Alibaba Cloud Web Application Firewall (WAF) V3 Monitoring Integration
Site24x7 offers end-to-end monitoring for Alibaba Cloud Web Application Firewall (WAF) V3, providing real-time insights into traffic throughput, request and error ratios, WAF detection and block events, ACL and CC protection, and system health metrics. When you integrate your Alibaba Cloud account with Site24x7, all WAF V3 instances are automatically discovered and continuously monitored.
Use cases
- Traffic and throughput monitoring: Measure QPS and WAF-specific QPS to understand traffic patterns and server load.
- Error rate tracking: Monitor 4xx and 5xx error ratios to detect abnormal application behavior.
- WAF detection and block monitoring: Track blocked requests, WAF detection rates, and rule enforcement to ensure effective protection.
- ACL and CC protection: Monitor Access Control List (ACL) and Challenge Collapsar (CC) protection metrics to identify and mitigate attacks.
- System health tracking: Keep an eye on CPU, memory, disk utilization, and active monitoring tasks to maintain WAF operational efficiency.
Setup and configuration
- Log in to your Site24x7 account and navigate to Cloud > Alibaba Cloud > Add Monitor.
- In the Edit Alibaba Cloud Monitor page, select Web Application Firewall (WAF) V3 from the Service Types list.
- Once added, go to Cloud > Alibaba > WAF V3 to view dashboards and performance metrics.
Supported metrics
Traffic & Throughput
| Metric name | Description | Unit |
|---|---|---|
| QPS | Total queries per second processed by WAF. | Count/second |
| QPS (WAFv3) | QPS specifically handled by WAF V3. | Count/second |
| QPS Ratio | Ratio of processed queries to total requests. | Percentage |
| QPS Ratio (WAFv3) | Ratio of WAF V3-processed queries to total requests. | Percentage |
| QPS Ratio Down | Ratio of queries dropped or blocked. | Percentage |
| QPS Ratio Down (WAFv3) | Ratio of WAF V3 queries dropped or blocked. | Percentage |
| WAF QPS | WAF-specific QPS showing handled traffic per second. | Count/second |
| WAF QPS (WAFv3) | QPS handled by WAF V3 rules. | Count/second |
| WAF QPS Max (WAFv3) | Maximum QPS observed by WAF V3 within the reporting interval. | Count/second |
Error & Response Ratios
| Metric name | Description | Unit |
|---|---|---|
| 4xx Ratio | Percentage of client-side error responses. | Percentage |
| 4xx Ratio (WAFv3) | Percentage of 4xx responses processed by WAF V3. | Percentage |
| 4xx Ratio (WAFv3 v2) | Alternate 4xx ratio metric for hybrid WAF V3 deployment. | Percentage |
| 5xx Ratio | Percentage of server-side error responses. | Percentage |
| 5xx Ratio (WAFv3) | Percentage of 5xx responses processed by WAF V3. | Percentage |
| 5xx Ratio (WAFv3 v2) | Alternate 5xx ratio metric for hybrid WAF V3 deployment. | Percentage |
WAF Detection & Block Rates
| Metric name | Description | Unit |
|---|---|---|
| WAF Rate (5m) | Average detection rate of WAF over the last 5 minutes. | Count |
| WAF Rate (5m, WAFv3) | WAF V3 detection rate over the last 5 minutes. | Count |
| WAF Rate (5m, WAFv3 v2) | Alternate detection rate metric for hybrid WAF V3 deployment. | Count |
| WAF Blocks (5m) | Number of blocked requests by WAF in the last 5 minutes. | Count |
| WAF Blocks (5m, WAFv3) | Number of requests blocked by WAF V3. | Count |
ACL & CC Protection
| Metric name | Description | Unit |
|---|---|---|
| ACL Rate (5m) | ACL rule application rate over the last 5 minutes. | Count |
| ACL Rate (5m, WAFv3) | ACL application rate for WAF V3. | Count |
| ACL Rate (5m, WAFv3 v2) | Alternate ACL rate metric for hybrid WAF V3. | Count |
| ACL Blocks (5m) | Number of requests blocked by ACL rules. | Count |
| ACL Blocks (5m, WAFv3) | Number of requests blocked by ACL in WAF V3. | Count |
| CC Rate (5m) | Rate of CC (Challenge Collapsar) protection applied. | Count |
| CC Rate (5m, WAFv3) | CC protection rate for WAF V3. | Count |
| CC Rate (5m, WAFv3 v2) | Alternate CC rate metric for hybrid WAF V3. | Count |
| CC Blocks (5m) | Number of requests blocked by CC protection. | Count |
| CC Blocks (5m, WAFv3) | Number of requests blocked by CC in WAF V3. | Count |
Resource & System Health
| Metric name | Description | Unit |
|---|---|---|
| CPU Usage | CPU utilization of WAF V3 instance. | Percentage |
| CPU Usage (Hybrid WAFv3) | CPU utilization in hybrid WAF V3 deployment. | Percentage |
| Memory Usage | Memory usage of WAF V3 instance. | Percentage |
| Memory Usage (Hybrid WAFv3) | Memory usage in hybrid WAF V3 deployment. | Percentage |
| Disk Usage | Disk usage for WAF V3 logs and configuration storage. | Percentage |
| Disk Usage (Hybrid WAFv3) | Disk usage in hybrid WAF V3 deployment. | Percentage |
| Active Monitor | Number of active monitoring tasks for WAF V3 instance. | Count |
| Active Monitor (Hybrid WAFv3) | Active monitoring tasks in hybrid WAF V3 deployment. | Count |
Threshold configuration
- Go to Admin > Configuration Profiles > Threshold and Availability.
- Create or edit a threshold profile for Web Application Firewall (WAF) V3.
- Assign the profile to the respective monitors to trigger alerts.
IT automation
Site24x7's IT Automation tools help with automatically resolving performance degradation issues. When a breach occurs, the alarm engine continuously examines the system events for which thresholds have been defined and performs the mapped automation.
- Go to Admin > IT Automation Templates.
- Create a new automation rule.
- Map the rule to the monitor for proactive resolution.
How to configure IT Automation for a monitor
Configuration rules
With Site24x7's Configuration Rules, you can set parameters like Threshold Profile, Notification Profile, Tags, and Monitor Group for multiple monitors and automate the configuration settings of your monitoring resources. Automatically assign these settings when new Web Application Firewall (WAF) V3 monitors are added.
How to add a Configuration Rule