All Products
Search
Document Center

Edge Security Acceleration:Managed rules

Last Updated:Jun 02, 2026

Managed rules are intelligent built-in ESA protection rules that defend against OWASP attacks and the latest origin server vulnerabilities, including SQL injection, XSS, code execution, CRLF, remote file inclusion, and WebShell. Enable protection without manual rule configuration or updates.

Enable managed rules

Enable a rule set to protect your site with a single click.

  1. In the ESA console, select Site Management, and in the Website column, click the target site.

  2. On the site details page, navigate to Security > WAF > Managed Rules.

  3. On the Managed Rules tab, in the Recommended Ruleset section, enable the Managed Ruleset to protect your entire site from common web attacks and vulnerabilities.

Edit a managed rule set

After enabling the Recommended Ruleset, you can edit its configuration.

  1. In the ESA console, navigate to Site Management and click the target site in the Website column.

  2. On the site details page, navigate to Security > WAF > Managed Rules, and click Edit. For Apply to, select All Requests or Filtered Requests. Custom rules follow the Rule expression structure.

  3. Select a protection level (Intelligent rate limiting protection levels) and an action (Actions), then click OK.

    image

Delete a managed rule set

After enabling the Recommended Ruleset, you can disable or delete it.

  1. In the ESA console, navigate to Site Management and click the target site in the Website column.

  2. On the site details page, navigate to Security > WAF > Managed Rules, and click Delete.

Availability by plan

Note

The Entrance plan supports only 27 default basic protection rules and does not cover XSS, SQL injection, CSRF, RFI, protocol violation, WebShell, path traversal, deserialization, or expression injection.

Feature

Entrance

Pro

Premium

Enterprise

Managed rules

Supports basic rules

Supports all rules

Supports all rules

Supports all rules

Complete rule list

Rule

Description

Basic Protection Rules

Defends against zero-day vulnerabilities and common attacks such as Log4j exploits.

SQL Injection

Inserts malicious SQL into input fields to execute unauthorized database queries, potentially leaking, deleting, or modifying data.

Cross-site Scripting

Injects malicious scripts into web pages that execute in a user's browser to steal cookies or plant malicious code. Categorized as reflected, stored, or DOM-based.

Code Execution

Executes arbitrary code on a target system by exploiting vulnerabilities, uploading malicious files, or injecting code.

CRLF Injection

Inserts extra headers into HTTP responses by manipulating the response structure, potentially enabling XSS or HTTP response splitting.

Local File Inclusion

Exploits application vulnerabilities to load local server files via malicious paths, potentially disclosing sensitive information or enabling code execution.

Remote File Inclusion

Makes an application include a remote malicious file via an external URL, potentially leading to code execution.

WebShell

A web-based backdoor uploaded to a compromised server that allows attackers to execute commands and manage files through a web interface.

OS Command Injection

Embeds malicious OS commands in an application for server-side execution.

Expression Injection

Embeds malicious expressions that the server executes to perform unauthorized actions.

Java Deserialization

Deserializes a malicious Java object to execute arbitrary code on the server.

PHP Deserialization

Deserializes a malicious PHP object to execute arbitrary code on the server.

SSRF

Tricks a server into making requests to internal or external resources on the attacker's behalf.

Path Traversal

A path traversal attack injects relative path sequences, such as ../, to access files on a server outside the intended web folder.

Arbitrary File Upload

Uploads malicious files for server-side execution.

.NET Deserialization

Exploits insecure deserialization in .NET applications to execute arbitrary code via malicious serialized data.

Scanner Behavior

Identifies web application scanner behavior that probes for vulnerabilities by generating large volumes of requests.

Business Logic Flaw

Detects vulnerabilities in business process implementation that allow attackers to manipulate workflows for unauthorized access. These flaws often bypass traditional input validation and output encoding.

Arbitrary File Read

Reads arbitrary system files via manipulated file path parameters, potentially exposing configuration files, credentials, and personal data.

Arbitrary File Download

Downloads arbitrary system files, potentially exposing sensitive information or enabling offline analysis of system backups.

XML External Entity (XXE) Injection

Exploits XML parser processing of external entities to read system files, perform SSRF attacks, or cause denial of service.

Other Rules

Targets vulnerability attacks against specific backend systems.