HTTP Events

View and filter HTTP request events

The HTTP Events page provides a detailed log of all HTTP requests processed by WAF360. Use it to investigate suspicious traffic, analyze patterns, and take action on specific IPs or User Agents.

Events Table

Each event row displays:

  • User — UUID identifier, email (if available), and country code
  • URI — The requested URL path with HTTP status code (color-coded in Gateway Mode)
  • Source — IP address, bot code, IDC code, and RDNS label
  • Time — Relative timestamp (hover for full date/time)
  • Details — Click to expand the full event detail panel

Status Code Colors (Gateway Mode)

  • Green — 2xx success responses
  • Red — 4xx client errors
  • Yellow — Other status codes (3xx, 5xx)

Filtering Events

Time Range

Select a preset time range: 24h, 1W, 30D, 2m, 90d, or use the calendar picker for a custom range.

Dynamic Filters

Add filter conditions to narrow down events:

  1. Click the filter area
  2. Select a Field (e.g., IP, country_code, bot_code, ua_label)
  3. Choose an Operator (e.g., EQUALS)
  4. Enter a Value

You can combine multiple filters. Click on values in the table (like an IP address or UUID) to quickly filter by that value.

Common Filter Fields

  • ip — IP address
  • country_code — Two-letter country code
  • bot_code — Bot classification
  • idc_code — Data center identification
  • ua_label — User agent classification
  • uuid — User identifier
  • uri — Request path
  • host — Hostname
  • method — HTTP method
  • code — HTTP status code
  • source_type — Event source type
  • rdns — Reverse DNS
  • asn — Autonomous System Number

Event Details

Click the expand icon on any event to open the detail panel.

Gateway Mode Details

  • Event — UUID and timestamp
  • Request — URI, protocol, HTTP method with status code
  • Source — IP address, rDNS, ASN, service label, bot code, IDC code, geolocation (city, region, country)

Tag Mode Details

All Gateway Mode fields plus:

Browser Detection Features:

  • Is UA Bot
  • No Browser Function
  • Bot Mouse Move / Bot Mouse Move 2
  • Is Headless
  • Is Bot Click / Is Bot Fast Click
  • Zero History Length / Zero Languages
  • No Canvas / No WebGL
  • WebGL Machine / No GPU
  • Zero Image Size
  • Headless Notify / Headless Window Size

User Interaction Metrics:

  • Mouse Move Count
  • Mouse Click Count
  • Scroll Count
  • Touch Start/End Count
  • Key Press/Down/Up Count

Device Details:

  • Screen Width/Height
  • Browser Width/Height
  • Language
  • Time Zone

Request Headers — Full HTTP request headers (collapsible section)

Ad Traffic Charts (Tag Mode)

When filtering events by ad sources (source_type starting with "ads."), additional charts appear:

  • Top IP — IP addresses with counts and percentages
  • Top GEO — Geographic breakdown by country, region, and city
  • Top UUID — Top user identifiers
  • Top Keywords — Search and query keyword analysis

Pagination

Events are displayed 30 per page with page navigation controls at the bottom of the table.

Taking Action from Events

From the event detail panel, you can quickly add an IP address to your block or allow list without leaving the Events page.