Other security settings

更新时间:
复制 MD 格式

Configure client IP definitions, security challenge levels, and request body inspection limits for your website.

Client IP definition

Define the client IP source used in WAF and bot rules. By default, ESA uses the connecting IP. You can also specify a custom header as the client IP source.

When you use Edge Security Acceleration ESA without other proxy services, clients connect directly to ESA edge acceleration nodes. ESA can then identify the real client IP:

image

If a third-party reverse proxy (such as another vendor's WAF, DDoS protection, or Edge Routines) sits between your client and ESA, the proxy connects to ESA edge acceleration nodes instead of the client. The connecting IP that ESA sees is no longer the real client IP. Configure a custom header to pass the real client IP, and ensure your client writes the IP to that header.

image
Note

The custom header IP (such as 192.168.0.1) affects only rule execution. The actual connecting IP (such as 10.10.10.10) is still recorded in security analysis, event analysis, traffic analysis, offline logs, and real-time logs.

Procedure

  1. In the ESA console, go to Websites. In the Website column, click the target website.

  2. In the left-side navigation pane, choose Security > Settings.

  3. In the Client IP Definition section, click Configure and select the client IP source type based on your requirements.

    • Connect IP (Default value): The IP address that the client uses to connect to the ESA node.

    • Custom Header: Specify one or more custom headers as the client IP source. You can enter up to five headers, separated by commas.

  4. Click OK.

Security level

ESA uses threat intelligence to assess each request's risk. Requests from IPs exceeding the configured threat threshold are challenged before receiving a response.

Security level

Description

Low (Default)

Challenges only the highest-threat IPs. Recommended for websites with no history of attacks or volumetric traffic abuse.

Medium

Challenges higher-threat IPs. Recommended if your website has experienced volumetric traffic abuse. Select this level or higher.

High

Challenges any suspicious IP. Use during critical protection periods or active attacks.

I'm Under Attack

Challenges all visitors. Recommended only when your website is under attack.

Essentially Off

Retains only ESA's minimum platform protection. ESA still challenges high-risk requests at this level. Use only when severe false positives occur.

Off (Available in Enterprise Plans)

Disables all security protection. Available only on the Enterprise Plan. Use only for severe false positives.

Important
  • Higher security levels may impact legitimate visitors. Adjust based on your current threat level.

  • If your website experiences false positives for certain IP addresses or APIs, you need to create a whitelist rule.

  • The security level is independent of WAF rules. The security level challenges or blocks visitors based on threat intelligence, while WAF rules do so based on the rules you define.

Procedure

  1. In the ESA console, go to Websites. In the Website column, click the target website.

  2. In the left-side navigation pane, choose Security > Settings.

  3. In the Security Level section, select the desired Security Level.

  4. Click OK.

Request body inspection limit

For security rules that match a body parameter, ESA inspects only the first 8 KB of the request body by default. If the request body exceeds 8 KB and this portion does not match a blocking rule, the request is allowed. To increase the request body size that ESA inspects, modify Security > Settings > Request Body Check Limit.