Waf Charm

FAQ

Capabilities

Question

What is WafCharm?

Answer

WafCharm automates the management of your AWS Web Application Firewall (WAF). It saves time and costs by automatically creating and updating rules (signatures) to protect against new threats and vulnerabilities based on your access logs.

Question

How does WafCharm work?

Answer

WafCharm seamlessly integrates with your existing AWS WAF setup, without disrupting your current rules or configurations. In less than 10 minutes, it configures your AWS WAF with up to 26 rules based on OWASP Top 10, DDoS mitigation and early detection, and automated IP blocking.

Question

What makes WafCharm unique?

Answer

Unlike other solutions that add an external layer, WafCharm is a configuration under AWS WAF. This ensures adherence to AWS WAF's constant updates and upgrades, providing superior security and compatibility.

Question

How often are rules updated?

Answer

Our security experts continuously monitor for new vulnerabilities and attack patterns. We create and deploy updated rules to safeguard your applications when a new threat is identified. WafCharm ensures your defenses are always current and your applications remain secure against evolving cyber threats.

Question

Does WafCharm provide reporting and notification features?

Answer

Yes, WafCharm offers:
1. Real-time email notifications when malicious requests are detected.
2. A monthly report in your dashboard summarizing the previous month's attack detection status, including attack types, detections per rule, top 10 source countries, and top 10 source IP addresses.

Since WafCharm applies security rules directly to AWS WAF, you can continue leveraging AWS services like CloudWatch and CloudTrail for monitoring and notifications. The WAF logs from Web ACLs and CloudWatch metrics can be also easily utilized by any third-party log analysis or reporting systems you currently have. This allows you to conveniently view and analyze the information detected by WafCharm within your existing monitoring platforms.

Question

Is there any way to safely check the effectiveness of the rules on the service in operation or validate “false positives”?

Answer

With WafCharm being a native configuration standard within AWS WAF, you can easily evaluate incoming web requests by utilizing the "Count" method. AWS WAF allows you to set each rule to ALLOW, COUNT, or BLOCK mode. Through the WafCharm dashboard, you can enable a "Detection Mode" by specifying the Default WAF Action as COUNT. This mode monitors and counts potential threats without actively blocking them, allowing you to evaluate the effectiveness of WafCharm's rules on your live website traffic before enforcing them in BLOCK mode.

After confirming the effectiveness of the WafCharm rules, don't forget to set the corresponding WAF rules in AWS Management Console to 'Block' mode. Since WafCharm is integrated with AWS WAF, you can safely leverage this "Count" method to thoroughly validate the protection capabilities without impacting your website's availability.

Question

What is the purpose of the "Default Web ACL Action" setting in AWS WAF?

Answer

The "Default Web ACL Action" determines how AWS WAF handles web requests that don't trigger any of the defined rules within a Web ACL. For WafCharm users, it's recommended to set the "Default Web ACL Action" to "Allow" for these unmatched requests. This ensures that legitimate traffic to your website proceeds uninterrupted if it doesn't match any of WafCharm's rules. Setting the "Default Web ACL Action" to "Allow" treats unmatched requests as normal, allowing your website to function as intended while WafCharm's rules focus on detecting and blocking malicious traffic patterns. Please refer to the following AWS documentation for more details:
https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-default-action.html

Question

Can I use WafCharm alongside my existing web security rules and setups?

Answer

Yes, WafCharm is designed to seamlessly integrate with your current web application security configurations. You can continue using your custom rules and preferred security components alongside WafCharm's rules.

Additionally, WafCharm's rule set complements other protection layers you may have, such as domain-based firewalls. Since AWS WAF operates at the resource level, WafCharm can process web requests that may bypass domain-level protections, providing an added layer of defense. This flexibility allows you to prioritize the execution order of rules while benefiting from WafCharm's up-to-date threat intelligence.

However, please refrain from registering rules that start with the term 'WafCharm', as they will conflict with the existing WafCharm rules.

Question

Can WafCharm inspect and analyze the response data from my web applications?

Answer

Unfortunately, due to the inherent design of AWS WAF, it is not possible for WafCharm to inspect or access the response data sent from your web applications to clients. AWS WAF operates by evaluating incoming web requests before they reach your applications, allowing it to filter out malicious traffic. However, it does not have visibility into the responses generated by your applications. This limitation is not specific to WafCharm but rather a fundamental constraint of the AWS WAF service itself.

Question

How quickly do changes to the Blacklist or Whitelist on the WafCharm dashboard take effect?

Answer

After saving updates to the Blacklist or Whitelist through the WafCharm dashboard, the changes are promptly applied to your AWS WAF configuration. While the exact timing may vary slightly depending on the server load at that moment, you can expect the new IP address entries to be enforced almost immediately. WafCharm's seamless integration with AWS WAF ensures that any modifications to your approved or blocked IP lists are reflected in your web application's security posture without any significant delays.

Question

Can I modify how WafCharm's rules respond to potential threats, such as monitoring or blocking?

Answer

Yes, you have the flexibility to adjust the rule actions for WafCharm's rules applied to your Web ACLs. Using the AWS Management Console, you can change the rule action for any of WafCharm's rules between COUNT or BLOCK mode. The COUNT mode allows you to monitor and log potential threats without actively blocking requests, while the BLOCK mode instructs AWS WAF to deny requests that match a specific rule.

Question

What are the key features of WafCharm's Blocklist functionality?

Answer

WafCharm's Blacklist feature provides a robust and multi-layered approach to identifying and blocking malicious traffic sources. It comprises three main components:
Continuous Log Analysis: WafCharm re-evaluates your access logs against hundreds of security signatures. Any detected threats are automatically added to the Blacklist every 5 minutes, ensuring real-time protection.
IP Reputation Monitoring: WafCharm integrates with CSC's proprietary IP reputation database to cross-reference and blacklist known malicious IP addresses on a daily basis.
Custom Blacklisting: Through the WafCharm dashboard, you have the ability to manually add IP addresses to the Blacklist. These custom entries take effect immediately after saving the changes, granting you precise control over banned sources.

By combining automated threat detection, reputable intelligence feeds, and custom blacklisting capabilities, WafCharm's Blocklist feature delivers comprehensive protection against a wide range of potential attacks and bad actors.

Question

My CloudFront distribution allows various HTTP methods like POST, DELETE, PATCH, OPTIONS. However, I don't want to permit methods other than POST. Can WafCharm help me achieve this granular control?

Answer

Absolutely. The WafCharm support team can create custom rules to enforce precise HTTP method restrictions, even if your CloudFront distribution has broader method allowances configured. By defining a dedicated rule, WafCharm can ensure that only POST requests are permitted while blocking all other methods like DELETE, PATCH, OPTIONS, and more. This granular control over allowed HTTP methods adds an extra layer of security and helps mitigate potential vulnerabilities or misuse stemming from unintended method access. WafCharm's flexible rule management empowers you to tailor security controls to your application's specific needs.

Question

Can WafCharm restrict web traffic based on the IP addresses' source countries?

Answer

Yes, WafCharm offers the capability to implement country-level IP restrictions. By leveraging geolocation data associated with IP addresses, WafCharm can be configured to allow or deny access to your web applications based on the visitor's country of origin. If you require this level of geographic access control, please reach out to the WafCharm support team.

Question

Can I restrict the use of credentials to WafCharm based on IP addresses?

Answer

Yes, our support team can provide WafCharm's IP addresses to use in IP-based restrictions. Please contact us for the further information.

Integration & Deployment

Question

What are the key steps to get started with WafCharm?

Answer

Setting up WafCharm is a straightforward process that can be completed in a matter of minutes. Here are the four main steps:
1. Have AWS Web Application Firewall (WAF) enabled for your web applications or resources.
2. Activate your WafCharm subscription through AWS Marketplace.
3. In the WafCharm dashboard, enter your AWS WAF Web ACL information and define an Assumed Role to allow WafCharm to propagate its security signatures to your Web ACL.
4. Provide WafCharm with the S3 bucket path where your resource's access logs are stored, granting WafCharm the necessary read permissions.

Once these four steps are completed, WafCharm will be fully configured and ready to protect your web applications within a few minutes.

Question

How can I configure and set up WafCharm for my web applications?

Answer

We've prepared detailed guides to walk you through the WafCharm configuration process.

For a step-by-step written guide, please refer to the following blog post:
https://www.wafcharm.com/en/blog/check-wafcharm-setting/

This comprehensive blog covers all the necessary steps to integrate WafCharm with your AWS WAF and web resources, including instructions for defining assumed roles, granting permissions, and entering your Web ACL and log output path information into the WafCharm dashboard.

Alternatively, if you prefer a video walkthrough, we've created a visual setup guide:
https://youtu.be/JOOocJC2upw?feature=shared

This video tutorial provides a clear, visual demonstration of the WafCharm configuration process, making it easy to follow along and ensure a successful integration with your AWS environment.

Question

Do I need to add any rules to my Web ACL before using WafCharm?

Answer

No, you don't need to pre-configure your Web ACL. WafCharm will automatically apply its security rules to your Web ACL as soon as the initial setup is complete.

Cost & Savings

Question

Where can I sign up to start using WafCharm?

Answer

You can subscribe to WafCharm directly from AWS MARKETPLACE.
https://aws.amazon.com/marketplace/pp/prodview-crrflizdnl6pw

If you want to speak with our sales representative before subscribing, use the contact form below.
https://www.wafcharm.com/en/contact-us/

Question

What is the billing structure of WafCharm?

Answer

WafCharm is a pay-as-you-go model. Your bill for WafCharm is incorporated into your AWS monthly bill. Feel free to use our cost calculator: https://us.wafcharm.com/cost-calculator

Question

When is the monthly payment for WafCharm due?

Answer

The usage fee for WafCharm, as purchased through the AWS Marketplace, is billed and collected by AWS. The payment is due at the same time as your other AWS service usage fees, following the standard AWS billing schedule.

Question

How can I check the current number of web requests?

Answer

There are several methods available to check the number of web requests, depending on your specific setup and requirements:

WafCharm Dashboard: If you have an active WafCharm subscription, you can log in to the WafCharm dashboard and view the number of web requests during your free trial period or after activating your paid plan.
AWS Monthly Bill: For AWS WAF users, your monthly AWS bill provides the total number of web requests processed. This information is listed under the "WAF Items" section, displaying the count and corresponding cost for the billable requests.
CloudWatch Metrics: If you're already utilizing AWS WAF, you can leverage CloudWatch Metrics to monitor the total number of BlockedRequests and AllowedRequests. Simply navigate to your Web ACL, select the "WAFV2" namespace, and view the relevant metrics.
Web Server Access Logs: You can estimate the number of web requests by counting the lines in your web server's access log files. This method provides an approximate count for reference purposes.

Question

Where can I find detailed information about WafCharm's pricing, fees, and tax-related matters?

Answer

You can find all the necessary details regarding WafCharm's pricing structure and applicable fees on our dedicated pricing page:
https://www.wafcharm.com/en/pricing/

This page provides a comprehensive breakdown of our pricing plans, clearly outlining the costs associated with each tier.

Question

Where can I find and review the Terms of Use for WafCharm?

Answer

You can access the complete Terms of Use for WafCharm on our website at the following URL: https://www.wafcharm.com/en/legal/

Question

Where can I find the WafCharm Data Processing Addendum?

Answer

The complete Data Processing Addendum for WafCharm is available at this URL:
https://www.wafcharm.com/en/legal/us_dpa/

Question

What happens when my WafCharm free trial period ends?

Answer

The free trial period offers you a limited time to explore and evaluate the full capabilities of WafCharm. As your trial nears its end date, you'll have the opportunity to review your experience and decide if you'd like to continue using WafCharm by subscribing to our paid plan.

Once the free trial and 21-day grace period ends, your account will be automatically terminated unless you choose to upgrade to our paid subscription. This ensures that you don't inadvertently continue using WafCharm without an active plan.

During the trial period, our team will reach out to you for a "trial review" consultation. This one-on-one session allows us to understand your experience, answer any questions you may have, and guide you through the process of subscribing to our paid plan, should you wish to continue using WafCharm.

Our goal is to provide you with a seamless experience while offering flexibility and personalized support to ensure you're getting the most value from WafCharm, whether during the trial or as a paid subscriber.

Free Technical Support

Question

What are the support hours for WafCharm customers?

Answer

At WafCharm, we pride ourselves on providing exceptional customer support to ensure your web applications remain secure and operational at all times. Our support offering includes:
24/7 Emergency Support: In the event of a critical security incident or urgent matter, our support team is available around the clock to assist you, regardless of the day or time.
Extended Business Hours: For non-urgent inquiries, technical assistance, or general support, our team is available during extended business hours from Monday to Friday, 9:00 AM to 6:00 PM Pacific Standard Time.

Question

Does WafCharm offer a Service Level Agreement (SLA)?

Answer

At this time, WafCharm does not provide a formal Service Level Agreement. However, our support team is committed to responding to customer inquiries in a timely manner.

Question

Can I customize WafCharm's rules to address false positives or special cases?

Answer

Yes, our support team is available to help you customize the rules to fit your specific requirements. If you encounter any issues, just reach out, and we'll work with you to make the necessary adjustments.

Question

What customization options are available for WafCharm's rules?

Answer

WafCharm is integrated in AWS WAF, so our customzation services is also provided within the AWS WAF limitations.

Common customizations include:

  • Excluding specific conditions from WafCharm rules to avoid false positives
  • Adding rate-based rules
  • Adding geo-match rules
  • Adding new rules based on CVE ID

Let us know your specific requirements to create rules/conditions.