Edge Security Acceleration (ESA) inspects and filters traffic at points of presence (PoPs) using edge WAF, edge bots management, DDoS protection, and origin protection, preventing malicious attacks from reaching your origin server, protecting your data center, and improving access speed and user experience.
Features
Feature | Description | |
Security analytics displays data from WAF and bot management, including metrics for blocked, observed, and other requests. You can use this data to adjust your protection rules. | ||
The Events dashboard collects and analyzes data from security events to help you identify threats and assess risks to take appropriate actions. | ||
Intelligent protection | Smart Rate Limiting is an AI-powered enhancement of rate limiting rules, designed for users new to web security. It greatly simplifies configuring rate limits. You no longer need to manually analyze site traffic, identify abnormal request patterns, and set thresholds. Simply enable the feature and select a protection level. Smart rate limiting automatically trains a baseline from your website's traffic patterns over the past 7 days and updates rate limiting thresholds daily. | |
This ESA feature prevents abuse by combining global monitoring of abnormal traffic with an open-source IP reputation database. The database is updated daily to block traffic abuse from sources like Peer-to-Peer CDN (PCDN) platforms and automated scripts, protecting you from significant financial losses. | ||
If your site requires custom access control policies, you can create custom rules. Set conditions to match specific user requests, and then apply actions such as Block or Monitor to control those requests. This gives you flexible control over the content that users can access. | ||
Rate limiting in Edge Security Acceleration (ESA) lets you control requests that match specific features. For example, if a client IP accesses your site at a high frequency, you can use this feature to apply a slider challenge or block the IP for a specified period after a threshold is exceeded. | ||
Intrusive attacks such as SQL injection, cross-site scripting (XSS), code execution, CRLF, remote file inclusion, and WebShell are difficult to detect and can cause significant damage. It is challenging to configure protection against these attacks by using custom rules or frequency control rules. Managed rules are intelligent protection rules that are built into ESA. They can intelligently protect against OWASP attacks and the latest origin server vulnerability attacks. You can directly enable protection for various types of attacks without manual configuration and updates. | ||
The scan protection feature identifies the behavior and signatures of automated scanners to block large-scale scanning attempts against your website. It blocks an attack source or adds it to a blacklist. This reduces the risk of intrusions and minimizes unwanted traffic from malicious scans. | ||
Whitelist rules let specific requests bypass all or selected WAF protection modules. Use them to prevent false positives -- for example, when an internal health-check service triggers rate limiting, or when a trusted partner's API calls are blocked by managed rules. | ||
Use IP access rules to allow, challenge, or block traffic based on a client's source IP address, Autonomous System Number (ASN), or geographic location. These rules apply to both Layer 7 (HTTP) and Layer 4 (TCP/UDP) requests. | ||
ESA provides two modes, Smart Mode and Professional Mode, to meet the security protection requirements of different business scenarios. | ||
ESA monitors traffic in real time to identify attack patterns such as SYN floods, ACK floods, and CC attacks. When it detects abnormal traffic, ESA automatically blocks malicious data and lets legitimate traffic pass, ensuring business continuity and stability. | ||
Rapid business iterations often introduce core pain points such as unclear API assets, unknown attack surfaces, and decentralized security policy management. The API Security feature of Edge Security Acceleration (ESA) is designed to address these issues. It helps you build a unified API security barrier at the edge layer. This feature provides automatic discovery, continuous monitoring, and security protection for your business APIs by analyzing access requests that flow through points of presence (POPs) and using machine learning models. | ||
You can protect your origin server by adding the ESA node IP list to its firewall rules, which allows only requests or traffic from the whitelisted IP addresses to access the origin server. | ||
On the security settings page, you can define how ESA identifies client IP addresses, adjust the global security level for threat challenges, and configure the request body detection limit for security rule matching. | ||
Intelligent rate limiting levels
Loose: Recommended if you encounter false positives. You can either enable loose mode or disable intelligent rate limiting entirely. The initial rate limit for a single IP address is 4,000 requests per 10 seconds. Once enabled, this limit adjusts automatically every 24 hours based on historical data.
Medium: The recommended setting for daily operations. The initial rate limit for a single IP address is 200 requests per 10 seconds. Once enabled, this limit adjusts automatically every 24 hours based on historical data.
Strict: Recommended for mitigating active abuse or malicious traffic. The initial rate limit for a single IP address is 40 requests per 10 seconds. Once enabled, this limit adjusts automatically every 24 hours based on historical data.
Actions
Block: Blocks requests that match the rule and returns a block page to the client.
NoteTo customize the block page, see Configure custom pages.
Monitor: Allows requests that match the rule to pass but logs the match event. You can query WAF logs to find matching requests and check for false positives. The monitor mode is useful for testing a new rule. After you confirm that the rule does not cause false positives, you can change the action to Block.
NoteYou must enable Log Service to use the log query feature.
JavaScript Challenge: ESA returns a JavaScript snippet to the client. If the client's browser correctly executes the script, ESA allows all subsequent requests from that client for a default period of 30 minutes without another challenge. Otherwise, the request is blocked.
Slider CAPTCHA: ESA returns a slider CAPTCHA page to the client. If the client successfully solves the CAPTCHA, ESA allows all subsequent requests from that client for a default period of 30 minutes. Otherwise, the request is blocked.
NoteTraffic is billed for requests that pass the Slider CAPTCHA, but not for blocked requests.
The JavaScript Challenge and Slider CAPTCHA actions for WAF custom rules and rate limiting rules apply only to static pages. To support responses from asynchronous APIs, such as
XMLHttpRequestandFetch, you must enable JavaScript Challenge and Slider CAPTCHA in Bots. Once enabled, when a request matches a rule, ESA issues a JavaScript Challenge or Slider CAPTCHA to the client. After the client passes the challenge, ESA adds aCookie acw_sc__v2oracw_sc__v3to the HTTP message header to mark the client as verified.
Availability by plan
The following list shows plan support for bots, DDoS, and origin protection. For WAF plans, see WAF plan details.
Intelligent protection
|
Feature category |
Detailed feature |
Free (0 CNY/month) |
Basic (9.9 CNY/month) |
Standard (375 CNY/month) |
Pro (3600 CNY/month) |
Enterprise (contact sales for custom pricing) |
|
Smart protection |
|
|
|
|
|
|
|
|
|
|
|
|
WAF
|
Feature category |
Detailed feature |
Free (0 CNY/month) |
Basic (9.9 CNY/month) |
Standard (375 CNY/month) |
Pro (3600 CNY/month) |
Enterprise (contact sales for custom pricing) |
|
5 |
10 |
50 |
100 items |
100 |
||
|
1 |
1 |
3 items |
5 |
10 |
||
|
Rate limiting - Statistical duration enumeration |
10 seconds |
|
|
|
|
|
|
Rate limiting - Duration enumeration |
10 seconds |
|
|
|
|
|
|
Rate limiting - Features |
Client IP |
|
|
|
|
|
|
Rate limiting - Apply to cached requests |
|
|
|
|
|
|
|
50 |
200 |
300 |
400 items |
400 items |
||
|
1 |
2 |
3 items |
5 |
10 |
||
|
Supports Basic Policies |
Supports Basic Policies |
Supports all rules |
Supports all rules |
Supports all rules |
||
|
|
|
5 |
10 |
20 |
||
|
|
|
|
|
|
||
|
|
|
|
|
|
||
|
Strict CAPTCHA |
|
|
|
|
|
|
|
Account-level quota. Default rule limit is 10. |
||||||
|
DDoS alerting |
|
|
|
|
|
|
|
Layer 4 proxy (including Layer 4 DDoS protection) |
|
|
|
|
|
|
DDoS
|
Feature category |
Detailed feature |
Free (0 CNY/month) |
Basic (9.9 CNY/month) |
Standard (375 CNY/month) |
Pro (3600 CNY/month) |
Enterprise (contact sales for custom pricing) |
|
Basic DDoS protection |
|
|
|
|
|
|
|
Unlimited protection |
|
|
|
|
Contact sales to request on-demand customization. |
|
|
HTTP DDoS attack protection |
|
|
|
|
|
|
|
Deep Learning and Protection |
|
|
|
|
|
|
|
Scenario policies |
|
|
|
|
|
Bots
|
Feature category |
Detailed feature |
Free (0 CNY/month) |
Basic (9.9 CNY/month) |
Standard (375 CNY/month) |
Pro (3600 CNY/month) |
Enterprise (contact sales for custom pricing) |
|
Definite Bots |
(action only supports observation, allow) |
(action only supports observation, allow) |
(action only supports observation, allow) |
|
|
|
|
Likely Bots |
(action only supports observation, allow) |
(action only supports observation, allow) |
(action only supports observation, allow) |
|
|
|
|
Verified Bots |
|
|
|
|
|
|
|
Static Resource Protection |
|
|
|
|
|
|
|
JavaScript Detection |
|
|
|
|
|
|
|
Number of bot management rulesets supported |
|
|
|
|
10 |
Origin protection
|
Feature category |
Detailed feature |
Free (0 CNY/month) |
Basic (9.9 CNY/month) |
Standard (375 CNY/month) |
Pro (3600 CNY/month) |
Enterprise (contact sales for custom pricing) |
|
|
|
|
|
|
||