Overview

All WAF configurations that have been created on the WafCharm Dashboard (old dashboard) will automatically be treated as WAF Config with Legacy rule policy. If you would like to use the Advanced rule policy, please refer to the steps below.

Notes

Advanced rule policy can only be used with new plan/MP ver.
- If you are currently using the old plan, you must be migrated to the new plan or MP ver. before using the Advanced rule policy.
- WafCharm accounts that have WAF Config for AWS WAF Classic registered cannot migrate to the new plan. Please update to AWS WAF v2 before migrating to the new plan.
You cannot register multiple WAF Configs with the same web ACL ID on the WafCharm Console.
If you have customized the WafCharm rules before, please see the [If you have customized rules before] section.

How to migrate

Re-registering a new web ACL

Create a new web ACL on your AWS management console beforehand. You can reattach resources such as ALB and CloudFront to the new web ACL at any time.

Sign in to the WafCharm console.
Create a WAF Config with the new web ACL information with Advanced rule policy.
Check that the WafCharm rules have been applied to the new web ACL.
Delete the WAF Config with the Legacy rule policy.
Open the old web ACL to make sure that the WafCharm rules have been deleted.
Delete any other unnecessary resources, including the old web ACL.

Migrating the current web ACL

WafCharm rules will not be applied to web ACL temporarily with this method.

Sign in to the WafCharm console.
Delete the WAF Config with the Legacy rule policy.
Open the old web ACL to make sure that the WafCharm rules have been deleted.
Open the WafCharm Console and re-create WAF Config with Advanced rule policy.
Check that the WafCharm rules have been applied.

If you have customized rules before

If you have customized WafCharm rules before, we have to manually re-apply the customizations because we cannot automatically migrate the customizations. If you have customized the WafCharm rules and wish to transfer the same conditions, please follow the steps below.

Organize the past customization requests you have made to the WafCharm support team.
Organize the list of customizations you want to apply to the new Advanced rule policy from the past customization requests.
Contact the WafCharm support team about migrating to the Advanced rule policy and the details of the customization requests.
After we have checked whether we can reapply the customization to the new Advanced rule policy rules, migrate the WAF Config based on the steps from [How to migrate] section.
When the migration is complete, contact the WafCharm support team.

About the re-application of customizations

Advanced rule policy and Legacy rule policy have different rule structures.

Although the rules that detect typical web attacks are equivalent in both rule policies, the structure in the Advanced rule policy is different from the Legacy rule policy. Because of the differences, the WafCharm support team will check the actual customization requests from you and the new rule structure to determine which rule to customize. Please organize the details of the customization you want to apply and contact the WafCharm support team with the information.
Example: If we have applied customization to exclude a URI [/example] from the rule XX on your web ACL, please let us know that you want to migrate this specific customization "exclude a URI [/example] from the rule XX" to the Advanced rule policy rules.

The WafCharm Support team will re-apply the customizations once you have completed the migration process of your WAF Configs. Please contact the WafCharm support team if you have completed the migration steps listed above.

Please keep in mind that rate-based rules and geo-match rules can be applied with rule configuration features included in the Advanced rule policy. If the same rules from past customizations can be created with the rule configuration feature, we may suggest you use it instead.