Waf Charm

FAQ

About function

Question

What is WafCharm?

Answer

WafCharm is a service for optimization of AWS WAF rules.

Question

How often are rules updated?

Answer

Please allow us to have 1 day to update rules as the optimization of the rule differs depending on the amount of data.

※ This only applies for AWS WAF Classic environment.

Question

AWS WAF does not have reporting or notification capabilities, but is there any such functionality in WafCharm?

Answer

Yes, both reporting function & email notification function is available in WafCharm regardless of the plan chosen by user.
The monthly reporting function provides a detailed summary of detection status of the previous month. For each WebACL, you can check the number of detections per rule, attack type, attack source country, and attack source IP address.

Email notification function is a function to notify the detected content in real time via email.

Question

Is there any way to safely check the effectiveness of the rules on the service in operation?

Answer

Yes, in AWS WAF, you can specify ALLOW mode, COUNT mode, and BLOCK mode for each rule. On the WafCharm dashboard, it is possible to use WafCharm in detection mode by specifying COUNT as Default Action.

Question

What does the “Default action” specify in “If a request does not match any rules, take the default action” of the Web ACL of AWS WAF?

Answer

It determines the handling of requests that did not match any rules.
WafCharm users should set the default action to “Allow” for these requests that do not match any rules, as these are normal requests.

Question

Is it possible to set a custom rule on the Web ACL?

Answer

Yes, it is possible.
Since WafCharm can only manage rules registered with a prefix “wafcharm-“, users can create a custom rule with a different prefix, and it won’t be modified or deleted by WafCharm.

Question

Is it possible to check the response data?

Answer

Unfortunately, as a specification of AWS WAF, it is not possible to check the response data.

Question

How long does it take to reflect Blocklist / Allowed list registered from the WafCharm management screen?

Answer

Although it differs somewhat depending on the load on the server, it takes around 5 to 10 minutes to reflect.

Question

Is it possible to change the mode of the rule applied to WebACL to Count or Block?

Answer

Yes, it is possible to change the mode of the rule applied to WebACL from AWS Management Console.
You can also delete the “Action” for each rule from the same page.

Question

What is the Blacklist function provided by WafCharm?

Answer

There are three main Blocklist features.
・The access log is re-matched to hundreds of signatures and those identified as attacks are Blocked each time (Every hour).
・Blocklist function with CSC's unique IP reputation (Every day)
・Blocklist function that allows customers to register IP addresses on the WafCharm management screen on their own. (Reflects in about 5 to 10 minutes after setting)

Question

In CloudFront, in order to allow POST requests, DELETE, PATCH, OPTIONS, etc. are also set to be permitted. Is it possible to create a rule that allows only POST requests with the same setting in WafCharm?

Answer

Yes, it is possible.
WafCharm support will create a rule to reject anything other than the required HTTP method.

Question

Is country-level IP restriction possible with WafCharm?

Answer

Yes, it is possible.
Please contact WafCharm support.

Question

I want to put a usage restriction on the access key, secret key. As we want to control with GIP on WafCharm side, is it possible to disclose the GIP?

Answer

Yes, it is possible.
Please contact WafCharm support

About implementation

Question

What are the implementation requirements?

Answer

① Availability of AWS WAF.
② Output the access log of the resource to which WAF is applied to S3 bucket and give WafCharm Read permission to that S3 bucket.
③ Have full access to the AWS WAF to update rules using the API.

Please refer to the following blog for necessary settings.
Reference blog: https://www.wafcharm.com/en/blog/aws-iam-setting-for-wafcharm/

※ It is necessary to register AccessKey of ② and ③ on WafCharm management console.
※ AWS WAF can be used with CloudFront, ALB (Application Load Balancer) or Amazon API Gateway.

Question

How to perform the initial setup of WafCharm?

Answer

Please refer to the following blog for initial setting manual of WafCharm.
Reference blog: https://www.wafcharm.com/en/blog/check-wafcharm-setting/

Question

Is it necessary to set rules on the created Web ACL?

Answer

There is no need for such a setting, and therefore you can start using WafCharm immediately.
After completing the initial setup on WafCharm management screen, WafCharm will automatically update the rules in WebACL in about 5 to 10 minutes.

About subscription/payment

Question

Where can I apply to start using WafCharm?

Answer

Please contact us from the following form and our sales representative will get back to you ASAP.
https://www.wafcharm.com/en/contact-us/

Question

How can I pay for this service? What are my payment options?

Answer

Payment can only be made with a credit card.

Question

When is the payment due each month?

Answer

Fee is charged monthly on 1st of each month. It will be charged under credit card on file.
example: Service fee for November 2021 will be charged on December 1st 2021.

Question

Before selecting a plan, we would like to confirm the current number of web requests. Is there any way to confirm it?

Answer

【User who can log in to WafCharm management screen during the free trial】
Number of web requests for the past 3 months can be confirmed from the “Account” page accessible from the “Menu” on top right corner of the WafCharm management screen.

【Other users】
・Confirm on AWS Management Console
On AWS Management Console, under Billing > Invoices > WAF Items, it is displayed as “Price per HTTP request” , “1,713,241 Requests” , “$1.03”

・Confirm from the number of rows in the Web server’s access log
There is a method to estimate the number of web requests by the number of rows in the access log as a guide.
Example)# cat /var/log/httpd/access_log | wc -l

Question

Is there a detailed document regarding fees and tax related matters?

Answer

Please refer to plan explanation listed below.
https://dashboard.wafcharm.com/us/important-info

Question

Is there Terms of Use regarding WafCharm ?

Answer

Please refer to Terms of Use listed below.
https://www.wafcharm.com/en/legal/

Question

Is there a detailed document regarding Data Process Addendum ?

Answer

Please refer to the listed below.
https://www.wafcharm.com/en/legal/us_dpa/

Question

Would WafCharm's price be prorated?

Answer

There are 3 different charges for WafCharm : Plan price, WebACL Usage Price, and Additional cost for # of Web Requests.
The billing calculation is different for those 3 charges.

Plan price is not prorated.
For example, if you start the service on 12/30, you will be able to use WafCharm for 2 days in December: 12/30 and 12/31, for instance, in the case of Business Plan, you will be charged $450 as the Plan Price in the following month.

WebACL Usage Price is prorated for each WebACL.
For example, if you start using WafCharm on 12/30, register one WebACL on 12/30, and register one WebACL on 12/31,
{$ 50 * 2 (number of days used in December) / 31 (number of days used in December)} + {$ 50 * 1 (number of days used in December) / 31 (number of days used in December)} = XXXXX

Additional cost for # of Web Request will only be charged for the counted amount.
* Please note that Additional cost for # of Web Request has some precautions when switching from a trial plan to a paid plan.
For example, if you switch to Business Plan on 12/30 during free trial period (30 days) from 11/30 to 12/29, it is as follows:
Additional cost for # of Web Request is not limited to # of Web Request from 12/30 to 12/31.
# of Web Requests measured from 12/01 to 12/29 are also included in the billing calculation.
You will only be charged if you switch to a paid plan, and you will not be charged for the Additional cost for # of Web Request if you do not switch from a trial plan to a paid plan.

Question

I am using WafCharm's trial plan. When my trial plan terminates, would it automatically convert to entry plan or business plan?

Answer

Please be assured that you will not be automatically converted to any paid plan after your trial plan ends. After the trial plan terminates, our WafCharm staff will contact you and consult you about your plan.

About support

Question

Is there a 24/7 support?

Answer

Technical support is only available during business hours.
Business Hour:Monday - Friday 9:00AM - 6:00PM PST.
If you have Business or Enterprise plan, after-hours support is available only for urgent matters.

Question

Is there an SLA?

Answer

There is no SLA.

Question

In case of false-positives, is it possible to customize specific rules?

Answer

Yes, it is possible.
Please contact WafCharm support.

Question

What can a signature customization do?

Answer

- Signature customization tunes the signature (WAF Rule) when false-positive occurs.
- It can create an additional signature (WAF Rule) as required.