WAF Insights does not support automation via our REST API web service. If you are currently using WAF Insights, upgrade your WAF solution to take advantage of our REST API.
Generates paginated event log data. This data can be filtered by:
Time
Retrieve event log data for up to the last 30 days.
A request for event log entries may return information on thousands of requests. Due to the amount of time that it would take to transmit this data, the response for this endpoint has been split up into pages. Retrieve all events that match the specified criteria by requesting each page. Use the page_of response parameter in your script to cycle through each page.
This endpoint only supports JSON.
A request to retrieve event log data is described below.
HTTP Method | Request URI |
---|---|
GET |
https://api.edgecast.com/v2/mcc/customers/AccountNumber/defend/rate_limiting/eventlogs?start_time=StartDateTime&end_time=EndDateTime&per_page=ItemsPerPage&page=PageNumber&filters=Filters |
Define the following terms when submitting the above request:
Description | |
---|---|
Required |
|
Replace this variable with the start date/time for the report. Only activity that took place after the specified date/time will be included in the report. Format: start_time=YYYY-MM-DDThh:mm:ss
Key information:
For more information on date/time format, please refer to Report Date/Time Format. Event log data may only be retrieved for the last 30 days. Specifying an older date will return a 400 Bad Request. |
|
Replace this variable with the end date/time for the report. Activity that took place before the end of the specified date/time will be included in the report. Format: end_time=YYYY-MM-DDThh:mm:ss
Key information:
For more information on date/time format, please refer to Report Date/Time Format. |
|
Replace this variable with the number of events that may be included on each page. Key information:
|
|
Replace this variable with the page number that will be returned. Key information:
|
|
Replace this variable with the desired filter(s). Key information:
|
This endpointIdentifies a request's connection point to our REST API service. only takes advantage of common request headers.
Request body parameters are not required by this endpoint.
The response to the above request includes an HTTP status code, response headers, and a response body.
A status code indicates whether the request was successfully performed.
The response for this endpoint only includes standard HTTP response headers.
The response body for a successful request contains the following response parameters:
Name | Data Type | Description |
---|---|---|
page_of |
Integer |
Indicates the total number of pages in the report. This value is determined by the total number of eligible event log entries divided by the maximum number of entries per page. Both of these factors are defined in the request URL. |
time_to |
Number floating-point |
Indicates the report's end date/time, in seconds, using Unix time. Sample value: 1473638400.0
|
time_from |
Number floating-point |
Indicates the report's start date/time, in seconds, using Unix time. Sample value: 1473638400.0
|
events |
Array |
Contains a list of fields for each event reported on this page. The current page is indicated by the page response parameter. |
Status |
String |
events array Identifies by name the HTTP status code for the response to a rate limited request. Format: HTTP_STATUS_Name
Example: HTTP_STATUS_FOUND
In the above sample value, the HTTP status code describing the response for a rate limited request was a 302 Found. |
Epoch Time |
Number floating-point |
events array Indicates the Unix time, in seconds, at which the request was processed. Syntax: Seconds.Microseconds
Sample value: 1473207640.345809
|
Rate Limiting Enforcement Type |
String |
events array Indicates the type of action that was applied to the rate limited request. |
Client IP |
String |
events array Indicates the IP address of the client that submitted the rate limited request. |
URL |
String |
events array Indicates the URL that was requested. |
Timestamp |
String |
events array Indicates the date and time (UTC) at which the request was processed. Format: YYYY-MM-DDThh:mm:ss:ffffffZ
Example: 2024-06-30T20:42:09.330793Z
The above value represents June 30th, 2024 at 8:42 p.m. UTC. For more information on date/time format, please refer to Report Date/Time Format. |
Rate Limiting Enforcement Rule ID |
String |
events array This field is reserved for future use. |
@fields.COMMON_Header |
Object |
events array This field is reserved for future use. |
Country Code |
String |
events array Identifies the country from which the request originated by its ISO 3166 country code. A list of country codes is available from the Country Codes (ISO 3166) article in the CDN Help Center. |
Rate Limiting Enforcement Tuple ID |
String |
events array Indicates the action that was applied to the rate limited request by its system-defined ID. |
Host |
String |
events array Identifies the host to which the request was directed. This value is derived from the request's Host header. |
Referer |
String |
events array Identifies the request's referrer. This value is derived from the request's Referer header. |
Rate Limiting Enforcement Start Epoch |
Integer |
events array Indicates when the rate limiting action was applied to the request. The date and time is reported in Unix time (a.k.a. POSIX time or Unix epoch). Time is reported in milliseconds instead of seconds. Please convert this value from milliseconds to seconds prior to leveraging it with Unix time functions. |
Request Method |
String |
events array Indicates the request's HTTP method. Format: HTTP_METHOD_Name
Example: HTTP_METHOD_GET
|
Rate Limiting Enforcement Percentage |
Number floating-point |
events array Indicates the percentage of eligible requests that were rate limited when the event took place. View a sample scenario.
A percentage of 20% indicates that 20% of eligible requests were rate limited when the event took place. In other words, if there are 1000 eligible requests per minute, then a predefined action (e.g., URL redirection) was applied to 200 requests. |
Rate Limiting Enforcement Duration |
Integer |
events array Indicates the minimum length of time, in seconds, that eligible requests were rate limited when the event took place. View a sample scenario.
This example assumes that a duration of 280 seconds was reported for an event. This means that the rule's rate limiting policy was enforced for a minimum of 4 minutes and 40 seconds. The actual duration of the enforcement period was determined by the length of time that requests exceeded the rule's threshold. |
User Agent |
String |
events array Indicates the user agent that submitted the request. This value is derived from the request's User-Agent header. |
id |
String |
events array Identifies the event log entry that describes the current rate limited request by its system-defined ID. |
page |
Integer |
Indicates the page number for the page that was returned by this endpoint. This response parameter will be set to the value defined by the request's pageExample: page=10 query string parameter. If it was omitted, then this response parameter will be set to 1. |
The response body for an unsuccessful request will contain an error response that provides additional information.
A sample JSON request is shown below.
GET https://api.edgecast.com/v2/mcc/customers/0001/defend/rate_limiting/eventlogs?start_time=2015-06-30T20:00:00&end_time=2015-06-30T21:00:00&page=1 HTTP/1.1
Authorization: TOK:12345678-1234-1234-1234-1234567890ab
Accept: application/json
Content-Type: application/json
Host:api.edgecast.com
A sample JSON response is shown below.
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/json; charset=utf-8
Date: Thu, 15 Apr 2021 12:00:00 GMT
Content-Length: 4782
{ "page_of" : 1, "time_to" : 1473638400.0, "time_from" : 1472688000.0, "events" : [{ "Status" : "HTTP_STATUS_SERVICE_NOT_AVAILABLE", "Epoch Time" : 1473470411.2213371, "Host" : "cdn.example.com", "Client IP" : "192.12.16.24", "URL" : "http://cdn.example.com/000001/mywebpage.html", "Timestamp" : "2016-09-10T01:20:11.221337Z", "Rate Limiting Enforcement Rule ID" : "XXXNAXXX@ddos.RULE_ID", "@fields.COMMON_HEADER" : {}, "Country Code" : "US", "Rate Limiting Enforcement Tuple ID" : "2c85167d-865d-4701-9a9a-11410327f8610001", "Rate Limiting Enforcement Type" : "DROP_REQUEST", "Referer" : "XXXNAXXX@fields.REFERER", "Rate Limiting Enforcement Start Epoch" : 1473470411000, "Request Method" : "HTTP_METHOD_GET", "Rate Limiting Enforcement Percentage" : 96.97, "Rate Limiting Enforcement Duration" : 280, "User Agent" : "Server Load Tester", "id" : "z-dgB40S7zgoqT8Nh_-zTyhxxLprMULRXpQLDCOwjOC_D1RvHs9qFCL4i88CPJ7SW6ssFBGPsmQ9GqiO_A_LMw==" }, { "Status" : "HTTP_STATUS_SERVICE_NOT_AVAILABLE", "Epoch Time" : 1473470409.111583, "Host" : "cdn.example.com", "Client IP" : "192.12.16.24", "URL" : "http://cdn.example.com/000001/mywebpage.html", "Timestamp" : "2016-09-10T01:20:09.111583Z", "Rate Limiting Enforcement Rule ID" : "XXXNAXXX@ddos.RULE_ID", "@fields.COMMON_HEADER" : {}, "Country Code" : "US", "Rate Limiting Enforcement Tuple ID" : "2c85167d-865d-4701-9a9a-11410327f8610001", "Rate Limiting Enforcement Type" : "DROP_REQUEST", "Referer" : "XXXNAXXX@fields.REFERER", "Rate Limiting Enforcement Start Epoch" : 1473470409000, "Request Method" : "HTTP_METHOD_GET", "Rate Limiting Enforcement Percentage" : 96.97, "Rate Limiting Enforcement Duration" : 280, "User Agent" : "Server Load Tester", "id" : "f84X3jRXsz-IgoQfwxYusIBxior1LVSYyBP1ma0rCqi9r1OKtmEumEshb2mcERx9GkCvUIvcGw_UZqK9_hyrwg==" }, { "Status" : "HTTP_STATUS_SERVICE_NOT_AVAILABLE", "Epoch Time" : 1473470406.968225, "Host" : "cdn.example.com", "Client IP" : "192.12.16.24", "URL" : "http://cdn.example.com/000001/mywebpage.html", "Timestamp" : "2016-09-10T01:20:06.968225Z", "Rate Limiting Enforcement Rule ID" : "XXXNAXXX@ddos.RULE_ID", "@fields.COMMON_HEADER" : {}, "Country Code" : "US", "Rate Limiting Enforcement Tuple ID" : "2c85167d-865d-4701-9a9a-11410327f8610001", "Rate Limiting Enforcement Type" : "DROP_REQUEST", "Referer" : "XXXNAXXX@fields.REFERER", "Rate Limiting Enforcement Start Epoch" : 1473470406000, "Request Method" : "HTTP_METHOD_GET", "Rate Limiting Enforcement Percentage" : 96.97, "Rate Limiting Enforcement Duration" : 280, "User Agent" : "Server Load Tester", "id" : "cEzkzBm5eOg-HtRyWJ226cQsttK7tL2EKYDpSWBVHdV2rmCDDCjMdiSm4gNBgAf-ruCE1vItn4nHbSriRXsaGw==" }, { "Status" : "HTTP_STATUS_SERVICE_NOT_AVAILABLE", "Epoch Time" : 1473470404.8476729, "Host" : "cdn.example.com", "Client IP" : "192.12.16.24", "URL" : "http://cdn.example.com/000001/mywebpage.html", "Timestamp" : "2016-09-10T01:20:04.847673Z", "Rate Limiting Enforcement Rule ID" : "XXXNAXXX@ddos.RULE_ID", "@fields.COMMON_HEADER" : {}, "Country Code" : "US", "Rate Limiting Enforcement Tuple ID" : "2c85167d-865d-4701-9a9a-11410327f8610001", "Rate Limiting Enforcement Type" : "DROP_REQUEST", "Referer" : "XXXNAXXX@fields.REFERER", "Rate Limiting Enforcement Start Epoch" : 1473470404000, "Request Method" : "HTTP_METHOD_GET", "Rate Limiting Enforcement Percentage" : 96.97, "Rate Limiting Enforcement Duration" : 280, "User Agent" : "Server Load Tester", "id" : "Le2hCRqVgr_-wc6x6TlV8lrY1MRAdVC5hA4oinRwl0nzZBnqgV9MdhO5RCOcvbRcySUG6uDowCWlznD0fGwA1g==" }, { "Status" : "HTTP_STATUS_SERVICE_NOT_AVAILABLE", "Epoch Time" : 1473470402.730159, "Host" : "cdn.example.com", "Client IP" : "192.12.16.24", "URL" : "http://cdn.example.com/000001/mywebpage.html", "Timestamp" : "2016-09-10T01:20:02.730159Z", "Rate Limiting Enforcement Rule ID" : "XXXNAXXX@ddos.RULE_ID", "@fields.COMMON_HEADER" : {}, "Country Code" : "US", "Rate Limiting Enforcement Tuple ID" : "2c85167d-865d-4701-9a9a-11410327f8610001", "Rate Limiting Enforcement Type" : "DROP_REQUEST", "Referer" : "XXXNAXXX@fields.REFERER", "Rate Limiting Enforcement Start Epoch" : 1473470402000, "Request Method" : "HTTP_METHOD_GET", "Rate Limiting Enforcement Percentage" : 96.97, "Rate Limiting Enforcement Duration" : 280, "User Agent" : "Server Load Tester", "id" : "F39U9yCoV6CaXBELa-2cjS5QDcjjPPQmH-mVRP5aUIXAhznwjC3I8kMDjcPEgmxKzMIrkJqYZ0KduFKWMqp-3Q==" } ], "page" : 1 }