Huawei Cloud WAF Web Application Firewall
Collect Huawei Cloud WAF Metrics data
Configuration¶
Install Func¶
It is recommended to activate the Guance integration - extensions - hosted Func: all prerequisites are automatically installed, please proceed with the script installation
If you need to deploy Func yourself, refer to Self-deploy Func
Install Script¶
Note: Please prepare the Huawei Cloud AK in advance (for simplicity, you can directly grant the global read-only permission
Tenant Guest)
Hosted Version Activation Script¶
- Log in to the Guance console
- Click the 【Integration】 menu, select 【Cloud Account Management】
- Click 【Add Cloud Account】, select 【Huawei Cloud】, and fill in the required information on the interface. If the cloud account information has been configured before, skip this step
- Click 【Test】, and if the test is successful, click 【Save】. If the test fails, please check the relevant configuration information and retest
- Click 【Cloud Account Management】, and you can see the added cloud account in the list. Click the corresponding cloud account to enter the details page
- Click the 【Integration】 button on the cloud account details page, find
Huawei Cloud WAF Web Application Firewallin theNot Installedlist, and click the 【Install】 button to pop up the installation interface for installation.
Manual Activation Script¶
-
Log in to the Func console, click 【Script Market】, enter the Guance script market, and search for
integration_huaweicloud_waf -
Click 【Install】, and enter the corresponding parameters: Huawei Cloud AK, SK, and account name
-
Click 【Deploy Startup Script】, the system will automatically create the
Startupscript set and automatically configure the corresponding startup script -
After enabling, you can see the corresponding automatic trigger configuration in 「Manage / Automatic Trigger Configuration」. Click 【Execute】 to immediately execute once without waiting for the scheduled time. After a while, you can check the execution task records and corresponding logs
Verification¶
- In 「Manage / Automatic Trigger Configuration」, confirm whether the corresponding task has the corresponding automatic trigger configuration, and check the corresponding task records and logs for any abnormalities
- In Guance, check whether asset information exists in 「Infrastructure / Custom」
- In Guance, check whether there is corresponding monitoring data in 「Metrics」
Metrics¶
Collect Huawei Cloud WAF Metrics, you can collect more metrics by configuration Huawei Cloud WAF Metrics Details
| Metric ID | Metric Name | Metric Meaning | Value Range | Measurement Object | Monitoring Period (Original Metric) |
|---|---|---|---|---|---|
requests |
Request Count | This metric is used to count the total number of requests returned by WAF in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_http_2xx |
WAF Return Code (2XX) | This metric is used to count the number of 2XX status codes returned by WAF in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_http_3xx |
WAF Return Code (3XX) | This metric is used to count the number of 3XX status codes returned by WAF in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_http_4xx |
WAF Return Code (4XX) | This metric is used to count the number of 4XX status codes returned by WAF in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_http_5xx |
WAF Return Code (5XX) | This metric is used to count the number of 5XX status codes returned by WAF in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_fused_counts |
WAF Fuse Count | This metric is used to count the number of requests protected by WAF fuse in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
inbound_traffic |
Inbound Traffic | This metric is used to count the total inbound bandwidth size in the last 5 minutes. Unit: Mbit | ≥0 Mbit | Protected Domain | 5 minutes |
outbound_traffic |
Outbound Traffic | This metric is used to count the total outbound bandwidth size in the last 5 minutes. Unit: Mbit | ≥0 Mbit | Protected Domain | 5 minutes |
waf_process_time_0 |
WAF Processing Latency - Interval [0-10ms) | This metric is used to count the total number of WAF processing latencies in the interval [0-10ms) in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_process_time_10 |
WAF Processing Latency - Interval [10-20ms) | This metric is used to count the total number of WAF processing latencies in the interval [10-20ms) in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_process_time_20 |
WAF Processing Latency - Interval [20-50ms) | This metric is used to count the total number of WAF processing latencies in the interval [20-50ms) in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_process_time_50 |
WAF Processing Latency - Interval [50-100ms) | This metric is used to count the total number of WAF processing latencies in the interval [50-100ms) in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_process_time_100 |
WAF Processing Latency - Interval [100-1000ms) | This metric is used to count the total number of WAF processing latencies in the interval [100-1000ms) in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_process_time_1000 |
WAF Processing Latency - Interval [1000+ms) | This metric is used to count the total number of WAF processing latencies in the interval [1000+ms) in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
qps_peak |
QPS Peak | This metric is used to count the QPS peak of the protected domain in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
qps_mean |
QPS Mean | This metric is used to count the QPS mean of the protected domain in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
waf_http_0 |
No Return WAF Status Code | This metric is used to count the number of no return status response codes from WAF in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
upstream_code_2xx |
Business Return Code (2XX) | This metric is used to count the number of 2XX series status response codes returned by the business in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
upstream_code_3xx |
Business Return Code (3XX) | This metric is used to count the number of 3XX series status response codes returned by the business in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
upstream_code_4xx |
Business Return Code (4XX) | This metric is used to count the number of 4XX series status response codes returned by the business in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
upstream_code_5xx |
Business Return Code (5XX) | This metric is used to count the number of 5XX series status response codes returned by the business in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
upstream_code_0 |
No Return WAF Status Code | This metric is used to count the number of no return status response codes from WAF in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
inbound_traffic_peak |
Inbound Traffic Peak | This metric is used to count the peak of inbound traffic of the protected domain in the last 5 minutes. Unit: Mbit/s | ≥0 Mbit/s | Protected Domain | 5 minutes |
inbound_traffic_mean |
Inbound Traffic Mean | This metric is used to count the mean of inbound traffic of the protected domain in the last 5 minutes. Unit: Mbit/s | ≥0 Mbit/s | Protected Domain | 5 minutes |
outbound_traffic_peak |
Outbound Traffic Peak | This metric is used to count the peak of outbound traffic of the protected domain in the last 5 minutes. Unit: Mbit/s | ≥0 Mbit/s | Protected Domain | 5 minutes |
outbound_traffic_mean |
Outbound Traffic Mean | This metric is used to count the mean of outbound traffic of the protected domain in the last 5 minutes. Unit: Mbit/s | ≥0 Mbit/s | Protected Domain | 5 minutes |
attacks |
Total Attack Count | This metric is used to count the total number of attack requests on the protected domain in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
crawlers |
Crawler Attack Count | This metric is used to count the total number of crawler attack requests on the protected domain in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
base_protection_counts |
Web Basic Protection Count | This metric is used to count the number of attacks protected by Web basic protection rules in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
precise_protection_counts |
Precise Protection Count | This metric is used to count the number of attacks protected by precise protection rules in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
cc_protection_counts |
CC Protection Count | This metric is used to count the number of attacks protected by CC protection rules in the last 5 minutes. Unit: times | ≥0 times | Protected Domain | 5 minutes |
Object¶
The collected Huawei Cloud WAF object data structure can be seen in 「Infrastructure - Custom」.
{
"measurement": "huaweicloud_waf",
"tags": {
"RegionId" : "cn-south-1",
"hostname" : "xxxxxxxxx.cn",
"id" : "9c877f3c83594d10af5aec52bcc1c707",
"paid_type" : "prePaid",
"project_id" : "756ada1aa17e4049b2a16ea41912e52d"
},
"fields": {
"flag" : "[JSON data]",
"proxy" : "False",
"timestamp" : "1731653371361",
"protect_status" : "1",
"access_status" : "1",
"exclusive_ip" : "False",
"web_tag" : "waf"
}
}
Note: The fields in
tagsandfieldsmay change with subsequent updatesNote: The
idvalue is the protected domain ID, used as a unique identifier ```