This topic describes the Overview page of the Web Application Firewall (WAF) console. The Overview page displays the protection information of websites that are added to WAF, including attack events, emergency vulnerabilities, protection statistics, and request analysis charts. You can obtain the security status of your website and perform security analysis based on the information displayed on this page.
Access the Overview page
- Log on to the Web Application Firewall console.
- In the top navigation bar, select the resource group to which the instance belongs and the region, Mainland China or International, in which the instance is deployed.
- In the left-side navigation pane, click Overview.
- In the upper-left corner of the Overview page that appears, specify the target domain (all domains or a single domain) and
the time period (Real-time, Today, 7 Days, 30 Days, or Customize) to view the overall
Note The overall information for the last 30 days is available. You can customize a time period within the last 30 days.
Event list and emergency vulnerability records
The Vulnerabilities tab is displayed by default. You can view the updates to the protection rules for the latest disclosed security vulnerabilities on this tab.
You can click the number of requests under each protection module to go to the corresponding Security report page to view data details. For more information, see View security reports.
Request analysis charts
- Trends: displays the trends of Requests, QPS, Bandwidth, and Response Code within a specified period. The minimum time granularity is one minute.
- You can click a legend item below the trend chart to hide or show the relevant records.
- The Blocked Bot Attacks module is available only in the new protection engine. For more information, see Protection engine is upgraded.
- Requests: displays the total number of requests, the number of web intrusion prevention times, the number of HTTP flood protection times, the number of scan protection times, the number of access control hits, and the number of bot protection times.
- QPS: displays the queries per second (QPS) of all requests, the QPS of web intrusion
prevention, the QPS of HTTP flood protection, the QPS of scan protection, the QPS
of access control, and the QPS of bot protection.
Note You can click Average and Peak in the upper-right corner of the chart to switch between the average QPS and peak QPS.
- Bandwidth: displays the inbound bandwidth and outbound bandwidth in bit/s.
- Response Code: displays the trends of the numbers of HTTP error codes, such as 5XX, 405, 499, 302,
Note You can click WAF to Client and Origin Server to WAF in the upper-right corner of the trend chart to view the distributions of response codes from the WAF instance to the client and those from the origin server to the WAF instance.
- Browser Distribution tab: On this tab, a pie chart shows the distribution of browsers used by the request sources.
- Top UserAgents tab: On this tab, the most often used user agents and corresponding requests are displayed.
- URL Requests tab: On this tab, the URLs that are often requested and the number of requests are displayed.
- Top IP tab: On this tab, source IP addresses that initiate the most access requests and the number of requests are displayed.
- Attack Distribution area: In this area, the distribution of attack events is displayed.
Note You can click an event to view information of the event and related data of the event type.