The {@code AccessRule} key that matched the request. For more information about access rules, see {@code UpdateAccessRules}.
The action taken on the request, either {@code ALLOW}, {@code DETECT}, or {@code BLOCK}.
The {@code AddressRateLimiting} key that matched the request. For more information about address rate limiting, see {@code UpdateWafAddressRateLimiting}.
The CAPTCHA action taken on the request, {@code ALLOW} or {@code BLOCK}. For more information about CAPTCHAs, see {@code UpdateCaptchas}.
The CAPTCHA challenge answer that was expected.
The number of times the CAPTCHA challenge was failed.
The CAPTCHA challenge answer that was received.
The IPv4 address of the requesting client.
ISO 3166-1 alpha-2 code of the country from which the request originated. For a list of codes, see ISO's website.
The name of the country where the request originated.
The type of device that the request was made from.
The {@code Host} header data of the request.
The hashed signature of the device's fingerprint. For more information, see {@code DeviceFingerPrintChallenge}.
The map of the request's header names to their respective values.
The HTTP method of the request.
The incident key of a request. An incident key is generated for each request processed by the Web Application Firewall and is used to idenitfy blocked requests in applicable logs.
The type of log of the request. For more about log types, see Logs.
The address of the origin server where the request was sent.
The amount of time it took the origin server to respond to the request, in seconds.
A map of protection rule keys to detection message details. Detections are requests that matched the criteria of a protection rule but the rule's action was set to {@code DETECT}.
The {@code Referrer} header value of the request.
A map of header names to values of the request sent to the origin, including any headers appended by the Web Application Firewall.
The path and query string of the request.
The status code of the response. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
The size in bytes of the response. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
The {@code ThreatFeed} key that matched the request. For more information about threat feeds, see {@code UpdateThreatFeeds}.
The date and time the Web Application Firewall processed the request and logged it.
The value of the request's {@code User-Agent} header field.
A list of Web Application Firewall log entries. Each entry is a JSON object, including a timestamp property and other fields varying based on log type. Logs record what rules and countermeasures are triggered by requests and are used as a basis to move request handling into block mode. For more information about WAF logs, see Logs.