Understanding OWASP WAF Logs
When reviewing the Kemp WAF logs there is no "action" indicated in the logs. Do the WAF logs show if there is an action to drop traffic or if the traffic successfully reaches the server?
Application: HTTP(S) Based
How to understand which WAF logs depict that a connection has been blocked?
|Steps to Reproduce:|
There are three audit modes that determine what information is logged:
If a connection does not reach the full Anomaly Scoring Threshold but triggers a rule, the connection will be logged at the "Warning" level.