All Products
Search
Document Center

Edge Security Acceleration:WAF

Last Updated:Mar 27, 2025

Edge Security Acceleration (ESA) is integrated with Web Application Firewall (WAF) to identify traffic patterns and filter out malicious requests. Only trusted requests can be redirected to origin servers. WAF can protect web servers against intrusions, secure important business data, and prevent server anomalies caused by attacks.

Billing

Requests filtered out by WAF rules are not subject to billing or plan quotas.

Features overview

  • Smart rate limiting

    Powered by the Edge Security Acceleration (ESA) AI engine, the smart rate limiting feature simplifies the rate limiting setup for security-conscious entry-level users. When you activate smart rate limiting and select a protection level, ESA establishes a baseline and adjusts the rate limits every 24 hours by analyzing access frequency data from your website over the past seven days.

  • Custom rules

    Custom rules allow you to control user access to resources on your website. To create a custom rule for your website, specify the match conditions and an action such as block or monitor.

  • Rate limiting rules

    You can create rate limiting rules via Edge Security Acceleration (ESA) to limit the rate of requests that match specific conditions. For example, if an IP address visits your website at a high frequency within a specific period of time, you can create a rate limiting rule to specify a request rate limit, and enable slider CAPTCHA verification or add the IP address to the blacklist for a period of time when the configured limit is reached.

  • Managed rules

    Intrusion attacks such as SQL injection, cross-site scripting (XSS), code execution, CRLF injection, remote file inclusion, and webshells pose high risks but are usually difficult to detect by using custom rules and rate limiting rules. To address this issue, Edge Security Acceleration (ESA) offers built-in intelligent managed rules to defend against OWASP attacks and the latest origin vulnerabilities. You can enable protection against various types of attacks without manual configurations and updates.

  • Scan protection rules

    The scan protection module detects the behavior and characteristics of automated scanners to prevent attackers or scanners from scanning websites. Attack sources are blocked or added to the blacklist. This reduces the risk of intrusions into web services and prevents undesired traffic generated by malicious scanners.

  • Whitelist rules

    You can configure whitelist rules to allow requests with the specified characteristics, exempting them from all or certain rules, including custom rules, rate limiting rules, managed rules, scan protection rules, and bot management rules.

  • IP access rules

    You can create IP access rules to allow, challenge, or block traffic based on the IP address, Autonomous System Number (ASN), and geographical location of visitors. IP access rules are applicable to both HTTP (Layer 7) and TCP/UDP (Layer 4) requests.

Filterable request characteristics supported by rules engine

A complete rule used to filter requests consists of conditional expressions and a logical operator. You can specify multiple conditional expressions and combine them to filter requests based on your business requirements. For more information about rule creation and deployment, see Match fields.

Execution order

WAF rules are executed in the following order: IP access rules > whitelist rules > scan protection rules > managed rules > custom rules > rate limiting rules > bot management rules.

0318-7

Availability

Item

Entrance

Pro

Premium

Enterprise

Number of custom rules

3

20

100

200

Number of rate limiting rules

Not supported

2

5

10

Managed rules

Supports basic rules

Supports basic rules

Supports basic rules

Supports all rules

Number of scan protection rules

Not supported

5

10

20

Number of whitelist rules

2

3

5

10