eCDN-WAF Log OCAPI References

Request eCDN-WAF (Embedded Content Delivery-Web Application Firewall) log files from OCAPI (Open Commerce API). All OCAPI calls return all fields shown in the JSON (JavaScript Object Notation) log output. The JSON request format provides category, field, and descriptions for the log output. You can have up to 24 pending download log requests per realm.

Request eCDN-WAF Logs with an OCAPI Call

POST https//<yourservername>.demandware.net/s/-/dw/data/v18_8/log_requests/ecdn

HEADER
Authorization: Bearer aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa

REQUEST BODY
{zone_name: "redcliff.de", start_time: "2018-10-04T10:00:00.000Z", end_time: "2018-10-04T11:00:00.000Z"} 

JSON Log Output

{"ClientCountry":"us",
"ClientDeviceType":"mobile",
"ClientIP":"1.1.1.1"
"Client IP class:'badHost',
"ClientRequestHost":"www.customer.com",
"ClientRequestMethod":"GET",
"ClientRequestURI":"/dw/image/v2/xxxx_PRD/on/demandware.st
atic/-/template/default/uniqueid/productimages/aaaaaa.jpg?sw=
470",
"ClientRequestUserAgent":"Mozilla/5.0 (Linux; Android 7.1.1;
XT1650 Build/NCLS26.118-23-13-6-5) AppleWebKit/537.36
(KHTML, like Gecko Chrome/66.0.3359.158 Mobile
Safari/537.36",
"EdgeResponseStatus":xxx,
"EdgeStartTimestamp":1528631882657999872,
"RayID":"xxxxxxxxxx",
"WAFAction":"unknown",
"WAFFlags":"0",
"WAFMatchedVar":"",
"WAFProfile":"general",
"WAFRuleID":"",
"WAFRuleMessage":""}

Log Field Information

Category Field Description
client ClientCountry Country of the client IP address
client ClientDeviceType Client device type
client ClientIP IP addresses of the client
client ClientIPClass IP that is blocked for bad reputation status
clientRequest ClientRequestHost Host requested by the client
clientRequest ClientRequestMethod HTTP method of client request
clientRequest ClientRequestURI URI requested by the client
clientRequest ClientRequestUserAgent User agent reported by the client
edge EdgeStartTimestamp UNIX nanosecond timestamp, the edge received request from the client
edge EdgeStartTimestamp HTTP status code returned by Cloudflare to the client
edgeWAF WAFAction Action taken by the WAF, if triggered
edgeWAF WAFFlags More configuration flags: simulate (0x1) | null
edgeWAF WAFMatchedVar Full name of the most-recently matched variable
edgeWAF WAFProfile WAF profile: log | med | high
edgeWAF WAFRuleID ID of the applied WAF rule
edgeWAF WAFRuleMessage Rule message associated with the triggered rule
general RayID Unique request identifier, 64-bit binary ID
Note: A return of "unknown" for WAFAction or WAFProfile indicates that no rule was triggered on that request. In this case, WAFRuleID and other nearby fields return empty strings as well. This does not mean that a WAFProfile or WAFAction is not set.
X Privacy Update: We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used and to tailor advertising. By continuing to use this site you are giving us your consent to do this.