All Products
Search

This Product

    Edge Security Acceleration:Get started with Global Settings

    Document Center

    Edge Security Acceleration:Get started with Global Settings

    Last Updated:Mar 24, 2025

    Global Settings allows you to create IP addresses or CIDR block lists. You can use the feature to implement batch association and centralized management of Web Application Firewall (WAF) and bot policies, preventing repeated settings of multiple rules. List changes are automatically synchronized to all associated policies to ensure global policy consistency.

    Benefits

    The feature allows you to associate WAF and bot policies with multiple IP address lists at a time. You can use standardized IP list referencing to ensure policy consistency and reduce differences in multiple times of input. You can also flexibly create and adjust lists based on business scenarios and reuse the lists across environments. This implements efficient and centralized management and precise hierarchical control of security policies.

    Scenarios

    After you create a list, you can reference the list when you configure rules for features described in the following part:

    When you add the corresponding rule, the match value can reference the IP address or CIDR block list only if the match parameter is set to Client IP and the logic operator is is in list or is not in list in If requests match...

    Note

    The match value cannot reference the IP address or CIDR block list across websites. For example, if a list is referenced under a example.com website, the example.com in the list and its subdomains take effect. They do not take effect under a website that does not reference the list.

    Create a list

    1. Log on to the ESA console, and in the left-side navigation pane, choose Global Settings > Lists.

    2. On the Lists page, click Create List. In the Create List dialog box, specify List Name and Type, enter a match value in the input field, and then click OK.

      image

      Type description

      • IP Address/CIDR Block: You can configure 10 lists. You can include up to 500 IP addresses or CIDR blocks in a list. Separate multiple IP addresses or CIDR blocks with ,.

      • ASN: An Autonomous System Number (ASN) uniquely identifies an autonomous system on the Internet. An autonomous system is a group of IP networks and routers controlled by a network management organization, such as an Internet service provider, enterprise, or large institution. You can query the ASN in a request. For more information, see How do I query the ASN of an IP address? or Instant Logs.

      • Hostname: The value of the Host header in the request, which determines the requested domain name.

    Reference a list

    Create a list, set the match parameter to Client IP, and enter the IP address of your local server. Then, reference the list in the custom rule and set a blocking condition. It is expected that 403 error page is returned after you use your local server to access a domain name on ESA. This indicates that the rule takes effect on the list.

    Reference a list

    1. In the ESA console, choose Websites and click the website name you want to manage.

    2. In the left-side navigation pane, choose Security > WAF. On the WAF page, click the Custom Rules tab. Click Create Rule. On the Create Custom Rule page, specify Rule Name.

    3. In the If requests match... section, select Client IP as the match type, select is in list as the match condition, and select the list that you created in the input field.

    4. In the Then execute... section, select Block for Action, select Default Error Page for Error Page, and click OK. The status code 403 cannot be changed.

    Perform a test

    After the list is referenced, use curl -I http://esa.xxx.top/pic_03.jpg to perform a test. If status code HTTP 403 is returned, the settings meet the expectations.

    image