms of Use regarding WafCharm ?

Please refer to Terms of Use listed below.
https://www.wafcharm.com/en/legal/

Is there a detailed document regarding Data Process Addendum ?

Please refer to the listed below.
https://www.wafcharm.com/en/legal/us_dpa/

Would WafCharm's price be prorated?

There are 3 different charges for WafCharm : Plan price, WebACL Usage Price, and Additional cost for # of Web Requests.
The billing calculation is different for those 3 charges.

Plan price is not prorated.
For example, if you start the service on 12/30, you will be able to use WafCharm for 2 days in December: 12/30 and 12/31, for instance, in the case of Business Plan, you will be charged $450 as the Plan Price in the following month.

WebACL Usage Price is prorated for each WebACL.
For example, if you start using WafCharm on 12/30, register one WebACL on 12/30, and register one WebACL on 12/31,
{$ 50 * 2 (number of days used in December) / 31 (number of days used in December)} + {$ 50 * 1 (number of days used in December) / 31 (number of days used in December)} = XXXXX

Additional cost for # of Web Request will only be charged for the counted amount.
* Please note that Additional cost for # of Web Request has some precautions when switching from a trial plan to a paid plan.
For example, if you switch to Business Plan on 12/30 during free trial period (30 days) from 11/30 to 12/29, it is as follows:
Additional cost for # of Web Request is not limited to # of Web Request from 12/30 to 12/31.
# of Web Requests measured from 12/01 to 12/29 are also included in the billing calculation.
You will only be charged if you switch to a paid plan, and you will not be charged for the Additional cost for # of Web Request if you do not switch from a trial plan to a paid plan.

I am using WafCharm's trial plan. When my trial plan terminates, would it automatically convert to entry plan or business plan?

Please be assured that you will not be automatically converted to any paid plan after your trial plan ends. After the trial plan terminates, our WafCharm staff will contact you and consult you about your plan.

About support

Is there a 24/7 support?

Technical support is only available during business hours.
Business Hour：Monday - Friday　9:00AM - 6:00PM PST.
If you have Business or Enterprise plan, after-hours support is available only for urgent matters.

Is there an SLA?

There is no SLA.

In case of false-positives, is it possible to customize specific rules?

Yes, it is possible.
Please contact WafCharm support.

What can a signature customization do?

- Signature customization tunes the signature (WAF Rule) when false-positive occurs.
- It can create an additional signature (WAF Rule) as required.