All Products
Search

This Product

    Edge Security Acceleration:Get started with rules

    Document Center

    Edge Security Acceleration:Get started with rules

    Last Updated:Dec 08, 2025

    The rules feature provides a graphical interface. The rules identify parameters in user requests to determine whether a configuration applies, giving you flexible and precise control over your configuration. You can create and deploy conditional rules for features, such as cache, redirection, compression, origin fetch, and WAF, using the same syntax and logic.

    ESA rules

    Rules let you create and deploy conditional rules across different features, such as cache, redirection, compression, origin fetch, and WAF, using the same basic syntax and configuration logic.

    Notes

    • For a specific feature, if you add configurations at both the global level and the rule level, the rule configuration takes precedence when a user request matches the rule conditions.

    • A single rule configuration, which includes rule conditions and the feature configuration, is limited to 4 K characters.

    • All configuration information for a site, including global and rule configurations, is limited to 512 K characters. This limit excludes rule configurations for security protection.

    • A rule name is limited to 128 characters.

    Rule templates

    • ESA provides rule configuration templates for common scenarios. You can click a template to quickly create a rule.

    • After you add a rule, when a user requests a resource, ESA matches and executes rules sequentially based on the rule execution priority.

    Procedure

    1. In the ESA console, choose Websites, and in the Website column, click the target site.

    2. In the navigation pane on the left, choose Rules > Rule Template.

    3. On the Rule Templates page, select Redirect to a New URL and click Create in the upper-right corner.

    4. In the custom rule settings, enter the URI path to redirect, such as /esa.jpg.

    5. In the URL redirect section, enter the full redirection URL, such as https://www.aliyun.com.

    6. Test the access by visiting http://yourDomain/esa.jpg. A 301 status code is returned, which indicates that the redirection is active.

      image

    Use rules for WAF protection

    Example: Block all countries and regions except the Chinese mainland

    Configure rule conditions

    To block all countries and regions except for a single one (the Chinese mainland in this example), perform the following steps:

    1. In the ESA console, choose Websites, and in the Website column, click the target site.

    2. In the navigation pane on the left, choose Security > WAF > Custom Rules > Create Rule.

    3. Enter a Rule Name, such as rule-01.

    4. From the Match Type drop-down list, select Country/Region.

    5. From the Operator drop-down list, select does not equal.

    6. From the Match Value drop-down list, select Chinese Mainland.

    7. Finally, from the Action drop-down list, select Block, and then click OK.

    image

    To block a single country or region, select equals from the Action drop-down list. Then, follow the same steps.

    Expression: (ip.geoip.country ne "CN").

    Verify the blocking rule

    If a request originates from a region outside the Chinese mainland, such as Singapore, the default block page and a 403 status code are returned.

    image

    Set a redirection rule

    Example: Redirect requests from one URL to another

    Configure rule conditions

    1. In the ESA console, choose Websites, and in the Website column, click the target site.

    2. In the navigation pane on the left, choose Rules > Redirect Rules > Create Rule.

    3. Enter a Rule Name, such as rule-02.

    4. From the Match Type drop-down list, select Hostname.

    5. From the Operator drop-down list, select equals.

    6. In the Match Value text box, enter the hostname www.example.com.

    7. Add another rule expression for the URI path. Click And, and from the Match Type drop-down list, select URI Path.

    8. From the Operator drop-down list, select equals.

    9. In the Match Value text box, enter the path /image1.jpg.

    10. In the URL Redirect section, enter the URL to redirect to: https://www.example.com/image/image2.jpg.

    image

    Verify the redirection

    Accessing the original URL redirects the request to the path /image. The 301 status code confirms the redirection to image.jpg.

    image

    Set a browser cache time-to-live rule

    Example: Cache resources for 1 hour if the hostname is www.example.com and the URL path is /content

    Configure rule conditions

    1. In the ESA console, choose Websites, and in the Website column, click the target site.

    2. In the navigation pane on the left, choose Rules > Cache Rules > Create Rule.

    3. Enter a Rule Name, such as rule-03.

    4. From the Match Type drop-down list, select Hostname.

    5. From the Operator drop-down list, select equals.

    6. In the Match Value text box, enter the hostname www.example.com.

    7. Add another rule expression for the URI path. Click And, and from the Match Type drop-down list, select URI Path.

    8. From the Operator drop-down list, select equals.

    9. In the Match Value text box, enter the path /content.

    image

    Configure the browser cache TTL

    Select Use Custom TTL. Enter 1 and select Hours as the unit.

    image

    Verify the browser cache TTL

    Test access to the file. The response header cache-control: max-age=3600 is returned.

    image