This topic describes the alerts for the security events of Web Application Firewall (WAF). You can configure and enable alert rules in the Simple Log Service console to monitor the security events of WAF. If an alert is triggered, you can identify the error cause and fix the error at the earliest opportunity.
Alert rules
The following alert rules are supported. For information about how to set alert parameters, configure whitelists, and perform other relevant operations, see Configure alerts.
Too Many Attacks on Hosts Protected by WAF Alert
ID | sls_app_audit_secure_at_waf_attack |
Name | Too Many Attacks on Hosts Protected by WAF Alert |
Version | 1 |
Type | Cloud Platform, Alicloud, Security Event, and WAF Security Event |
Usage | Monitors website attacks. If the number of attacks on a website that is protected by WAF exceeds the specified threshold, an alert is triggered. |
Check Frequency | Fixed interval: 1 minute. |
Time Range | The data of the last 2 minutes is checked. |
Parameter Settings | You can specify the following parameters:
|
External Configurations | None. |
Solution | Check whether an exception occurs in the website that triggered the alert. |
Prerequisites | The Access Log switch of Web Application Firewall is turned on. To turn on the switch, go to the Log Audit Service console, and then choose . |
Application Firewall Valid Request Rate Too Low Alert
ID | sls_app_audit_secure_at_waf_rate |
Name | Application Firewall Valid Request Rate Too Low Alert |
Version | 1 |
Type | Cloud Platform, Alicloud, Security Event, and WAF Security Event |
Usage | Monitors the valid request rate to a website WAF blocks and filters inbound traffic to your website. If the valid request rate to a website is lower than the specified threshold, an alert is triggered. |
Check Frequency | Fixed interval: 1 minute. |
Time Range | The data of the last 2 minutes is checked. |
Parameter Settings | You can specify the following parameters:
|
External Configurations | None. |
Solution | Check whether an exception occurs in the website that triggered the alert. |
Prerequisites | The Access Log switch of Web Application Firewall is turned on. To turn on the switch, go to the Log Audit Service console, and then choose . |