This article explains the legacy version of WAF Essential that will undergo end-of-life on June 30, 2021. Our new version of WAF Essentials expands upon all of the capabilities offered by the legacy version of WAF Essential with a simplified and centralized setup. Please upgrade to the latest version of WAF at your earliest convenience.
The following information is only applicable for the WAF Essential product. This security offering provides limited Web Application Firewall and Rate Limiting functionality.
WAF Essential allows customers with basic security needs to leverage our powerful security solutions to protect their origin servers. WAF Essential allows you to create up to 2 profiles, 1 instance, and 3 rate limiting rules at any given time. This is sufficient to set up a dual WAF configuration through which you may validate a new WAF configuration without compromising the security of your origin servers.
WAF Essential cannot be configured via our APIs. However, you may leverage our APIs to retrieve WAF and Rate Limiting event log data.
Enterprise customers typically find the above limitations too constrictive when tailoring security to fit their business needs. Additional profiles, instances, and rate limiting rules provide the flexibility to tailor your security configuration by traffic profile.
Please contact your CDN account manager to upgrade to the full version.
Use the Enforcer dashboard to identify when enforcement of your rate limit took place. For the purposes of this dashboard, an event occurs when your rate limit's threshold has been exceeded.
The Enforcer dashboard will log a single event whenever your rate limit threshold is exceeded. This occurs regardless of the number of requests that end up being rate limited as a result of this enforcement.
In this example, you have configured a rate limit of 300 requests per minute with an enforcement duration of 1 minute. Assuming the traffic pattern described below, the Enforcer dashboard will indicate that 4 events took place.
Time | # of Requests |
---|---|
12:01 |
300,000 |
12:03 |
1,000,000 |
12:05 |
800,000 |
12:07 |
400,000 |
The Enforcer dashboard allows you to:
This article describes:
The dashboard contains two different views through which rate limit analysis may be performed, which are:
To view the Rate Limiting Dashboard
Navigate to the chart view of the Rate Limiting Dashboard page.
The dashboard will display a chart showing recent enforcements of your security policy.
Chart view is a useful tool for detecting patterns for rate limited traffic directed to your origin servers. This view consists of a chart and statistics for a given time period.
A chart or line graph displays the number of times that enforcement of your rate limit rate limit was initiated over a given time period.
By default, a single line on the graph represents all rate limit enforcement events. Alternatively, categorize enforcement events by selecting the desired categorization criteria from the option that appears directly above the graph. A line will be drawn on the chart for each unique value.
Key information:
By default, the chart includes all enforcements that occurred within the last seven days.
Statistics for the enforcement of your rate limits over a given time period are displayed directly below the chart. Statistics are broken down by category.
Each category may contain up to the top 10 entries.
View a brief description for each category.
The following information is displayed for each category:
This view provides the means to delve into the details of rate limit enforcement. Each enforcement event is described as follows:
Enforced Rule: RuleIdentifies the rate limiting rule that was violated by its name. Elapsed TimeIndicates the amount of time that has passed since the request was screened. TimeIndicates the time (UTC) at which the request was screened.
A sample rule violation is provided below.
Enforced Rule: Drop Traffic 10s ago 12:00:00.00 UTC
Action Type: drop-request
Clicking on an event will expand that entry and display detailed information about it.
View a brief description for each event log entry field.
Key information:
Filters are applied to both the Chart and the Event Log views. Most fields support filtering.
The Chart and the Event Log views cannot be filtered by the Timestamp field. Use the Time Range option instead. This option filters the dashboard for events that occurred during a relative time period from the present (e.g., Last 24 hours or Last 7 days).
Key information:
A brief description for each field used to describe/categorize rate limiting enforcement is provided below.
Field | Description |
---|---|
Rate Limiting Action Name |
Indicates the name of the action that was applied to rate limited requests as a result of this enforcement event. Assign names to actions by defining your rate limiting rule via our REST API. |
Rate Limiting Action Type |
Indicates the type of action (e.g., custom-response) that was applied to rate limited requests as a result of this enforcement event. |
Rule Name |
Indicates the name of the rule whose threshold was exceeded. |
Timestamp |
Indicates the date and time (UTC) at which rate limiting enforcement was initiated. This field is only available from within the Event Log view. Requests may not be filtered by this field. Filter by time through the Time Range option that appears on the left-hand side of the dashboard. |