After your web application is protected by Web Application Firewall (WAF), you can view data such as asset onboarding, protection configuration, and version information on the Overview page to quickly understand the recent security protection status of your business.
View WAF overview information
After you activate the WAF service, perform the following steps to view the protection status:
-
Log on to Web Application Firewall 3.0 console.
-
In the left-side navigation pane, click Overview.
The Overview page displays the following modules to help you quickly understand the overall protection status.
Assets Overview and Protection Configuration
-
Assets Overview: Displays the number of domain names and cloud product instances that are protected by WAF.
-
Protection Configuration: Displays the enablement status and configuration of Core Web Protection, API Security, Bot Management, and AI Application Protection.
Rule Updates
Displays a list of rules recently updated by WAF. Click a rule to view its details.
Protection Overview
-
Summary Metrics: Displays the Total Requests, Total Blocked Requests (requests blocked by the Block protection action, or requests blocked because they failed security checks such as JS Challenge, CAPTCHA, Strict CAPTCHA, or Dynamic Token), and Total Monitor Hits (requests that matched a rule and triggered the Observe action).
-
Trend Chart: Displays time-series line charts of Requests, Observation Hits, and Blocks at 15-minute intervals. Hover over the chart to view details of the Top 5 protected objects and Top 5 protection modules at a specific point in time.
-
Filter Query: A search bar at the top of this section allows you to filter by protected object and time range.
-
Detailed Charts: The bottom of this section displays charts for Top 10 Attacks, Top 10 Matches, QPS, Top 5 Response Codes, and Top 10 Requests Metrics. The following table describes each chart:
Chart Type
Description
Top 10 Attacks
Displays attack source statistics for protected objects within the specified time range:
-
Attacker IP Address: The top 10 IP addresses ranked in descending order by the number of attacks.
-
Attack User-Agent Header: The top 10 User-Agent strings ranked in descending order by the number of attacks.
You can hover over a data point and click View Report to go to the Security Reports page for detailed analysis.
Top 10 Matches
Displays statistics of protection rules that were triggered within the specified time range:
-
Protected Object: The top 10 protected objects ranked in descending order by the number of triggers. (This is displayed only when the query scope is set to All.)
-
Protection Module: The top 10 protection modules ranked in descending order by the number of triggers.
-
Rule ID: The top 10 protection rule IDs ranked in descending order by the number of hits.
You can hover over a data point and click View Report to go to the Security Reports page for detailed analysis.
QPS
Displays the QPS trend of requests received by protected objects within the specified time range using a line chart. Hover over a node on the line chart to view the specific value at that point in time.
Top 5 Response Codes
Displays the distribution of the top 5 response codes returned by WAF to Client and by Origin Server to WAF within the specified time range using a line chart. Hover over a node on the line chart to view the specific value at that point in time.
Top 10 Requests Metrics
Displays the top 10 traffic statistics by Protected Object, IP, and User-Agent Header.
-
Edition Information
Subscription
-
Resource and Function Status: Displays the number of Protected Domain Names, QPS, number of Exclusive IP Addresses, Log Storage Capacity, Risk Identification status, Intelligent Load Balancing status, and number of Hybrid Cloud Nodes.
-
Service Period: Displays the cumulative duration for which WAF has protected your assets and the expiration date.
-
Management Operations:
-
Upgrade and Downgrade: You can upgrade your purchased WAF edition or downgrade value-added services.
-
Renewal: You can enable auto-renewal or perform manual renewal.
-
Scale Up: You can scale up or upgrade your purchased specifications based on your business requirements.
-
Unsubscribe: You can unsubscribe from the WAF service. After you unsubscribe, the corresponding instance will be released.
NoteSubscription instances with Multi-cloud/Hybrid Cloud Protection, Bot Management for Web, Bot Management for App, Major Event Protection, or API Security enabled do not support self-service unsubscription in the console. Contact your account manager for assistance.
-
Pay-as-you-go
-
Resource and Function Status: Displays the Traffic Protection Threshold and Asset Center status.
-
Service Period: Displays the cumulative duration for which WAF has protected your assets.
-
Management Operations:
-
Purchase Resource Plan: You can purchase SeCU resource plans to offset request processing fees and feature fees incurred in pay-as-you-go mode, thereby reducing costs.
-
Disable WAF: You can Terminate the WAF service an instance to stop billing.
-
Adjust Traffic Protection Threshold/Adjust Threshold: You can adjust the traffic billing protection threshold based on changes in your business.
-
View Resource Plan Deduction Details: You can view resource plan deduction details in Expenses and Costs.
-
API Risk Analysis
This module is displayed only in the Subscription edition.
Displays the total number of Total API Assets, number of High-Risk Events, number of Moderate-Risk Events, and number of Low-Risk Events. Click Configure Now to configure API Protection.
Bot Traffic Analysis
Displays the number of Protected Objects and the number of Bot Requests. Click Configure Now to enable Bot Management for security protection.
Security Events
Displays records, details, and WAF blocking status of attack events that occurred on protected objects. This helps you intuitively understand the threats facing your business and obtain response methods.
-
Event Details: Click an event name to view detailed information, including Threat Intelligence and Suggestions. Click View Log next to the event title to go to the Log Service page for in-depth analysis.
-
Top 5 Attacks Analysis:
-
Source IP Address: The top 5 client IP addresses that initiated the most attacks.
-
Attack Target: The top 5 URLs that were attacked the most.
-
Attack Type: The top 5 most frequently used attack types (such as SQL injection and cross-site scripting).
-
Attack Date: The top 5 dates on which the most attacks were launched.
-
Attack Tool: The top 5 most frequently used attack tools (such as Curl and Postmanruntime).
-