eCDN-WAF Log OCAPI References

You can request eCDN-WAF log files from Open Commerce API (OCAPI). All OCAPI calls return all fields shown in the JavaScript Object Notation (JSON) log output. The JSON request format provides category, field, and descriptions for the log output. Each realm supports up to 24 pending log request downloads.

Request eCDN-WAF Logs with an OCAPI Call

You can use an OCAPI call to request eCDN-WAF log.

OCAPI Call Example
POST https//<yourservername>

Authorization: Bearer aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa

{zone_name: "", start_time: "2018-10-04T10:00:00.000Z", end_time: "2018-10-04T11:00:00.000Z"}

JSON Log Outputs

The log outputs differ depending on whether you use the new or the legacy OCAPI calls.

Log Output
{"CacheStatus":["unknown", "hit", "miss”,"dynamic"]
"Client IP class:'badHost',
"ClientRequestUserAgent":"Mozilla/5.0 (Linux; Android 7.1.1;
XT1650 Build/NCLS26.118-23-13-6-5) AppleWebKit/537.36
(KHTML, like Gecko Chrome/66.0.3359.158 Mobile
"FirewallMatchesActions":["simulate", “challenge”, "drop"],
"FirewallMatchesSources":["firewallRules", “waf”, “rateLimit”],

Log Field Information

Category Field Description
general CacheStatus Array of strings that define whether a resource is cached. Possible sources: hit | miss | dynamic
client ClientCountry Country of the client IP address
client ClientDeviceType Client device type
client ClientIP IP addresses of the client
client ClientIPClass IP that is blocked for bad reputation status
clientRequest ClientRequestHost Host requested by the client
clientRequest ClientRequestMethod HTTP method of client request
clientRequest ClientRequestURI URI requested by the client
clientRequest ClientRequestUserAgent User agent reported by the client
edge EdgeResponseStatus HTTP status code returned by eCDN to the client
edge EdgeStartTimestamp UNIX nanosecond timestamp, the edge received request from the client
edgeWAF FirewallMatchesActions Array of actions (strings) that the eCDN firewall performed on a request: allow | log | simulate | drop | challenge | jschallenge | connection close
edgeWAF FirewallMatchesSources Array of firewall source types (strings) that have performed actions on a request: asn | country | ip | ipRange | securityLevel | zoneLockdown | waf | firewallRules | uaBlock | rateLimit | bic | hot | l7ddos

The same product appearing multiple times indicates different rules or actions activated.

edgeWAF FirewallMatchesRuleIDs Array of RuleIDs (strings) that matched the request
general RayID Unique request identifier, 64-bit binary ID
X Privacy Update: We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used. By continuing to use this site you are giving us your consent to do this. Privacy Policy.