Edge Security Acceleration (ESA) inspects and filters traffic at points of presence (POPs) using edge WAF, edge bots management, DDoS protection, and origin protection. This prevents malicious attacks from reaching your origin server, protects your data center, and improves access speed and user experience.
Function introduction
Feature | Function overview | |
Security analytics displays data from WAF and bot management, including metrics for blocked, observed, and other requests. You can use this data to adjust your protection rules. | ||
The Events dashboard collects and analyzes data from security events to help you identify threats and assess risks to take appropriate actions. | ||
Intelligent protection | Smart Rate Limiting is an AI-powered enhancement of rate limiting rules, designed for users new to web security. It greatly simplifies configuring rate limits. You no longer need to manually analyze site traffic, identify abnormal request patterns, and set thresholds. Simply enable the feature and select a protection level. Smart rate limiting automatically trains a baseline from your website's traffic patterns over the past 7 days and updates rate limiting thresholds daily. | |
Abuse prevention combines global traffic monitoring with an open-source IP reputation database updated daily. It is particularly effective against automated threats from botnets, scrapers, and PCDNs, which are often used to disguise the origin of abusive traffic. When a request arrives, ESA checks the source IP against the reputation database and logs, challenges, or blocks it, depending on your configuration. | ||
If your site requires custom access control policies, you can create custom rules. Set conditions to match specific user requests, and then apply actions such as Block or Monitor to control those requests. This gives you flexible control over the content that users can access. | ||
Rate limiting in Edge Security Acceleration (ESA) lets you control requests that match specific features. For example, if a client IP accesses your site at a high frequency, you can use this feature to apply a slider challenge or block the IP for a specified period after a threshold is exceeded. | ||
Managed rules defend against OWASP Top 10 attacks and emerging vulnerabilities, including SQL injection, cross-site scripting (XSS), remote code execution (RCE), carriage return line feed (CRLF) injection, remote file inclusion (RFI), and webshells. ESA maintains and updates these rules automatically, so you do not need to configure or manage them manually. | ||
The scan protection module detects the behavior and characteristics of automated scanners to prevent attackers or scanners from scanning websites. Attack sources are blocked or added to the blacklist. This reduces the risk of intrusions into web services and prevents undesired traffic generated by malicious scanners. | ||
Whitelist rules allow you to permit requests with specific characteristics. These requests bypass all or certain protection rules, such as custom rules, rate limiting, managed rules, scan protection, and bot management. | ||
IP access rules allow you to block, challenge, or allow traffic based on a client's source IP address, Autonomous System Number (ASN), or geographic location. These rules apply to both HTTP (Layer 7) and TCP/UDP (Layer 4) requests. | ||
ESA provides two modes, Smart Mode and Professional Mode, to meet the security protection requirements of different business scenarios. | ||
ESA monitors traffic in real time to detect attack patterns, such as SYN floods, ACK floods, and CC attacks. When ESA detects unusual traffic, it responds quickly to block malicious data and allow legitimate traffic to pass through, ensuring business continuity and stability. | ||
API security helps manage and protect APIs for your websites by leveraging sampled user access logs and built-in machine learning models. The system automatically scans requests to points of presence (POPs) to detect potential threats and provides an API management portal for monitoring and analysis. | ||
Add the list of ESA node IP addresses to your origin server's firewall rules. This protects your origin server by allowing access only from whitelisted IP addresses. | ||
You can configure additional security settings on the Settings page. | ||
Intelligent rate limiting protection levels
Loose: Enable loose mode or disable intelligent rate limiting if false positives occur. The initial rate limit for a single IP address is 4,000 requests per 10 seconds. After you enable this feature, the limit is automatically adjusted every 24 hours based on historical data.
Medium: Enable medium mode for daily operations. The initial rate limit for a single IP address is 200 requests per 10 seconds. After you enable this feature, the limit is automatically adjusted every 24 hours based on historical data.
Strict: Enable strict mode if abuse occurs. The initial rate limit for a single IP address is 40 requests per 10 seconds. After you enable this feature, the limit is automatically adjusted every 24 hours based on historical data.
Action descriptions
Block: Blocks requests that match the rule and returns a block page to the client that initiated the request.
NoteTo customize the block page for the block action, see Configure custom pages.
Monitor: Does not block requests that match the rule. It logs only that the request matched the rule. You can query WAF logs for requests that matched the current rule to analyze its effectiveness, such as checking for false positives. Monitor mode lets you test a newly configured rule. After you confirm that the rule does not cause false positives, you can set the action to Block.
NoteYou must enable Simple Log Service to use the log explorer feature.
JavaScript Challenge: ESA returns a JavaScript code snippet to the client. A standard browser can automatically run this code. If the client runs the JavaScript code, ESA allows all requests from that client for a period of time (30 minutes by default) without further validation. Otherwise, the requests are blocked.
Slider CAPTCHA: ESA returns a slider CAPTCHA page to the client. If the client successfully completes the slider CAPTCHA, ESA allows all requests from that client for a period of time (30 minutes by default). Otherwise, the requests are blocked.
NoteIf the result is a pass (a normal user successfully completes the slider CAPTCHA), the traffic is billed. If the result is a block, the traffic is not billed.
The JavaScript Challenge and Slider CAPTCHA actions for WAF custom rules and rate limiting rules apply only to static pages. To support asynchronous API responses such as
XMLHttpRequestandFetch, enable JavaScript Challenge and Slider CAPTCHA in Bots. After you enable them, when a request matches a rule, ESA initiates a JavaScript Challenge or Slider CAPTCHA for the client. When the client passes the challenge, ESA addsCookie acw_sc__v2oracw_sc__v3to the HTTP message header to indicate that the client has been authenticated.
Plan support
The following list shows the plans that support bots management, DDoS protection, and origin protection. For information about the plans that support WAF, see WAF plan details.
Intelligent protection
|
Category |
Feature |
Entrance (0 USD/month) |
Pro (15 USD/month) |
Premium (249 USD/month) |
Enterprise (Contact sales for custom pricing) |
|
Intelligent Protection |
|
|
|
|
|
|
|
|
|
|
WAF
|
Category |
Feature |
Entrance (0 USD/month) |
Pro (15 USD/month) |
Premium (249 USD/month) |
Enterprise (Contact sales for custom pricing) |
|
5 |
20 |
100 |
100 |
||
|
1 |
2 |
5 |
10 |
||
|
Rate Limiting - Statistical Interval Enumeration |
|
|
|
|
|
|
Rate Limiting - Duration Enumeration |
|
|
|
|
|
|
Rate Limiting - Characteristics |
|
|
|
|
|
|
Rate Limiting - Apply to Cached Requests |
|
|
|
|
|
|
50 |
200 |
400 |
400 entries |
||
|
2 |
3 |
5 |
10 |
||
|
Supports basic rules |
Supports all rules |
Supports all rules |
Supports all rules |
||
|
|
5 |
10 |
20 |
||
|
|
|
|
|
||
|
|
|
|
|
||
|
Strict Slider |
|
|
|
|
|
|
Account-level quota. Default rule limit: 10. |
|||||
|
DDoS Alerting |
|
|
|
|
|
|
Layer 4 Proxy (Includes Layer 4 DDoS Protection) |
|
|
|
|
|
DDoS
|
Category |
Feature |
Entrance (0 USD/month) |
Pro (15 USD/month) |
Premium (249 USD/month) |
Enterprise (Contact sales for custom pricing) |
|
DDoS Basic Protection |
|
|
|
|
|
|
Best-effort Protection |
|
|
|
Contact sales for customization. |
|
|
HTTP DDoS Attack Protection |
|
|
|
|
|
|
Deep Learning and Protection |
|
|
|
|
|
|
Scenario-based Policy |
|
|
|
|
Bots
|
Category |
Feature |
Entrance (0 USD/month) |
Pro (15 USD/month) |
Premium (249 USD/month) |
Enterprise (Contact sales for custom pricing) |
|
Definite Bots |
(Actions: monitor and allow) |
(Actions: monitor and allow) |
|
|
|
|
Likely Bots |
(Actions: monitor and allow) |
(Actions: monitor and allow) |
|
|
|
|
Verified Bots |
|
|
|
|
|
|
Static Resource Protection |
|
|
|
|
|
|
JavaScript Detection |
|
|
|
|
|
|
Number of bot management rulesets supported |
|
|
|
10 |
Origin protection
|
Category |
Feature |
Entrance (0 USD/month) |
Pro (15 USD/month) |
Premium (249 USD/month) |
Enterprise (Contact sales for custom pricing) |
|
Origin Protection |
|
|
|
|