All Products
Search

This Product

    Edge Security Acceleration:Configure TCP/UDP acceleration

    Document Center

    Edge Security Acceleration:Configure TCP/UDP acceleration

    Last Updated:Nov 18, 2025

    If your application establishes connections with the origin server over Transmission Control Protocol (TCP) or User Datagram Protocol (UDP), you can enable the TCP/UDP proxy feature to improve application performance and security. Common TCP or UDP-based scenarios include real-time combat games and real-time interactive audio and video streaming.

    Before you begin

    • If the edge port and origin server port are set to different ranges, the edge ports and corresponding origin server ports are mapped by applying a port offset and requests are forwarded.

      For example, if the edge port is 3000-4000 and the origin server port is 5000-6000, requests to edge port 3050 will be forwarded to origin server port 5050.

    • You can configure up to 30 proxy rules for an application.

    Create a TCP/UDP proxy application

    Follow these steps to create a TCP/UDP proxy application.

    1. In the ESA console, choose Websites. In the Website column, click the target website.

    2. In the left navigation pane, choose TCP/UDP > Settings.

    3. Click Create Application and configure the TCP/UDP application parameters.

      Configuration item

      Parameter

      Description

      Access Configuration

      Domain Name

      The domain name (hostname or record) accessed by the client. This domain name is used to resolve the accelerated IP address of ESA. After the IP address is resolved, the client can request the IP address using a Layer 4 protocol.

      IPv6 Access

      If the client is in an IPv6 environment and the nearest ESA POP also supports IPv6 requests, the client can access the ESA POP using the IPv6 protocol.

      Security

      IP Access Rules

      The IP access rules configured in WAF take effect for this TCP/UDP proxy application.

      Proxy Rules

      Protocol

      Select the Layer 4 protocol used by your application. TCP and UDP are supported.

      Edge Port

      The port used to access ESA. You can specify a single port, multiple ports, or a combination of port ranges.

      Note

      Ports from 1 to 65535 are supported.

      Multiple ports: For example, 80,81,82, separated by ,.

      Port range: For example, 100-200, connected with -.

      Combination of port ranges: For example, 80,81,82,100-200.

      Origin Server

      The address of the origin server to which ESA forwards requests. You can specify an IP address, Domain Name, Origin Pool, or Load Balancer.

      Origin Port

      The port of the origin server. You can specify a single port or port range. When the edge port is a port range, the origin port must be set to a single port or a port range of the same length. When the edge port is not a port range, the origin port must be set to a single port.

      Pass Client IP

      The proxy protocol that passes the original IP address and port information of the client to the origin server. Different protocol types support different Pass Client IP methods. By default, Do Not Pass is selected.

      • PROXY Protocol v1: it passes the client IP address through the TCP header in ASCII text format. Only the TCP protocol is supported.

      • PROXY Protocol v2: it passes the client IP address through the header in binary format. Both TCP and UDP protocols are supported.

      • Simple Proxy Protocol: it passes the client IP address by inserting a special header in binary format. Only the UDP protocol is supported.

      For more information about how to obtain the originating IP address of the client, see Preserve client IP with PROXY protocol v1 or v2.

    4. Click OK.

    Modify a TCP/UDP proxy application

    Follow these steps to modify an existing TCP/UDP proxy application.

    1. In the ESA console, choose Websites. In the Website column, click the target website.

    2. In the left navigation pane, choose TCP/UDP > Settings.

    3. Click Edit in the Actions column. You can enable or disable IP Access and modify Proxy Rules and their parameters.

      Note

      • When you add a proxy rule, ensure that the value of Edge Port in the new rule does not overlap with the edge ports in existing proxy rules.

      • Keep at least one proxy rule for your application.

    4. After you complete the modifications, click OK.

    Delete a TCP/UDP proxy application

    Follow these steps to delete an existing TCP/UDP proxy application.

    1. In the ESA console, choose Websites. In the Website column, click the target website.

    2. In the left navigation pane, choose TCP/UDP > Settings.

    3. Click Delete in the Actions column of the TCP/UDP proxy application. After you confirm the information in the dialog box, click Delete.