Proxy Logs Attributes
Detailed information about Proxy logs attributes, cache source codes, and delivery status codes
The Traffic Viewer page of the Webscale Control Panel enables you to view Proxy logs attribute information for an application within a specified time period. For more information on accessing Traffic Viewer, see Access Traffic Viewer .
The following Proxy logs attributes table provides Proxy logs attribute information. You can view the name, display name, aliases, and a description for each attribute. Specific codes, presented in the Cache source codes and Delivery status codes tables, are returned for the cache_source and delivery_status proxy logs attributes.
Topics
Proxy logs attributes
| Name | Display Name | Aliases | Description |
|---|---|---|---|
| arrival | Arrival | arrival | ISO 8601-formatted date when the request arrived at the Webscale proxy |
| bytes_in | Bytes in | bytes_in | Bytes that the Webscale proxy received, including request line and headers |
| bytes_out | Bytes out | bytes_out | Bytes that the Webscale proxy sent to the client, including response headers |
| cache_control | Cache control | cache_control | Contents of the Cache-Control response header |
| cache_source | Cache source | cache_source | Two-letter codes that indicate the action the source took while responding to the request |
| completed | Completed | completed | ISO 8601-formatted date for when processing the request was completed |
| country | Country | country | Two-letter ISO 3166-2 country code for the origin of the request |
| delivery_status | Delivery status | delivery_status | Numeric codes that indicate the delivery status of the request. “0” for traffic proxied through to the application. When not “0,” the Webscale proxy handled the request directly. |
| elapsed | Elapsed | elapsed | Interval between when the proxy received the request and sent the complete response |
| internal_transport_latency | Internal latency | internal_latency internal_transport_latency | Internal proxy delay while processing the request |
| labels | Labels | labels | List of user-defined labels used to track traffic with the Add Labels web control action |
| load_id | Load ID | load_id | Unique ID that identified a user-initiated pageload. All resource requests shared the ID to render the page. |
| location | Location | location | Contents of the Location response header |
| peer_address | Peer address | peer_address | IP address of the immediate peer connecting to the proxy. If the peer is a trusted proxy, the remote IP address of the user agent that made the request is used. |
| proxy_address | Proxy address | proxy_address | IP address of the proxy that handled the request |
| queue_latency | Queue latency | queue_latency | Amount of time that the request spent queued on the proxy, possibly due to a slow backend |
| range | Range | range | Contents of the Range request header |
| referrer | Referrer | referrer | Contents of the Referer request header |
| request_address | Request address | request_address | Remote IP address of the user agent that made the request |
| request_host | Request host | host request_host | Contents of the Host request header |
| request_id | Request ID | request_id | Unique ID for each request that the proxy served |
| request_method | Request method | request_method | HTTP request method |
| request_path | Request path | request_path | Virtual path of the request (latter portion of the request URL separated by backslashes after the main website name) |
| request_port | Request port | request_port | Port number that received the request |
| request_protocol | Request protocol | protocol request_protocol | HTTP protocol version |
| request_query | Request query | request_query | URL request query parameters (located in the latter sections of the request URL) |
| request_url | Request URL | request_url | String with the host, scheme, path, and query parameters for the request |
| response_content_type | Response content type | content_type response_content_type | Contents of the Content-Type response header |
| server_address | Server address | server_address | Application server address used to fulfill the request |
| server_latency | Server latency | server_latency | Interval between when the server received the request and the browser received the last byte of the response |
| session_id | Session ID | session_id | Unique ID that a server assigned to a specific user for a session |
| status_code | Status code | response_status_code status_code | Response status code that indicates if the specific request successfully completed |
| threat | Threat | threat | “y” if the IP address was a potential attacker. “n” otherwise. |
| tls_cipher | TLS cipher | tls_cipher | Encryption algorithms for transport layer security |
| tls_version | TLS version | tls_version tls_protocol | Highest version of the transport layer security protocol that the client supported |
| ttfb | TTFB | ttfb time_to_first_byte | Interval between when the data plane received the request and sent the first byte of the response |
| url_map | URL map | url_map | Name of the url map used in a web control that resulted in the request being redirected |
| useragent | User agent | useragent user_agent | Contents of the User-Agent request header |
| useragent_device | User agent device | useragent_device user_agent_device | Device type used to make the request (e.g., smartphone, desktop, etc.) |
| useragent_name | Browser | browser useragent_name user_agent_name | Browser type used to make the request (e.g., Google Chrome, Safari, etc.) |
| useragent_os | User agent OS | useragent_os user_agent_os | Operating system type used to make smartphone request (e.g., Android, Mac, etc.) |
| webcontrols | Web controls | webcontrols | List of web controls that ran for this request |
Cache source codes
The two-letter cache source codes identify the actions that the cache_source log attribute indicates.
| Source Code | Explanation |
|---|---|
NE | “Not Eligible” — Request did not match any site cache conditions and pagespeed did not cache it |
PH | “Pagespeed Hit” — Request was served from the cache when optimization was turned on and the resources required to render the page were present in the cache |
PM | “Pagespeed Miss” — Request was not served from the cache when optimization was turned on and the resources required to render the page were not present in the cache |
PF | “Pagespeed Fill” — Request initiated a pagespeed fill when optimization was turned on and the resources required to render the page were seen for the very first time |
SH | “Site Cache Hit” — Request was served from the cache when the site cache was turned on and the request matched a site cache condition which was present in the cache |
SM | “Site Cache Miss” — Request was not served from the cache when site cache was turned on and the request matched a site cache condition which was not present in the cache |
SF | “Site Cache Fill” — Request initiated a site cache fill when site cache was turned on and the request matched one of the site cache conditions for the very first time |
Delivery status codes
The delivery status codes identify how the response was generated. All non-zero values of these codes signify that the Webscale proxy server intercepted the request.
| Status Code | Description |
|---|---|
| 0 | Request fulfilled by an application server |
| 1 | Request rejected because the source IP address was in the blacklist |
| 2 | Request rejected due to the activated WAF rule that the user uploaded |
| 3 | Request rejected because it was sitting in the suspended queue for a time equal to or greater than maximum_queue_time |
| 4 | Request rejected because the proxy could not process the request since the suspended queue was full |
| 5 | Shield mode turned on. The request was presented with the captcha page. |
| 6 | Shield mode turned on. The client successfully validated the captcha page. |
| 7 | Shield mode turned on. The user made an unsuccessful attempt to verify the captcha. |
| 8 | Shield mode turned on and the client presented an invalid token. The request was presented with the captcha page. |
| 9 | Request denied by the Deny Request web control action |
| 10 | Request redirected by the Redirect Request or Redirect Using Map web control action |
| 11 | Request had a mod_pagespeed_beacon |
| 12 | Internal request |
| 13 | Request satisfied by Amazon Cloudfront |
| 14 | Request is satisfied from the proxy. This includes but is not necessarily limited to:
|
| 15 | Request that is responsible for filling the cache in case of a miss |
| 16 | Request that can be satisfied from the cache now or in the future:
|
| 17 | Request had a bad port number |
| 18 | Request is satisfied by the microsite |
| 19 | Role-based access control: User redirected to the Webscale Control Panel page to authenticate |
| 20 | Role-based access control: Successful authentication. User did have the necessary role. |
| 21 | Role-based access control: Unsuccessful authentication. User did not have the necessary role. |
| 22 | Client-closed connection (499 status code) |
Further Reading
- The Webscale Control Panel Dashboard
- Building Filters in Traffic Viewer
- Using Traffic Viewer
- Logs on Webscale
- Security How-Tos
Have questions not answered here?
Contact Support
to get more help.
Last modified on June 3, 2026