Skip to content

appfw

The following operations can be performed on "appfw":

stat appfw

Displays application firewall statistics.

Synopsis

stat appfw [-detail] [-fullValues] [-ntimes ] [-logFile ] [-clearstats ( basic | full )]

Arguments

detail Specifies detailed output (including more statistics). The output can be quite voluminous. Without this argument, the output will show only a summary.

fullValues Specifies that numbers and strings should be displayed in their full form. Without this option, long strings are shortened and large numbers are abbreviated

ntimes The number of times, in intervals of seven seconds, the statistics should be displayed. Default value: 1 Minimum value: 0

logFile The name of the log file to be used as input.

clearstats Clear the statsistics / counters

Possible values: basic, full

Output

Counters

total log messages (totlogs) Total number of security check log messages generated by the Application Firewall.

total violations (totviols) Total number of security check violations seen by the Application Firewall.

Recent Ave Response Time (ms) (shortAvgRespTime) Average backend response time in milliseconds over the last 7 seconds

Long Term Ave Response Time (ms) (longAvgRespTime) Average backend response time in milliseconds since reboot

requests (reqs) HTTP/HTTPS requests sent to your protected web servers via the Application Firewall.

Request Bytes (reqBytes) Number of bytes transfered for requests

responses (resps) HTTP/HTTPS responses sent by your protected web servers via the Application Firewall.

Response Bytes (resBytes) Number of bytes transfered for responses

aborts Incomplete HTTP/HTTPS requests aborted by the client before the Application Firewall could finish processing them.

redirects (redirect) HTTP/HTTPS requests redirected by the Application Firewall to a different Web page or web server. (HTTP 302)

Traps Dropped (trapsDr) AppFirewall SNMP traps dropped due to time limit.

start URL (startURL) Number of Start URL security check violations seen by the Application Firewall.

deny URL (denyURL) Number of Deny URL security check violations seen by the Application Firewall.

referer header (refererHdr) Number of Referer Header security check violations seen by the Application Firewall.

buffer overflow (bufovfl) Number of Buffer Overflow security check violations seen by the Application Firewall.

Post Body Limit (postBodyLimit) Number of Post Body Limit security check violations seen by the Application Firewall.

cookie consistency (cookie) Number of Cookie Consistency security check violations seen by the Application Firewall.

cookie hijacking (cookie_hijack) Number of Cookie Hijacking security violations seen by the Application Firewall.

CSRF form tag (csrf_tag) Number of Cross Site Request Forgery form tag security check violations seen by the Application Firewall.

HTML Cross-site scripting (xss) Number of HTML Cross-Site Scripting security check violations seen by the Application Firewall.

HTML SQL injection (sql) Number of HTML SQL Injection security check violations seen by the Application Firewall.

field format (fieldfmt) Number of Field Format security check violations seen by the Application Firewall.

field consistency (fieldcon) Number of Field Consistency security check violations seen by the Application Firewall.

File Upload Types (fileUploadTypes) Number of Field Upload Types security check violations seen by the Application Firewall.

Infer Content Type XML Payload (inferContentType) Number of Mismatched Content-Type in request with XML Payload security check violations seen by the Application Firewall.

credit card (ccard) Number of Credit Card security check violations seen by the Application Firewall.

safe object (safeobj) Number of Safe Object security check violations seen by the Application Firewall.

Signature Violations (sigs) Number of Signature violations seen by the Application Firewall.

content Type (contentType) Number of Content type security check violations seen by the Application Firewall.

HTML CMD injection (cmd) Number of HTML CMD Injection security check violations seen by the Application Firewall.

JSON Denial of Service (jsondosViolations) Number of JSON Denial-of-Service security check violations seen by the Application Firewall.

JSON SQL injection (jsonsqlViolations) Number of JSON SQL Injection security check violations seen by the Application Firewall.

JSON Cross-Site Scripting (jsonxssViolations) Number of JSON Cross-Site Scripting (XSS) security check violations seen by the Application Firewall.

JSON CMD injection (jsoncmdViolations) Number of JSON Command Injection security check violations seen by the Application Firewall.

XML Format (wfcViolations) Number of XML Format security check violations seen by the Application Firewall.

XML Denial of Service (XDoS) (xdosViolations) Number of XML Denial-of-Service security check violations seen by the Application Firewall.

XML Message Validation (msgvalViolations) Number of XML Message Validation security check violations seen by the Application Firewall.

Web Services Interoperability (wsIViolations) Number of Web Services Interoperability (WS-I) security check violations seen by the Application Firewall.

XML SQL Injection (xmlSqlViolations) Number of XML SQL Injection security check violations seen by the Application Firewall.

XML Cross-Site Scripting (xmlXssViolations) Number of XML Cross-Site Scripting (XSS) security check violations seen by the Application Firewall.

XML Attachment (xmlAttachmentViolations) Number of XML Attachment security check violations seen by the Application Firewall.

SOAP Fault Violations (soapflt) Number of requests returning soap:fault from the backend server

XML Generic Violations (genflt) Number of requests returning XML generic error from the backend server

HTML SQL injection (SQL grammar) (sqlgram) Number of HTML SQL Injection security check violations (using SQL grammar) seen by the Application Firewall.

JSON SQL injection (SQL grammar) (jsonsqlViolations) Number of JSON SQL Injection security check violations (reported using SQL grammar) seen by the Application Firewall.

Combined SQL injection (sqlcomb) Number of combined SQL Injection security check violations seen by the Application Firewall.

Combined XXE (xxecomb) Number of combined XXE security check violations seen by the Application Firewall.

Commbined Cross-Site Scripting (xsscomb) Number of combined Cross-Site Scripting security check violations seen by the Application Firewall.

Commbined OWASP violations (owaspcomb) Number of combined OWASP security check violations seen by the Application Firewall.

start URL logs (startURLLog) Number of Start URL security check log messages generated by the Application Firewall.

deny URL logs (denyURLLog) Number of Deny URL security check log messages generated by the Application Firewall.

referer header logs (refererHdrLog) Number of Referer Header security check log messages generated by the Application Firewall.

buffer overflow logs (bufovflLog) Number of Buffer Overflow security check log messages generated by the Application Firewall.

Post Body Limit Logs (postBodyLimitLogs) Number of Post Body Limit security check logs seen by the Application Firewall.

cookie consistency logs (cookieLog) Number of Cookie Consistency security check log messages generated by the Application Firewall.

cookie hijacking logs (cookiehijackLog) Number of Cookie Hijacking security violation log messages generated by the Application Firewall.

CSRF form tag logs (csrf_tagLog) Number of Cross Site Request Forgery form tag security check log messages generated by the Application Firewall.

HTML XSS logs (xssLog) Number of HTML Cross-Site Scripting security check log messages generated by the Application Firewall.

HTML XSS transform logs (xssXformLog) Number of HTML Cross-Site Scripting security check transform log messages generated by the Application Firewall.

HTML SQL logs (sqlLog) Number of HTML SQL Injection security check log messages generated by the Application Firewall.

HTML SQL transform logs (sqlXformLog) Number of HTML SQL Injection security check transform log messages generated by the Application Firewall.

field format logs (fieldfmtLog) Number of Field Format security check log messages generated by the Application Firewall.

field consistency (fieldconLog) Number of Field Consistency security check log messages generated by the Application Firewall.

credit cards (ccardLog) Number of Credit Card security check log messages generated by the Application Firewall.

safe object logs (safeobjLog) Number of Safe Object security check log messages generated by the Application Firewall.

Signature logs (sigsLog) Number of Signature logs generated by the Application Firewall.

content Type logs (contentTypeLog) Number of content type security check log messages generated by the Application Firewall.

JSON Denial of Service logs (jsondosLogs) Number of JSON Denial-of-Service security check log messages generated by the Application Firewall.

JSON SQL injection logs (jsonsqlLogs) Number of JSON SQL Injection security check log messages generated by the Application Firewall.

JSON Cross-Site Scripting logs (jsonxssLogs) Number of JSON Cross-Site Scripting (XSS) security check log messages generated by the Application Firewall.

JSON CMD injection logs (jsoncmdLogs) Number of JSON Command Injection security check log messages generated by the Application Firewall.

file upload types logs (fileUploadTypesLog) Number of File Upload Types security check log messages generated by the Application Firewall.

Infer Content Type XML Payload Logs (inferContentTypeLog) Number of Mismatched Content-Type in request with XML Payload security check logs seen by the Application Firewall.

HTML Command Injection logs (cmdLog) Number of HTML Command Injection security check log messages generated by the Application Firewall.

XML Format logs (wfcLogs) Number of XML Format security check log messages generated by the Application Firewall.

XML Denial of Service (XDoS) log messages (xdosLogs) Number of XML Denial-of-Service security check log messages generated by the Application Firewall.

XML Message Validation logs (msgvalLogs) Number of XML Message Validation security check log messages generated by the Application Firewall.

WSI logs (wsILogs) Number of Web Services Interoperability (WS-I) security check log messages generated by the Application Firewall.

XML SQL Injection logs (xmlSqlLogs) Number of XML SQL Injection security check log messages generated by the Application Firewall.

XML XSS logs (xmlXssLogs) Number of XML Cross-Site Scripting (XSS) security check log messages generated by the Application Firewall.

XML Attachment logs (xmlAttachmentLogs) Number of XML Attachment security check log messages generated by the Application Firewall.

SOAP Fault logs (soapfltLog) Number of requests generating soap:fault log messages

XML Generic logs (genfltLog) Number of requests generating XML generic error log messages

HTML SQL logs (SQL grammar) (sqlGramLog) Number of HTML SQL Injection security check log messages (reported by SQL grammar) generated by the Application Firewall.

JSON SQL injection logs (SQL grammar) (jsonsqlGramLogs) Number of JSON SQL Injection security check log messages (reported by SQL grammar) generated by the Application Firewall.

HTTP Client Errors (4xx Resp) (4xxResps) Number of requests returning HTTP 4xx from the backend server

HTTP Server Errors (5xx Resp) (5xxResps) Number of requests returning HTTP 5xx from the backend server

Config Start URL Closure (cfgstarturlclosure) Number of profiles with Start URL Closure enabled in the Application Firewall.

Config Cookie Transforms (cfgcookietransforms) Number of profiles with Config Cookie Transforms enabled in the Application Firewall.

Config CrossSite Scripting Transform Unsafe HTML (cfgcrosssitescriptingtransformunsafehtml) Number of profiles with CrossSite Scripting Transform Unsafe HTML enabled in the Application Firewall.

Config CrossSite Scripting Check Complete URLs (cfgcrosssitescriptingcheckcompleteurls) Number of profiles with CrossSite Scripting Check Complete URLs enabled in the Application Firewall.

Config SQL Injection Grammar (cfgsqlinjectiongrammar) Number of profiles with SQL Injection Grammar enabled in the Application Firewall.

Config SQL Injection Transform Special Characters (cfgsqlinjectiontransformspecialchars) Number of profiles with SQL Injection Transform Special Characters enabled in the Application Firewall.

Config SQL Injection Check SQL Wild Characters (cfgsqlinjectionchecksqlwildchars) Number of profiles with SQL Injection Check SQL Wild Characters enabled in the Application Firewall.

Config Credit Card XOut (cfgcreditcardxout) Number of profiles with Credit Card XOut enabled in the Application Firewall.

Config Do Secure Credit Card Logging (cfgdosecurecreditcardlogging) Number of profiles with Do Secure Credit Card Logging enabled in the Application Firewall.

Config Streaming (cfgstreaming) Number of profiles with Streaming enabled in the Application Firewall.

Config Trace (cfgtrace) Number of profiles with Trace enabled in the Application Firewall.

Config JSON SQL Injection Grammar (cfgjsonsqlinjectiongrammar) Number of profiles with JSON SQL Injection Grammar enabled in the Application Firewall.

Config XML SQL Injection Check SQL Wild Chars (cfgxmlsqlinjectionchecksqlwildchars) Number of profiles with XML SQL Injection Check SQL Wild Chars enabled in the Application Firewall.

Config Use HTML Error Object (cfgusehtmlerrorobject) Number of profiles with Use HTML Error Object enabled in the Application Firewall.

Config Log Every Policy Hit (cfglogeverypolicyhit) Number of profiles with Log Every Policy Hit enabled in the Application Firewall.

Config Exempt Closure URLs From Security Checks (cfgexemptclosureurlsfromsecuritychecks) Number of profiles with Exempt Closure URLs From Security Checks enabled in the Application Firewall.

Config Canonicalize HTML Response (cfgcanonicalizehtmlresponse) Number of profiles with Canonicalize HTML Response enabled in the Application Firewall.

Config Enable Form Tagging (cfgenableformtagging) Number of profiles with Enable Form Tagging enabled in the Application Firewall.

Config Sessionless URL Closure (cfgsessionless_url_closure) Number of profiles with Sessionless URL Closure enabled in the Application Firewall.

Config Semicolon Field Separator (cfgsemicolonfieldseparator) Number of profiles with Semicolon Field Separator enabled in the Application Firewall.

Config Exclude File Upload From Checks (cfgexcludefileuploadfromchecks) Number of profiles with Exclude File Upload From Checks enabled in the Application Firewall.

Config Check Request Headers (cfgcheckrequestheaders) Number of profiles with Check Request Headers enabled in the Application Firewall.

Config Optimize Partial Reqs (cfgoptimizepartialreqs) Number of profiles with Optimize Partial Reqs enabled in the Application Firewall.

Config URL Decode Request Cookies (cfgurldecoderequestcookies) Number of profiles with URL Decode Request Cookies enabled in the Application Firewall.

Config Percent Decode Recursively (cfgpercentdecoderecursively) Number of profiles with Percent Decode Recursively enabled in the Application Firewall.

Config Insert Cookie SameSite Attribute (cfginsertcookiesamesiteattribute) Number of profiles with Insert Cookie SameSite Attribute enabled in the Application Firewall.

Config Fake Account Detection (cfgfakeaccountdetection) Number of profiles with Fake Account Detection enabled in the Application Firewall.

credit card log transform messages (ccardXformLog) Number of Credit Card security check transform log messages generated by the Application Firewall.

Was this article helpful?