WafLog
{
"allowlist_configured": false,
"allowlist_logs": [
{
"actions": [
"string"
],
"rule_name": "string"
}
],
"allowlist_processed": false,
"application_rule_logs": [
{
"matches": [
{
"is_internal": false,
"match_element": "string",
"match_value": "string",
"match_value_offset": 0
}
],
"msg": "string",
"omitted_match_elements": 0,
"phase": "string",
"rule_group": "string",
"rule_id": 0,
"rule_name": "string",
"tags": [
"string"
]
}
],
"application_rules_configured": false,
"application_rules_processed": false,
"latency_request_body_phase": 0,
"latency_request_header_phase": 0,
"latency_response_body_phase": 0,
"latency_response_header_phase": 0,
"learning_status": "string",
"memory_allocated": 0,
"omitted_app_rule_stats": {
"match_elements": 0,
"rules": 0
},
"omitted_signature_stats": {
"match_elements": 0,
"rules": 0
},
"psm_configured": false,
"psm_logs": [
{
"actions": [
"string"
],
"group_name": "string",
"group_uuid": "string",
"location": "string",
"matches": [
{
"is_internal": false,
"match_element": "string",
"match_value": "string",
"match_value_offset": 0
}
],
"rule_id": "string",
"rule_name": "string"
}
],
"psm_processed": false,
"rule_logs": [
{
"matches": [
{
"is_internal": false,
"match_element": "string",
"match_value": "string",
"match_value_offset": 0
}
],
"msg": "string",
"omitted_match_elements": 0,
"phase": "string",
"rule_group": "string",
"rule_id": 0,
"rule_name": "string",
"tags": [
"string"
]
}
],
"rules_configured": false,
"rules_processed": false,
"status": "string"
}
Set to true if there are allowlist rules in the policy. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
Log Entries generated by WAF allowlist rules. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
Set to true if allowlist rules were processed. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
Log Entries generated by Application Specific Signature rules. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Set to true if there are Application Specific Signature rules in the policy. Field introduced in 20.1.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Set to true if Application Specific Signature rules were processed. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
Latency (in microseconds) in WAF Request Body Phase. Field introduced in 17.2.2. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Latency (in microseconds) in WAF Request Header Phase. Field introduced in 17.2.2. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Latency (in microseconds) in WAF Response Body Phase. Field introduced in 17.2.2. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Latency (in microseconds) in WAF Response Header Phase. Field introduced in 17.2.2. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Indicate if this request is used for learning. If it is not used, this field contains the reason for this decision. Enum options - NOT_ACTIVE, LEARNED, NOTHING_TO_LEARN, SERVER_ERROR, FLAGGED_BY_WAF, SKIPPED_BY_SAMPLING, CLIENT_IS_NOT_AUTHENTICATED, CLIENT_IS_NOT_TRUSTED, CLIENT_IS_A_BOT, ERROR. Field introduced in 30.2.1. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
The total memory (in bytes) consumed by WAF to process this request. Field introduced in 22.1.1. Unit is BYTES. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
Set to true if there are Positive Security Model rules in the policy. Field introduced in 18.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Log Entries generated by WAF Positive Security Model. Field introduced in 18.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Set to true if Positive Security Model rules were processed. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
Field introduced in 17.2.1. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Set to true if there are ModSecurity rules in the policy. Field introduced in 18.2.3. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.
Set to true if ModSecurity rules were processed. Field introduced in 20.1.3. Allowed in Enterprise edition with any value, Enterprise with Cloud Services edition.
Denotes whether WAF is running in detection mode or enforcement mode, whether any rules matched the transaction, and whether transaction is dropped by the WAF module. Enum options - NO_WAF, FLAGGED, PASSED, REJECTED, ALLOWLISTED, BYPASSED. Field introduced in 17.2.2. Allowed in Enterprise edition with any value, Essentials, Basic, Enterprise with Cloud Services edition.