WAAP Attack Log
Last update:2026-01-27 11:03:33
This article introduces the WAAP Attack Log in the platform’s native data and provides descriptions of its fields.
Request Info
| Number | Field Name | Field Code | Data Type | Field Description |
|---|---|---|---|---|
| 1 | Domain | host | string | Client domain configured on the platform |
| 2 | Status Code | status_code | int | The status code returned in response to the client’s request |
| 3 | Detailed Domain | detail_host | string | Specific domain requested by the client |
| 4 | URL | url_detail | string | Host + Request Path + Query Parameters |
| 5 | UUID | uuid | string | Unique identifier for the log entry |
| 6 | Referer | referer | string | Referer header value from the client request |
| 7 | Path | path | string | Request path |
| 8 | HTTP Protocol Version | version | string | HTTP version used by the client request |
| 9 | Request Method | mode | string | HTTP method used by the client request |
| 10 | User Agent | user_agent | string | User Agent header value from the client |
| 11 | Request ID | ws_request_id | string | Unique identifier of the client request |
| 12 | Request Query | query | string | Query string in the client URI. If you need to monitor this field, please contact technical support to configure the domain property to include all parameters. Escaped according to W3C HTML/RFC 1866 standards. |
Client Info
| No. | Field Name | Field Code | Data Type | Field Description |
|---|---|---|---|---|
| 1 | Client IP | client_ip | string | The IPv4 or IPv6 address of the requesting client |
| 2 | JA4 Fingerprint | ssl_fingerprint_ja4 | string | Client TLS handshake fingerprint identification method, an improved version of JA3 |
| 3 | JA3 Fingerprint | ssl_fingerprint_ja3 | string | Client TLS handshake fingerprint identification method |
| 4 | City of Client IP | client_city | string | The city from which the client request originates |
| 5 | Country/Region of Client IP | client_country_region | string | The country or region from which the client request originates |
| 6 | Province of Client IP | client_province | string | The province from which the client request originates |
Message Exchange Data
| Number | Field Name | Field Code | Data Type | Field Description |
|---|---|---|---|---|
| 1 | Final Hit Rule ID | final_rule_id | long | Unique identifier of the last matched security policy rule |
| 2 | Security Rule Name | rule_name | string | Custom rule name defined by the customer |
| 3 | Action | act | int | Protection action executed by the security policy for the request |
| 4 | Policy Type | attack_type | string | Security policy type triggered by the request |
| 5 | Bot Tag | bot_type | string | Subcategory details for major Bot types |
| 6 | Attack Time | attack_time | long | Time when the attack occurred |
| 7 | Security Policy Name | custom_msg | string | The specific name of the matched security policy |
| 8 | Matched Policy Content | content | string | The policy content matched in the request |
Note:
- The availability of log fields may vary depending on the actual configuration. Please select fields reasonably according to your business scenario.
Related Articles
Is the content of this document helpful to you?
Yes
I have suggestion