FAQ

About function

What is WafCharm?: WafCharm automates your AWS WAF operations, saving your time and cost on maintaining AWS WAF.

With WafCharm, AWS WAF operations are automated as rules (signatures) are automatically created and updated for new attacks and vulnerabilities based on access logs.

Without disrupting or altering the existing rules or system, your IT and security teams can focus on other strategic initiatives.

How often are rules updated?: Rules are updated irregularly as needed.

AWS WAF does not have reporting or notification capabilities. Does WafCharm provide these features?: Yes, both reporting and email notification features are available in WafCharm regardless of the subscribed plan.

The monthly reporting feature provides a summary of the detection status of the previous month. For each web ACL, you can check attack types, the number of detections per rule, attack source country, and attack source IP address in a top 10 ranking format.

The email notification feature notifies the specified email addresses when requests are detected in real-time via email.

Is there any way to safely check the effectiveness of the rules on the service in operation?: Yes, in AWS WAF, you can specify ALLOW mode, COUNT mode, and BLOCK mode for each rule. On the WafCharm dashboard, it is possible to use WafCharm in detection mode by specifying COUNT as Default WAF Action.

What does the “default action” specify in “If a request does not match any rules, take the default action” of the web ACL of AWS WAF?: It determines the handling of requests that did not match any rules.

WafCharm users should set the default action to “Allow” for these requests that do not match any rules, as these are normal requests.

Is it possible to create my own rules in web ACL even if I start using WafCharm?: Yes, since WafCharm can only manage rules registered with the prefix “WafCharm“, users can create a custom rule with a different prefix, and it won’t be modified or deleted by WafCharm.

Is it possible to check the response data?: Unfortunately, due to the AWS WAF specification, it is not possible to check the response data.

How long does it take to reflect the changes in Blocklist / Allowed list registered from the WafCharm dashboard?: Although it differs somewhat depending on the load on the server, the changes should be applied to your AWS WAF immediately after saving.

Is it possible to change the rule actions of the rules that are applied to web ACL to COUNT or BLOCK?: Yes, you can change the rule actions of the rules applied to your web ACLs from the AWS Management Console.

What are the Blocklist features provided by WafCharm?: The Blocklist function of WafCharm has mainly 3 features.

1. The access logs are re-matched to hundreds of signatures, and those identified as attacks are added to the blocklist each time (every 5 minutes).
2. Blocklist feature using CSC's unique IP reputation (every day).
3. Blocklist feature that allows customers to register IP addresses on the WafCharm dashboard by themselves (reflected immediately after saving the changes).

In CloudFront, in order to allow POST requests, other methods like DELETE, PATCH, OPTIONS, etc., will also be permitted. Is it possible to create a rule that only allows POST requests with WafCharm even if such configuration is enabled in CloudFront?: Yes, WafCharm support team will create a rule to reject anything other than the required HTTP method.

Is country-level IP restriction possible with WafCharm?: Yes, please contact the WafCharm support team for further information.

I want to put a usage restriction on the access key and secret key as we want to restrict using WafCharm's global IP address. Can we have more information about putting a usage restriction?: Yes. Please contact the WafCharm support team for further information.

About implementation

What are the implementation requirements?: There are mainly 3 requirements.

1. Availability of AWS WAF.
2. Output the access log of the resource that has WAF applied to S3 bucket and give WafCharm Read permission to that S3 bucket.
3. Give full access to the AWS WAF to update rules using the API.

Please refer to the following blog posts to provide the necessary permissions.
*We recommend using AssumeRole.

About AssumeRole configuration and IAM policy:
https://www.wafcharm.com/en/blog/about-assume-role-config-and-iam-policy/

WafCharm Access Key / Secret Key Setup Manual:
https://www.wafcharm.com/en/blog/aws-iam-setting-for-wafcharm/

※ Credentials to access your resources must be registered in WafCharm dashboard to accomplish 2. and 3..
※ AWS WAF can be used with CloudFront, ALB (Application Load Balancer) or Amazon API Gateway.

How do I configure WafCharm?: Please refer to the following blog post for the initial setting manual of WafCharm.

Reference blog:
https://www.wafcharm.com/en/blog/check-wafcharm-setting/

Do I have to add rules into my web ACL beforehand?: You do not have to add rules into your web ACL before using WafCharm, and you can start using WafCharm immediately.

WafCharm will automatically apply the rules to your web ACL immediately after successfully completing the initial setup.

About subscription/payment

Where can I sign up to start using WafCharm?: You can subscribe to WafCharm from the page below.
https://www.wafcharm.com/en/aws-mp/

If you want to speak with our sales representative before subscribing, use the contact form below.
https://www.wafcharm.com/en/contact-us/

What are my payment options?: The usage fee of WafCharm for AWS Marketplace is billed by AWS. You can use any payment method accepted by AWS.

When is the payment due each month?: The usage fee of WafCharm for AWS Marketplace is billed by AWS. The payment occurs at the same time as other AWS service usage fees.

How can I check the current number of web requests?: You can login to WafCharm and check the number of web requests from the dashboard during the free trial period.

For other users, you can consider using the following ways to confirm your number of web requests.

・Using the number of lines in your web server’s access logs
There is a method to estimate the number of web requests by the number of lines in the access logs for reference.
Example）# cat /var/log/httpd/access_log | wc -l

・Using CloudWatch Metrics
If you are already using WAF, use the CloudWatch Metrics to check the total number of BlockedRequests and AllowedRequests by selecting your web ACL and then [WAFV2].

・Using AWS Management Console
On AWS Management Console, you can see the number of HTTP requests under Billing > Invoices > WAF Items shown as “Price per HTTP request” , “1,713,241 Requests” , “$1.03”.

Is there a detailed document regarding fees and tax related matters?: Please refer to the URL below.
https://www.wafcharm.com/en/pricing/

Can I check the Terms of Use of WafCharm?: Please refer to the URL below.
https://www.wafcharm.com/en/legal/

Can I check the Data Process Addendum of WafCharm?: Please refer to the URL below.
https://www.wafcharm.com/en/legal/us_dpa/

I am currently in the free trial period. Will my account be automatically upgraded to a paid plan after the free trial period ends?: Please be assured that you will not be automatically converted to any paid plan after your free trial plan ends. After the free trial plan terminates, our staff will contact you and consult you about your plan.

About support

Is there a 24/7 support?: Technical support is only available during business hours and after-hours support is only available for urgent matters.

Business Hour：Monday - Friday 9:00AM - 6:00PM PST

Is there an SLA?: There is no SLA. You may receive responses from the WafCharm support team on the next business day, depending on the urgency of the inquiry.

Can the rules be customized in case of false positives or any special cases?: Yes, please contact the WafCharm support team for further information.

What can be done in a signature customization?: Signature customization can offer:

- Tuning of the signature (WAF Rule) when a false-positive occurs.
- Creating an additional signature (WAF Rule) as required.