Enabling Alarm Notifications

You can configure alarm rules for WAF to notify you of exceptions by email, SMS messages, or other method you specify. So that you can handle exceptions in a timely manner and keep your website stable.

WAF supports the following notification types:

Events: If the number of attacks on your website reaches or exceeds the threshold within a specified period, WAF will send an alarm notification to you. The alarm notification contains logs of attacks that are blocked or logged only.
Certificate expired: If the certificate used for your website is about to expire, WAF will send an alarm notification to you.

Constraints

Only Cloud mode CNAME access mode (professional and enterprise editions) and dedicated mode support certificate expiration alarm notifications.
Alarm notifications depend on Simple Message Notification (SMN). You are billed based on your actual usage. For details, see SMN Pricing Details.

Prerequisites

You have connected your website to WAF using Cloud Mode - CNAME or Dedicated Mode.
You have created a topic on the SMN console and the subscription status is confirmed. For details, see Creating a Topic.
If you want to configure event notifications, ensure that you have configured protection rules. For details, see Configuring Protection Policies.
If you want to certificate expiration notifications, ensure that you have associated certificates for protected websites. For details, see Using a Certificate for a Protected Website in WAF.

Enabling Alarm Notifications

Log in to the WAF console.
Click in the upper left corner and select a region or project.
(Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
In the navigation pane on the left, choose Instance Management > Notifications.

Click Create, configure notification parameters, and click OK.

Figure 1 Create Notification
Click to enlarge

**Table 1** Description of notification setting parameters
Parameter	Description
Notification Type	Type of the notification. Events: If the number of attacks on your website reaches or exceeds the threshold within a specified period, WAF will send an alarm notification to you. The alarm notification contains logs of attacks that are blocked or logged only. Certificate expired: If the certificate used for your website is about to expire, WAF will send an alarm notification to you.
Notification Name	Name of the alarm notification.
Enterprise Project	Enterprise project for which the notification takes effect.
Notification Topic	The topic for configuring the terminals for receiving alarm notifications. Select an existing topic from the drop-down list or click View Topic and create a topic on the displayed page. If there are no topics, click View Topic and perform the following steps to create a topic: Create a topic. For details, see Creating a Topic. Add one or more subscriptions to the topic. You will need to provide a phone number, email address, function, platform application endpoint, DMS endpoint, or HTTP/HTTPS endpoint for receiving alarm notifications. For details, see Adding a Subscription. Confirm the subscription. After the subscription is added, confirm the subscription. For more details about topics and subscriptions, see Simple Message Notification User Guide.
Interval (Events)	Alarm threshold. An alarm is sent when the number of attacks reaches the threshold within the specified interval. If you select Events for Notification Type, this parameter is mandatory.
Event Type (Events)	Event types. By default, all event types are selected. You can customize the event types. If you select Events for Notification Type, this parameter is mandatory.
Notification Before Expiration (Certificate expiration)	Notification time. Select how long before a certificate expires WAF can send notifications. You can select 1 week, 1 month, or 2 months. For example, if you select 1 week, WAF will send you an SMS message or email one week before the certificate expires. This parameter must be configured if you select Certificate expiration for Notification Type.
Interval (Certificate expiration)	How often WAF sends expiration notifications to you. You can select Weekly or Daily. This parameter must be configured if you select Certificate expiration for Notification Type.
Description	(Optional) A description of the purposes of the alarm.

Click Confirm.
- To disable a notification, locate the row containing the notification and click Disable in the Operation column.
- To delete a notification, locate the row containing the notification and click Delete in the Operation column.
- To modify a notification, locate the row containing the notification and click Modify in the Operation column.

Example Alarm Notification Email

If you have enabled alarm notifications and configured email alarm notifications, WAF emails you reports of any attacks that occur. Figure 2 shows an alarm notification email.

Figure 2 Alarm notification email
Click to enlarge