Security

The Security section of the Cockpit provides a place to configure important security parameters for your site’s deployment such as metrics on the Web Application Firewall (WAF).

Webapp firewall

Web Application Firewalls, or WAFs, protect web applications from common malicious attacks such as cross-site-scripting (XSS) and SQL injections. Essentially, they act as a type of wall or shield between your web application and the internet. If you have your own CDN for your project, you’ll likely have your own WAF.

If you choose to go with the default CDN for DX Cloud, you’ll be protected with the Fastly WAF.

The Fastly WAF inspects the web traffic at the HTTP application layer by looking at all HTTP and HTTPS requests (both header and body included). This can be configured specifically for your deployment.

View Webapp firewall information

To view passed, logged, and blocked requests for your WAF:

  1. Go to Security > Webapp firewall.

  2. Select the desired Cluster Id from the dropdown list.

  3. Select the desired Domain Name from the dropdown list.

  4. Select the Range for the statistics.

See the Webapp firewall graphs below for more details on each metric.

Webapp firewall graphs

You can view information on the Traffic as well as the Origin of requests easily in the Cockpit. You can also easily see which attacks occur most often in the Blocked tab and the top IPs in the IP tab.

Traffic

Under the Traffic tab, you can view the following:

Metric Description and Visual

Total requests

Displays the total requests to the WAF in the specified time period.

traffic totalRequests.totalBlockedRequests.totalRequestsPerWafStatus

Total blocked requests

Displays the total blocked requests to the WAF in the specified time period.

traffic totalRequests.totalBlockedRequests.totalRequestsPerWafStatus

Total requests per WAF status

Displays the total requests broken down by WAF status.

This is not for the specified period, but the total requests over time.
  • PASSED = Passed by the WAF and sent to the origin server.

  • LOGGED = Logged by the WAF and sent to the origin server.

  • BLOCKED = Blocked by the WAF.

traffic totalRequests.totalBlockedRequests.totalRequestsPerWafStatus

Total requests per WAF status over time

Displays the total requests broken down by WAF status by the time period.

This is for the specified period, and you can drag over the graph to get even more granular results.
  • PASSED = Passed by the WAF and sent to the origin server.

  • LOGGED = Logged by the WAF and sent to the origin server.

  • BLOCKED = Blocked by the WAF.

traffic totalRequestsPerWafStatusOverTime

Origin

Under the Origin tab, you can view the following:

Metric Description and Visual

Blocked request per zones

Displays (as a map) the blocked requests per geographic zone.

You can zoom in and out just as you would any other modern web map.

origin blockedRequestsPerZone

Blocked

Under the Blocked tab, you can view the following:

Metric Description

Attacks per type

This graphic shows you the attacks per type for the selected cluster, domain, and time period.

Attacks per rule

This graphic shows you the attacks per rule for the selected cluster, domain, and time period.

Web Application Firewall (WAF) explains more about rules.

Attacks per path

This graphic shows you the attacks per path for the selected cluster, domain, and time period.

IP

Under the IP tab, you can view the following:

Metric Description

Top 10 IPs

This shows you the top 10 IPs that have experienced attacks for the selected cluster, domain, and time period.

Attack per IP

This shows the volume of attacks per IP for the selected cluster, domain, and time period.

Feedback

PaaS

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the Magnolia PaaS docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules