Log Service for Anti-Bot Service (Anti-Bot) records the access logs and attack and defense logs of protected website domain names in detail. A log contains dozens of fields. You can select specific fields for query analysis as needed.

Field Description Example
__topic__ The log topic. This field is invariably set to antibot_access_log. antibot_access_log
antibot The type of the triggered Anti-Bot protection policy, including:
  • ratelimit: rate limiting
  • sdk: app protection
  • algorithm: algorithm pattern
  • intelligence: bot intelligence
  • acl: access control list
  • blacklist: blacklist
ratelimit
antibot_action The operation specified by the Anti-Bot protection policy, including:
  • challenge: Deliver a JavaScript script for verification
  • drop: Intercept
  • captcha: Verify by dragging a slider
  • report: Monitor only
drop
antibot_rule The ID of the triggered Anti-Bot protection rule. 5472
antibot_verify The result of the verification performed by Anti-Bot.
Note This value is recorded when the antibot_action field is set to challenge or captcha.
  • challenge_fail: JavaScript verification fails.
  • challenge_pass: JavaScript verification is passed.
  • captcha_fail: Slide captcha verification fails.
  • captcha_pass: Slide captcha verification is passed.
challenge_fail
block_action The type of the bot protection that is triggered. The value is invariably set to antibot. antibot
body_bytes_sent The size of HTTP body (in byte) sent to the client. 2
content_type The content type of the access request. application/x-www-form-urlencoded
host The source website. api.aliyun.com
http_cookie The cookie information about the access client, which is included in the access request header. k1=v1;k2=v2
http_referer The source URL of the access request, which is included in the access request header. - is displayed if no source URL is available. http://xyz.com
http_user_agent The User Agent field in the access request header, which typically includes the web browser identifier and operating system identifier of the source client. Dalvik/2.1.0 (Linux; U; Android 7.0; EDI-AL10 Build/HUAWEIEDISON-AL10)
http_x_forwarded_for The XFF header information in the access request header, which is used to identify the original IP addresses of the clients connected to a web server through the HTTP proxy or SLB. -
https Whether the access request is an HTTPS request. Valid values:
  • true: The access request is an HTTPS request.
  • false: The access request is an HTTP request.
true
matched_host The matched domain name configured with Anti-Bot, which may be a wildcard domain name. - is displayed if no related domain name configuration is matched. *.aliyun.com
real_client_ip The actual IP address of the access client. - is displayed if no actual IP address is retrieved. 1.2.3.4
region The information about the region where the Anti-Bot instance is located. cn
remote_addr The IP address of the client that initiates the access request. 1.2.3.4
remote_port The port of the client that initiates the access request. 23713
request_length The length of the access request. Unit: bytes. 123
request_method The HTTP request method of the access request. GET
request_path The relative path of the request (excluding the query string). /news/search.php
request_time_msec The duration of the access request. Unit: milliseconds. 44
request_traceid The unique ID of the access request. 7837b11715410386943437009ea1f0
server_protocol The protocol and version of the response returned by the origin server. HTTP/1.1
status The status of the HTTP response that Anti-Bot returns to the client. 200
time The occurrence time of the access request. 2018-05-02T16:03:59+08:00
ua_browser The information about the web browser that initiates the access request. ie9
ua_browser_family The family of the web browser that initiates the access request. internet explorer
ua_browser_type The type of the web browser that initiates the access request. web_browser
ua_browser_version The version of the web browser that initiates the access request. 9.0
ua_device_type The device type of the client that initiates the access request. computer
ua_os The operating system of the client that initiates the access request. windows_7
ua_os_family The operating system family of the client that initiates the access request. windows
upstream_addr The origin address list of Anti-Bot in the format of IP address:Port. Separate multiple IP addresses with commas (,). 1.2.3.4:443
upstream_ip The origin IP address corresponding to the access request. For example, if Anti-Bot forwards the access request to an ECS instance, this parameter returns the IP address of the back-to-origin ECS instance. 1.2.3.4
upstream_response_time The time for the origin server to respond to an Anti-Bot request. Unit: seconds. The response times out if "-" is returned. 0.044
upstream_status The status of the response that the origin server returns to Anti-Bot. No response is available if "-" is returned. For example, the request is intercepted by Anti-Bot, or the response returned by the origin server times out. 200
user_id AliUID of the Alibaba Cloud account. 12345678
wxbb_action If the protection type of Anti-Bot is app protection, the following actions are supported:
  • close: intercepts requests. That is, the antibot_action field is set to drop.
  • test: only monitors requests. That is, the antibot_action field is set to report.
Note This field is set to - if SDK protection is not configured.
close
wxbb_invalid_wua For more information about app protection, consult your technical engineer. valid wua