ESA combines edge Web Application Firewall (WAF) capabilities with rule-based features to provide fine-grained filtering and management of origin traffic.
What is WAF
A WAF filters and monitors HTTP protects your web applications by filtering and monitoring HTTP traffic between them and the internet. It identifies and blocks traffic with malicious signatures, allowing only clean, safe traffic to reach your servers. This helps prevent malicious intrusions that can degrade performance or cause service disruptions.
ESA delivers WAF protection across its 3,200 global points of presence (POPs), safeguarding your services and data security worldwide.
Requests blocked by WAF rules are not billed and do not consume your plan's quota.
Feature overview
Configuration | Description |
Powered by the Edge Security Acceleration (ESA) AI engine, the smart rate limiting feature simplifies the rate limiting setup for security-conscious entry-level users. When you activate smart rate limiting and select a protection level, ESA establishes a baseline and adjusts the rate limits every 24 hours by analyzing access frequency data from your website over the past seven days. | |
Use ESA abuse prevention to protect your applications from traffic abuse that can lead to inflated costs and resource exhaustion. The feature leverages ESA IP intelligence database to automatically challenge or block requests from sources known for malicious activity. | |
Custom rules allow you to control user access to resources on your website. To create a custom rule for your website, specify the match conditions and an action such as block or monitor. | |
You can create rate limiting rules via Edge Security Acceleration (ESA) to limit the rate of requests that match specific conditions. For example, if an IP address visits your website at a high frequency within a specific period of time, you can create a rate limiting rule to specify a request rate limit, and enable slider CAPTCHA verification or add the IP address to the blacklist for a period of time when the configured limit is reached. | |
Intrusion attacks such as SQL injection, cross-site scripting (XSS), code execution, carriage return line feed (CRLF) injection, remote file inclusion (RFI), and webshells pose high risks but are usually difficult to detect by using custom rules and rate limiting rules. To address this issue, Edge Security Acceleration (ESA) offers built-in intelligent managed rules to defend against OWASP attacks and the latest origin vulnerabilities. You can enable protection against various types of attacks without manual configurations and updates. | |
The scan protection module detects the behavior and characteristics of automated scanners to prevent attackers or scanners from scanning websites. Attack sources are blocked or added to the blacklist. This reduces the risk of intrusions into web services and prevents undesired traffic generated by malicious scanners. | |
Whitelist rules allow you to permit requests with specific characteristics. These requests bypass all or certain protection rules, such as custom rules, rate limiting, managed rules, scan protection, and bot management. | |
IP access rules support setting protection rules based on IP address, ASN, and region. These rules take effect for both HTTP requests (Layer 7) and Layer 4 proxy. |
Rule execution order
The execution sequence of different rules is as follows: IP access rules → Whitelist rules → Security level → Scan protection rules → Managed rules → Custom rules → Smart rate limiting → Rate limiting rules → Bots management rules → Abuse prevention rules.
A request is matched against all rules in the sequence until it is blocked by a triggered rule or allowed by a whitelist rule.
Availability
Category | Entrance | Pro | Premium | Enterprise |
Custom rules | 3 | 20 | 100 | 100 |
Rate limiting rules | Not supported | 2 | 5 | 10 |
Managed rules - Ruleset type | Supports basic rules | Supports all rules | Supports all rules | Supports all rules |
Scan protection rules | Not supported | 5 | 10 | 20 |
Whitelist rules | 2 | 3 | 5 | 10 |
IP access rules | 200 | |||