Denied Requests Per Minute Per Application Event Source

Purpose

Triggers an alert both when the number of denied requests per second relating to a specific application exceeds the given upper limit, and when it later goes below the given lower limit.

ATTENTION
The limit must be exceeded for some time before vWAF triggers the alert (hysteresis characteristics). Therefore, there are no alerts for individual minutes where the number of denied requests is high just by coincidence.

Requests Per Minute Per Application Event Source is a similar event (all requests instead of denied requests).

For more information regarding adding and editing Event Sources, see Editing Event Sources.

Attributes

Attribute Meaning

upper limit

vWAF triggers an alert if for some time there's an average of more denied requests per minute on any cluster node than stated here.

lower limit

If an alert has been triggered for a cluster node, vWAF doesn't trigger any additional alerts for the same node until the average of denied requests per minute for this node goes below the limit stated here.

When the number of denied requests has fallen below this limit for some time, there's a second alert.

msg prefix

Here you can enter some text, which is added to the beginning of the issued alerts when the upper limit is exceeded.

The default text here is "Denied requests per minute on the following nodes are over the configured limit:".

msg under prefix

Here you can enter some text, which is added to the beginning of the issued alerts when the lower limit is reached again.

The default text is "Denied requests per minute on the following nodes are under the configured limit:".