App WAF Log
Get the WAF hit log
Description
Get the details of WAF hit log.
URI
GET /admin-api/log_server/waflog/{app_id}
URI Parameters
request_id
type: string
required: no
description:
request_id
of the requestpage
type: integer
required: no
description: Results page (default 1)
page_size
type: integer
required: no
description: Results page size (default 20)
show_all
type: boolean
required: no
description: Show all requests that hit the WAF rule, including those that do not reach the threshold. (default false)
Example Request
Shell
curl \
-H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
https://{admin-site}/admin-api/log_server/waflog/1?page=1&page_size=20
curl \
-H "API-Token: 1df87165-3593-4eca-a910-9ac20005e6ec" \
https://{admin-site}/admin-api/log_server/waflog/1?page=1&page_size=20&request_id=0000158003402f64a8d80000
Example Response
Status: 200 OK
{
"status": 0,
"time": 1614668858,
"data": {
"meta": {
"count": 1
},
"data": [
{
"id": 68,
"header": "User-Agent: curl/7.29.0\r\nHost: test-wafline.com\r\nAccept: */*\r\nProxy-Connection: Keep-Alive\r\n\r\n",
"request": "GET HTTP://test-wafline.com/root.exe HTTP/1.1",
"remote_addr": "127.0.0.1",
"request_id": "0000158003402f64a8d80000",
"action": "log",
"score": 1,
"threshold": 0,
"client_country": "",
"client_province": "Loopback address",
"client_city": "",
"client_isp": "",
"city_id": 1,
"source_version": "",
"host": "test-wafline.com",
"body": "",
"matches": [
{
"request_id": 68,
"rule_set_id": 4, // matched waf rule set id
"version": "6847507156508ffcae964d4a22868ba0",
"_created_unix": "2021-02-24 16:32:27.848501+08",
"matches": [ // matched keywords
"0",
"root.exe"
],
"message": "Backdoor access, sec_id: 950921",
"id": 67,
"end_line": 26,
"group": "trojans", // waf rule set name
"rule_id": 2,
"begin_line": 18
}
],
"created_unix": 1614155547.6867
}
]
}
}