After you add your website to Web Application Firewall (WAF), you can query urgent vulnerability notifications, service security data, and service traffic data of the previous 30 days on the Overview page. This way, you can view the security status of your website.
Prerequisites
A WAF 3.0 instance is purchased. For more information, see Purchase a subscription WAF 3.0 instance and Purchase a pay-as-you-go WAF 3.0 instance.
Web services are added to WAF 3.0 as protected objects. For more information, see Configure protected objects and protected object groups.
View the overall data on the Overview page
You are directed to an interface when you log on to the WAF console based on the region in which your WAF instance is deployed. If your WAF instance is deployed in the Chinese mainland, you are directed to the interface in the China (Hangzhou) region. If your WAF instance is deployed outside the Chinese mainland, you are directed to the interface in the Singapore region.
On the Overview page, you can view information about the resources that are added to WAF, such as Total Requests, Peak QPS, Total Blocked Requests, and Matched Requests in Monitoring Mode.
Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and region of the WAF instance. You can select Chinese Mainland or Outside Chinese Mainland.
In the left-side navigation pane, click Overview.
On the Overview page, view urgent vulnerability notifications, data of the current day, basic information about the WAF instance, and overall data.
Subscription
Pay-as-you-go
Item
Subscription
Pay-as-you-go
Urgent vulnerability notifications (labeled as 1 in the preceding figure)
The Urgent Vulnerability section displays update notifications for protection rules that can be used to fix the latest urgent vulnerabilities. In the upper part of the Overview page, you can view the latest urgent vulnerability notification. Click More to view all urgent vulnerability notifications.
Data of the current day (labeled as 2 in the preceding figure)
The Data of Current Day section displays the data that is generated during the current statistical period, including Total Requests, Peak QPS, Total Blocked Requests, and Matched Requests in Monitoring Mode. If you use a subscription WAF instance, the value of the Peak QPS parameter is the QPS quota of the current edition.
Basic information about the WAF instance (labeled as 3 in the preceding figure)
You can perform the following operations in the Protected Assets section:
Product Updates: You can view the new features or specifications that are recently released by WAF. You can also view the new regions or zones supported by WAF.
Upgrade Now/Downgrade: You can upgrade the edition of your WAF instance. You can also upgrade or downgrade the specifications of the value-added services that you purchased. For more information, see Upgrade or downgrade a WAF instance.
Auto-Renewal/Renew: You can enable auto-renewal for your WAF instance or manually renew the instance. If you enable auto-renewal, Alibaba Cloud automatically deducts the renewal fee from your account balance 9 days before your WAF instance expires. For more information, see Renewal policy.
Unsubscribe: You can perform this operation only on a subscription WAF instance. For more information, see Refund policy.
Excess Details: Click Excess Details to view queries per second (QPS) usage details.
Show Details: You can view the number of protected domain names, clean QPS, and number of exclusive IP addresses, and check whether intelligent load balancing is enabled. You can also click Resize or Upgrade to the right of each item to upgrade the specifications that you purchased.
You can perform the following operations in the Protected Assets section:
Product Updates: You can view the new features or specifications that are recently released by WAF. You can also view the new regions or zones supported by WAF.
Purchase Resource Plan: You can purchase security capacity unit (SeCU) resource plans to offset the traffic processing and feature fees of your pay-as-you-go WAF instance and reduce costs. For more information, see SeCU resource plans.
Modify Traffic Protection Threshold: For more information, see Specify a threshold value for traffic billing protection.
Terminate WAF Service: You can directly click Terminate WAF Service for your pay-as-you-go WAF instance. For more information, see Terminate the WAF service.
View More: You can view the usage details of your resource plans in the Expenses and Costs console.
View Traffic Protection Details: You can view QPS usage details.
View Specifications: You can view the threshold value of traffic billing protection and the peak QPS when traffic billing protection is triggered in the previous 30 days. You can also click Modify Threshold to change the threshold value.
Overall data (labeled as 4 in the preceding figure)
You can specify a protected object and a time range to query the overall data.
Protected object: By default, All is selected and the data of all protected objects of the WAF instance is returned. You can also select a specific protected object.
Time range: By default, Today is selected and the data of the current day is returned. You can select Last 15 Minutes, Last 30 Minutes, Last 1 Hour, Last 24 Hours, Today, Yesterday, 7 Days, or 30 Days to query the data of the selected time range.
The overall data is classified into overall security data and overall traffic data. To view the overall security data or overall traffic data, you can click the Security or Traffic tab. For more information, see the "Overall security data" and "Traffic data" sections in this topic.
NoteIf your subscription or pay-as-you-go WAF instance is added to the sandbox, you can view a notification in the upper part of the Overview page. For more information, see Sandbox overview.
Overall security data
On the Security tab of the Overview page, you can view the overall security data. The following table describes the overall security data.
Data type | Description | Supported operation |
Protection Overview |
| Move the pointer over a point in the line chart to view the data at the corresponding point in time. |
Bot Traffic Analysis | Displays the data of all types of bot traffic that is received by the protected object in a specific time range in a pie chart. | Click Configure Now to enable the bot management module. For more information, see Enable and configure the bot management module. |
Security Events | Displays the records and details of attack events that occur on the protected object and the attack block percentage in a list. This allows you to identify the threats to your services and obtain information about how to handle the threats. | Click the name of an event to view the event details. The event details include Threat Intelligence and Suggestions. You can view the analysis result of the event in the Top 5 Attacks section. You can click the following tabs to view specific data:
In the Event Details panel, you can click View Log on the right side of the event name to go to the Log Service page. Then, you can query logs to analyze the event. For more information, see Enable or disable the Log Service for WAF feature. |
Top 10 Attacks | Displays the statistics on the sources that initiate attacks on the protected object in a specific time range.
| Click Attacker IP Address or Attack User-Agent Header to view the corresponding data. |
Top 10 Matches | Displays the statistics on all protection rules that are triggered in a specific time range.
| Click Protected Object, Protection Rule Type, or Rule ID to view the corresponding data. |
Traffic data
On the Traffic tab of the Overview page, you can view the overall traffic data.
Data type | Description | Supported operation |
Requests | Displays the trend of requests that are received by the protected object in a specific time range in a line chart. | Move the pointer over a point in the line chart to view the data at the corresponding point in time. |
QPS | Displays the trend of QPS for requests that are received by the protected object in a specific time range in a line chart. |
|
Bandwidth | Displays the trends of the inbound bandwidth and outbound bandwidth of the protected object in a specific time range in a line chart. Unit: bit/s. | Move the pointer over a point in the line chart to view the data at the corresponding point in time. |
Status Code | Displays the trends of the number of HTTP status codes in a specific time range in a line chart. The HTTP status codes can be returned by WAF to clients (WAF to Client) or returned by origin servers to WAF (Origin Server to WAF). The HTTP status codes include 5XX, 405, 499, 302, and 444. | Move the pointer over a point in the line chart to view the data at the corresponding point in time. |
Top 10 Access Statistics | Displays the statistics on the requests that are received by protected objects in a specific time range.
| Click Protected Object, IP Address, or User-Agent Header to view the corresponding data. |