Skip to content

Tencent Cloud WAF

Tencent Cloud Web Application Firewall (Web Application Firewall, WAF) is an AI-based one-stop Web business operation risk protection solution. The displayed Metrics include WAF operating status, attack count, attack traffic, attack IP count, attack domain count, attack port count, attack type distribution, attack source distribution, attack time distribution, attack trend, etc. These Metrics reflect the operating status and attack situation of WAF.

Configuration

Install Func

It is recommended to enable Guance Integration - Extensions - DataFlux Func (Automata): All prerequisites are automatically installed, please continue with the script installation.

If you deploy Func by yourself, refer to Self-deployed Func

Enable Script

Note: Please prepare the Tencent Cloud AK that meets the requirements in advance (for simplicity, you can directly grant the global read-only permission ReadOnlyAccess)

Automata Version Enable Script

  1. Log in to the Guance console.
  2. Click the [Integration] menu and select [Cloud Account Management].
  3. Click [Add Cloud Account], select [Tencent Cloud], and fill in the required information on the interface. If the cloud account information has been configured before, ignore this step.
  4. Click [Test], and after the test is successful, click [Save]. If the test fails, please check whether the relevant configuration information is correct and test again.
  5. Click [Cloud Account Management] list to see the added cloud account, click the corresponding cloud account to enter the details page.
  6. Click the [Integration] button on the cloud account details page, find Tencent Cloud WAF under the Not Installed list, click the [Install] button, and the installation interface will pop up for installation.

Manual Enable Script

  1. Log in to the Func console, click [Script Market], enter the Guance script market, search for integration_tencentcloud_waf.

  2. Click [Install], then enter the corresponding parameters: Tencent Cloud AK, SK, and account name.

  3. Click [Deploy Startup Script], the system will automatically create the Startup script set and automatically configure the corresponding startup script.

  4. After enabling, you can see the corresponding automatic trigger configuration in "Management / Automatic Trigger Configuration". Click [Execute] to execute immediately without waiting for the scheduled time. After a while, you can view the execution task record and corresponding logs.

Verification

  1. In "Management / Automatic Trigger Configuration", confirm whether the corresponding task has the corresponding automatic trigger configuration, and you can also check the corresponding task record and logs to check for any abnormalities.
  2. In Guance, check whether there is asset information in "Infrastructure / Custom".
  3. In Guance, check whether there is corresponding monitoring data in "Metrics".

Metrics

After configuring Tencent Cloud Cloud Monitor, the default Measurement is as follows. More Metrics can be collected through configuration Tencent Cloud Cloud Monitor Metrics Details

Metric English Name Metric Chinese Name Description Unit Dimensions Statistics Rules
4xx Access Request 4XX Total Access Request 4XX Total Count domain, edition [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
4xxNew Access Request 4XX Total Access Request 4XX Total Count instance [5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
5xx Access Request 5XX Total Access Request 5XX Total Count domain, edition [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
5xxNew Access Request 5XX Total Access Request 5XX Total Count instance [5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Access WAF Access Count Total WAF Access Count Total Count domain, edition [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
AccessNew WAF Access Count Total WAF Access Count Total Count instance [5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Attack WAF Attack Count Total WAF Attack Count Total Count domain, edition [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
AttackNew WAF Attack Count Total WAF Attack Count Total Count instance [5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Bot BOT Request Total BOT Request Total Count domain, edition [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
BotNew BOT Request Total BOT Request Total Count instance [5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Bw IP Blacklist Attack Total IP Blacklist Attack Total Count domain, edition [10s, sum], [60s, sum], [300s, sum]
Cc CC Attack Count Total CC Attack Count Total Count domain, edition [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
CcNew CC Attack Count Total CC Attack Count Total Count instance [5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Down Downstream Bandwidth Total Downstream Bandwidth Total Bytes domain, edition [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
DownNew Downstream Bandwidth Total Downstream Bandwidth Total Bytes instance [5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
InBandwidth Inbound Bandwidth Inbound Bandwidth MBytes domain, edition [60s, expr], [300s, sum], [3600s, sum], [86400s, sum]
InBandwidthNew Inbound Bandwidth Inbound Bandwidth Bytes instance [60s, expr], [300s, sum], [3600s, sum], [86400s, sum]
Leak Sensitive Information Leakage Attack Total Sensitive Information Leakage Attack Total Count domain, edition [10s, sum], [60s, sum], [300s, sum]
MetricnameCustomSecurity Custom Policy Attack Custom Policy Attack Count Count domain, edition [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
MetricnameCustomSecurityNew Custom Policy Attack Custom Policy Attack Count instance [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
OutBandwidth Outbound Bandwidth Outbound Bandwidth MBytes edition, domain [60s, expr], [300s, sum], [3600s, sum], [86400s, sum]
OutBandwidthNew Outbound Bandwidth Outbound Bandwidth MBytes instance [60s, expr], [300s, sum], [3600s, sum], [86400s, sum]
Qps Access Requests Per Second Access Requests Per Second Count/s edition, domain [10s, expr], [60s, max], [300s, max], [3600s, max], [86400s, max]
QpsNew Access Requests Per Second Access Requests Per Second Count/s instance [10s, expr], [60s, max], [300s, max], [3600s, max], [86400s, max]
Ratio4xx 4XX Status Code Percentage 4XX Status Code Percentage % domain, edition [60s, expr], [300s, expr]
Ratio4xxNew 4XX Status Code Percentage 4XX Status Code Percentage % instance [60s, expr], [300s, expr]
Ratio5xx 5XX Request Percentage 5XX Request Percentage % domain, edition [60s, expr], [300s, expr]
Ratio5xxNew 5XX Request Percentage 5XX Request Percentage % instance [60s, expr], [300s, expr]
RatioAttack WEB Attack Percentage WEB Attack Percentage % domain, edition [60s, expr], [300s, expr]
RatioAttackNew WEB Attack Percentage WEB Attack Percentage % instance [60s, expr], [300s, expr]
RatioBot BOT Attack Percentage BOT Attack Percentage % domain, edition [60s, expr], [300s, expr]
RatioBotNew BOT Attack Percentage BOT Attack Percentage % instance [60s, expr], [300s, expr]
RatioCc CC Attack Percentage CC Attack Percentage % domain, edition [60s, expr], [300s, expr]
RatioCcNew CC Attack Percentage CC Attack Percentage % instance [60s, expr], [300s, expr]
RatioInBandwidth Instance Inbound Bandwidth Utilization Instance Inbound Bandwidth Utilization % instance [60s, expr]
RatioOutBandwidth Instance Outbound Bandwidth Utilization Instance Outbound Bandwidth Utilization % instance [60s, expr]
RatioQps Instance QPS Utilization Instance QPS Utilization % instance [60s, expr]
Tamper Page Tampering Attack Total Page Tampering Attack Total Count domain, edition [10s, sum], [60s, sum], [300s, sum]
U4xx Upstream Request 4XX Total Upstream Request 4XX Total Count edition, domain [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
U4xxNew Upstream Request 4XX Total Upstream Request 4XX Total Count instance [5s, sum], [10s, sum], [60s, sum], [300s, sum]
U5xx Upstream Request 5XX Total Upstream Request 5XX Total Count domain, edition [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
U5xxNew Upstream Request 5XX Total Upstream Request 5XX Total Count instance [5s, sum], [10s, sum], [60s, sum], [300s, sum]
Up Upstream Bandwidth Total Upstream Bandwidth Total Bytes edition, domain [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
UpNew Upstream Bandwidth Total Upstream Bandwidth Total Bytes instance [5s, sum], [10s, sum], [60s, sum], [300s, sum]
Upstream Upstream Source Return Count Upstream Source Return Count Count domain, edition [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
UpstreamNew Upstream Source Return Count Upstream Source Return Count Count instance [5s, sum], [10s, sum], [60s, sum], [300s, sum]

Note When pulling Web Application Firewall Metrics data, please select the "Guangzhou" region uniformly.

Overview of Parameters Corresponding to Each Dimension

Parameter Name Dimension Name Dimension Description Format
Instances.N.Dimensions.0.Name domain Client Attack Domain Dimension Name Enter String type dimension name: domain
Instances.N.Dimensions.0.Value domain Client Attack Specific Domain Enter the specific domain of client attack, for example: www.cloud.tencent.com
Instances.N.Dimensions.1.Name edition Web Application Firewall Instance Type Dimension Name Enter String type dimension name: edition
Instances.N.Dimensions.1.Value edition Web Application Firewall Instance Specific Type Enter the specific type of Web Application Firewall instance, for example: SaaS WAF (input value is 0) or CLB WAF (input value is 1)
Instances.N.Dimensions.2.Name instance Web Application Firewall Instance Dimension Name Enter String type dimension name: instance
Instances.N.Dimensions.2.Value instance Web Application Firewall Instance Specific Name Enter the specific name of the Web Application Firewall instance, for example: waf_2kxtpo960i9y7i05

Object

The collected Tencent Cloud WAF object data structure can be seen in "Infrastructure - Custom"

{
  "time": 1749782297000,
  "AppId": "1311317185",
  "CCList": "[]",
  "ClsStatus": "0",
  "Cname": "15bfb3de8de69192de22b581c2a66571.qcloudwzgj.com",
  "CreateTime": "2025-06-09T14:47:48+08:00",
  "Domain": "",
  "DomainId": "13f6c2f0def0558e9f5234270434d1b0",
  "Edition": "sparta-waf",
  "EditionNum": "0",
  "Engine": "1",
  "InstanceId": "waf_2l12weqc17ldfpop",
  "InstanceName": "gz-Default",
  "Level": "2",
  "LoadBalancerSet": "[]",
  "Ports": "[{\"NginxServerId\": 408141, \"Port\": \"80\", \"Protocol\": \"http\", \"UpstreamPort\": \"80\", \"UpstreamProtocol\": \"http\"}]",
  "Region": "gz",
  "RegionId": "",
  "RsList": "[\"134.175.221.0/24\"]",
  "SrcList": "[]",
  "State": "1",
  "Status": "1",
  "__docid": "CO_fcaf33c5dcca7aca4735e6b5d9857f2e",
  "__namespace": "custom_object",
  "__update_time": 1749782297000,
  "account_name": "",
  "class": "tencentcloud_waf",
  "cloud_provider": "tencentcloud",
  "create_time": 1749782297797,
  "date": 1749782297000,
  "date_ns": 1749782297000000000,
  "last_update_time": 1749782297797,
  "message": "{\"AccessStatus\": 1, \"AlbType\": \"\", \"ApiStatus\": 0, \"AppId\": 1311317185, \"BotStatus\": 0, \"CCList\": [], \"CdcClusters\": \"\", \"CloudType\": \"\", \"ClsStatus\": 0, \"Cname\": \"15bfb3de8de69192de22b581c2a66571.qcloudwzgj.com\", \"CreateTime\": \"2025-06-09T14:47:48+08:00\", \"Domain\": \"xxxxx.com\", \"DomainId\": \"13f6c2f0def0558e9f5234270434d1b0\", \"Edition\": \"sparta-waf\", \"EditionNum\": 0, \"Engine\": 1, \"FlowMode\": 0, \"InstanceId\": \"waf_2l12weqc17ldfpop\", \"InstanceName\": \"gz-Default\", \"Ipv6Status\": 0, \"Labels\": [\"\"], \"Level\": 2, \"LoadBalancerSet\": [], \"Mode\": 1, \"Note\": \"\", \"Ports\": [{\"NginxServerId\": 408141, \"Port\": \"80\", \"Protocol\": \"http\", \"UpstreamPort\": \"80\", \"UpstreamProtocol\": \"http\"}], \"PostCKafkaStatus\": 0, \"PostCLSStatus\": 0, \"Region\": \"gz\", \"RegionId\": \"ap-guangzhou\", \"RsList\": [\"134.175.221.0/24\"], \"SgDetail\": \"\", \"SgID\": \"\", \"SgState\": 0, \"SrcList\": [], \"State\": 1, \"Status\": 1, \"UpstreamDomainList\": [\"www.xxxxx.com\"]}",
  "name": "13f6c2f0def0558e9f5234270434d1b0",
  "time_us": 1749782297000000,
  "__searches": []
}

Note: The fields in tags, fields may change with subsequent updates ```

Feedback

Is this page helpful? ×