All Products
Search

This Product

    Edge Security Acceleration:Protect static resources

    Document Center

    Edge Security Acceleration:Protect static resources

    Last Updated:Dec 12, 2025

    Block unauthorized scraping of static resources by crawlers using behavior and traffic analysis. This reduces abnormal bandwidth use and improves service stability.

    How to protect static resources

    Static resources, such as audio, videos, images, and CSS/JS files, are usually served from cache and do not generate requests to the origin server. Traditional security policies usually focus on blocking bots targeting dynamic requests, leaving static resources at risk of abuse. Malicious websites can exploit this by directly linking to your static resource URLs, leading to abnormal bandwidth consumption and increased server costs.

    ESA offers security policies designed to protect static resources. By detecting and blocking malicious bots, ESA prevents abuse of cached files and reduces bandwidth waste.

    Enable static resource protection

    To prevent malicious crawlers from consuming bandwidth through hotlinking or bypassing caching, set differentiated actions for Definite Bots, Likely Bots, or Verified Bots, and enable the Static Resource Protection feature. ESA handles requests that hit cached static resource based on the actions you set.

    1. In the ESA console, choose Websites and click Add Website.

    2. In the left-side navigation pane, choose Security > Bots.

    3. On the Smart Mode page, click Configure for Definite Bots, Likely Bots, or Verified Bots to set actions.

      • Definite Bots: This category includes many malicious crawlers. Set the action to Block or Slider CAPTCHA.

      • Likely Bots: These requests have a lower risk than Definite Bots but may contain malicious crawlers and other traffic. Set the action to Monitor, or to Slider CAPTCHA during high-risk periods.

      • Verified Bots: This category usually includes crawlers from search engines that support your website's search engine optimization (SEO). Set the action to Allow. If you do not want any search engine crawlers to access your site, you can set the action to Block.

    4. Turn on the Static Resource Protection switch.

      image

    Create protection rules

    Create protection rule sets through Professional Mode to define more granular policies for static resources, including Bot behavior analysis, crawler blocking, and whitelisting.

    1. In the ESA console, choose Websites and click Add Website.

    2. In the left-side navigation pane, choose Security > Bots.

    3. Click Professional Mode > Create Ruleset, and follow the instructions to fill in the Rule Set Name, select Service Type and SDK Integration.

    4. In the If requests match... area, set the match field to Serves Static Resources, the match operator to equals, and set the switch to image. In the Then execute... area, configure protection policies according to your needs.

      image

    5. In the Effective Time area, click Edit in the Actions column, set the effective time, and click OK.

    6. Click OK to save your settings.