腾讯云 WAF¶

腾讯云 Web 应用防火墙（Web Application Firewall，WAF）是一款基于 AI 的一站式 Web 业务运营风险防护方案, 展示的指标包括 WAF 运行状态、攻击次数、攻击流量、攻击 IP 数、攻击域名数、攻击端口数、攻击类型分布、攻击来源分布、攻击时间分布、攻击趋势等，这些指标反映了 WAF 的运行状态和攻击情况。

配置¶

安装 Func¶

推荐开通观测云集成 - 扩展 - 托管版 Func: 一切前置条件都自动安装好, 请继续脚本安装

如果自行部署 Func 参考自行部署 Func

安装 WAF 采集脚本¶

提示：请提前准备好符合要求的腾讯云 AK（简单起见，可直接授予全局只读权限ReadOnlyAccess）

同步 WAF 的监控数据，我们安装对应的采集脚本：「观测云集成（腾讯云-WAF）」(ID：guance_tencentcloud_waf)

点击【安装】后，输入相应的参数：腾讯云 AK、腾讯云账户名。

点击【部署启动脚本】，系统会自动创建 Startup 脚本集，并自动配置相应的启动脚本。

开启后可以在「管理 / 自动触发配置」里看到对应的自动触发配置。点击【执行】，即可立即执行一次，无需等待定期时间。稍等片刻，可以查看执行任务记录以及对应日志。

我们默认采集了一些配置, 具体见指标一栏配置自定义云对象指标

验证¶

在「管理 / 自动触发配置」确认对应的任务是否已存在对应的自动触发配置，同时可以查看对应任务记录及日志检查是否有异常
在观测云，「基础设施 / 自定义」中查看是否存在资产信息
在观测云，「指标」查看是否有对应监控数据

指标¶

配置好腾讯云-云监控,默认的指标集如下, 可以通过配置的方式采集更多的指标腾讯云云监控指标详情

指标英文名	指标中文名	说明	单位	维度	统计规则
4xx	访问请求4XX总数	访问请求4XX总数	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
4xxNew	访问请求4XX总数	访问请求4XX总数	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
5xx	访问请求5XX总数	访问请求5XX总数	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
5xxNew	访问请求5XX总数	访问请求5XX总数	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Access	WAF访问次数总量	WAF访问次数总量	Count	domain, edition	[10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
AccessNew	WAF访问次数总量	WAF访问次数总量	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Attack	WAF攻击次数总量	WAF攻击次数总量	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
AttackNew	WAF攻击次数总量	WAF攻击次数总量	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Bot	BOT请求总数	BOT请求总数	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
BotNew	BOT请求总数	BOT请求总数	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Bw	IP黑名单攻击总数	IP黑名单攻击总数	Count	domain, edition	[10s, sum], [60s, sum], [300s, sum]
Cc	CC攻击次数总量	CC攻击次数总量	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
CcNew	CC攻击次数总量	CC攻击次数总量	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
Down	下行带宽总量	下行带宽总量	Bytes	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
DownNew	下行带宽总量	下行带宽总量	Bytes	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
InBandwidth	入带宽	入带宽	MBytes	domain, edition	[60s, expr], [300s, sum], [3600s, sum], [86400s, sum]
InBandwidthNew	入带宽	入带宽	Bytes	instance	[60s, expr], [300s, sum], [3600s, sum], [86400s, sum]
Leak	防敏感信息泄漏攻击总数	防敏感信息泄漏攻击总数	Count	domain, edition	[10s, sum], [60s, sum], [300s, sum]
MetricnameCustomSecurity	自定义策略攻击	自定义策略攻击数	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
MetricnameCustomSecurityNew	自定义策略攻击	自定义策略攻击	Count	instance	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
OutBandwidth	出带宽	出带宽	MBytes	edition, domain	[60s, expr], [300s, sum], [3600s, sum], [86400s, sum]
OutBandwidthNew	出带宽	出带宽	MBytes	instance	[60s, expr], [300s, sum], [3600s, sum], [86400s, sum]
Qps	每秒访问请求数	每秒访问请求数	Count/s	edition, domain	[10s, expr], [60s, max], [300s, max], [3600s, max], [86400s, max]
QpsNew	每秒访问请求数	每秒访问请求数	Count/s	instance	[10s, expr], [60s, max], [300s, max], [3600s, max], [86400s, max]
Ratio4xx	4XX状态码百分占比	4XX状态码百分占比	%	domain, edition	[60s, expr], [300s, expr]
Ratio4xxNew	4XX状态码百分占比	4XX状态码百分占比	%	instance	[60s, expr], [300s, expr]
Ratio5xx	5XX请求百分占比	5XX请求百分占比	%	domain, edition	[60s, expr], [300s, expr]
Ratio5xxNew	5XX请求百分占比	5XX请求百分占比	%	instance	[60s, expr], [300s, expr]
RatioAttack	WEB攻击百分占比	WEB攻击百分占比	%	domain, edition	[60s, expr], [300s, expr]
RatioAttackNew	WEB攻击百分占比	WEB攻击百分占比	%	instance	[60s, expr], [300s, expr]
RatioBot	BOT攻击百分占比	BOT攻击百分占比	%	domain, edition	[60s, expr], [300s, expr]
RatioBotNew	BOT攻击百分占比	BOT攻击百分占比	%	instance	[60s, expr], [300s, expr]
RatioCc	CC攻击百分占比	CC攻击百分占比	%	domain, edition	[60s, expr], [300s, expr]
RatioCcNew	CC攻击百分占比	CC攻击百分占比	%	instance	[60s, expr], [300s, expr]
RatioInBandwidth	实例入带宽利用率	实例入带宽利用率	%	instance	[60s, expr]
RatioOutBandwidth	实例出带宽利用率	实例出带宽利用率	%	instance	[60s, expr]
RatioQps	实例QPS利用率	实例QPS利用率	%	instance	[60s, expr]
Tamper	页面防篡改攻击总数	页面防篡改攻击总数	Count	domain, edition	[10s, sum], [60s, sum], [300s, sum]
U4xx	上游请求4XX总数	上游请求4XX总数	Count	edition, domain	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
U4xxNew	上游请求4XX总数	上游请求4XX总数	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum]
U5xx	上游请求5XX总数	上游请求5XX总数	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
U5xxNew	上游请求5XX总数	上游请求5XX总数	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum]
Up	上行带宽总量	上行带宽总量	Bytes	edition, domain	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
UpNew	上行带宽总量	上行带宽总量	Bytes	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum]
Upstream	上游回源次数	上游回源次数	Count	domain, edition	[60s, sum], [300s, sum], [3600s, sum], [86400s, sum]
UpstreamNew	上游回源次数	上游回源次数	Count	instance	[5s, sum], [10s, sum], [60s, sum], [300s, sum]

说明拉取 Web 应用防火墙指标数据时，Region 请统一选择“广州”地域。

各维度对应参数总览¶

参数名称	维度名称	维度解释	格式
Instances.N.Dimensions.0.Name	domain	客户端攻击的域名维度名称	输入 String 类型维度名称：domain
Instances.N.Dimensions.0.Value	domain	客户端攻击的具体域名	输入客户端攻击的具体域名，例如：www.cloud.tencent.com
Instances.N.Dimensions.1.Name	edition	Web 应用防火墙实例类型维度名称	输入 String 类型维度名称：edition
Instances.N.Dimensions.1.Value	edition	Web 应用防火墙实例具体类型	输入 Web 应用防火墙实例具体类型，例如：SaaS WAF（入参值为0）或 CLB WAF（入参值为1）
Instances.N.Dimensions.2.Name	instance	Web 应用防火墙实例维度名称	输入 String 类型维度名称：instance
Instances.N.Dimensions.2.Value	instance	Web 应用防火墙实例具体的名称	输入Web应用防火墙实例具体的名称，例如：waf_2kxtpo960i9y7i05

对象¶

采集到的腾讯云 WAF 对象数据结构, 可以从「基础设施-自定义」里看到对象数据

{
  "time": 1749782297000,
  "AppId": "1311317185",
  "CCList": "[]",
  "ClsStatus": "0",
  "Cname": "15bfb3de8de69192de22b581c2a66571.qcloudwzgj.com",
  "CreateTime": "2025-06-09T14:47:48+08:00",
  "Domain": "",
  "DomainId": "13f6c2f0def0558e9f5234270434d1b0",
  "Edition": "sparta-waf",
  "EditionNum": "0",
  "Engine": "1",
  "InstanceId": "waf_2l12weqc17ldfpop",
  "InstanceName": "gz-Default",
  "Level": "2",
  "LoadBalancerSet": "[]",
  "Ports": "[{\"NginxServerId\": 408141, \"Port\": \"80\", \"Protocol\": \"http\", \"UpstreamPort\": \"80\", \"UpstreamProtocol\": \"http\"}]",
  "Region": "gz",
  "RegionId": "",
  "RsList": "[\"134.175.221.0/24\"]",
  "SrcList": "[]",
  "State": "1",
  "Status": "1",
  "__docid": "CO_fcaf33c5dcca7aca4735e6b5d9857f2e",
  "__namespace": "custom_object",
  "__update_time": 1749782297000,
  "account_name": "",
  "class": "tencentcloud_waf",
  "cloud_provider": "tencentcloud",
  "create_time": 1749782297797,
  "date": 1749782297000,
  "date_ns": 1749782297000000000,
  "last_update_time": 1749782297797,
  "message": "{\"AccessStatus\": 1, \"AlbType\": \"\", \"ApiStatus\": 0, \"AppId\": 1311317185, \"BotStatus\": 0, \"CCList\": [], \"CdcClusters\": \"\", \"CloudType\": \"\", \"ClsStatus\": 0, \"Cname\": \"15bfb3de8de69192de22b581c2a66571.qcloudwzgj.com\", \"CreateTime\": \"2025-06-09T14:47:48+08:00\", \"Domain\": \"xxxxx.com\", \"DomainId\": \"13f6c2f0def0558e9f5234270434d1b0\", \"Edition\": \"sparta-waf\", \"EditionNum\": 0, \"Engine\": 1, \"FlowMode\": 0, \"InstanceId\": \"waf_2l12weqc17ldfpop\", \"InstanceName\": \"gz-Default\", \"Ipv6Status\": 0, \"Labels\": [\"\"], \"Level\": 2, \"LoadBalancerSet\": [], \"Mode\": 1, \"Note\": \"\", \"Ports\": [{\"NginxServerId\": 408141, \"Port\": \"80\", \"Protocol\": \"http\", \"UpstreamPort\": \"80\", \"UpstreamProtocol\": \"http\"}], \"PostCKafkaStatus\": 0, \"PostCLSStatus\": 0, \"Region\": \"gz\", \"RegionId\": \"ap-guangzhou\", \"RsList\": [\"134.175.221.0/24\"], \"SgDetail\": \"\", \"SgID\": \"\", \"SgState\": 0, \"SrcList\": [], \"State\": 1, \"Status\": 1, \"UpstreamDomainList\": [\"www.xxxxx.com\"]}",
  "name": "13f6c2f0def0558e9f5234270434d1b0",
  "time_us": 1749782297000000,
  "__searches": []
}

注意：tags、fields中的字段可能会随后续更新有所变动

腾讯云 WAF¶

配置¶

安装 Func¶

安装 WAF 采集脚本¶

验证¶

指标¶

各维度对应参数总览¶

对象¶

文档内容是否对您有帮助？ ×