Web ACL traffic overview dashboards - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

Web ACL traffic overview dashboards

This section describes the web ACL traffic overview dashboards in the AWS WAF console. After you associate a web ACL with one or more AWS resources and enable metrics for the web ACL, you can access summaries of the web traffic that the web ACL evaluates by going to the web ACL's Traffic overview tab in the AWS WAF console. The dashboards include near real-time summaries of the Amazon CloudWatch metrics that AWS WAF collects when it evaluates your application web traffic.

Note

If you don't see anything on the dashboards, make sure you have metrics enabled for the web ACL.

The web ACL's Traffic overview tab contains tabbed dashboards with the following categories of information:

  • All traffic – All web requests that the web ACL evaluates.

    The dashboard focus is on terminating actions, but you can view the matches for count rules in the following locations:

    • Top 10 rules pane of this dashboard. Toggle Switch to count action to show count rule matches.

    • Sampled requests tab of the web ACL page. This new tab includes a graph of all rule matches. For information, see Viewing a sample of web requests.

  • Bot Control – Web requests that the web ACL evaluates using the Bot Control managed rule group.

    If you aren't using this rule group in your web ACL, this tab shows the results of evaluating a sampling of your web traffic against the Bot Control rules. This gives you an idea of the bot traffic that your application receives and it's free of charge.

    This rule group is part of the intelligent threat mitigation options that AWS WAF offers. For more information, see AWS WAF Bot Control and AWS WAF Bot Control rule group.

  • Account takeover prevention – Web requests that the web ACL evaluates using the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group. This tab is only available if you're using this rule group in your web ACL.

    The ATP rule group is part of the AWS WAF intelligent threat mitigation offerings. For more information, see AWS WAF Fraud Control account takeover prevention (ATP) and AWS WAF Fraud Control account takeover prevention (ATP) rule group.

  • Account creation fraud prevention – Web requests that the web ACL evaluates using the AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule group. This tab is only available if you're using this rule group in your web ACL.

    The ACFP rule group is part of the AWS WAF intelligent threat mitigation offerings. For more information, see AWS WAF Fraud Control account creation fraud prevention (ACFP) and AWS WAF Fraud Control account creation fraud prevention (ACFP) rule group.

The dashboards are based on the web ACL's CloudWatch metrics, and the graphs provide access to the corresponding metrics in CloudWatch. For the intelligent threat mitigation dashboards, like Bot Control, the metrics used are primarily the label metrics.

The dashboards provide summaries of your traffic patterns for the terminating actions and date range that you select. The intelligent threat mitigation dashboards include requests that the corresponding managed rule group evaluated, regardless of whether the managed rule group itself applied the terminating action. For example, if Block is selected, the Account takeover prevention dashboard includes information for all web requests that were both evaluated by the ATP managed rule group and blocked at some point during the web ACL evaluation. The requests can be blocked by the ATP managed rule group, by a rule that ran after the rule group in the web ACL, or by the web ACL default action.