ESA usage limitations - Edge Security Acceleration - Alibaba Cloud Documentation Center

Before connecting a domain name to Edge Security Acceleration (ESA), it is essential to understand the access conditions and limitations to prevent unnecessary losses.

Item	Description
Burst bandwidth/QPS throttling rules	If you expect traffic or QPS spikes on ESA-accelerated services, including but not limited to stress tests on bandwidth or QPS, promotional activities, and major releases, you need to contact your account manager or contact us to apply for burst bandwidth at least three business days in advance. For major events including but not limited to the Spring Festival Gala and Double 11 Global Shopping Festival, you need to apply for burst bandwidth at least one month in advance. If the application is approved, the availability of your services is guaranteed when the burst bandwidth is within the level agreed upon by both parties. If you do not apply for burst bandwidth or the application is rejected, Alibaba Cloud reserves the right to take measures such as bandwidth throttling to ensure service-level stability for other Alibaba Cloud customers. Bandwidth throttling is not necessarily triggered. Alibaba Cloud determines whether to enable bandwidth throttling based on service conditions and the level of the burst bandwidth. Alibaba Cloud is not responsible for the reduced availability caused by the measures. If you do not apply for burst bandwidth or the application is not approved, the following issues may occur: Burst bandwidth may trigger throttling rules of ESA. For more information, see Bandwidth limits. QPS surge may trigger Alibaba Cloud's anti-DDoS rules. However, different plans have different maximum protection capabilities. If the protection limit is exceeded, the system converges to a specific set of ESA points of presence (POPs), which may affect the access speed.
Potential domain attacks and data transmission abuse	By default, ESA does not provide access control or security protection capabilities. If your domain name is attacked or abused for data transmission, high bandwidth or traffic spikes may occur. In this case, you may receive bills that are higher than expected. High bills generated by attacks or data transmission abuse cannot be waived or refunded.
Website	Format The domain name must be 1 to 67 characters in length. The domain name can contain lowercase letters, digits, and hyphens (-). Example: `example.com`. The domain name cannot contain Chinese characters, uppercase letters, or special characters other than hyphens (-). The domain name cannot be a hyphen (-). The domain name cannot contain consecutive hyphens (-). The domain name cannot start or end with a hyphen (-). If the domain name contains Chinese characters such as `阿里云.网址`, you must perform ICP filing for the Chinese domain name. Then, use the Punycode tool to convert the domain name into English letters such as xn--fiq**.xn--eq. Specify the converted domain name as the domain name to be accelerated. Domain name ICP filing and compliance: ICP filing: If you set the acceleration region of a domain name to Global or Chinese Mainland Only**, you must apply for an ICP number for the domain name. We recommend that you use Alibaba Cloud ICP Filing System to apply for ICP numbers. For more information, see Check the instance for ICP filing and access information. The content delivered from the domain name must be legal and compliant with the Terms of Service for ESA. For more information, see Security violations.
Access area	If you set Region to Global (Excluding the Chinese Mainland) for an accelerated domain name, ESA blocks user requests to POPs located in the Chinese mainland. If you set Region to Chinese Mainland for an accelerated domain name, ESA blocks user requests to points of presence (POPs) located outside the Chinese mainland.
Restrictions on IoT cards	According to the Notice on Printing and Distributing the Trial Implementation Guidelines for the Classification and Security Management of IoT Cards (MIIT Network Security Letter [2020] No. 1173) set forth by the Ministry of Industry and Information Technology (MIIT) of the People's Republic of China, ESA cannot provide acceleration services for devices that use IoT cards in regions in the Chinese mainland. When devices that use IoT cards attempt to access POPs, the devices may fail to establish connections to the IP addresses of the POPs.
Security violations	Alibaba Cloud reviews the content served on all accelerated domain names. Domain names that cannot be accelerated by ESA include but are not limited to: Unable to access or the content does not contain any substantive information Private game servers Websites that provide multiplayer role-playing games and card games Websites that provide downloads of pirated content, including pirated software, books, videos, and comics Websites that run peer-to-peer (P2P) lending Unofficial lottery websites Websites of unlicensed hospitals and pharmaceuticals Websites that contain pornography, drugs, and gambling content Note You are legally responsible for the content hosted on your accelerated domain name. ESA regularly reviews the content served on accelerated domain names. If ESA detects that illicit content is served on a domain name, the system immediately disables or blocks the domain name. If the circumstances are serious, ESA will stop product acceleration service and offline all domain names.
Files	File Cache Responses whose Cache-Control directives allow caching: ESA can cache files up to 500 GB in size. Upload a file If you use ESA to upload files to the origin server, the default size of the uploaded files is 300 MB. You can modify the maximum upload size by configuring the maximum upload size.
Length of an individual URL or HTTP request header, and total length of URLs and HTTP request headers	HTTP/2: If the default setting of the NGINX directive is `http2_max_field_size=32KB`, the length of an individual HTTP request header or an individual URL cannot exceed 32 KB. Otherwise, the HTTP 414 status code is returned. If the default setting of the NGINX directive is `http2_max_header_size=128KB`, the total size of all HTTP request headers and URLs cannot exceed 128 KB. Otherwise, the HTTP 400 status code is returned. HTTP/1.1: For the `large_client_header_buffers` directive, the number is set to 4, and the size is 64 KB. In this case, the length of an individual HTTP request header or an individual URL cannot exceed 64 KB. Otherwise, the HTTP 414 status code is returned. The total size of all HTTP request headers and URLs cannot exceed 256 KB. Otherwise, the HTTP 400 status code is returned.
Total size of origin HTTP response headers	The total size of HTTP response headers returned from the origin to POPs cannot exceed 32 KB. Otherwise, the HTTP 502 status code is returned.
Gzip compression and Brotli compression	You can use the Gzip compression or Brotli compression feature to compress the files only if the size of files on the origin server ranges from 1 KB to 10 MB. Files that are smaller than 1 KB or larger than 10 MB are not compressed.
Port	ESA POPs provide the following access ports: HTTP ports: 80, 8080, 8880, 2052, 2082, 2086, 2095 HTTPS ports: 2053, 2083, 2087, 2096, 8443 By default, only static requests on ports 80, 443, and 8080 can be cached. If you want to cache other special ports, you must enable the Custom Port Cache feature in the Cache Rule section.
TCP connection timeout between a client and POP	Default: 30 seconds. If a client fails to establish a TCP connection with an POP within 30 seconds, the POP closes the connection.