Source Site Status Monitoring

UWAF uses the HEAD method to probe access requests to the domain name source site added by the user. If there is an abnormal response to the request 3 times in a row within 5 minutes, an alarm email or message will be sent to the corresponding message subscription group user. The frequency is once every 5 minutes.

!> Note:
If the source site has restrictions on the probe IP of UWAF (such as the whitelist and blacklist), there may be false alarms.

Source Site Status Alarm Situation Handling

When receiving a source site status alarm email or message, please follow the steps below for check:

1. Confirm that the monitor address is correctly configured. If it is not set, you can skip this step.

2. Under the “Security Report” -> “System Overview” check the domain name access situation to see if the sudden increase in traffic is causing too much pressure on the source site.

3. Check whether the source site server is working normally, mainly whether the CPU utilization rate and bandwidth utilization rate are too high.

4. Check the source site blacklist and whitelist, whether the UWAF back-to-source address has been added to the whitelist.

5. Check whether the regional IP has mistakenly blocked the UWAF probe IP due to prohibitions or other rules.

If you confirm that the source site is working properly and is not blocking the probe request from UWAF, and your business is impacted at this time, you can select the corresponding domain name entry in the “Domain Management”, click the “More” option, select “Back to Source Settings”, and click on “Business Back to Source”, or consult technical support for help.