Overview

This article explains how to check the operation after setting up the WafCharm.

Checking the rule application status

Sign in to the AWS management console and open the target web ACL.

Make sure the rules are applied as below.

For Advanced rule policy

• WafCharm_Bypass_Bot_XXX
• WafCharm_Bypass_XXX
• WafCharm_Scoping_XXX
• WafCharm_UseCase_Regex_XXX

*XXX will be filled with an alphanumeric ID.

Please keep in mind that the rules applied from the Advanced rule policy differ based on your configuration. The rules listed above will be applied by default, but the total number of rules may change depending on the configuration on your WAF Config.

For Legacy rule policy

• WafCharm_Common_Basic_Group
• WafCharm_Common_Advanced_Group
• WafCharm_Blacklist_Group_XXX
  • XXX will be filled with the management number.

Please keep in mind that an allowlist rule (WafCharm_Whitelist_Group_XXX) will be available in addition to the above if you registered IP addresses in the allowlist.

Checking the log counts

Please access the target resources to check that the number of logs shown on the [Number of logs] section on the dashboard page is increasing.

Checking WAF log retrieval configuration

For Advanced rule policy

1. Make sure that the WAF log retrieval is enabled and that WAF logs are exported to your S3 bucket.
2. Open the dashboard page on the WafCharm Console and check the number of access next to the [Latest 24 hours] is increasing on the [Detection Status] section.

You can also check to see if you can search your WAF logs from the search feature to ensure that the WAF log retrieval is successfully enabled.

For Legacy rule policy

If you are using the new method (enabling WAF log retrieval)

1. Make sure that the WAF log retrieval is enabled and that WAF logs are exported to your S3 bucket.
2. Open the dashboard page on the WafCharm Console and check the number of access next to the [Latest 24 hours] is increasing on the [Detection Status] section.

You can also check to see if you can search your WAF logs from the search feature to ensure that the WAF log retrieval is successfully enabled.

If you are using the old method (Lambda method)

Please contact the WafCharm support team with the information below.

• The file name of the latest WAF log outputted to your S3 bucket.
• Name of the target WAF Config.

Other ways to check

If you see a configuration error on the dashboard page in the [WAF Config Status] section and [Credential Store Status] section, the configuration has not been completed successfully.

Check the messages shown on the details of each resource to make sure there are no errors.

Please refer to the Errors shown on each resource for AWS WAF Classic/AWS WAF v2 page for more details on the status shown on the details page.