Amazon WAF metrics and dimensions
Amazon WAF reports metrics once a minute. Amazon WAF provides
metrics and dimensions in the AWS/WAFV2
namespace.
You can see summary information for Amazon WAF metrics through the Amazon WAF console, in the web ACL's traffic overview tab. For more information, go to the console or see Web ACL traffic overview dashboards.
You can see the following metrics for web ACLs, rules, rule groups, and labels.
-
Your rules – Metrics are grouped by the rule action. For example, when you test a rule in Count mode, its matches are listed as
Count
metrics for the web ACL. -
Your rule groups – The metrics for your rule groups are listed under the rule group metrics.
-
Rule groups owned by another account – Rule group metrics are generally visible only to the rule group owner. However, if you override the rule action for a rule, the metrics for that rule will be listed under your web ACL metrics. Additionally, labels added by any rule group are listed in your web ACL metrics
Rule groups in this category are Amazon Managed Rules for Amazon WAF, Amazon Web Services Marketplace managed rule groups, Recognizing rule groups provided by other services, and rule groups that are shared with you by another account.
-
Labels - Labels that were added to a web request during evaluation are listed in the web ACL label metrics. You can access the metrics for all labels, regardless of whether they were added by your rules and rule groups or by rules in a rule group that another account owns.
Topics
Web ACL, rule group, and rule metrics and dimensions
Metric | Description |
---|---|
|
The number of allowed web requests. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of blocked web requests. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of counted web requests. Reporting criteria: There is a nonzero value. A counted web request is one that matches at least one of the rules. Request counting is typically used for testing. Valid statistics: Sum |
|
The number of web requests that had CAPTCHA controls applied. Reporting criteria: There is a nonzero value. A CAPTCHA web request is one that matches a rule that has a CAPTCHA action setting. This metric records all requests that match, regardless of whether they have a valid CAPTCHA token. Valid statistics: Sum |
|
The number of web requests that had CAPTCHA controls applied and that had a valid CAPTCHA token. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of solutions that were submitted by an end user in response to a CAPTCHA puzzle challenge. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of CAPTCHA puzzle solutions submitted that successfully solved the puzzle. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of web requests that had challenge controls applied. Reporting criteria: There is a nonzero value. A challenge web request is one that matches a rule that has a Challenge action setting. This metric records all requests that match, regardless of whether they have a valid challenge token. Valid statistics: Sum |
|
The number of web requests that had challenge controls applied and that had a valid challenge token. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of passed requests. This is only used for requests that go through a rule group evaluation without matching any of the rule group rules. Reporting criteria: There is a nonzero value. Passed requests are requests that don't match any of the rules in the rule group. Valid statistics: Sum |
Dimension | Description |
---|---|
|
Required for all protected resource types except for Amazon CloudFront distributions. |
|
One of the following:
|
|
The metric name of the |
|
The metric name of the |
|
The country of origin of the request. This is the two-character designation from the International Organization for Standardization (ISO) 3166 standard. For example, US for the United States and UA for Ukraine. If a request has an |
|
The type of attack that Amazon WAF identified in the request, based on the rules and rule groups that you use in your web ACL. Your rules and the rules in the baseline Amazon managed rule groups can identify attack types. For example, cross-site scripting (XSS) rule matches identify XSS attack types, and rate-based rules identify volumetric attack types. The attack type usually indicates the type of rule that terminated the web request evaluation. |
|
The device type of the client that sent the request,
obtained from the web request’s |
|
The metric name of the |
|
The rule within the |
Label metrics and dimensions
Metrics for the labels added to requests during evaluation by your rules and by the managed rule groups that you use in your web ACL. For information, see Web request labeling.
For any single web request, Amazon WAF stores metrics for at most 100 labels. Your web ACL evaluation can apply more than 100 labels and match against more than 100 labels, but only the first 100 are reflected in the metrics.
Metric | Description |
---|---|
|
The number of labels on web requests that had the action setting Allow applied. The labels can have been added at any point during the web request evaluation. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of labels on web requests that had the action setting Block applied. The labels can have been added at any point during the web request evaluation. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of labels added to web requests by rule group rules that have a Count action setting. This metric is only available to the owner of a rule group, for rules inside the rule group. For other cases, the count label metrics are rolled up into the terminating action that was applied to the request, like Allow or Block. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of labels on web requests that had a terminating CAPTCHA action applied. The labels can have been added at any point during the web request evaluation. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of labels on web requests that had a terminating Challenge action applied. The labels can have been added at any point during the web request evaluation. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of matched rules that both generated the associated label and terminated request evaluation with an Allow action. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of matched rules that both generated the associated label and terminated request evaluation with a Block action. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of matched rules that both generated the associated label and applied a Count action. One request could result in multiple instances of this metric, if multiple rules are configured with the same label and action. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of matched rules that both generated the associated label and terminated request evaluation with a CAPTCHA action. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of matched rules that both generated the associated label and terminated request evaluation with a Challenge action. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of matched rules that both generated the associated label and applied a non-terminating CAPTCHA action. One request could result in multiple instances of this metric, if multiple rules are configured with the same label and action. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of matched rules that both generated the associated label and applied a non-terminating Challenge action. One request could result in multiple instances of this metric, if multiple rules are configured with the same label and action. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
Dimension | Description |
---|---|
|
Required for all protected resource types except for Amazon CloudFront distributions. |
|
The metric name of the |
|
The metric name of the |
|
The namespace prefix of the label that was added to the request. |
|
The name of the label that was added to the request. |
|
The managed rule group that served as the context of the label addition.
For example, the context for token management labels such as awswaf:managed:token:accepted
is the Amazon WAF managed rule group that uses token management on the request, such as
the Bot Control or ATP managed rule group. This dimension doesn't apply to all labels. |
Free bot visibility metrics and dimensions
When you don't use Bot Control in your web ACL, Amazon WAF applies the Bot Control managed rule group to a sampling of your web requests, at no additional cost. This can provide an idea of the bot traffic that is coming to your protected resources. For information about Bot Control, see Amazon WAF Bot Control rule group.
Metric | Description |
---|---|
|
The number of sampled requests that have Allow action. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of sampled requests that have Block action. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of sampled requests that have CAPTCHA action. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of sampled requests that have Challenge action. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of sampled requests that have Count action. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
Dimension | Description |
---|---|
|
Required for all protected resource types except for Amazon CloudFront distributions. |
|
The metric name of the |
|
The name of the of the detected bot category, based on the web request labels. |
|
The name of the of the detected bot verification status, based on the web request labels. |
|
The name of the of the detected bot signals, based on the web request labels. |
Account metrics and dimensions
Account metrics provide account-wide information about CAPTCHA puzzles that were serviced through the JavaScript API.
Metric | Description |
---|---|
|
The number of solutions that were submitted by an end user in response to a CAPTCHA puzzle challenge, for puzzles that were served via the CAPTCHA JavaScript API. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
|
The number of CAPTCHA puzzle solutions submitted that successfully solved the puzzle, for puzzles that were served via the CAPTCHA JavaScript API. Reporting criteria: There is a nonzero value. Valid statistics: Sum |
Dimension | Description |
---|---|
|
Required for all protected resource types except for Amazon CloudFront distributions. |