• About function

    • What is WafCharm?

      WafCharm is a service for automatic optimization of AWS WAF rules. It uses an internationally patented AI to set the most optimum rules for user’s website.

    • How often are rules updated?

      WafCharm will automatically optimize and update the rules according to the traffic on user’s system. These rules are updated once everyday.

    • AWS WAF does not have reporting or notification capabilities, but is there any such functionality in WafCharm?

      Yes, both reporting function & email notification function is available in WafCharm regardless of the plan chosen by user.
      The monthly reporting function provides a detailed summary of detection status of the previous month. For each WebACL, you can check the number of detections per rule, attack type, attack source country, and attack source IP address.
      Email notification function is a function to notify the detected content in real time via email.

    • Is there any way to safely check the effectiveness of the rules on the service in operation?

      Yes, in AWS WAF, you can specify ALLOW mode, COUNT mode, and BLOCK mode for each rule. On the WafCharm dashboard, it is possible to use WafCharm in detection mode by specifying COUNT as Default Action.

    • What does the “Default action” specify in “If a request does not match any rules, take the default action” of the Web ACL of AWS WAF?

      It determines the handling of requests that did not match any rules.
      WafCharm users should set the default action to “Allow” for these requests that do not match any rules, as these are normal requests.

    • Is it possible to set a custom rule on the Web ACL?

      Yes, it is possible.
      Since WafCharm can only manage rules registered with a prefix “wafcharm-“, users can create a custom rule with a different prefix, and it won’t be modified or deleted by WafCharm.

    • Is it possible to check the response data?

      Unfortunately, as a specification of AWS WAF, it is not possible to check the response data.

    • How long does it take to reflect Blacklist / Whitelist registered from the WafCharm management screen?

      Although it differs somewhat depending on the load on the server, it takes around 5 to 10 minutes to reflect.

    • Is it possible to change the mode of the rule applied to WebACL to Count or Block?

      Yes, it is possible to change the mode of the rule applied to WebACL from AWS Management Console.
      You can also delete the “Action” for each rule from the same page.

    • What is the Blacklist function provided by WafCharm?

      There are three main Blacklist features.
      ・The access log is re-matched to hundreds of signatures and those identified as attacks are Blacklisted each time (Every hour).
      ・Blacklist function with CSC's unique IP reputation (Every day)
      ・Blacklist function that allows customers to register IP addresses on the WafCharm management screen on their own. (Reflects in about 5 to 10 minutes after setting)

    • In CloudFront, in order to allow POST requests, DELETE, PATCH, OPTIONS, etc. are also set to be permitted. Is it possible to create a rule that allows only POST requests with the same setting in WafCharm?

      Yes, it is possible.
      WafCharm support will create a rule to reject anything other than the required HTTP method.

    • Is country-level IP restriction possible with WafCharm?

      Yes, it is possible.
      Please contact WafCharm support.

    • I want to put a usage restriction on the access key, secret key. As we want to control with GIP on WafCharm side, is it possible to disclose the GIP?

      Yes, it is possible.
      Please contact WafCharm support

  • About implementation

    • What are the implementation requirements?

      ① Availability of AWS WAF.
      ② Output the access log of the resource to which WAF is applied to S3 bucket and give WafCharm Read permission to that S3 bucket.
      ③ Have full access to the AWS WAF to update rules using the API.

      Please refer to the following blog for necessary settings.
      Reference blog: https://www.wafcharm.com/en/wp/blog/aws-iam-setting-for-wafcharm/

      ※ It is necessary to register AccessKey of ② and ③ on WafCharm management console.
      ※ AWS WAF can be used with CloudFront, ALB (Application Load Balancer) or Amazon API Gateway.

    • How to perform the initial setup of WafCharm?

      Please refer to the following blog for initial setting manual of WafCharm.
      Reference blog: https://www.wafcharm.com/en/wp/blog/check-wafcharm-setting/

    • Is it necessary to set rules on the created Web ACL?

      There is no need for such a setting, and therefore you can start using WafCharm immediately.
      After completing the initial setup on WafCharm management screen, WafCharm will automatically update the rules in WebACL in about 5 to 10 minutes.

  • About subscription/payment

    • Where can I apply to start using WafCharm?

      Please contact us from the following form and our sales representative will get back to you ASAP.

    • How can I pay for this service? What are my payment options?

      Both credit card and invoice payment options are available for Business and Enterprise plan users. For Entry plan users, payment can only be made with a credit card.
      If you request to have invoice payment option for entry plan, please subscribe via WafCharm sales partner.

    • When is the payment due each month?

      Payment for each month of use is due by the end of the following month.
      For example, payment for January will be due by the end of February.
      In case of invoice payment, an invoice will be mailed on the 10th of every month.

    • Before selecting a plan, we would like to confirm the current number of web requests. Is there any way to confirm it?

      【User who can log in to WafCharm management screen during the free trial】
      Number of web requests for the past 3 months can be confirmed from the “Account” page accessible from the “Menu” on top right corner of the WafCharm management screen.

      【Other users】
      ・Confirm on AWS Management Console
      On AWS Management Console, under Billing > Invoices > WAF Items, it is displayed as “Price per HTTP request” , “1,713,241 Requests” , “$1.03”

      ・Confirm from the number of rows in the Web server’s access log
      There is a method to estimate the number of web requests by the number of rows in the access log as a guide.
      Example)# cat /var/log/httpd/access_log | wc -l

  • About support

    • Is there a 24/7 support?

      24/7 support is provided for subscribers with Business Plan and above.
      Support for entry plan subscribers is during business hours only.

      ※Currently, 24/7 support is only available for customers in Japan. For all other areas, we will provide support with our best effort, i.e. usually within 3 working days. We sincerely apologize for the inconvenience and are working on improving our support services for customers worldwide.

    • Is there an SLA?

      There is no SLA regarding the response time.
      Also, business plan and above will be supported 24/7, but depending on the degree of urgency, it may be the next business day.

    • In case of false-positives, is it possible to customize specific rules?

      Yes, it is possible.
      Please contact WafCharm support.

    • What kind of false-positive correspondence is possible with WafCharm when false-positive occurs only with a specific URI?

      Please provide the detection log to WafCharm support.
      First of all, you can send us only the screen shot of the image posted at the end of the following reference blog.
      Reference Blog: https://www.wafcharm.com/blog/about-aws-waf-attack-state-jp/

      Although the response policy differs depending on the content, the following response will be proposed and implemented.
      ・Custom correspondence that avoids false-positive by changing the condition itself, not the exclusion of URI.
      ・Custom correspondence that excludes specific URI as detection exception for specific rule.
      ・Creation of rule which makes specific URI as detection exception for all rules.
      ※ The above customization can not be implemented for the entry plan customers. If necessary, it will be quoted separately.

Contact Us