Dashboard

Prerequisites

• A domain name has been added and connected to WAF.
• WAF protection is enabled.
• At least one protection rule has been configured for the domain name.

Specification Limitations

On the Dashboard page, protection data of a maximum of 30 days can be viewed.

How to Calculate QPS

The QPS calculation method varies depending on the time range. For details, see Table 1.

Queries Per Second (QPS) indicates the number of requests per second. For example, an HTTP GET request is also called a query. The number of requests is the total number of requests in a specific time range.

Procedure

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. Click in the left upper corner and choose Security & Compliance > Web Application Firewall to go to the Dashboard page.
4. In the upper part of the page, select an enterprise project from the Enterprise Project. drop-down list. Then, you can view the details about websites you add to WAF in the selected enterprise project.
5. View the protection status in the Protection Overview area, as shown in Figure 1.
   • Protection Duration: You can learn of how long the cloud WAF or dedicated WAF you purchase the earliest protects websites in the current enterprise project.
   • Domain Names: You can learn of how many domain names you add to WAF in the current enterprise project, as well as how many of them are accessible and how many of them are inaccessible.
   • WAF Back-to-Source IP Addresses: In this area, you will learn of new WAF back-to-source IP addresses. A notification will be sent one month in advance if there are new WAF back-to-source IP addresses.
   • Updated Rules: In this area, you can check notifications about built-in rule library updates, including emerging vulnerabilities such as zero-day vulnerabilities these rules can defend against. You can also check notifications about new functions, billing details, and critical alarms, such as alarms generated when requests to your domain name bypass WAF.
   Figure 1 Protection Overview
   

6. Query security data in the Security Event Statistics area, as shown in Figure 2.
   • By default, protection details about all websites add to all WAF instances in all enterprise projects for the logged-in account are displayed. You can query details by website, instance, and time range. The time range can be yesterday, today, past 3 days, past 7 days, or past 30 days.
   • You can select Compare or Tile to view data.
   • By day: You can select this option to view the data gathered by the day. If you leave this option unselected, you have the following options:
     • Yesterday and Today: Security event data is gathered every minute.
     • Past 3 days: Security event data is gathered every 5 minutes.
     • Past 7 days: Security event data is gathered every 10 minutes.
     • Past 30 days: Security event data is gathered every hour.
   Figure 2 Security Event Statistics
   

   Table 2 Security Event Statistics

   Section	Description
   Section 1 shows how many requests, attacks, and attacked pages by attack type over the specified time range.	Requests: shows the page views of the website, making it easy for you to view the total number of pages accessed by visitors in a certain period of time. Attacks: shows how many times the website are attacked. You can view how many pages are attacked by a certain type of attack within a certain period of time. You can click Show Details to view the details about the 10 domain names with the most requests, attacks, and basic web protection, precise protection, CC attack protection, and anti-crawler protection actions.
   Section 2 shows more details about requests, QPS, sent and received bytes, and response code.	Requests: You can view how many requests for your website as well as total attacks and attacks of each attack type. QPS: You can learn of the average number of requests per second for the domain name. For details about QPS, see How to Calculate QPS. Queries Per Second (QPS) indicates the number of requests per second. For example, an HTTP GET request is also called a query. Bytes Sent/Received: You can learn how much bandwidth is used for requests to the domain name. The value of sent and received bytes is calculated by adding the values of request_length and upstream_bytes_received by time, so the value is different from the network bandwidth monitored on the EIP. This value is also affected by web page compression, connection reuse, and TCP retransmission. Response Code: Response codes returned by WAF to the client or returned by the origin server to WAF along with the corresponding number of responses. You can click WAF to Client or Origin Server to WAF to view the corresponding information. The number of response codes is accumulated based on the sequence of response codes (from left to right) in the lower part of the chart. The number of response codes is the difference between two lines. If the value of a response code is 0, the line of the response code overlaps that of the previous response code.

7. View the Event Source Statistics area, as shown in Figure 3.
   Figure 3 Event Source Statistics
   

   Table 3 Parameters in Event Source Statistics

   Parameter	Description
   Event Distribution	Types of attack events Click an area in the Event Distribution area to view the type, number, and proportion of an attack.
   Attacked Domain Names	The five most attacked domain names and the number of attacks on each domain name. You can click View More to go to the Events page and view more protection details.
   Attack Source IP Addresses	The five source IP addresses with the most attacks and the number of attacks from each source IP address. You can click View More to go to the Events page and view more protection details.
   Attacked URLs	The five most attacked URLs and the number of attacks on each URL. You can click View More to go to the Events page and view more protection details.