All Products
Search

This Product

    Edge Security Acceleration:Getting started with rules

    Document Center

    Edge Security Acceleration:Getting started with rules

    Last Updated:Apr 30, 2025

    The rules of Edge Security Acceleration (ESA) provide a graphical user interface that simplifies rule configurations.

    What are ESA rules

    You can set up rules to identify incoming requests based on the query parameters that they carry and flexibly and precisely control how the rules are applied. The rules allow you to use consistent syntax and logic to create and deploy various rules, such as cache rules, redirect rules, compression rules, origin rules, and Web Application Firewall (WAF) protection rules.

    Before you begin

    • If you configure a feature using both rule and global settings, the rule takes precedence for matching incoming requests.

    • The length of a single rule configuration (including the rule condition and feature configuration) can be up to 4 KB in size.

    • All configuration information, including global settings and rules, must not exceed a total size of 512 KB (excluding security rules).

    • The rule name must be 1 to 128 characters in length.

    Configure WAF protection for your website

    Example: Block requests from regions outside the Chinese Mainland

    Configure rule conditions

    To block requests from regions outside the Chinese mainland, perform the following steps:

    1. In the ESA console, choose Websites and click the name of the website you want to manage.

    2. In the left-side navigation pane of your website details page, choose Security > WAF. On the WAF page, click the Whitelist Rules tab.

    3. Set Rule Name to rule-01.

    4. In the If requests match... section, select Country/Region from the drop-down list of the match type.

    5. Select does not equal from the operator drop-down list.

    6. Select Chinese Mainland from the drop-down list of the match value.

    7. In the Then execute... section, select Block from the Action drop-down list, and click OK.

    image

    To block requests from a specific region, select equals from the operator drop-down list, and configure other parameters in the same way as above.

    Expression builder: (ip.geoip.country ne "CN")

    Verify the result by using a browser

    Make a request to the website from a region outside the Chinese mainland, such as Singapore. If the system returns the default error page with HTTP status code 403, the configuration is successful.

    image

    Create a redirect rule

    Example: Redirect a request

    Configure rule conditions

    1. In the ESA console, choose Websites and click the name of the website you want to manage.

    2. In the left-side navigation pane of your website details page, choose Security > WAF. On the WAF page, click the Custom Rules tab. On the Custom Rules tab, click Create Rule.

    3. On the page that appears, set Rule Name to rule-02.

    4. In the If requests match... section, select Hostname from the drop-down list of the match type.

    5. Select equals from the operator drop-down list.

    6. Enter www.example.com in the match value field.

    7. Click And to add a URI path. Select URI Path from the drop-down list of the match type.

    8. Select equals from the operator drop-down list.

    9. Enter /image1.jpg in the match value field.

    10. In the URL Redirect section, enter the destination URL https://www.example.com/image/image2.jpg.

    Verify the redirect result

    Visit https://www.example.com/image/image1.jpg. If the system redirects the request to https://www.example.com/image/image2.jpg, the configuration is successful.

    image

    Configure the browser cache TTL

    Example: Set the browser cache TTL for www.example.com/content to 1 hour

    Configure filter conditions

    1. In the ESA console, choose Websites and click the name of the website you want to manage.

    2. In the left-side navigation pane of your website details page, choose Security > WAF. On the WAF page, click the Custom Rules tab. On the Custom Rules tab, click Create Rule.

    3. On the page that appears, set Rule Name to rule-03.

    4. In the If requests match... section, select Hostname from the drop-down list of the match type.

    5. Select equals from the operator drop-down list.

    6. Enter www.example.com in the match value field.

    7. Click And to add a URI path. Select URI Path from the drop-down list of the match type.

    8. Select equals from the operator drop-down list.

    9. Enter /content in the match value field.

    image

    Configure the browser cache TTL

    In the Browser Cache TTL section under Then execute..., click Configure, select Use Custom TTL, and specify 1 hour as the time to live (TTL).

    image

    Verify the browser cache TTL of the file

    Access the file. Check whether the response header contains Cache-Control: max-age=3600. If yes, the configuration is successful.

    image