Updated on 2025-05-08 GMT+08:00

Web Protection Trend Statistics

On the Web Protection Trend Statistics page, you can view response action data of yesterday, today, past 3 days, past 7 days, past 30 days, or a custom time range.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Content Delivery & Edge Computing > CDN and Security.
  3. In the navigation pane on the left, choose Edge Security > Statistic. On the displayed Statistic page, click the Web Protection Trend Statistics tab.
  4. In the upper part of the Web Protection Trend Statistics page, select Enterprise Project, and set the domain name, website, time range, and time granularity.

    • All protected websites: By default, the information about all websites you add to EdgeSec in all enterprise projects are displayed.
    • Time range: You can select Yesterday, Today, Past 3 Days, Past 7 Days, Past 30 Days, or Custom.

      The maximum time range is Past 30 Days.

    • Time granularity: This parameter depends on the selected query time range. For details, see Table 1.
      Table 1 Time granularity

      Time Range

      Time Granularity

      1 hour

      1 minute or 5 minutes

      Within 1 day (> 1 hour)

      1 minute, 5 minutes, or 1 hour

      Within 3 days (> 1 day)

      1 minute, 5 minutes, 1 hour, or 1 day

      Within 7 days (> 3 days)

      5 minutes, 1 hour, or 1 day

      Within 30 days (> 7 days)

      1 hour or 1 day

    • Auto Refresh: After the function is enabled, the data is refreshed every 30 seconds.

  5. View the attack type trend chart and response action trend chart. The attack type trend chart displays the number of CC attacks, precise access control attacks, bot attacks, and web application attacks, as well as the total number of attacks. The response action trend chart displays the number of different response actions, which include:

    • Log only: A request that matches the rule is logged but not blocked.
    • Block: A request that matches the rule is blocked and the block response page is returned to the client that initiates the request.
    • Verification code: If the JavaScript challenge fails, a verification code is required. Requests will be blocked unless the visitor enters a correct verification code.
    • JS challenge: EdgeSec returns a piece of JavaScript code that can be automatically executed by a normal browser to the client. If the client properly executes the JavaScript code, EdgeSec allows all requests from the client within a period of time (30 minutes by default). During this period, no verification is required. If the client fails to execute the code, WAF blocks the requests.
    Figure 1 Trend charts of attack types and response actions

  6. View the bot attack trend chart. The available detection types include:

    • Known bot detection: Identifies bots based on the user agent (UA) features of mainstream search engines and scanners available on the Internet.
    • Signature-based requests detection: Examines request features based on the fixed information of the request protocol to check for abnormalities in the request header fields.
    • BOT behavior detection: Detects whether a request is abnormal using an AI behavior algorithm.
    Figure 2 Bot attack trend chart

  7. (Optional) Click the Horizontally Select icon on the right of each trend chart to select a time segment. This will zoom in and display detailed data for the specified period.