Why Is the Traffic Statistics on WAF Inconsistent with That on the Origin Server?

In any of the following scenarios, the traffic statistics displayed on the WAF Dashboard page may be inconsistent with that displayed on the origin server:

• Web page compression

  WAF enables compression by default. The web pages between the client (such as a browser) and WAF may be compressed (depending on the compression option of the browser), but the origin server may not support compression.

• Connection reuse

  WAF reuses socket connections with the origin server, which reduces the bandwidth usage between the origin server and WAF.

• Attack requests

  Attack requests blocked by WAF do not consume the bandwidth of the origin server.

• Other abnormal requests

  If the origin server times out or cannot be connected, the bandwidth of the origin server is not consumed.

• TCP retransmission

  WAF collects bandwidth statistics at layer 7, but the network adapter of the origin server collects bandwidth statistics at layer 4. If the network connection is poor, TCP retransmission occurs. The bandwidth measured by the network adapter is calculated repeatedly, but the data transmitted at layer 7 is not calculated repeatedly. In this case, the bandwidth displayed on WAF is lower than that displayed on the origin server.