Viewing the Dashboard
If you have connected websites to WAF, you can have a glance at their security on the Dashboard page. You will learn of WAF updates, protection overview, product details, as well as the security statistics of protected websites and instances you have for up to 30 days. You can also check event source statistics and bot protection statistics.
Statistics on the Dashboard page are updated every two minutes.
Prerequisites
- You have connected the website you want to protect to WAF. For details, see Connecting a Website to WAF.
- At least one protection rule has been configured for the domain name. For details, see Configuring Protection Policies.
Specification Limitations
You can view the protection data of a maximum of 30 days.
Checking the Overview Information
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- Click
in the upper left corner of the page and choose Web Application Firewall under Security & Compliance.
- If you have enabled the enterprise project function, select your enterprise project from the Filter by enterprise project drop-down list in the upper part of the navigation pane. Then, WAF will display the related security data in the enterprise project on the page.
- On the Dashboard page, view the following information.
Table 1 Dashboard overview Tab
Function Module
Description
Dashboard
This area displays the latest information about WAF back-to-source IP address ranges, rule updates, and risk found recently.
This area displays the domain name access status.
This area displays the details about instances you buy. You can check the WAF edition and specifications you are using.
In this area, you can view the protection event logs by website or instance. You can select a specific time range, including yesterday, today, past 3 days, past 7 days, or past 30 days. You can also specify a time range no longer than 30 days.
This area displays information such as event distribution, attacked objects, attack source IP addresses, attacked URLs, attack source locations, and error pages.
Bot Protection Statistics
On this tab, you will learn of bot protection statistics, including traffic distribution, action distribution, traffic trends, BOT score distribution, and top event source statistics.
Bot protection statistics description:
You need to submit a service ticket and configure a bot protection rule. Then, you can view Bot Protection Statistics on the Dashboard page. Otherwise, the Dashboard page displays only information such as Updates, Protection Overview, and Product Details, Updates, Protection Overview, and Product Details, Updates, Protection Overview, and Product Details, Security Event Statistics, and Event Source Statistics.
Updates, Protection Overview, and Product Details
In these areas, you can check the latest WAF back-to-source IP address ranges, rule updates, risks found recently, domain name access status statistics, and details about products you have.
Function Module |
Description |
Related Operation |
---|---|---|
Updates (① in Figure 1) |
WAF Back-to-Source IP Addresses: You can check new WAF back-to-source IP addresses. A notification will be sent one month in advance if there are new WAF back-to-source IP addresses. |
On the Updates bar, you can click View More next to WAF Back-to-Source IP Addresses to check and copy WAF back-to-source IP address ranges. |
Updated Rules: In this area, you can check notifications about built-in rule library updates, including emerging vulnerabilities such as zero-day vulnerabilities these rules can defend against. You can also check notifications about new functions, billing details, and critical alarms, such as alarms generated when requests to your domain name bypass WAF. |
On the Updates bar, you can click View More next to Updated Rules to view the rule update details. |
|
Risks Found: If you use dedicated WAF instances, you will get notifications on the latest risks your dedicated WAF instances have. You can then handle related risks in a timely manner to prevent services from being affected. |
|
|
Protection Overview (② in Figure 1) |
This area displays the total number of website domain names, number of domain names that have been connected to WAF, number of domain names that fail to be connected to WAF, and number of domain names that fail to be resolved by DNS. |
You can click the number to go to the Website Settings page. In the domain name list, the system automatically filters the domain names based on the number you click, making it easier to locate websites you need to connect to WAF. |
Product Details (③ in Figure 1) |
This area displays the details about instances you buy. You can check the WAF edition and specifications you are using. |
|
Security Event Statistics
In the Security Event Statistics area, you can view the protection event logs by website or instance. You can select a specific time range, including yesterday, today, past 3 days, past 7 days, or past 30 days. You can also specify a time range no longer than 30 days. On this page, protection event logs are displayed by different dimensions, including the number of requests and attack types, QPS, bandwidth, response code, event distribution, top 5 attacked domain names, top 5 attack source IP addresses, and top 5 attacked URLs.
If no enterprise project is selected, WAF collects security data of all websites added to WAF in all enterprise projects under the account by default. Before viewing the data, you can set the following information based on service requirements:
- Domain name (① in Figure 2): You can select one or more domain names to view the security statistics.
- Instance (② in Figure 2): You can select a specific instance or all instance to view security statistics.
- Query time (③ in Figure 2): You can view security statistics for yesterday, today, past 3 days, past 7 days, past 30 days, or any time range within 30 days. The statistics collection frequency in each time range is as follows:
- Yesterday and Today: Security data is gathered every minute.
- Past 3 days: Security data is gathered every 5 minutes.
- Past 7 days: Security event data is gathered every 10 minutes.
- Past 30 days: Security data is gathered every hour.
Function Module |
Description |
Related Operation |
---|---|---|
Security statistics (④ in Figure 2) |
Requests: shows the page views of the website, making it easy for you to view the total number of pages accessed by visitors in a certain period of time. |
You can click Show Details to view the details about the 10 domain names with the most requests, attacks, and basic web protection, precise protection, CC attack protection, bot mitigation, and anti-crawler protection actions. |
Attacks: indicates the total number of attacks, including blocked attacks and logged attacks, at your website. |
||
Protection details: displays details about attacks that match each protection rule, including the number of times that the attack is blocked by the protection rule and the number of times that the attack is logged. |
||
Security statistics trend (⑤ in Figure 2) |
Requests: This tab displays statistics on the total number of requests to a domain name and details about each protection rule. |
|
QPS: You can check the average number of requests per second for the domain name. This tab displays the total number of requests to the domain name, and the average and peak QPS values by protection rule. |
||
TX/RX Bandwidth: shows the bandwidth usage of domain names. You can view the average value and peak value. The value of sent and received bytes is calculated by adding the values of request_length and upstream_bytes_received by time, so the value is different from the network bandwidth monitored on the EIP. This value is also affected by web page compression, connection reuse, access mode, and TCP retransmission. For details, see Why Is the Traffic Statistics on WAF Inconsistent with That on the Origin Server? |
||
Response Code: Response codes returned by WAF to the client or returned by the origin server to WAF along with the corresponding number of responses. You can click WAF to Client or Origin Server to WAF to view the corresponding information. The number of response codes is accumulated based on the sequence of response codes (from left to right) in the lower part of the chart. The number of response codes is the difference between two lines. If the value of a response code is 0, the line of the response code overlaps that of the previous response code. |
Event Source Statistics
This area displays the following information: event distribution, attacked objects, attack source IP addresses, and attacked URLs.
Parameter |
Description |
Related Operation |
---|---|---|
Event Distribution (① in Figure 3) |
Types of attack events. |
You can click an area in the Event Distribution area to view the type, number, and proportion of an attack. |
Attacked Targets (② in Figure 3) |
The five most attacked domain names and the number of attacks at each domain name. |
You can click View More to go to the Events page and view more protection details. |
Attack Source IP Addresses (③ in Figure 3) |
The five IP addresses that initiate most attacks and the number of attacks from each IP address.
NOTE:
49.4.121.70 is the WAF dialing test IP address. If the requests of this IP address are blocked and the number of block times is ranked top 5, the IP address will be also displayed in the attack source IP address list. |
You can click View More to go to the Events page and view more protection details. |
Attacked URLs (④ in Figure 3) |
The five most attacked URLs and the number of attacks at each URL. |
You can click View More to go to the Events page and view more protection details. |
Bot Protection Statistics
You need to submit a service ticket to enable bot protection. If you enable bot protection and configured bot rules, you can check the Bot Protection Statistics tab on the Dashboard page. You will view the traffic distribution, action distribution, traffic trends, bot score distribution, and top event source statistics.
If no enterprise project is selected, WAF collects security data of all websites added to WAF in all enterprise projects under the account by default. Before viewing data, you can set the following parameters based on service requirements:
- Domain name (① in Figure 4): You can select one or more domain names to view the bot protection statistics.
- Query time (② in Figure 4): You can view bot protection statistics for yesterday, today, past 3 days, past 7 days, past 30 days, or any time range you specify.
Viewing bot protection data and trends
Function Module |
Description |
---|---|
Traffic Distribution (③ in Figure 4) |
|
Action (④ in Figure 4) |
WAF counts the number of requests that are identified based on bot detection rules within a period of time. WAF also displays protective actions (Allow, Log only, JS Challenge, and Block) taken to those requests. |
Traffic Trends (⑤ in Figure 4) |
On this tab, you will learn of traffic trends of known bots, signature-based requests, bot behavior, and normal requests. |
Bot Score Distribution (⑥ in Figure 4) |
This bot behavior scores based on bot behavior detection. BOT behavior detection scores each request of the client to evaluate the probability that the request comes from a bot. A value closer to 0 indicates that the request feature is more like a normal request, and a value closer to 100 indicates that the request feature is more like a bot. |
Viewing Top Event Source Statistics
Parameter |
Description |
---|---|
Known bots (① in Figure 5) |
The five known bots with the most attacks and the number of attacks from each bot. |
TLS fingerprint (② in Figure 5) |
The five TLS fingerprints (JA3 and JA4) with the most attacks and the number of attacks. |
Attacked Domain Names (③ in Figure 5) |
The five most attacked domain names and the number of attacks at each domain name. |
Attack Source IP Addresses (④ in Figure 5) |
The five IP addresses where the most attacks initiate and the number of attacks from each IP address. |
Attack Source Locations (⑤ in Figure 5) |
The five locations where the most attacks originate, along with the number of attacks from each. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot