All Products
Search

This Product

    Edge Security Acceleration:Add your website to ESA

    Document Center

    Edge Security Acceleration:Add your website to ESA

    Last Updated:Jan 14, 2026

    This guide explains how to add your website to Edge Security Acceleration (ESA) using NS setup or CNAME setup. Once added, you can manage your website, accelerate content delivery, run code at the edge, and enable comprehensive security protection.

    Before you begin

    You will need:

    Step 1: Add your website

    Before configuring your website, add its root domain to ESA.

    1. In the ESA console, choose Websites and click Add Website.

    2. On the Enter Website page, enter your website's root domain (for example, example.com), and click Next. image

    3. On the Select Location and DNS Setup page, select an acceleration region and a setup method, and then click Next.

      Select an acceleration region

      ESA assigns points of presence (POPs) based on your selected region to provide security and acceleration services to users in that area.

      Acceleration region

      Description

      Chinese mainland

      ESA assigns POPs in the Chinese mainland to provide security and acceleration for your website. If you choose this region, your domain name must have an ICP filing.

      Global

      ESA assigns POPs worldwide to provide global security and acceleration for your website. If you choose this region, your domain name must have an ICP filing.

      Global (Excluding the Chinese mainland)

      ESA assigns POPs outside the Chinese mainland to provide security and acceleration for your website. If you choose this region, your domain name does not need an ICP filing.

      Select a setup method

      ESA offers two setup methods: NS setup and CNAME setup. The following table helps you choose the right one.

      Setup method

      Description

      Use cases

      Advantages

      NS setup

      Fully delegates your domain's DNS resolution to ESA for integrated management.

      • New domains with no existing DNS records.

      • First-time users of CDN or acceleration services.

      • Need for all-in-one DNS hosting and traffic management.

      • Centralized management of DNS resolution through ESA.

      • Supports smart routing and global traffic scheduling.

      • Simplifies operations and improves security and acceleration.

      CNAME setup

      Your existing DNS provider handles DNS resolution, while ESA provides acceleration and centralized management.

      • Familiar with traditional CDN-like products.

      • Need to add only a some of your services to ESA while keeping your existing DNS setup.

      • Flexible setup without affecting your current DNS configuration.

      • Allows acceleration for specific subdomains.

      image

    4. On the Select Plan page, select a plan by purchasing a New Plans or assigning a Purchased Plans. Follow the console instructions to complete the purchase.

      New plans

      On the New Plans tab, select a suitable plan based on your needs. image

      Purchased plans

      If you have an existing plan, you can select it from the Purchased Plans tab to assign it to your website. image

    Step 2: Enable protection

    Configure ESA's security features to protect your website. These features include SSL certificate management for data-in-transit encryption, Anti-DDoS to defend against flood attacks, and a Web Application Firewall (WAF) to protect web applications. Together, these features create a secure and reliable web environment.

    Encrypt data in transit

    Encryption of data in transit is critical for securing network communications. It prevents sensitive data from being intercepted or tampered with during transmission. ESA provides a comprehensive security solution between clients and your origin server, ensuring data safety at every step.

    ESA enables SSL/TLS encryption by default. You can apply for and configure an SSL certificate to prevent interruptions to your HTTPS services.

    Additionally, you can enable mutual TLS authentication at the edge through ESA. This establishes a two-way authentication mechanism between clients and ESA POPs, ensuring that only authorized clients can access your server. This mutual authentication enhances in-transit data security and prevents unauthorized access and malicious attacks.

    With these multi-layered security measures, your data is protected from various network threats during transmission, safeguarding your services.

    Protect against anomalous access

    Protecting against anomalous access is a vital part of website security, defending against malicious attacks and ensuring the stability and availability of your website. ESA provides multiple security measures to keep your services safe.

    image

    ESA's native WAF capabilities, combined with predefined and custom rules, intelligently filter client traffic. This ensures that only legitimate traffic reaches your server, which reduces potential security risks. You can also enable abuse prevention based on your needs to effectively prevent resource abuse and ensure service stability and security.

    During operation, ESA uses its security analytics and Event Analysis modules to collect and analyze client request data in real time to identify anomalous behavior. In conjunction with WAF custom rules, you can flexibly configure various protective actions such as blocking, JavaScript Challenge, and redirects to precisely counter different types of attacks.

    Furthermore, ESA enables basic Anti-DDoS protection by default. This effectively mitigates large-scale DDoS attacks and CC attacks, ensuring your website remains stable even under high-traffic attacks.

    With these multi-layered protection measures, ESA not only identifies and blocks anomalous access but also provides robust security against complex attacks, comprehensively safeguarding your website.

    Step 3: Improve website performance

    ESA improves website speed and performance with features like custom image transformation, resource optimization, and IPv6 support, enhancing the user experience.

    Configure caching

    Configure website cache policies or create cache rules to store resource files on ESA's edge POPs. When a user requests a file, the edge POP serves the file directly, which avoids long-haul back-to-origin requests and speeds up content delivery.

    Optimize resource access performance

    By enabling and optimizing website settings, ESA significantly improves application performance. Specifically, ESA uses multiple advanced technologies to comprehensively optimize resources, including custom image transformation, resource minification, and transport protocol upgrades. These optimizations improve site access speed from multiple dimensions, allowing you to retrieve required resources faster and enhancing the overall user experience.

    • Custom image transformation: Automatically adjusts the size and format of images based on the user's device and screen size to reduce unnecessary data transmission.

    • Resource minification: Compresses and optimizes static resources, and removes redundant code and unnecessary data to reduce the size of resource files.

    • Transport protocol upgrades: Supports the latest transport protocols, such as HTTP/2 and HTTP/3, to improve data transmission efficiency and reduce latency.

    Optimize network performance

    To further improve network transmission speed, ESA provides four levels of network optimization configurations to enhance overall network performance, from protocol support to communication methods.

    • IPv6 protocol support: Fully compatible with the IPv6 protocol to improve the utilization of network address resources and optimize network connectivity efficiency.

    • Low-latency communication with WebSocket: Uses the WebSocket protocol for real-time communication to reduce data transmission latency and improve the response speed of real-time applications.

    • Efficient service interaction with gRPC: Provides low-latency, high-throughput service interaction based on the efficient communication mechanism of gRPC. This is suitable for scenarios with high performance requirements.

    • Intelligent traffic shaping to prevent overload: Uses intelligent traffic shaping and load balancing technologies to avoid network congestion and overload, which ensures stable network transmission speed even in high-concurrency scenarios.

    Step 4: Verify and activate your website

    Adding a website does not automatically enable its acceleration or protection. Activate it to use ESA's services.

    Test your accelerated domain locally

    If your domain hosts live services, test the accelerated domain locally before activation. This ensures a smooth DNS transition without interrupting your existing services.

    NS setup

    For a website connected using the NS setup, how can I verify that the service is normal before officially enabling the website?

    If you want to perform an online service verification test before you officially switch the service to ESA, you can test different records:

    1. DNS-only records: You can run the dig command for your record and specify the NS record assigned to you by ESA (@ESA-assigned-NS-record). This retrieves the DNS resolution from the specified ESA NS server. Then, check whether the resolved record value is the same as the one you configured in ESA. Example command: dig DNS-only-record @ESA-assigned-NS:

      image

      You can obtain the NS record assigned to you by ESA from the website overview in the console:

      image

    2. Proxied records: Pre-testing is not supported.

    CNAME setup

    For a website connected via CNAME setup, how can I verify that the service is normal before pointing requests to ESA?

    You can submit a ticket to obtain the IP address of a test POP. Then, modify your local hosts file to force the accelerated domain name, such as api.example.com, to point to the test POP's IP address for verification.

    Activate your website

    For NS setup

    Step 1: Add DNS records

    To prevent service interruptions, import your existing DNS records to ESA before changing your nameservers.

    Batch import multiple DNS records (Recommended)

    1. Go to Records and click Import. image

    2. On the Import from File page, upload your DNS records file.

      • If you want to migrate DNS records from Cloudflare, Alibaba Cloud DNS, or Tencent Cloud DNSPod to ESA, first export the DNS records file from your original DNS provider, and then follow these steps to upload it:

        1. Select Cloudflare, Alibaba Cloud DNS, or Tencent Cloud DNSPod as needed, and then click Select File.

        2. Select the DNS records file and upload it to ESA.

      • To use an ESA template to manually fill in and import DNS records, follow these steps:

        1. Select Template Import and click Download Template.

        2. In the template file, modify the DNS records according to the template format and save the file.

          DNS file import template

          ;Hostname TTL IN Record Type Record Value

$ORIGIN example.com.

; A record
1.example.com.   600 IN  A   8.8.8.8

; AAAA record
2.example.com.   600 IN  AAAA		2400:cb00:2049:1::a29f:f9

; CNAME record
3.example.com.   600 IN  CNAME     example.com.

; MX record
4.example.com.    600 IN  MX	15 mailhost.example.com.

; TXT record
5.example.com.   600 IN  TXT	xxxxxxxxxxxxxxxxxxx

; NS record
6.example.com.    600 IN  NS	ns.example.com.

; SRV record
_sip._tcp.example.com.   600 IN  SRV	1 5 7001 srvhostname.example.com.

; CAA record
hostname.example.com.    600 IN  CAA	0 issue example.com

; CERT record
cert.example.com.	1	IN	CERT	0 0 0 VEVwQk5GWXlUR3RXVVZwc1RIcGFhMGh0UVhWUGQweFJFZENNM0JSVFROV2JVd3lWbFJOTkVSS1dnPT0=

; SMIMEA record
smimea.example.com.	1	IN	SMIMEA	12 12 12 436c6f7564666c61726520444e53

; SSHFP record
sshfp.example.com.	1	IN	SSHFP	12 12 436C6F7564666C61726520444E53

; TLSA record
tlsa.example.com.	1	IN	TLSA	12 12 12 436c6f7564666c61726520444e53

; URI record
uri.example.com.	1	IN	URI	12 12 "http://www.example.com/service"

        3. Click Select File, choose the saved template, and upload it.

    3. On the Import page, review and adjust the record configurations. By default, ESA only provides DNS resolution for imported records. In the Proxy Status column, you can enable the ESA proxy for records that require acceleration. image

    4. After adjusting the DNS records, click OK. The records will appear on the Records page, indicating a successful import. image

    Manually add a single record

    1. Go to DNS > Records and click Add Record. image

    2. In the dialog box that appears, add the DNS record details, and then click Next.

      Add DNS record instructions

      Example: Assume your website domain is example.com, and you need to accelerate web pages for the subdomain www.example.com. The origin server's IP address is 198.2.XX.XX. You can configure the record as shown in the following image. For detailed configuration instructions for other record types, see DNS parameters.

    3. Select the appropriate type for your service, and then click OK. image

    Note

    When adding a DNS record, if the subdomain uses a non-standard port (not 80 or 443), choose the appropriate configuration method based on one of the following scenarios:

    • All subdomains use the same non-standard port: If all subdomains access the origin server through the same non-standard port, you can customize the back-to-origin port by configuring the back-to-origin protocol and port.

    • Subdomains use different non-standard ports: If different subdomains access the origin server through different non-standard ports, you can use back-to-origin protocol and port rules to customize different ports for different subdomains.

    Step 2: Change your nameservers and activate your website

    After adding your DNS records, you need to change your website's original nameservers to ESA's nameservers.

    1. In the left-side navigation pane, click Overview. Click image to copy the NS values provided by ESA. image

    2. Follow the instructions in the console to go to your DNS provider and change the nameservers. The console provides guides for changing nameservers with common cloud DNS providers. image

      Below are guides for changing DNS settings for other DNS providers. If your provider is not listed, please consult their documentation.

      Configuration examples for other DNS providers:

      GoDaddy

      1. Log in to the GoDaddy console.

      2. Select My Products > Manage All, and then select the target domain.

      3. Under Additional Settings, click Manage DNS. Under Nameservers, click Change Nameservers. image

      4. Select Enter my own nameservers (advanced), enter the nameservers assigned to you by Edge Security Acceleration (ESA), and click Save.

      5. After saving, wait for the nameserver changes to take effect.

      Namecheap

      1. Log in to the Namecheap console.

      2. On the Domain page, change the nameservers. image

      Name.com

      1. Log in to the Name.com console.

      2. Go to the manage nameservers page. image

      Google Domains

      1. Log in to the Google Domains console.

      2. Click DNS Nameservers > Update Nameservers. image

      3. Click Confirm.

    3. After changing the nameservers, click Verify Nameserver. It may take from a few minutes to 48 hours for the changes to propagate. If verification fails, wait a moment and try again, or wait for the system to detect the change automatically. You will receive an email and an in-site message when your website is activated.

    For CNAME setup

    Step 1: Verify domain ownership

    When adding a domain to ESA for the first time, verify its ownership to activate the service. You only need to do this once per root domain.

    1. In the left-side navigation pane, select Overview. Click image to copy the TXT record provided by ESA. image

    2. Follow the instructions in the console to go to your DNS provider. Add a new TXT record with the information you copied. The console provides guides for adding records with common cloud DNS providers. image

      Below are guides for other DNS providers. If your provider is not listed, please consult their documentation.

      Configuration examples for other DNS providers

      Cloudflare

      If your DNS provider is Cloudflare, follow these steps to add a TXT record.

      1. Log in to the Cloudflare console.

      2. Go to the DNS page, click Add Record, and add a TXT record. image

      3. Click Save to finish.

      GCP

      If your DNS provider is GCP, follow these steps to add a TXT record.

      1. Log in to the GCP console.

      2. Go to the DNS page, click Add Record, and add a TXT record. image

      3. Click Save to finish.

      AWS

      If your DNS provider is AWS, follow these steps to add a TXT record.

      1. Log in to the AWS console.

      2. Go to the DNS page, click Add Record, and add a TXT record. image

      3. Click Save to finish.

      Dyn

      If your DNS provider is Dyn, follow these steps to add a TXT record.

      1. Log in to the Dyn console.

      2. Go to the DNS page, click Add Record, and add a TXT record. image

      3. Click Create Record to finish.

    3. Return to the ESA console and click Verify to complete the verification.

      Note

      It may take from a few minutes to several hours for the record to take effect. If verification fails, please wait a moment and try again.

    Step 2: Add an accelerated domain

    After verifying domain ownership, you can enable ESA's proxy acceleration service for your subdomain in two steps.

    Get the CNAME record value from ESA

    You need to add a DNS record in ESA that includes the subdomain prefix and origin server address to obtain a CNAME record value.

    1. In the left-side navigation pane, select DNS > Records.

    2. On the Records page, add DNS records manually or by batch import to get the CNAME record value provided by ESA.

      Manually add a single record

      1. On the Records page, click Add Record.

      2. On the Add Record page, fill in the corresponding information.

        Add DNS record instructions

        Example: Assume your website domain is example.com, and you need to accelerate web pages for the subdomain www.example.com. The origin server's IP address is 198.2.XX.XX. You can configure the record as shown in the following image. For detailed configuration instructions for other record types, see DNS parameters.

      3. Click Next, select the appropriate type for your service, and the record will be added. image

      4. After the record is added, follow the console instructions and click image to copy the CNAME record value provided by ESA, which points to the edge POP. image

      Batch import multiple DNS records

      1. On the Records page, click Import.

      2. On the Import page, upload your DNS records file.

        • If you want to migrate DNS records from Cloudflare, Alibaba Cloud DNS, or Tencent Cloud DNSPod to ESA, first export the DNS records file from your original DNS provider, and then follow these steps to upload it:

          1. Select Cloudflare, Alibaba Cloud DNS, or Tencent Cloud DNSPod as needed, and then click Select File.

          2. Select the DNS records file and upload it to ESA.

        • To use an ESA template to manually fill in and import DNS records, follow these steps:

          1. Select Import From Template and click Download Template.

          2. In the template file, modify the DNS records according to the template format and save the file.

            DNS file import template

            ;Hostname TTL IN Record Type Record Value

$ORIGIN example.com.

; A record
1.example.com.   600 IN  A   8.8.8.8

; AAAA record
2.example.com.   600 IN  AAAA		2400:cb00:2049:1::a29f:f9

; CNAME record
3.example.com.   600 IN  CNAME     example.com.

; MX record
4.example.com.    600 IN  MX	15 mailhost.example.com.

; TXT record
5.example.com.   600 IN  TXT	xxxxxxxxxxxxxxxxxxx

; NS record
6.example.com.    600 IN  NS	ns.example.com.

; SRV record
_sip._tcp.example.com.   600 IN  SRV	1 5 7001 srvhostname.example.com.

; CAA record
hostname.example.com.    600 IN  CAA	0 issue example.com

; CERT record
cert.example.com.	1	IN	CERT	0 0 0 VEVwQk5GWXlUR3RXVVZwc1RIcGFhMGh0UVhWUGQweFJFZENNM0JSVFROV2JVd3lWbFJOTkVSS1dnPT0=

; SMIMEA record
smimea.example.com.	1	IN	SMIMEA	12 12 12 436c6f7564666c61726520444e53

; SSHFP record
sshfp.example.com.	1	IN	SSHFP	12 12 436C6F7564666C61726520444E53

; TLSA record
tlsa.example.com.	1	IN	TLSA	12 12 12 436c6f7564666c61726520444e53

; URI record
uri.example.com.	1	IN	URI	12 12 "http://www.example.com/service"

          3. Click Select File, choose the saved template, and upload it.

      3. On the Import page, review and adjust the record configurations, and then click OK. image

      4. After a successful import, go to the DNS records list and click image in the CNAME column to copy the CNAME record value. image

      Note

      When adding a DNS record, if the subdomain uses a non-standard port (not 80 or 443), choose the appropriate configuration method based on one of the following scenarios:

      • All subdomains use the same non-standard port: If all subdomains access the origin server through the same non-standard port, you can customize the back-to-origin port by configuring the back-to-origin protocol and port.

      • Subdomains use different non-standard ports: If different subdomains access the origin server through different non-standard ports, you can use back-to-origin protocol and port rules to customize different ports for different subdomains.

    Add the CNAME record in your DNS provider's console

    Since your domain's DNS resolution is managed by a third-party DNS provider, add the corresponding CNAME record in your DNS provider's console after obtaining the CNAME value from ESA. When a user requests the accelerated domain, the request will be resolved by the DNS provider to the corresponding ESA edge POP, thus receiving the acceleration service.

    1. Follow the same steps used for adding the domain ownership verification record. Go to your DNS provider's console and add a CNAME record with the information you copied.

    2. Return to the ESA console, select DNS > Records, and confirm that the CNAME Status for the newly added record shows Configured. image

      Note

      It may take from a few minutes to several hours for the DNS record to take effect. If verification fails, please wait a moment and try again.

    Step 5: Verify acceleration

    After your website is added to ESA, client requests are automatically routed to the nearest ESA POP. Check the IP address to verify that acceleration is active.

    Method 1: Use browser developer tools

    Choose a DNS record with proxy acceleration enabled for this test. Records without proxy acceleration do not pass through ESA edge POPs and are not suitable for this method.

    1. In a browser, access a resource on your website, for example, https://api.example.com/test.txt. Open the developer tools in the browser and check the IP address to which the request is routed. image

    2. Use an IP lookup tool to check if the IP address belongs to ESA. If the IP address belongs to ESA, your website is being accelerated. image

    Method 2: Use the command line

    Choose a DNS record with proxy acceleration enabled for this test.

    Note

    DNS records without proxy acceleration do not pass through ESA edge POPs and are not suitable for this method.

    Windows

    1. Open the Command Prompt application.

    2. Enter nslookup -type=A your.domain.com (for example, nslookup -type=A test.example.com) to get the resolved IP address. image

    3. Use an IP lookup tool to check if the IP address belongs to ESA. If the IP address belongs to ESA, your website is being accelerated. image

    Linux, macOS

    1. Open the Terminal application.

    2. Enter dig your.domain.com (for example, dig test.example.com) to get the resolved IP address. image

    3. Use an IP lookup tool to check if the IP address belongs to ESA. If the IP address belongs to ESA, your website is being accelerated. image

    Method 3: Check instant logs

    Note

    Instant logs are not supported on the Entrance plan. If you are on the Entrance plan, you can use Method 1 or 2 to verify, or upgrade your plan and use Method 3.

    1. In the ESA console, go to Websites, and click the target website in the Website column.

    2. In the left-side navigation pane, go to Analytics and Logs > Instant Logs, and click Start Monitoring to collect logs.

    3. If logs appear, it means your website is being accelerated by ESA. image

    Learn more

    ESA offers other features to help you manage your website, including caching, edge computing, rules, Analytics and Logs, and traffic management.

    Edge computing

    ESA provides an efficient, flexible, and low-latency edge computing solution through its Functions and Pages, Edge Container, and Edge Storage products.

    • Functions and Pages is an all-in-one full-stack development platform. By deeply integrating Git workflows, a global edge network, and an intelligent build system, it provides an end-to-end deployment solution from code commit to global distribution. The platform supports various application scenarios, including static websites, Single-Page Applications (SPAs), Server-Side Rendering (SSR) applications, and Edge Functions, meeting diverse deployment needs from personal projects to enterprise-level complex architectures.

    • Edge Container is a highly elastic and easy-to-maintain computing resource deployed on edge POPs, centered around container applications. Through global deployment and proximity-based scheduling, it simplifies protocol handling and significantly reduces response latency.

    • Edge Storage is a Key-Value edge storage service. When combined with Edge Functions, it allows for quick reading of data from edge storage on the same POP, enabling the deployment of lightweight BaaS services, API gateway services, and more.

    Custom rules

    Based on your business needs, you can use a consistent basic syntax and configuration logic to create and deploy conditional rules across different product features (such as caching, redirects, compression, back-to-origin, and WAF). This gives you flexible, precise control over how policies are executed, leading to more efficient management.

    Analytics and Logs

    As ESA processes your service requests, it generates real-time traffic data and detailed log records. Use this data to optimize resources, troubleshoot issues, create monitoring metrics, and analyze connection quality.

    Traffic management

    ESA's edge POPs monitor and intelligently regulate data flow in real time. By optimizing traffic distribution strategies and balancing the load across multiple origin servers, they significantly reduce link latency while enhancing the availability and stability of your services.