Knowledge Base
medianova.comSupportLog in
  • Welcome to the Medianova Knowledge Base
  • Getting Started
    • Concepts
    • Start your Free Trial
  • Products
    • Security
      • DDoS Protection
      • SSL/TLS Encryption
        • How to upload and manage SSL Certificates?
        • How to Extract CRT and KEY Files from a PFX Certificate
        • How can I use Free SSL?
        • FAQ
      • Web Application Firewall (WAF)
        • How to activate WAF?
        • Analytics
      • Rate Limiting
      • Hotlink Protection
      • IP Restriction
      • Geoblocking
      • FAQs
    • Performance / CDN
      • Static Content Delivery
        • Create Small Resource
        • Create Large Resource
        • Integrating Static CDN Resource
        • Configuration Basics
          • Medianova IP Blocks
        • Advanced Configuration
          • Origin Settings
            • Advanced Origin Settings
            • Rewrite Origin URLs
            • Origin SNI Request
            • Redirect Handle From Origin
            • Origin Response Timeout
          • CNAME
          • Caching
            • Edge Cache Expiration
            • Browser Cache Rule
            • Query String Caching
            • Etag Verification
            • Error Status Code Cache Expiration
            • Shared Cache
            • Stale Cache
            • Robots.txt file
            • Range Based Caching
          • Headers
            • CORS Header
            • Custom Header
            • X-CDN Header
            • Origin Host Header
            • HTTP Strict Transport (HSTS) Protection
            • X-Frame Options
            • X-XSS Protection
            • X-Content Type Options
          • Purge
          • Prefetch
          • Page Rules
            • Manage Page Rules
            • Page Rules Settings
          • Compression
            • How to Configure Gzip and Brotli
        • Website Framework Integrations
          • Magento CDN Integration
          • Wordpress CDN Integration
          • Phalcon CDN Integration
          • CakePHP CDN Integration
        • Analytics
      • Dynamic Content Acceleration
        • Create Dynamic Resource
        • Integrating Dynamic CDN Resource
        • Aksela Test Steps
        • Advanced Configuration
          • Origin Settings
            • Advanced Origin Settings
            • Rewrite Origin URLs
            • Origin SNI Request
            • Redirect Handle From Origin
            • Origin Response Timeout
          • Caching
            • Edge Cache Expiration
            • Browser Cache Rule
            • Query String Caching
            • Etag Verification
            • Error Status Code Cache Expiration
            • Shared Cache
            • Stale Cache
            • Disallow Cookie Base Cache
            • Cookie Base Cache
            • Header Base Cache
            • Header Value Base Cache
            • MNUID Cookie Base Cache
            • Mobile Redirect
          • Headers
            • CORS Header
            • Custom Header
            • X-CDN Header
            • Origin Host Header
            • HTTP Strict Transport (HSTS) Protection
            • X-Frame Options
            • X-XSS Protection
            • X-Content Type Options
          • Purge
          • Prefetch
          • Page Rules
          • Compression
        • Analytics
      • Streaming Content Delivery
        • Create Streaming Resource
        • Advanced Configuration
          • Origin Settings
            • Redirect Handle From Origin
            • Origin Response Timeout
          • Headers
            • CORS Header
            • Custom Header
            • X-CDN Header
            • Origin Host Header
          • Stream Management
        • Analytics
      • API Caching
      • Private CDN
      • Image Optimization and WebP
        • What is Image Optimization and How Does It Work?
        • What is WebP and How Does It Work?
        • How to Activate Image Optimization and WebP?
        • Analytics
      • FAQs
    • Object Storage / Stook
      • What is Stook?
      • How to Create Stook?
      • How to Connect Bucket?
      • Access Key Management
      • Stook Integration and Usage Guides
        • Migrating Data to Stook Using Rclone
        • Data Transfer to Stook with Cyberduck
        • How to use the AWS SDK for Laravel with Stook?
        • How to use the AWS SDK for PHP with Stook?
        • How do I use the AWS SDK for .NET with Stook?
        • Stook Storage User Guide for AWS CLI
        • How to use AWS SDK for JavaScript with Stook?
        • How do I use Stook with the AWS Java SDK?
        • Using Pre-Signed URL PHP with Stook
        • Using Pre-Marked URL NODEJS With Stook
    • Analytics (MN Logz)
      • Real-Time Logpush
      • Raw Logs
  • Account & Billing
    • Managing Account and Organizations
      • Create new organization
      • Invite user
      • Changing Cloud Panel password
      • Access Controls and Authentication
    • Subscription and Billing
      • Packages
        • Free Trial
        • Starter
        • Growth
        • Enterprise
        • Add-ons
      • Policy
      • Upgrade & Downgrade Procedures
      • Changing your subscription package
      • Payment Info
      • Invoices
  • API Documentation
    • Authentication
    • Security
      • Web Application Firewall (WAF)
      • SSL/TLS
      • Always Use HTTPS Settings
      • Origin Basic Authentication
      • Secure Token
      • Bot Protection
      • Hotlink Protection
      • User Agent ACL
      • IP Restriction ACL
      • Geoblocking
    • Performance / CDN
      • Resources
      • Origin Settings
      • CNAME & SSL
      • Caching
      • Headers
      • Image Optimization & WebP
      • Page Rule
      • Purge
      • Prefetch
      • Stream Management
    • Object Storage / Stook
    • Analytics
      • WAF Analytics
  • Support and Troubleshooting
    • Common Issues and Solutions
      • Troubleshooting Common Setup Issues
      • Troubleshooting Performance Problems
    • Contacting Customer Support
  • Glossary
    • Definition of Important CDN Terms
    • Acronyms and Abbreviations
    • Definition of HTTP Status Error Codes
Powered by GitBook
LogoLogo

© 2025 Medianova. All rights reserved.

On this page
  • Overview
  • Dashboard Visualizations
  • Conclusion

Was this helpful?

Export as PDF
  1. Products
  2. Security
  3. Web Application Firewall (WAF)

Analytics

Last updated 5 months ago

Was this helpful?

Overview

A Web Application Firewall (WAF) provides an essential layer of security for your website, protecting it from malicious attacks by analyzing incoming traffic and blocking harmful requests. To efficiently manage this security layer, it is crucial to regularly monitor and analyze the WAF’s analytics data.

Once your WAF is activated in either "On" or "Monitoring Only" mode, you can access detailed metrics by navigating to the Analytics → WAF section in the panel. This data provides you with valuable insights into the security status of your website, enabling you to make informed decisions about how to enhance your protection.

This document explains the key metrics and charts available in the WAF analytics dashboard, and how to interpret and use them effectively.


Dashboard Visualizations

The WAF analytics dashboard also includes various charts and tables that make it easier to understand and interpret the data. These visualizations help you quickly spot trends, patterns, and anomalies in your website's traffic and security.

1. Attack Histogram

The Attack Histogram displays the number of attacks over time, helping you identify patterns and trends in security incidents. This chart can be filtered by URL to provide a more granular view of attacks targeting specific pages or resources on your website.

2. Threats

The Threats metric represents the number of requests that have triggered WAF rules relative to the total number of requests made to your website. This data helps you understand the volume of potentially malicious traffic your site is receiving and how effective your WAF is at blocking harmful requests.

When analyzing this metric, pay attention to sudden spikes in threat volume, as they may indicate an attack or a change in traffic patterns. Tracking the Threats metric over time will allow you to gauge the overall effectiveness of your security rules and identify if any adjustments are necessary to improve threat detection and mitigation.

The Threats Table breaks down threat data into several time periods:

  • Total: The total number of threats detected since the WAF was activated.

  • Today: The number of threats detected today.

  • This Month: The number of threats detected in the current month.

  • Last Month: The number of threats detected in the previous month.

3. Top 10 Client IPs

The Top 10 Client IPs table displays the IP addresses responsible for triggering the most WAF rules. This metric helps identify potential sources of malicious traffic or attackers. By reviewing this data, you can take proactive measures, such as blocking or rate-limiting suspicious IPs. It also helps recognize patterns, such as bot-driven traffic or targeted attacks from specific regions or entities. The accompanying Pie Chart provides a visual breakdown of these IPs, making it easier to identify high-risk sources and take swift action to mitigate potential threats.

4. Top 50 Request URIs

The Top 50 Request URIs table displays the URLs on your website most frequently targeted by requests that trigger WAF rules. This metric helps identify which parts of your site are under the most attack, allowing you to pinpoint areas that may be more vulnerable. By analyzing the Request URIs, you can detect patterns in attack vectors, such as specific endpoints or resources being targeted, and adjust your security measures accordingly. If certain URLs are consistently attacked, you may consider implementing more tailored WAF rules to strengthen protection for those areas.

5. Top 50 User Agents

The Top 50 User Agents table provides insight into the devices and browsers generating requests that are being blocked by WAF rules. This data can help you identify anomalies in traffic, such as attacks coming from unusual user agents, which may indicate automated bot traffic.

6. Rule

The Rule metric indicates which specific WAF rule is triggered by incoming requests. This helps assess the effectiveness of each rule in detecting and mitigating threats. By analyzing which rules are most frequently triggered, you can identify patterns in attack types and adjust your rule configuration accordingly. If a rule is triggered too often, it may indicate false positives or that the rule needs refinement to better suit your site's needs.

The Rule table displays the most frequently triggered WAF rules. This table allows you to evaluate the performance of each rule and understand which threats are being blocked most effectively. Frequent triggers suggest the rule is successfully mitigating a particular type of attack, but if the rule is ineffective, it may require adjustments.

7. Last 300 Activity Log

The Last 300 Activity Log displays detailed information on the most recent 300 requests flagged by WAF rules. This log allows you to dive deeper into recent security incidents, providing crucial insights for further investigation and threat mitigation.


Conclusion

By regularly monitoring these WAF analytics metrics and reviewing the dashboard charts, you gain valuable insights into the security of your website. This data allows you to detect potential threats early, identify patterns in malicious traffic, and fine-tune your WAF rules to ensure maximum protection.

For further assistance or to customize your WAF settings, please refer to the help section in the panel or contact support.