vercel-logotype Logovercel-logotype Logo
Observability

Firewall Observability

Learn how firewall traffic monitoring and alerts help you react quickly to potential security threats.
Table of Contents

Traffic monitoring

In the Firewall tab of your project, view a line graph displaying total incoming web traffic over a specific period for your production deployment. The default view shows an Overview of traffic for a live 10-minute window.

Web traffic monitoring view with default live 10-minute graph
Web traffic monitoring view with default live 10-minute graph

Use the following settings to change the monitoring view:

  • Traffic grouping:
    • Overview: The default option shows the traffic grouped by Category (of traffic control rules) or Action (Allow, challenge, deny, or log) applied to the traffic with the firewall rules
    • The remaining options show the traffic for the selected set by Region, IP Address, User Agent, Request Path, Target Path, JA4 Digest, or Country
      • Default web traffic
      • Custom Rule list: A list of your enabled custom rules
      • Managed Ruleset list (Enterprise plan): A list of your enabled managed rulesets
  • Time period: Select Live (10 minute live window) or Past Day (24 hours)

Firewall Alerts

Firewall Alerts are available on all plans

How alerts work

To help protect your site effectively, you can configure alerts to be notified of potential security threats and firewall actions. To do so, you can either create a webhook and subscribe to the listener URL or subscribe to the event through the Vercel Slack app.

DDoS attacks alerts

When Vercel's DDoS Mitigation detects malicious traffic on your site that exceeds 100,000 requests over a 10-minute period, an alert is generated.

To receive notifications from these alerts, you can use one of the following methods:

  • Create a webhook and subscribe to the URL to receive notifications
    1. Follow the configure a webhook guide to create a webhook with the Attack Detected Firewall Event checked and the specific project(s) you would like to be notified about
    2. Subscribe to the created webhook URL
  • Use the Vercel Slack app to enable notifications for Attack Detected Firewall Events
    1. Add the Slack app for your team by following the Use the Vercel Slack app guide
    2. Then subscribe to DDoS attack alerts for your team_id
      • Use the command /vercel subscribe {team_id} firewall.attack
    3. Review the Vercel Slack app command reference for additional options.
Last updated on February 22, 2025
Previous
Firewall Concepts
Next
Using the REST API