Web ACL, rule group, and rule metrics and dimensions Label metrics and dimensions Free bot visibility metrics and dimensions Account metrics and dimensions

AWS WAF metrics and dimensions

AWS WAF reports metrics once a minute. AWS WAF provides metrics and dimensions in the AWS/WAFV2 namespace.

You can see summary information for AWS WAF metrics through the AWS WAF console, in the web ACL's traffic overview tab. For more information, go to the console or see Web ACL traffic overview dashboards.

You can see the following metrics for web ACLs, rules, rule groups, and labels.

Your rules – Metrics are grouped by the rule action. For example, when you test a rule in Count mode, its matches are listed as Count metrics for the web ACL.
Your rule groups – The metrics for your rule groups are listed under the rule group metrics.
Rule groups owned by another account – Rule group metrics are generally visible only to the rule group owner. However, if you override the rule action for a rule, the metrics for that rule will be listed under your web ACL metrics. Additionally, labels added by any rule group are listed in your web ACL metrics

Rule groups in this category are AWS Managed Rules for AWS WAF, AWS Marketplace managed rule groups, Recognizing rule groups provided by other services, and rule groups that are shared with you by another account.
Labels - Labels that were added to a web request during evaluation are listed in the web ACL label metrics. You can access the metrics for all labels, regardless of whether they were added by your rules and rule groups or by rules in a rule group that another account owns.

Topics

Web ACL, rule group, and rule metrics and dimensions
Label metrics and dimensions
Free bot visibility metrics and dimensions
Account metrics and dimensions

Web ACL, rule group, and rule metrics and dimensions

Web ACL, rule group, and rule metrics
Metric	Description
`AllowedRequests`	The number of allowed web requests. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`BlockedRequests`	The number of blocked web requests. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`CountedRequests`	The number of counted web requests. Reporting criteria: There is a nonzero value. A counted web request is one that matches at least one of the rules. Request counting is typically used for testing. Valid statistics: Sum
`CaptchaRequests`	The number of web requests that had CAPTCHA controls applied. Reporting criteria: There is a nonzero value. A CAPTCHA web request is one that matches a rule that has a CAPTCHA action setting. This metric records all requests that match, regardless of whether they have a valid CAPTCHA token. Valid statistics: Sum
`RequestsWithValidCaptchaToken`	The number of web requests that had CAPTCHA controls applied and that had a valid CAPTCHA token. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`CaptchasAttempted`	The number of solutions that were submitted by an end user in response to a CAPTCHA puzzle challenge. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`CaptchasSolved`	The number of CAPTCHA puzzle solutions submitted that successfully solved the puzzle. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`ChallengeRequests`	The number of web requests that had challenge controls applied. Reporting criteria: There is a nonzero value. A challenge web request is one that matches a rule that has a Challenge action setting. This metric records all requests that match, regardless of whether they have a valid challenge token. Valid statistics: Sum
`RequestsWithValidChallengeToken`	The number of web requests that had challenge controls applied and that had a valid challenge token. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`PassedRequests`	The number of passed requests. This is only used for requests that go through a rule group evaluation without matching any of the rule group rules. Reporting criteria: There is a nonzero value. Passed requests are requests that don't match any of the rules in the rule group. Valid statistics: Sum

Web ACL, rule group, and rule dimensions
Dimension	Description
`Region`	Required for all protected resource types except for Amazon CloudFront distributions.
`Rule`	One of the following: The metric name of the `Rule`. ALL, which represents all rules within a WebACL or `RuleGroup`. `Default_Action` (only when combined with the `WebACL` dimension), which represents the action assigned to any request whose evaluation wasn't terminated by the action of a rule in the web ACL.
`RuleGroup`	The metric name of the `RuleGroup`.
`WebACL`	The metric name of the `WebACL`.
`Country`	The country of origin of the request. This is the two-character designation from the International Organization for Standardization (ISO) 3166 standard. For example, US for the United States and UA for Ukraine. If a request has an `X-Forwarded-For` header, AWS WAF uses that to determine this setting. Otherwise, AWS WAF uses the country of the client IP. This determination is independent of any logic you use in your rules to determine country of origin. AWS WAF determines the locations of the IPs using MaxMind GeoIP databases.
`Attack`	The type of attack that AWS WAF identified in the request, based on the rules and rule groups that you use in your web ACL. Your rules and the rules in the baseline AWS managed rule groups can identify attack types. For example, cross-site scripting (XSS) rule matches identify XSS attack types, and rate-based rules identify volumetric attack types. The attack type usually indicates the type of rule that terminated the web request evaluation.
`Device`	The device type of the client that sent the request, obtained from the web request’s `user-agent` header.
`ManagedRuleGroup`	The metric name of the `ManagedRuleGroup`.
`ManagedRuleGroupRule`	The rule within the `ManagedRuleGroup` that was matched.

Label metrics and dimensions

Metrics for the labels added to requests during evaluation by your rules and by the managed rule groups that you use in your web ACL. For information, see Web request labeling.

For any single web request, AWS WAF stores metrics for at most 100 labels. Your web ACL evaluation can apply more than 100 labels and match against more than 100 labels, but only the first 100 are reflected in the metrics.

Label metrics
Metric	Description
`AllowedRequests`	The number of labels on web requests that had the action setting Allow applied. The labels can have been added at any point during the web request evaluation. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`BlockedRequests`	The number of labels on web requests that had the action setting Block applied. The labels can have been added at any point during the web request evaluation. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`CountedRequests`	The number of labels added to web requests by rule group rules that have a Count action setting. This metric is only available to the owner of a rule group, for rules inside the rule group. For other cases, the count label metrics are rolled up into the terminating action that was applied to the request, like Allow or Block. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`CaptchaRequests`	The number of labels on web requests that had a terminating CAPTCHA action applied. The labels can have been added at any point during the web request evaluation. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`ChallengeRequests`	The number of labels on web requests that had a terminating Challenge action applied. The labels can have been added at any point during the web request evaluation. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`AllowRuleMatch`	The number of matched rules that both generated the associated label and terminated request evaluation with an Allow action. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`BlockRuleMatch`	The number of matched rules that both generated the associated label and terminated request evaluation with a Block action. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`CountRuleMatch`	The number of matched rules that both generated the associated label and applied a Count action. One request could result in multiple instances of this metric, if multiple rules are configured with the same label and action. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`CaptchaRuleMatch`	The number of matched rules that both generated the associated label and terminated request evaluation with a CAPTCHA action. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`ChallengeRuleMatch`	The number of matched rules that both generated the associated label and terminated request evaluation with a Challenge action. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`CaptchaRuleMatchWithValidToken`	The number of matched rules that both generated the associated label and applied a non-terminating CAPTCHA action. One request could result in multiple instances of this metric, if multiple rules are configured with the same label and action. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`ChallengeRuleMatchWithValidToken`	The number of matched rules that both generated the associated label and applied a non-terminating Challenge action. One request could result in multiple instances of this metric, if multiple rules are configured with the same label and action. Reporting criteria: There is a nonzero value. Valid statistics: Sum

Label dimensions
Dimension	Description
`Region`	Required for all protected resource types except for Amazon CloudFront distributions.
`WebACL`	The metric name of the `WebACL`.
`RuleGroup`	The metric name of the `RuleGroup`. Used for the metric `CountedRequests`.
`LabelNamespace`	The namespace prefix of the label that was added to the request.
`Label`	The name of the label that was added to the request.
`Context`	The managed rule group that served as the context of the label addition. For example, the context for token management labels such as `awswaf:managed:token:accepted` is the AWS WAF managed rule group that uses token management on the request, such as the Bot Control or ATP managed rule group. This dimension doesn't apply to all labels.

Free bot visibility metrics and dimensions

When you don't use Bot Control in your web ACL, AWS WAF applies the Bot Control managed rule group to a sampling of your web requests, at no additional cost. This can provide an idea of the bot traffic that is coming to your protected resources. For information about Bot Control, see AWS WAF Bot Control rule group.

Free bot visibility metrics
Metric	Description
`SampleAllowedRequest`	The number of sampled requests that have Allow action. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`SampleBlockedRequest`	The number of sampled requests that have Block action. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`SampleCaptchaRequest`	The number of sampled requests that have CAPTCHA action. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`SampleChallengeRequest`	The number of sampled requests that have Challenge action. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`SampleCountRequest`	The number of sampled requests that have Count action. Reporting criteria: There is a nonzero value. Valid statistics: Sum

Free bot visibility dimensions
Dimension	Description
`Region`	Required for all protected resource types except for Amazon CloudFront distributions.
`WebACL`	The metric name of the `WebACL`.
`BotCategory`	The name of the of the detected bot category, based on the web request labels.
`VerificationStatus`	The name of the of the detected bot verification status, based on the web request labels.
`Signal`	The name of the of the detected bot signals, based on the web request labels.

Account metrics and dimensions

Account metrics provide account-wide information about CAPTCHA puzzles that were serviced through the JavaScript API.

Account metrics
Metric	Description
`CaptchasAttemptedSdk`	The number of solutions that were submitted by an end user in response to a CAPTCHA puzzle challenge, for puzzles that were served via the CAPTCHA JavaScript API. Reporting criteria: There is a nonzero value. Valid statistics: Sum
`CaptchasSolvedSdk`	The number of CAPTCHA puzzle solutions submitted that successfully solved the puzzle, for puzzles that were served via the CAPTCHA JavaScript API. Reporting criteria: There is a nonzero value. Valid statistics: Sum

Account dimensions
Dimension	Description
`Region`	Required for all protected resource types except for Amazon CloudFront distributions.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Viewing metrics and dimensions

AWS Shield Advanced metrics