Web Application Firewall (WAF) data visualization provides real-time dashboards for monitoring the attack and defense status of your protected websites. Use the dashboards to:
Track live traffic metrics and blocked attacks across all WAF-protected websites
Identify attack sources by IP address and region
Analyze traffic and security trends over time to make informed decisions
WAF data visualization offers two dashboards: the WAF Real-time Attack and Defense Dashboard for live traffic monitoring and the WAF Security Data Dashboard for in-depth security analysis of individual domain names. Purchase one or both depending on your monitoring needs.
Limitations
| Constraint | Detail |
|---|---|
| WAF edition | Pro edition or higher |
| WAF version | WAF 2.0 only. Data visualization is not available in WAF 3.0. |
| Supported browser | Google Chrome 56 or later |
| Billing method | Subscription only |
Do not upgrade your WAF instance from WAF 2.0 to WAF 3.0 if you use data visualization. The feature is not supported in WAF 3.0.
Billing
Data visualization uses subscription billing. The feature is available only within the validity period of your purchase. The feature expires at the same time as your WAF instance, so renew both together.
Two specification types are available:
| Specification | Dashboards included | PriceUSD/month |
|---|---|---|
| Single-dashboard service | Real-time Attack and Defense Dashboard or Security Data Dashboard (choose one) | USD 200/month |
| Multi-dashboard service | Real-time Attack and Defense Dashboard and Security Data Dashboard | USD 300/month |
Fees are calculated based on the specification type selected and the remaining validity period of your WAF instance.
Enable data visualization
Purchase data visualization when you first create a WAF instance, or add it to an existing instance by following these steps.
Prerequisites
Before you begin, ensure that you have:
A WAF instance running Pro edition or higher
A WAF 2.0 instance (not WAF 3.0)
Steps
Log on to the WAF console. In the top navigation bar, select the resource group and the region (Chinese Mainland or Outside Chinese Mainland) where your WAF instance is deployed.
In the left-side navigation pane, click Overview, then click Upgrade in the upper-right corner.
In the panel, select Single Screen or Multi-screen for Data Visualization, then read and select Terms of Service and click Buy Now.
Complete the payment as prompted.
(For single-dashboard service only) On the data visualization page, find the dashboard you want to enable and click Buy Now.
If you purchased the multi-dashboard service, all dashboards are enabled by default.
View data in the dashboards. See Dashboard data for descriptions of all metrics.
Dashboard data
WAF Real-time Attack and Defense Dashboard
Use this dashboard to monitor live traffic and blocked attacks across all WAF-protected websites. The dashboard is updated in seconds, allowing you to assess the stability of your website service and the quality of the network.
The globe visualization shows WAF data centers as white points, with dotted lines representing connections between them. All metrics reflect data from 00:00 of the current day to the current time.
| Metric | Description |
|---|---|
| Inbound Bandwidth (bit/s) | Current inbound bandwidth |
| Outbound Bandwidth (bit/s) | Current outbound bandwidth |
| QPS | Current queries per second (QPS) |
| Interception Ratio Today (%) | Proportion of requests blocked by WAF out of all requests on the current day |
| Blocked Attacks Today | Number of attacks blocked by WAF on the current day |
| Mobile OS Distribution | Operating system distribution for mobile clients |
| PC Browser Distribution | Browser distribution for PC clients |
| TOP 10 Source IPs (Visits) | Top 10 source IP addresses by request volume, with request counts |
| TOP 5 Visited URLs (Visits) | Top 5 URLs by request volume |
| Monitored Exceptions | HTTP status codes returned for failed requests and the number of occurrences for each code |
| Visits Statistics (mainland China) | Heat map showing the geographic distribution of access sources in the last hour |
| Requests (QPS) | QPS trend chart showing blocked requests broken down by protection rule type: access control, data risk control, web application protection, and HTTP flood protection |
| Bandwidth (bit/s) | Trend chart showing changes in inbound and outbound bandwidth |
WAF Security Data Dashboard
Use this dashboard to analyze attack patterns for a specific domain name. Unlike the Real-time Attack and Defense Dashboard, which shows aggregated live data across all websites, the Security Data Dashboard provides security data filtered by domain and time period. Use it to identify top attack sources, review which protection rules are triggering most frequently, and investigate incidents after the fact.
By default, the dashboard shows aggregated data for all domain names. To focus on a specific domain name, select it in the lower-left corner.
Summary metrics (current day)
The following metrics show totals for the selected domain name on the current day:
| Metric | Description |
|---|---|
| Total Visits | Total visits to the selected domain name |
| Web Attacks | Number of web attacks blocked by WAF |
| HTTP Flood Attacks | Number of HTTP flood attacks blocked by WAF |
| Access Control | Number of requests blocked based on custom protection policies |
| Top Web Attack Source IPs | Source IP addresses with the highest attack counts, including region and attack count. Hover over an IP address to see the attack type and region. |
| Region heat map | Geographic distribution of attack sources (upper-right corner) |
Time-period metrics
The radar chart in the center of the dashboard shows QPS, blocked web attacks, blocked HTTP flood attacks, and blocked access requests during a 15-minute window. Select a time period in the radar chart to filter the metrics below. Click a date at the bottom of the dashboard to switch to a different day.
| Metric | Description |
|---|---|
| Visits | QPS during the selected period |
| Web Attacks | Number of web attacks blocked by WAF during the selected period |
| HTTP flood attacks | Number of HTTP flood attacks blocked by WAF during the selected period |
| Access Control | Number of requests blocked based on custom protection policies during the selected period |
| Top Web Attack Source IPs | Source IP addresses with the highest attack counts during the selected period, including region. Hover over an IP address to see the attack type and region. |
| Web Attack Type | Distribution of blocked web attacks by attack type |
| Top Attack Source Region | Top 5 regions by attack origin |
| Top Hit Rule | Top 5 WAF protection rules matched during the selected period |