应用 WAF 日志

获取指定应用命中 WAF 的日志

URI

GET /admin-api/log_server/waflog/{app_id}

URI 参数

  • request_id

    type: string

    required: no

    description: 请求的 request_id

  • page

    type: integer

    required: no

    description: Results page (default 1)

  • page_size

    type: integer

    required: no

    description: Results page size (default 20)

  • show_all

    type: boolean

    required: no

    description: Show all requests that hit the WAF rule, including those that do not reach the threshold. (default false)

请求示例

Shell

curl \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  http://{admin-site}/admin-api/log_server/waflog/1?page=1&page_size=20


curl \
  -H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
  http://{admin-site}/admin-api/log_server/waflog/1?page=1&page_size=20&request_id=0000158003402f64a8d80000

响应示例

Status: 200 OK
{
    "status": 0,
    "time": 1614668858,
    "data": {
        "meta": {
            "count": 1
        },
        "data": [
            {
                "id": 68,
                "header": "User-Agent: curl/7.29.0\r\nHost: test-wafline.com\r\nAccept: */*\r\nProxy-Connection: Keep-Alive\r\n\r\n",
                "request": "GET HTTP://test-wafline.com/root.exe HTTP/1.1",
                "remote_addr": "127.0.0.1",
                "request_id": "0000158003402f64a8d80000",
                "action": "log",
                "score": 1,
                "threshold": 0,
                "client_country": "",
                "client_province": "Loopback address",
                "client_city": "",
                "client_isp": "",
                "city_id": 1,
                "source_version": "",
                "host": "test-wafline.com",
                "body": "",
                "matches": [
                    {
                        "request_id": 68,
                        "rule_set_id": 4, // matched waf rule set id
                        "version": "6847507156508ffcae964d4a22868ba0",
                        "_created_unix": "2021-02-24 16:32:27.848501+08",
                        "matches": [ // matched keywords
                            "0",
                            "root.exe"
                        ],
                        "message": "Backdoor access, sec_id: 950921",
                        "id": 67,
                        "end_line": 26,
                        "group": "trojans",  // waf rule set name
                        "rule_id": 2,
                        "begin_line": 18
                    }
                ],
                "created_unix": 1614155547.6867
            }
        ]
    }
}