You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/waf/analytics/security-analytics.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -110,7 +110,7 @@ The main chart displays the following data for the selected time frame, accordin
110
110
111
111
-**Attack likelihood**: [WAF attack score](/waf/detections/attack-score/) analysis of incoming requests, classifying them as _Clean_, _Likely clean_, _Likely attack_, or _Attack_.
112
112
113
-
-**Bot likelihood**: [Bot score](/bots/concepts/bot-score/) analysis of incoming requests, classifying them as _Automated_, _Likely automated_, or _Likely human_.
113
+
-**Bot likelihood**: [Bot score](/bots/concepts/bot-score/) analysis of incoming requests, classifying them as _Automated_, _Likely automated_, _Likely human_, or _Verified bot_.
114
114
115
115
-**Rate limit analysis**: Displays data on the request rate for traffic matching the selected filters and time period. Use this tab to [find an appropriate rate limit](/waf/rate-limiting-rules/find-rate-limit/) for incoming traffic matching the applied filters.
Copy file name to clipboardExpand all lines: src/content/docs/waf/rate-limiting-rules/find-rate-limit.mdx
+18-15Lines changed: 18 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,14 +6,13 @@ sidebar:
6
6
head:
7
7
- tag: title
8
8
content: Find an appropriate rate limit
9
-
10
9
---
11
10
12
11
The **Rate limit analysis** tab in [Security Analytics](/waf/analytics/security-analytics/) displays data on the request rate for traffic matching the selected filters and time period. Use this tab to determine the most appropriate rate limit for incoming traffic matching the applied filters.
13
12
14
13
:::note
15
14
16
-
The **Rate limit analysis** tab is only available to Enterprise customers.
15
+
The **Rate limit analysis** tab is only available to Enterprise customers.
17
16
:::
18
17
19
18
## User interface overview
@@ -24,16 +23,17 @@ The **Rate limit analysis** tab is available at the zone level in **Security** >
24
23
25
24
The main chart displays the distribution of request rates for the top 50 unique clients observed during the selected time interval (for example, `1 minute`) in descending order. You can group the request rates by the following unique request properties:
26
25
27
-
***IP address**
28
-
*[**JA3 fingerprint**](/bots/concepts/ja3-ja4-fingerprint/) (only available to customers with Bot Management)
29
-
***IP address and JA3 fingerprint** (only available to customers with Bot Management)
26
+
-**IP address**
27
+
-[**JA3 fingerprint**](/bots/concepts/ja3-ja4-fingerprint/) (only available to customers with Bot Management)
28
+
-**IP & JA3** (only available to customers with Bot Management)
29
+
-[**JA4 fingerprint**](/bots/concepts/ja3-ja4-fingerprint/) (only available to customers with Bot Management)
30
30
31
31
:::note
32
32
33
-
For more information on how Cloudflare calculates the request rate of incoming traffic, refer to [How Cloudflare determines the request rate](/waf/rate-limiting-rules/request-rate/).
33
+
For more information on how Cloudflare calculates the request rate of incoming traffic, refer to [How Cloudflare determines the request rate](/waf/rate-limiting-rules/request-rate/).
34
34
:::
35
35
36
-
***
36
+
---
37
37
38
38
## Determine an appropriate rate limit
39
39
@@ -45,28 +45,31 @@ For more information on how Cloudflare calculates the request rate of incoming t
45
45
46
46
3. In the **Traffic analysis** tab, select a specific time period:
47
47
48
-
* To look at the regular rate distribution, specify a period with non-peak traffic.
49
-
* To analyze the rate of offending visitors/bots, select a period corresponding to an attack.
48
+
- To look at the regular rate distribution, specify a period with non-peak traffic.
49
+
- To analyze the rate of offending visitors/bots, select a period corresponding to an attack.
50
50
51
51
4. Apply filters to analyze a particular situation in your application where you want to apply rate limiting (for example, filter by `/login` URL path).
52
52
53
53
5. (Optional) To focus on non-automated/human traffic, use the bot score quick filter in the sidebar.
54
54
55
55
### 2. Find the rate
56
56
57
-
1. Choose the request properties (JA3, IP, or both) and the duration (1 min, 5 mins, or 1 hour) for your rate limit rule. The request properties you select will be used as [rate limiting rule characteristics](/waf/rate-limiting-rules/parameters/#with-the-same-characteristics).
57
+
1. Switch to the **Rate limit analysis** tab.
58
+
59
+
2. Choose the request properties (JA3, IP, IP and JA3, or JA4) and the duration (1 min, 5 mins, or 1 hour) for your rate limit rule. The request properties you select will be used as [rate limiting rule characteristics](/waf/rate-limiting-rules/parameters/#with-the-same-characteristics).
58
60
59
-
2. Use the slider in the chart to move the horizontal line defining the rate limit. While you move the slider up and down, check the impact of defining a rate limiting rule with the selected limit on the displayed traffic.
61
+
3. Use the slider in the chart to move the horizontal line defining the rate limit. While you move the slider up and down, check the impact of defining a rate limiting rule with the selected limit on the displayed traffic.
60
62
61
63
62
64
63
65
:::note
64
66
65
67
Answering the following questions during your adjustments can help you with your analysis:
66
68
67
-
* "How many clients would have been caught by the rule and rate limited?"
68
-
* "Can I visually identify abusers with above-average rate vs. the long tail of average users?"
69
-
:::
69
+
- "How many clients would have been caught by the rule and rate limited?"
70
+
- "Can I visually identify abusers with above-average rate vs. the long tail of average users?"
71
+
72
+
:::
70
73
71
74
### 3. Validate your rate
72
75
@@ -80,6 +83,6 @@ Answering the following questions during your adjustments can help you with your
80
83
81
84
2. Select the rule action. Depending on your needs, you can set the rule to log, challenge, or block requests exceeding the selected threshold.
82
85
83
-
It is recommended that you first deploy the rule with the *Log* action to validate the threshold, and change the action later to block or challenge incoming requests when you are confident about the rule behavior.
86
+
It is recommended that you first deploy the rule with the _Log_ action to validate the threshold, and change the action later to block or challenge incoming requests when you are confident about the rule behavior.
84
87
85
88
3. To save and deploy your rate limiting rule, select **Deploy**. If you are not ready to deploy your rule, select **Save as Draft**.
0 commit comments