Waf Charm

Blog

Follow us

WafCharm

We released a new WafCharm Console

  1. 1. Introduction
  2. 2. About the changes
  3. 3. Migrating from the old WafCharm Dashboard
  4. 4. Using WafCharm with the new plan/MP ver.
  5. 5. Using Wafcharm with the old plan
  6. 6. Notes on AWS WAF Classic
  7. 7. If you had customization done in WafCharm Dashboard
  8. 8. Conclusion

1. Introduction

We renewed the WafCharm management system.

We updated the old management system, WafCharm Dashboard, to a new management system called the WafCharm Console.

Please refer to the new help center for more information about how to set up in the WafCharm Console and specifications.

In this blog post, we will call the old management system “WafCharm Dashboard” and the new management system “WafCharm Console” and look at the differences, changes, and how to migrate to the WafCharm Console.

Please keep in mind that “management system” is a general term that refers to both of WafCharm Dashboard and WafCharm Console.

2. About the changes

The main changes in the WafCharm Console are as follows.

  • Major renewal of the pages itself, which changes configuration process and usage
  • Updated rule structures
  • New rule configuration and WAF log integration features

Here is the overview of each change.

Please refer to the help page Changes from the Dashboard for details on other changes.

Major renewal of the pages itself, which changes configuration process and usage

We have updated the design and improved the UI/UX.

There are two major changes that come from the updated design.

Change 1: Addition of the dashboard page

We created a dashboard page, which is the first page you see when you sign in to the WafCharm Console.

This page shows the number of configs for each resource (e.g., registered credential and WAF information), the number of logs, and the blocked status based on WAF log integration.

Change 2: Showing steps in the configuration process

To make it easier to understand the configuration process, the steps and descriptions are available on pages in the set up process.

In addition, we added a new method to use CloudFormation when adding credential information.

Please see the help center for detailed steps.

Updated rule structures

We also updated the WafCharm rules with a new rule policy called “Advanced”.

In addition to the general rules for common web attacks, bot rules, rate-based rules (), and geo-match rules () are available.
*These rules will be added based on your configuration.

Please be assured that the rule structure available in the old WafCharm Dashboard is also available as a Legacy rule policy.

Some features available in the Advanced rule policy are not available for the Legacy rule policy.
The Advanced rule policy is only available for the new plan/MP ver.

New rule configuration and WAF log integration features

As stated above, Advanced rule policy comes with a feature for adding rules and managing rule actions.

By configuring a couple of options, you can add rate-based rules and geo-match rules based on useful use cases.

In the rule management feature, you can adjust all WafCharm rules’ actions from the WafCharm Console.

In addition, we asked you to configure Lambda to transfer WAF logs to enable the monthly report feature and the detection notification feature. However, with the renewal, you can opt-in to enable WAF log retrieval to use these features.

We have updated some features related to reporting as well. By enabling WAF log retrieval, you can see the blocked status on the dashboard page and use the WAF log search feature.

In the Legacy rule policy, you can continue to use the Lambda method to transfer WAF logs. In this case, the monthly report feature and the detection notification feature will be available just like before.

Please note that if you use the Lambda method (the old method), you cannot see the blocked status on the dashboard page or use the WAF log search feature.

3. Migrating from the old WafCharm Dashboard

Because this renewal comes with major changes, we are providing a migration period for the current WafCharm users.

The migration period is 2024/08/08 - 2024/08/22 (JST).

After August 22nd, you will be redirected to the WafCharm Console.

*Sign-up from the WafCharm Dashboard has ended. To sign up with a new WafCharm account, please use the new WafCharm Console.

If you would like to migrate to the WafCharm Console from the WafCharm Dashboard, please follow the steps below.

  1. Sign in to the WafCharm Dashboard with owner-role account.
  2. Click on the link in the message “The new WafCharm has been released” on the top page.
  3. Read the information on the “The new WafCharm has been released” page and click the [Migrate] button.

Below are the notes on the migration process.

  • The migration process can only be completed by the owner-role account. Member accounts cannot complete the process.
    • If you cannot sign in to the owner-role account for some reason, please contact the WafCharm support team.
  • Once you have migrated to the WafCharm Console, you cannot switch back to the WafCharm Dashboard. If you must switch back to the WafCharm Dashboard after completing the migration process, please contact the WafCharm support team with the email address of the owner-role account.
  • You can use the same login information on the WafCharm Console.
  • During the transition period, you cannot use the WafCharm Console unless you have completed the migration process

Please refer to the help center for the configuration process and how to use the WafCharm Console.

4. Using WafCharm with the new plan/MP ver.

If you are using the WafCharm Dashboard with the new plan or subscribed via AWS Marketplace (MP ver.), you can use the Advanced rule policy in the WafCharm Console.

Please create a new WAF Config and select the Advanced rule policy to begin using the new rule policy.

The WAF Config (previously Web ACL Config) registered in the WafCharm Dashboard is transferred to the WafCharm Console as a Legacy rule policy. You can continue to use the same WAF Config.

If you want to switch the rule policy of the existing WAF Config from the Legacy rule policy to the Advanced rule policy, you must re-create the WAF Config.

When switching from the Legacy rule policy to the Advanced rule policy, please also read the [If you had customization done in WafCharm Dashboard] section below.

5. Using Wafcharm with the old plan

If you are using the WafCharm Dashboard with the old plan, you can use the Legacy rule policy in the WafCharm Console.

The WAF Config (previously Web ACL Config) registered in the WafCharm Dashboard is transferred to the WafCharm Console as a Legacy rule policy. You can continue to use the same WAF Config.

If you are using AWS WAF v2 and want to use the Advanced rule policy, please migrate to the new plan or MP ver. Please contact the WafCharm support team if you need any assistance in changing the plan.

6. Notes on AWS WAF Classic

You can use the new WafCharm Console even if you are using AWS WAF Classic.

However, the Managed Rules rule group exception feature provided in the WafCharm Dashboard is no longer available on the WafCharm Console.

If you are currently using WafCharm and CSC’s managed rules together on AWS WAF Classic and are using the said feature, please use the AWS management console to adjust the rule actions of the CSC’s managed rules.

*For more details on using WafCharm with AWS WAF Classic and Managed Rules rule group exception feature, please see this blog post: Using WafCharm with AWS WAF Classic

7. If you had customization done in WafCharm Dashboard

If you have requested customization in the past and would like to transfer to the Advanced rule policy, the previous customization must be manually applied to new rules because the rule structure is different.

Please contact the WafCharm support team before transferring your WAF Config so we can determine if the customization can be transferred.

After you’ve migrated to the WafCharm Console, you can continue to use the Legacy rule policy. In that case, you don’t have to transfer past customization separately.

8. Conclusion

With this WafCharm Console update, the new features and configuration process are available.

A lot has changed, but we will continue to make improvements to provide better products in the future.

Back to list

Popular Post