Edge Security Acceleration (ESA) is integrated with Web Application Firewall (WAF) to identify traffic patterns and filter out malicious requests. Only trusted requests can be redirected to origin servers. WAF can protect web servers against intrusions, secure important business data, and prevent server anomalies caused by attacks.
Billing
Requests filtered out by WAF rules are not subject to billing or plan quotas.
Features overview
Powered by the Edge Security Acceleration (ESA) AI engine, the smart rate limiting feature simplifies the rate limiting setup for security-conscious entry-level users. When you activate smart rate limiting and select a protection level, ESA establishes a baseline and adjusts the rate limits every 24 hours by analyzing access frequency data from your website over the past seven days.
Custom rules allow you to control user access to resources on your website. To create a custom rule for your website, specify the match conditions and an action such as block or monitor.
You can create rate limiting rules via Edge Security Acceleration (ESA) to limit the rate of requests that match specific conditions. For example, if an IP address visits your website at a high frequency within a specific period of time, you can create a rate limiting rule to specify a request rate limit, and enable slider CAPTCHA verification or add the IP address to the blacklist for a period of time when the configured limit is reached.
Intrusion attacks such as SQL injection, cross-site scripting (XSS), code execution, carriage return line feed (CRLF) injection, remote file inclusion (RFI), and webshells pose high risks but are usually difficult to detect by using custom rules and rate limiting rules. To address this issue, Edge Security Acceleration (ESA) offers built-in intelligent managed rules to defend against OWASP attacks and the latest origin vulnerabilities. You can enable protection against various types of attacks without manual configurations and updates.
The scan protection module detects the behavior and characteristics of automated scanners to prevent attackers or scanners from scanning websites. Attack sources are blocked or added to the blacklist. This reduces the risk of intrusions into web services and prevents undesired traffic generated by malicious scanners.
You can configure whitelist rules to allow requests with the specified characteristics, exempting them from all or certain rules, including custom rules, rate limiting rules, managed rules, scan protection rules, and bot management rules.
You can create IP access rules to allow, challenge, or block traffic based on the IP address, Autonomous System Number (ASN), and geographical location of visitors. IP access rules are applicable to both HTTP (Layer 7) and TCP/UDP (Layer 4) requests.
Filterable request characteristics supported by rules
A complete rule used to filter requests consists of conditional expressions and a logical operator. You can specify multiple conditional expressions and combine them to filter requests based on your business requirements. For more information about rule creation and deployment, see Match fields.
Execution order
WAF rules are executed in the following order: IP access rules > whitelist rules > scan protection rules > managed rules > custom rules > Smart Rate Limiting > rate limiting rules > bot management rules.
Availability
Item | Entrance | Pro | Premium | Enterprise |
Number of custom rules | 3 | 20 | 100 | 100 |
Number of rate limiting rules | Not supported | 2 | 5 | 10 |
Managed rules | Supports basic rules | Supports basic rules | Supports basic rules | Supports all rules |
Number of scan protection rules | Not supported | 5 | 10 | 20 |
Number of whitelist rules | 2 | 3 | 5 | 10 |
Number of IP access rules | 200 | 200 | 200 | 200 |