Connect your website to Edge Security Acceleration (ESA) using the NS or CNAME setup, manage your website centrally and use features like acceleration, edge computing, and protection.
Prerequisites
You have registered an Alibaba Cloud account. If your acceleration region includes the Chinese mainland, complete identity verification.
You have the domain name that you want to add to ESA.
You have an origin server with a website deployed.
Connect your website
Step 1: Add your site
Add your website's root domain to ESA.
In the ESA console, go to Websites and click Add Website.
On the Enter Website page, enter the root domain of the website that you want to connect, such as
example.com, and then click Next.
On the Select Location and DNS Setup page, select an acceleration region and setup. Then, click Next.
Select an acceleration region
ESA allocates points of presence (POPs) based on the selected region to provide security and acceleration services for users in that area.
Region
Description
Chinese Mainland
ESA assigns POP resources in the Chinese mainland to secure and accelerate your website. If you select this region, your domain name must have an ICP filing.
Global
ESA assigns POP resources worldwide to secure and accelerate your website. If you select this region, your domain name must complete an ICP filing.
Global (Excluding the Chinese mainland)
ESA allocates POPs outside the Chinese mainland. Your domain name doesn't need an ICP filing.
Select a connection type
ESA provides two connection types: NS and CNAME. Select a connection type based on your requirements.
Connection type
Description
Scenarios
Advantages
NS setup
Fully delegate your domain name resolution to ESA for integrated DNS resolution and acceleration management.
New domain names with no DNS records configured.
Using a CDN or acceleration service for the first time.
Requiring one-stop DNS hosting and traffic management.
ESA fully manages DNS resolution for unified control.
Supports smart routing and global traffic scheduling.
Simplifies O&M, and improves security and acceleration.
CNAME setup
Domain name resolution is handled by your DNS provider, while ESA provides domain acceleration and centralized management.
You are more familiar with traditional CDN-like products.
You need to connect only some services to ESA while keeping your existing DNS architecture.
Flexible connection that does not affect existing DNS configurations.
Allows acceleration for specific subdomains.
On the Select Plan page, either purchase a New Plans or select an Purchased Plans. Follow the on-screen instructions to complete the purchase.
Purchase a new plan
On the New Plans page, select a plan that suits your needs.
Bind an existing plan
If you have an existing plan, select it on the Purchased Plans tab.
Step 2: Activate your website in ESA
Adding a website does not automatically enable acceleration or protection. You need to activate the website to use ESA's services.
Connect using the NS setup
Step 1: Add DNS records
To prevent service disruptions from invalid DNS records, add your current DNS records from your DNS provider to ESA before changing your DNS servers.
Import multiple DNS records in a batch (Recommended)
On the Add DNS Record page, click Import from File, and then click Continue.
On the Import from File page, upload the DNS record file.
To migrate DNS records from Cloudflare, Alibaba Cloud DNS, or Tencent Cloud DNSPod to ESA, you must first obtain the DNS record file from your current DNS provider. Then, follow these steps to upload the file.
Select Cloudflare, Alibaba Cloud DNS, or Tencent Cloud DNSPod as needed, and then click Select File.
Select the DNS record file and upload it to ESA.
To import DNS records using the ESA template, follow these steps to upload the file.
Select Template Import and click Download Template.
In the downloaded template file, modify the DNS records according to the specified format and save the file.
Click Select File To Upload, select the saved template, and complete the upload.
On the Import page, review and adjust the record configurations. By default, ESA provides only DNS resolution for imported records. In the Proxy Status column, you can enable the ESA proxy for records that require acceleration.
Click OK. The records are imported and appear on the Records page.
Manually add a single record
On the Add DNS Record page, click Add Manually, and then click Continue.
Click Add Record. In the dialog box that appears, add a DNS record and click Next.
Example: For example, assume your site's domain name is
example.cnand you want to accelerate the subdomainwww.example.cn. The IP address of the origin server is198.2.XX.XX. The following figure shows a sample configuration. For more information about how to configure other records, see DNS parameter reference.
Select a type as needed and click Done.
If a subdomain uses a non-standard port (not 80 or 443), select a setup based on one of the following scenarios:
If all subdomains use the same non-standard port to access the origin server, customize the origin port by configuring the origin protocol and port.
If different subdomains use different non-standard ports to access the origin server, use Origin Protocol and Port Rules to customize the origin port for each subdomain.
Step 2: Change your DNS servers and activate the website
After you add the DNS records, change your website's current DNS servers to the ESA DNS servers.
In the left navigation pane on the left, click Overview. Click
to copy the NS value provided by ESA.
Follow the on-screen instructions to go to your DNS provider and update the DNS servers.
The following sections provide instructions for changing DNS servers at some common DNS providers:
GoDaddy
Log on to the GoDaddy console.
Go to and select the target domain name.
In the Additional Settings section, click Manage DNS. In the Nameservers section, click Change Nameservers.
Select Enter my own nameservers (advanced), enter the DNS server names assigned to you by Edge Security Acceleration (ESA), and click Save.
After the settings are complete, wait for the DNS server configuration to take effect.
Namecheap
Log on to the Namecheap console.
On the Domain page, change the DNS servers.
Name
Log on to the Name.com console.
Go to the page for managing nameservers.
Google Domains
Log on to the Google Domains console.
Click .
Click Save.
After you change the NS servers, click Verify Nameserver. The change can take from a few minutes to 48 hours to take effect. If the verification fails, wait a few moments and try again, or wait for the system to automatically detect the change. You will receive a notification by email and internal message when your website is activated.
Connect using the CNAME setup
Step 1: Verify domain ownership
When you add a domain name to ESA for the first time, you must verify its ownership. You do not need to verify the same domain name or its subdomains again.
In the left navigation pane, click Overview. Click
to copy the TXT record provided by ESA. 
Follow the on-screen instructions to go to your DNS provider and add a TXT record for your domain with the copied information from ESA.
The following sections provide instructions for common DNS providers. If your provider is not listed, ask your DNS provider for help.
Cloudflare
If your DNS provider is Cloudflare, follow these steps to add a TXT record.
Log on to the Cloudflare console.
Go to the DNS page, click Add record, and add a TXT record.
Click Save.
GCP
If your DNS provider is Google Cloud Platform (GCP), follow these steps to add a TXT record.
Log on to the GCP console.
Go to the DNS page, click Add Record, and add a TXT record.
Click Save.
AWS
If your DNS provider is Amazon Web Services (AWS), follow these steps to add a TXT record.
Log on to the AWS console.
Go to the DNS page, click Add Record, and add a TXT record.
Click Save.
Dyn
If your DNS provider is Dyn, follow these steps to add a TXT record.
Log on to the Dyn console.
Go to the DNS page, click Add Record, and add a TXT record.
Click Create Record.
Return to the ESA console and click Click To Verify to complete the verification.
NoteThe record can take from a few minutes to several hours to take effect. If the verification fails, wait a moment and try again.
Step 2: Add a subdomain
After you verify domain ownership, configure the ESA proxy acceleration for a subdomain.
Get the CNAME record value in ESA
Add a DNS record in the ESA console that specifies the prefix and origin server address of the domain name that you want to accelerate. After you add the record, ESA provides a CNAME record value.
In the navigation pane on the left, choose .
On the Records page, add DNS records manually or by batch import to obtain the CNAME record value from ESA.
Manually add a single record
On the Records page, click Add Record.
On the Add Record page, enter the required information.
For example, your website's domain name is
example.cn, you want to accelerate the subdomainwww.example.cn, and the IP address of the origin server is198.2.XX.XX. The following figure shows a sample configuration. For more information about how to configure other records, see Introduction to DNS-related parameters.Click Next. Select a type as needed.
Click
to copy the CNAME record value provided by ESA. This value points to the POPs.
Import multiple DNS records in a batch
On the Records page, click Import.
On the Import page, upload the DNS record file.
To migrate DNS records from DNS provider including Cloudflare, Alibaba Cloud DNS, or Tencent Cloud DNSPod to ESA, obtain the DNS record file from the DNS provider. Then, follow these steps to upload the file.
Select Cloudflare, Alibaba Cloud DNS, or Tencent Cloud DNSPod, and then click Select File.
Select the DNS record file and upload it to ESA.
To import DNS records using the ESA template, follow these steps to upload the file.
Select Import From Template and click Download File Template.
In the template, modify the DNS records according to the specified format and save the file.
Click Select File, select the saved template, and complete the upload.
On the Import page, review and adjust the record configurations, and then click OK.
After the import is successful, find the record in the DNS record list and click
in the CNAME column to copy the CNAME record value.
If a subdomain uses a non-standard port (not 80 or 443), select a setup based on one of the following scenarios:
If all subdomains use the same non-standard port to access the origin server, customize the origin port by configuring the origin protocol and port.
If different subdomains use different non-standard ports to access the origin server, use Origin Protocol and Port Rules to customize the origin port for each subdomain.
Add the CNAME record at your DNS provider
Since your domain name resolution is managed by a third-party DNS provider, add the CNAME record at your provider after you obtain the CNAME from ESA. When a user requests the accelerated domain name, the request is resolved to the corresponding ESA POP, which then provides the acceleration service.
Similar to the steps in Verify domain ownership, follow the on-screen instructions to go to your DNS provider and add the copied CNAME record to your domain's DNS settings.
Return to the ESA console. Go to . Confirm that the CNAME Status for the new record is Configured.
NoteAfter you configure the DNS record, it can take from a few minutes to several hours to take effect. If the verification fails, wait a few moments and try again.
Step 3 (Optional): Configure SSL certificates
If your proxied DNS records require HTTPS access, configure the corresponding SSL certificates to prevent HTTPS service interruptions.
Step 4: Verify that acceleration is active
After your website is added to ESA, client requests are routed to the nearest ESA POPs. You can check the IP address to verify that acceleration is active.
Method 1: Use browser developer tools
Test a proxied DNS record. This verification method is only applicable to proxied records because requests for DNS-only records do not pass through ESA's POPs.
In a browser, access a resource on the website, such as
https://api.example.com/test.txt. Then, open the browser's developer tools to view the IP address for the request.
Use IP Geolocation to check whether the IP address belongs to ESA. If it does, the website is accelerated by ESA.
Method 2: Use the command line
Test a proxied DNS record.
Requests for DNS records without proxy do not pass through ESA POPs and cannot be tested by this method.
Windows
Open Command Prompt.
Run the command
nslookup -type=A <domain name>to retrieve the resolved IP address. In this exmaple, usenslookup -type=A test.example.com.
Use IP Geolocation to check whether the IP address belongs to ESA.
If it does, the website is accelerated by ESA.
Linux and macOS
Open the terminal.
Run the command
dig <domain name>, such asdig test.example.com, to retrieve the resolved IP address.
Use the IP lookup tool to check whether the IP address belongs to ESA.
If it does, the site is accelerated by ESA.
Method 3: Check real-time logs
Real-time logs are not available for the Entrance plan. If you are on the Entrance plan, use Method 1 or Method 2 to perform the verification, or upgrade your plan and then use Method 3.
In the ESA console, go to Websites. In the Website column, click the target site.
In the navigation pane on the left, go to . Click Start Monitoring to collect logs.
If logs are generated, the website is accelerated by ESA.
Enable protection for your website
To improve your website’s data security, configure key features such as DDoS protection (to block flood attacks), Web Application Firewall (WAF, to prevent malicious activity), and SSL certificate management (to encrypt data transmission). Together, these features help create a safer and more reliable website.
Access protection: Comprehensive website security
Access protection defends websites against malicious attacks and ensures website stability and availability. ESA uses native WAF capabilities, combined with predefined rules and custom rules, to intelligently filter client request traffic, ensuring that only legitimate, clean traffic can reach the server, thereby reducing potential risks.
ESA collects and analyzes client request data in real time through security analytics and events analytics to identify abnormal behavior. Combined with WAF custom rules, you can flexibly configure measures such as blocking, JavaScript Challenge, and redirection to precisely respond to different attacks.
ESA also provides basic DDoS protection by default, which can effectively defend against large-scale DDoS attacks and CC attacks, ensuring stable website operation under high-traffic attacks.
With these layered protections, ESA helps you quickly identify and block abnormal access, offering strong defense against threats to fully protect your website.
Data transmission encryption: secure communication between client and server
Encrypting data during transmission is essential to protect sensitive information from theft or tampering. ESA offers end-to-end data transmission security between the client and your server, ensuring your data stays safe at every stage.
First, ESA enables SSL/TLS encryption by default. The SSL/TLS protocol ensures the confidentiality and integrity of data during transmission by establishing an encrypted channel between the client and server.
To further enhance security, apply for a free edge certificate. By deploying edge certificates, clients will communicate with ESA POPs using the HTTPS protocol, ensuring that data transmission is encrypted and authenticated, increasing user trust in your website.
ESA also supports enabling edge TLS mutual authentication. This feature establishes a bidirectional authentication mechanism between the client and ESA POP, ensuring that only authorized clients can access the server. This mechanism greatly enhances the security of data transmission and effectively prevents unauthorized access and malicious attacks.
Through these security measures, your business data is protected from various network threats during transmission, safeguarding your business.
Improve website performance
ESA improves website access speed and network performance to optimize the user experience. It uses technologies such as custom image transformation, resource compression, and IPv6 support.
Optimize resource access
By enabling and optimizing website settings, ESA can significantly improve application performance. ESA adopts multiple advanced technologies to optimize resource access, including custom image transformation, resource minimization, and transmission protocol upgrade. These optimization features boost website speed, allowing you to access resources more quickly and improving the overall user experience.
Custom image transformation: Automatically adjusts image size and format based on the user's device and screen, reducing unnecessary data transfer.
Resource minimization: Compresses and optimizes static resources, removes redundant code and useless data, reducing resource file size.
Transmission protocol upgrade: Supports transmission protocols such as HTTP/2 and HTTP/3, improving data transmission efficiency and reducing latency.
Optimize network performance
To boost network speed, ESA offers four network optimization settings that improve performance from protocol support to communication methods.
IPv6 protocol support: Fully compatible with IPv6 protocol, improving the utilization of network address resources and optimizing network connection efficiency.
WebSocket low-latency communication: Uses WebSocket protocol for real-time communication, reducing data transmission latency and improving real-time application response speed.
gRPC efficient service interaction: Provides low-latency, high-throughput service interaction based on gRPC's efficient communication mechanism, suitable for scenarios with extremely high performance requirements.
Intelligent traffic shaping to prevent overload: Intelligent traffic control and load balancing prevent network congestion and overload, ensuring stable transmission speeds even during high traffic.
Learn more
In addition to improving site security and performance, ESA also supports features such as caching, edge computing, rules, analytics and logs, and traffic to provide you with comprehensive site management.
Cache acceleration
Configure cache policies or create cache rules to store resource files on ESA's POPs. When a file is requested, POPs respond directly. This avoids long origin requests and helps you retrieve the latest files faster.
Edge computing
ESA provides an efficient, flexible, and low-latency edge computing solution through three services: Functions and Pages, Edge container, and Edge storage.
Functions and Pages is a serverless service that lets you deploy JavaScript code directly on POPs. Your requests are processed on the nearest POP, which significantly reduces latency and provides a faster computing experience.
Edge container is a highly elastic and easy-to-maintain computing resource for container applications deployed on edge nodes. Its global deployment and proximity-based scheduling simplify protocol handling and greatly reduce response latency.
Edge storage is a key-value edge storage service. When combined with Functions and Pages, it provides fast read access to data on the same POP. This enables lightweight services, such as BaaS and API gateways.
Custom rules
Use a syntax and logic to create and deploy conditional rules for various features, such as caching, redirection, compression, origin fetch, and WAF. This lets you control the execution of configuration policies with greater flexibility and precision, which results in more efficient management and optimization.
Analytics and logs
ESA generates real-time traffic data and detailed log records when it processes requests. Use this data to optimize resource configurations, spot and resolve issues, generate real-time metrics, analyze network connectivity, and run performance tests.
Traffic management
ESA's POPs monitor and intelligently manage data streams in real time. They optimize traffic distribution policies to balance the load across multiple origin servers. This significantly reduces link latency and improves service availability and stability.