Link11 WAAP
v5
v5
  • Link11 WAAP Documentation
  • Release Notes
  • Known Issues
  • User Guide
    • Introduction to Link11 WAAP
  • How Link11 WAAP Works
    • Traffic Filtering Process
    • Traffic Reporting and Analytics
    • Policy Mapping and Traffic Routing
    • Tagging
    • UI Overview and Common Elements
  • Console UI Walkthrough
    • Analytics
      • Dashboard
      • Events Log
    • Security
      • Global Filters
      • Flow Control Policies
      • Security Policies
      • Rate Limit Rules
      • ACL Profiles
      • Actions
      • Dynamic Rules
      • Quarantined
      • Content Filter
        • Content Filter Profiles
        • Content Filter Rules
    • Sites
      • Server Groups
      • Proxy Templates
      • Mobile Application Groups
      • Backend Services
      • Edge Functions
      • DNS Records
      • SSL
        • Load Balancers
        • Certificates
    • System
      • Interactive Challenge
      • SSO Configuration
      • Purge CDN Cache
      • Users Management
      • Security Alerts
      • Log Exporters
      • Version Control
      • System DB
      • Publish Changes
    • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Authenticate mobile app users
      • Ban, unban, and allowlist traffic sources
      • Bypass Link11 WAAP for loadtesting or other purposes
      • Configure a new path/section of a site
      • Control caching behavior
      • Enable GraphQL traffic
      • Enable mTLS (mutual TLS)
      • Protect sensitive information in logs and analytics
      • Quickly block an attacker
      • Redirect or block HTTP traffic
      • Run custom code
      • Set rate limits and exemptions
      • Stream event data to a SIEM solution or other destination
    • The Link11 WAAP API
      • Overview
      • Internal data structures
      • Using Swagger UI
      • Using curl
  • Reference Information
    • Acronyms
    • API
      • API access to traffic data
      • Types of namespaces
      • Namespace reference
        • ACL Profiles
        • Actions
        • Backend Services
        • Certificates
        • Configs
        • Content Filter Profiles
        • Content Filter Rules
        • Data queries
        • Dynamic Rules
        • Edge Functions
        • Flow Control Policies
        • Global Filters
        • Load Balancers
        • Log Exporters
        • Mobile Application Groups
        • Planets
        • Proxy Templates
        • Rate Limit Rules
        • Security Alerts
        • Security Policies
        • Server Groups
        • Tags
        • Tools
        • Users
    • Hostile Bot Detection / LWCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Log Exporter Output
    • Pattern Matching Syntax
    • Query Filter Syntax and Best Practices
  • Support
Powered by GitBook
On this page
  • Metrics
  • The Challenge Process
  • How Requests Are Reflected in L11WAAP's Statistics
  • Counting Bots
  • Relationships of Traffic Metrics
  • Active Challenges versus Passive Challenges

Was this helpful?

Export as PDF
  1. How Link11 WAAP Works

Traffic Reporting and Analytics

How Link11 WAAP reports on the requests it receives

PreviousTraffic Filtering ProcessNextPolicy Mapping and Traffic Routing

Last updated 1 month ago

Was this helpful?

Metrics

The Link11 WAAP and provide intuitive yet powerful ways of viewing your traffic.

Data is reported in terms of several statistics:

Statistic

Comment

Hits

Total incoming requests

Humans

Requests originating from humans.

Bots

Requests originating from traffic sources not (yet) verified to be human. Most of the requestors will be bots, but some will not be. More on this below.

Passed

Requests accepted by L11WAAP and passed upstream to the origin (i.e., the web server, API endpoint, etc.).

Blocked

Requests deemed to be hostile, and blocked.

Challenges

The Dashboard provides a variety of ways to view your traffic. Some of them include all of the above metrics in the same view, while others include a subset.

The Challenge Process

Link11 WAAP includes a multi-layered mechanism for distinguishing between human users and bots.

In the interface, this mechanism is summarized as "challenges." Requests from non-authenticated users will be challenged, i.e., they will undergo a process through which L11WAAP ascertains if the traffic source can be verified as a human user or not.

When a traffic source successfully passes the challenge, it will not be challenged again for the remainder of the session. For legitimate users, this entire process happens quickly (in a few milliseconds), and is invisible to the user. Users will perceive no impediment or latency in their access to the requested resources.

As noted above, this is the "typical" process that occurs in normal use. There are a variety of situations in which it might not be followed. For example, sometimes L11WAAP is configured to allowlist certain IP addresses, and not to challenge them.

The discussion below will be based on the typical process described above.

How Requests Are Reflected in L11WAAP's Statistics

The process described above will result in the following statistics being incremented.

For each challenge that was not passed:

  • Hits

  • Challenge

  • Bots

If the challenge was passed:

  • Hits

  • Challenge

  • Bots (see explanation below)

  • Hits (incremented a second time for the post-challenge resubmission of the request)

  • Passed

  • Humans

Counting Bots

Within L11WAAP, a request that does not have authenticating cookies is counted as a bot.

As a result, the Bot count can sometimes be incremented even when the visitors are humans. Examples:

  • When a human user visits an L11WAAP-protected site for the first time, the first request does not yet have the authenticating cookies.

  • Static files (images, etc.) are often exempted from challenges for performance reasons. Direct requests for those URLs from a new visitor will not have cookies.

  • Sometimes, trusted IPs are whitelisted and exempted from challenges. They never receive authenticating cookies.

Therefore, although most of the Bot count represents non-human requests to your web application, the Bot metric is not an exact count of this.

Relationships of Traffic Metrics

When working with L11WAAP's traffic statistics, the following relationships can be helpful.

Hits = Passed + Blocked + Challenges

Hits = Humans + Bots

Active Challenges versus Passive Challenges

The process described on this page is the active challenge process. Out of the box, this is the challenge process that Link11 WAAP uses.

We recommend that whenever possible, customers also enable passive challenges.

  • In some situations, active challenges can interfere with certain metrics such as those provided by Google Analytics. (The initial referrer information is lost.) If this is a problem, active challenges can be disabled. In this situation, passive challenges can provide effective bot protection instead.

  • When caching is being done by a CDN, active challenges will not occur for pages being served from the cache. Passive challenges are necessary for L11WAAP to perform bot detection in this situation.

If possible, we recommend that customers use both active and passive challenges.

Requests that were challenged. The is an important part of L11WAAP's traffic processing, as seen below.

For more details on this mechanism, see .

Passive challenges still include, while adding three additional benefits:

They enable : a much more powerful means of identifying automated traffic, and an important part of L11WAAP's behavioral analysis.

To learn more about passive challenges, go here:

Hostile bot detection
Environmental detection and browser verification
biometric behavioral verification
Enabling passive challenges.
challenge process
Dashboard
Events Log
This graph shows Hits, Blocked, Passed, and Bots
The Countries view shows all the metrics