Edge Security Acceleration (ESA) inspects and filters traffic at points of presence (POP) through WAF, bot management, DDoS protection, and origin protection to prevent malicious attacks from reaching your origin server. This protects the security of your origin infrastructure while accelerating content delivery to enhance user experience.
Features overview
Security analytics
The Security analytics dashboard provides visualized analysis of HTTP(S) request traffic via Web Application Firewall (WAF) and bot management. You can create protection rules based on applied filters or make informed adjustments to the existing rules.
Event analytics
The Event analytics feature collects, organizes, and parses various types of security event data to help you detect threats, assess risks, and take appropriate action.
WAF
ESA provides WAF at POPs in the form of rules that you can configure:
You can create rate limiting rules via ESA to limit the rate of requests that match specific conditions. For example, if an IP address visits your website at a high frequency within a specific period of time, you can create a rate limiting rule to specify a request rate limit, and enable slider CAPTCHA verification or add the IP address to the blacklist for a period of time when the configured limit is reached.
Custom rules allow you to control user access to resources on your website. To create a custom rule for your website, specify the match conditions and action such as block or monitor on incoming requests that meet the conditions.
You can create rate limiting rules via Edge Security Acceleration (ESA) to limit the rate of requests that match specific conditions. For example, if an IP address visits your website at a high frequency within a specific period of time, you can create a rate limiting rule to specify a request rate limit, and enable slider CAPTCHA verification or add the IP address to the blacklist for a period of time when the configured limit is reached.
Intrusion attacks such as SQL injection, cross-site scripting (XSS), code execution, CRLF injection, remote file inclusion, and webshells pose high risks but are usually difficult to detect by using custom rules and rate limiting rules. To address this issue, ESA offers built-in intelligent managed rules to defend against OWASP attacks and the latest origin vulnerabilities. You can enable protection against various types of attacks without manual configurations and updates.
Detects the behavior and characteristics of automated scanners to prevent attackers or scanners from scanning websites. Attack sources are blocked or added to the blacklist. This reduces the risk of intrusions into web services and prevents undesired traffic generated by malicious scanners.
Whitelist rules allow you to permit requests with specific characteristics. These requests bypass all or certain protection rules, such as custom rules, rate limiting, managed rules, scan protection, and bot management.
IP access rules allow you to block, challenge, or allow traffic based on a client's source IP address, Autonomous System Number (ASN), or geographic location. These rules apply to both HTTP (Layer 7) and TCP/UDP (Layer 4) requests.
Bots
Bot management provides Smart Mode in all plans and Professional Mode in the Enterprise plan. In the smart mode, you can set crawler management for your website. In the professional mode, you can configure more precise crawler rules to suit your website or application.
DDoS
ESA provides built-in Get started with DDoS protection protection features for your website based on your plan. If your website is under a DDoS attack, ESA will continue to accelerate and protect your website, unlike some other proxy services that may disable acceleration in such cases.
API security
API security helps manage and protect APIs for your websites by leveraging sampled user access logs and built-in machine learning models. The system automatically scans associated APIs to detect potential threats and provides a management portal for monitoring and analysis.
Origin protection
You can add the list of ESA POP IP addresses to your origin firewall settings. Origin protection enables only traffic routed through verified IP addresses to reach your origin and thereby safeguard your business.
Settings
You can configure additional security protection settings on the Settings page.
Protection levels
The rate limit base automatically adjusts every 24 hours based on historical data.
Strict: Recommended for use during periods of malicious activity. The initial rate limit for a single IP address is 40 requests per 10 seconds.
Medium: The default protection level. Recommended for daily use. The initial rate limit for a single IP address is 200 requests per 10 seconds.
Loose: Recommended if false positives occur. You can also disable intelligent rate limiting. The initial rate limit for a single IP address is 4,000 requests per 10 seconds.
Actions
Block: Blocks requests that hit a rule and returns a block response page to the client.
NoteFor more information, see Configure custom pages.
Monitor: Does not block requests that hit a rule. Instead, it only logs the event. You can query WAF logs to find requests that hit the rule and analyze its effectiveness, for example, to check for false positives. Monitor mode is useful for testing newly configured rules. After you confirm that the rule does not cause false positives, set the action to Block.
NoteYou must activate Simple Log Service to use the log query feature.
JavaScript Challenge: WAF returns a piece of JavaScript code that a standard browser can automatically execute. If the client executes the JavaScript code correctly, WAF allows all subsequent requests from that client for a period of time (30 minutes by default) without another challenge. Otherwise, WAF blocks the request.
Slider CAPTCHA: WAF returns a slider verification page to the client. If the client successfully completes the slider verification, WAF allows all subsequent requests from that client for a period of 30 minutes by default. Otherwise, WAF blocks the request.
NoteIf the verification is successful (a user successfully completes the slider challenge), the traffic is counted. If the verification fails, the traffic is not counted.
The JavaScript Challenge and Slider actions for WAF custom rules and rate limiting rules apply only to static pages. To support asynchronous API responses such as
XMLHttpRequestandFetch, enable JavaScript Challenge and Slider in Bot Management. After you enable them, when a request hits a rule, ESA initiates a JavaScript Challenge or Slider verification for the client. After the client passes the verification, ESA adds theCookie acw_sc__v2andacw_sc__v3headers to the HTTP message, respectively. These headers indicate that the client has been authenticated.
Availability
The features available for Bots, DDoS, and Origin Protection vary based on your subscription plan. For more information about WAF feature support, see WAF subscription plan details.
Category | Feature | Entrance | Pro | Premium | Enterprise | |
Bots | Smart Mode | Definite Bots | Supported (Only Monitor and Allow actions are supported) | Supported (Only Monitor and Allow actions are supported) | Supported | Supported |
Likely Bots | Supported (Only Monitor and Allow actions are supported) | Supported (Only Monitor and Allow actions are supported) | Supported | Supported | ||
Verified Bots | Not supported | Not supported | Not supported | Supported | ||
Effective for static resource requests | Not supported | Not supported | Not supported | Supported | ||
JavaScript detection | Not supported | Not supported | Not supported | Supported | ||
Professional Mode | Number of bot management rulesets supported | Not supported | Not supported | Not supported | 10 | |
DDoS protection | Protection level | Basic protection | Basic protection | Basic protection | Best-effort protection | |
Origin protection | Not supported | Not supported | Supported | Supported | ||