Confirming Web App service through the Oracle Dyn Web Application Security service (formerly Zenedge) WAF/DDoS Platform

Having conducted Local Testing of your Web App configuration on the Zenedge portal, you can now alter your DNS zone file to direct traffic for your web servers to pass through the Zenedge platform, knowing that the platform will process that traffic as you expect.

You will point the DNS record for your Web App at the CNAME provided for your Web App in the Zenedge portal. If you are pointing the record for the base domain (e.g. activereach.net rather than www.activereach.net) then you are recommended to use an A record and IP address (as a CNAME is not RFC compliant in this position, though supported by some DNS registrars). You can get the specific IP address to use by asking the activereach support team. YOU SHOULD NOT use the value you may have used in any Hosts file based Local Testing.

How can you check that the traffic to your site is actually passing through Zenedge when you have changed the DNS records (bearing in mind that the TTL on the domain record may mean that it does not take immediate effect for all of your customers)?.

Firstly look at the Logs screen for the Web App. If you see entries, especially entries from your own IP address (assuming you have cleared your DNS cache and that of any resolver you may be using), traffic must be passing through the Zenedge portal.

 

zenedge-recent-log-entries

Secondly, the specific Web App dashboard will show you the number of Requests Per Second. If there is traffic shown, then traffic is passing through Zenedge for the Web App in question.

zenedge-dashboard-rps

The main Web Apps page may list your Web App as ‘Offline’ in the ‘Status’ column.

Web_apps
There can be a couple of reasons for this:
1) status checks are done by Zenedge at one hour intervals to check whether the FQDN for your Web App is pointing at Zenedge. Until such a check has run and completed successfully, the status might be listed as offline even though traffic is passing through Zenedge. You can see the time of the last check for each Web App on the portal.
2) you are sending traffic for one of the Additional Domains of the Web App and not for the FQDN of the main Web App name, and the FQDN of the main Web App does not point at Zenedge.

Even if the Web App is listed as offline, you may see a thumbnail graph in the Web Apps page RPS column, because it is actually passing traffic through Zenedge:

zenedge-traffic-but-offline

For additional comfort, you can look at the HTTP headers in returned pages (as described in our Zenedge Local Testing document) to confirm the pages have traversed the Zenedge platform.

A more usual display in the Zenedge Web Apps page for the RPS, Request, and Status columns might be:

zenedge-half-green-circle-online
This shows the Web App is online and the thumbnail of RPS shows traffic has passed through the Zenedge platform.

The circle in the two screenshot snippets above is seen in the Request column of the Web Apps page. It visually indicates the traffic for the last 24 hours with

  • grey being requests to the Origin Server
  • green being requests served from the Zenedge caches
  • red being requests blocked because they triggered a WAF or DDoS or ACL rule

Here is a snippet showing blocked requests:

web_apps_tricolour

 

 

 

You can hover your mouse over the coloured segments of the circle to see the exact number and percentage for each type of traffic.