This topic describes the fields of access logs in Anti-DDoS Pro.

Log field Description
__topic__ The topic of a log entry. Valid value: ddoscoo_access_log.
owner_id The ID of an Alibaba Cloud account.
body_bytes_sent The size of a request body. Unit: bytes.
cc_action The action that is performed based on an HTTP flood protection policy. The action can be none, challenge, pass, close, captcha, wait, or login.
cc_phase The HTTP flood protection policy, for example, seccookie, server_ip_blacklist, static_whitelist, server_header_blacklist, server_cookie_blacklist, server_args_blacklist, or qps_overmax.
cc_blocks Indicates whether a request is blocked by an HTTP flood protection policy.
  • If the value is 1, the request is blocked.
  • If the value is not 1, the request is passed.
content_type The content type of a request.
host The origin server.
http_cookie The Cookie HTTP header.
http_referer The Referer HTTP header. If an HTTP header does not contain a referer, a hyphen (-) is displayed.
http_user_agent The User-Agent HTTP header.
http_x_forwarded_for The IP address of an upstream user. The IP address is forwarded by a proxy server.
https Indicates whether a request is an HTTPS request. Valid values:
  • true: The request is an HTTPS request.
  • false: The request is an HTTP request.
isp_line The information of an Internet service provider (ISP) line, for example, BGP, China Telecom, or China Unicom.
matched_host The matched origin server, which can be a wildcard domain name. If no origin server is matched, a hyphen (-) is displayed.
real_client_ip The real IP address of a client. If no real IP address can be obtained, a hyphen (-) is displayed.
remote_addr The IP address of a client that sends an access request.
remote_port The port number of a client that sends an access request.
request_length The size of a request. Unit: bytes.
request_method The HTTP method of a request.
request_time_msec The duration in which a request is processed. Unit: microseconds.
request_uri The uniform resource identifier (URI) of a request.
server_name The name of a matched server. If no server name is matched, default is displayed.
status The HTTP status code.
time The time when a request is sent.
ua_browser The browser.
ua_browser_family The family to which a browser belongs.
ua_browser_type The type of a browser.
ua_device_type The type of a client.
ua_os The operating system of a client.
ua_os_family The family of the operating system that runs on a client.
upstream_addr The list of back-to-origin IP addresses. Each IP address is in the IP:Port format.

Multiple IP addresses are separated by commas (,).

upstream_ip The real IP address of an origin server.
upstream_response_time The response time of a back-to-origin process. Unit: seconds.
upstream_status The HTTP status code of a back-to-origin request.