ESA/DCDN user guide - Edge Security Acceleration - Alibaba Cloud Documentation Center

You can manage Dynamic Content Delivery Network (DCDN) or Edge Security Acceleration (ESA) resources and features in the console.

ESA

Category	Feature	Description	References
Website management	Version management	The version management feature of Dynamic Content Delivery Network (DCDN) allows you to maintain different versions for custom website configurations and test, deploy, and roll back configuration changes.	Version management
	Analytics and logs	Edge Security Acceleration (ESA) logs requests that pass through ESA points of presence (POPs) and analyzes these logs to help you troubleshoot faults, check the impact of updated configurations, and generate monitoring metrics. Edge Security Acceleration (ESA) logs requests to your website. It collects and aggregates the logs generated by each module for you to view. You can use these logs to troubleshoot faults, generate monitoring metrics, and debug or test network connectivity between clients and your website.	Analytics and logs
	DNS	Alibaba Cloud Edge Security Acceleration (ESA) provides a powerful and flexible Domain Name System (DNS) service. You can select NS or CNAME to set up your domain when you add your website to ESA. After you add your website to ESA, ESA provides features such as static and dynamic content delivery, security protection, and edge computing for the website. This improves the user experience and security of your website.	DNS records DNS settings
	SSL/TLS	Hypertext Transfer Protocol Secure (HTTPS) is an extension of Hypertext Transfer Protocol (HTTP) and can encrypt data by using the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol. You can use HTTPS to prevent data from being eavesdropped on, intercepted, or tampered with by third parties. Dynamic Content Delivery Network (DCDN) allows you to configure SSL/TLS certificates to verify the security of connections between clients and servers.	SSL/TLS
	Security	Edge Security Acceleration (ESA) is integrated with Web Application Firewall (WAF) to identify traffic patterns and filter out malicious requests. Only trusted requests can be redirected to origin servers. WAF can protect web servers against intrusions, secure important business data, and prevent server anomalies caused by attacks. Bot management rules can be used to protect your websites or native iOS and Android apps against crawlers. To use the anti-crawler feature on your native iOS and Android apps, you must integrate the Anti-Bot SDK. You can create different anti-crawler rules for requests that have different characteristics. You can also use the built-in crawler libraries such as search engine crawler library, AI protection, bot threat intelligence library, data center blacklist, and fake spider list. This frees you from manual updates and analysis of crawler characteristics. If your website is under a DDoS attack, Edge Security Acceleration (ESA) will continue to accelerate and protect your website, unlike some other proxy services that may disable acceleration in such cases. ESA provides built-in DDoS protection of different levels for your website based on your associated plan. You can add the list of Dynamic Content Delivery Network (DCDN) point of presence (POP) IP addresses to your origin firewall rules. This enables only traffic routed through verified IP addresses to reach your origin and thereby safeguard your business.	WAF Bots DDoS Origin protection Settings
	Speed and network	In various business contexts, you may need to resize, crop, rotate, or compress images from content sharing websites. However, initiating an origin request for each image processing task can substantially increase the number of origin requests and the cache size on points of presence (POPs). To address these challenges, Alibaba Cloud Edge Security Acceleration (ESA) provides the image transformations feature. You can directly convert images based on your business requirements on ESA POPs. ESA also caches the converted images on POPs. This efficiently accelerates content retrieval and reduces origin traffic. Alibaba Cloud Edge Security Acceleration (ESA) provides features such as network access and origin pull optimization, IPv6 support, as well as WebSocket and gRPC connections to optimize cross-region network performance and user experience.	Image transformations Protocol optimization Network optimization
	Caching	After you add a website to Edge Security Acceleration (ESA), ESA points of presence (POPs) determine whether to cache resources that are requested by clients based on configured cache rules. After a POP caches a file, when clients request the file, the POP responds the file to clients without retrieving the file from the origin server over a long route. This reduces latency and improves load times. If the requested file does not exist on the POP or has expired, the POP asks the origin server for the most recent file.	Global cache settings Cache rules Purge cache Prefetch cache Tiered cache Cache reserve Cache analytics
	Rules	You can configure rules to specify whether the configurations of Edge Security Acceleration (ESA) take effect for specific requests based on the characteristics of the requests. This helps meet your business requirements such as applying specific settings to requests with different characteristics, redirecting requests, and configuring specific origin servers.	Rules
	Traffic	If your website offers pure dynamic content or a combination of dynamic and static content, such as transactions, gaming, or APIs, the origin server returns differentiated content in response to user requests for dynamic content. However, the communication between users and the origin server may experience delays or failures due to unstable network conditions across borders, regions, or Internet service providers (ISPs). To tackle with this issue, you can enable Smart Routing to monitor the quality of Alibaba Cloud's global POP network in real time and route traffic along the most efficient path. In addition, optimization technologies such as performant protocol stacks are integrated to reduce the global network latency and request failure rate. This boosts user experience and ensures business continuity. Waiting Room allows you to manage excess origin requests to prevent server downtime caused by unmanageable traffic surges. Specifically, you can configure how many users are allowed on your origin and queue excess users in a waiting room. Load balancing distributes traffic among origin servers according to traffic steering policies to reduce latency and improve service availability.	Smart Routing Waiting Room Load balancing
	TCP/UDP proxy	If your application establishes connections with the origin server over the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP), you can enable the TCP/UDP acceleration feature to improve application performance and security. The most common TCP or UDP-based scenarios include real-time combat gaming and real-time interactive audio and video streaming.	Logs
Edge computing	Edge Routine	Edge Routine is a serverless runtime environment that allows you to write JavaScript code and deploy and execute it on Alibaba Cloud points of presence (POPs) worldwide. Edge Routine supports ES6 syntax and standard Web Service Worker APIs. With Edge Routine, user requests can be responded to and processed by the POP that is closest to users. This significantly reduces latency, accelerates response, and enhances user experience.	Edge Routine
	Edge Container	Edge Container provides elastic, easy-to-maintain computing resources based on containerized applications. Edge Container implements global deployment and proximity-based scheduling on points of presence (POPs) all over the world. This simplifies protocol processing and reduces response latency. You do not need to purchase server resources or worry about application scaling and O&M. This allows you to focus on application development rather than underlying infrastructure management.	Edge Container
	Edge KV	Points of presence (POPs) provide the edge storage service Edge KV, which is based on key-value pairs. After you write data to Edge KV, the data can be automatically synchronized to POPs around the world. Edge Routine can read and use the key-value pairs on the same POP. You can use Edge KV together with Edge Routine to deploy lightweight Blockchain as a Service (BaaS) services and API gateway services.	Edge KV
Analytics and logs	Account analytics	ESA visualizes access statistics to provide multi-dimensional traffic analytics for your websites, such as the number of requests and traffic volume by country and region, encrypted requests, cached traffic rate, and number of error codes.	Account analytics Traffic analytics
Analytics and logs	Real-time logs	Edge Security Acceleration (ESA) logs requests to your website. It collects and aggregates the logs generated by each module for you to view. You can use these logs to troubleshoot faults, generate monitoring metrics, and debug or test network connectivity between clients and your website.	Logs
Global settings	Lists	If you want to perform JavaScript validation and bot management for multiple IP addresses or CIDR blocks, you can specify different IP addresses or CIDR blocks in a list. Then, you can reference the list when you configure protection rules such as Web Application Firewall (WAF) or bot management rules. This helps prevent repeated entry of IP addresses or CIDR blocks.	Lists
	Scenario-specific policies	Your website anticipates much higher traffic than usual during major events such as new game launching and e-commerce promotions. In this case, you can create scenario policies to apply the Major Events template. This template automatically adjusts anti-DDoS protection policies during major events to prevent blocking normal requests.	Scenario policies
	Custom error pages	By default, pages with an Edge Security Acceleration (ESA) identifier and the 403 error code are returned for requests that are blocked by ESA. If you want to use a personalized page with a business identifier, you can create a custom error page.	Custom pages
Tools	IP geolocation	After you connect a website to Alibaba Cloud Edge Security Acceleration (ESA), you can use the IP geolocation feature to check whether the actual IP address that clients request to access belongs to an ESA point of presence (POP) and determine whether acceleration takes effect.	IP geolocation
Billing	Plan management	You can query information about your plans, such as the plan type, status, expiration time, and associated websites, to better manage the plans.	Plan management
Billing	Usage query	When using Edge Security Acceleration (ESA) for your websites, you can query the traffic usage for each individual website or for all websites covered by a specific plan. This data can help you analyze traffic patterns and make informed decisions accordingly.	Query plan usage

DCDN

Category	Feature	Description	References
Content delivery	Domain name management	Alibaba Cloud Dynamic Content Delivery Network (DCDN) provides safe and secure acceleration services for content and computing workloads. The initial setup for DCDN requires only a few simple steps. This topic describes how to use DCDN.	Activate DCDN Add a domain name Transfer a domain name to another Alibaba Cloud account Modify the basic configurations of a domain name Tag management
	Monitoring	The resource monitoring feature collects data including network traffic, bandwidth, the number of requests, cache hit ratio, and HTTP status codes based on the region and Internet service provider (ISP) of client IP addresses. You can make informed business decisions and optimize Dynamic Content Delivery Network (DCDN) resource management based on the collected monitoring data. The real-time monitoring feature in Dynamic Content Delivery Network (DCDN) collects data at an interval of 1 minute. You can query data transfer, bandwidth usage, and origin fetch statistics in the last 1 minute and earlier. You can query data in the last 7 days. The maximum time range per query is 24 hours. Real-time monitoring allows you to detect anomalies in network traffic and locate errors at the earliest opportunity.	Resource monitoring Real-time monitoring
	Tools	After you add an origin server to Dynamic Content Delivery Network (DCDN), you can use the IP address check feature to check whether the IP address that the client accesses belongs to a POP and determine whether the acceleration takes effect.	Check IP addresses
Edge security	DDoS mitigation	Accelerated domain names that are under DDoS attack may be added to a sandbox and become unavailable for a period of time. To prevent service interruptions, you can configure DDoS mitigation for domain names that are vulnerable to attacks or mission-critical. This way, Dynamic Content Delivery Network (DCDN) can detect and respond to DDoS attacks promptly and shield the domain names against attacks.	DDoS mitigation
Edge security	WAF	Dynamic Content Delivery Network (DCDN) is integrated with Web Application Firewall (WAF) to provide security services on points of presence (POPs). WAF identifies and filters out malicious requests and then forwards only legitimate requests to origin servers. WAF can protect web servers against intrusions, secure important business data, and prevent server anomalies that are caused by attacks.	WAF protection (new)
Data center	Operations reports	Operations reports allow you to query offline analytics data of accelerated domain names in specific time periods. You can learn about the status of accelerated domain names and your business by analyzing the data. Operations reports track data up to 60 days. Please download the data if you want to analyze information that exceeds 60 days.	Create a custom operations report and a tracking task
Data center	Log management	The log management service is used to analyze Dynamic Route for CDN (DCDN) logs to troubleshoot issues in a timely manner and improve service quality. This topic describes the log management service and features provided by DCDN.	Log management
Edge computing	EdgeRoutine	EdgeRoutine is a serverless runtime environment that allows you to write JavaScript code and deploy and execute it on Alibaba Cloud points of presence (POPs) worldwide. EdgeRoutine supports ES6 syntax and standard Web Service Worker APIs. With EdgeRoutine, user requests can be responded to and processed by the POP that is closest to users. This significantly reduces latency, accelerates response, and enhances user experience.	What is EdgeRoutine? Quick start
Edge computing	Edge KV	Points of presence (POPs) provide the edge storage service EdgeKV, which is based on key-value pairs. After you write data to EdgeKV, the data can be automatically synchronized to POPs around the world. EdgeRoutine (ER) can read and use the key-value pairs on the same POP. You can use EdgeKV together with ER to deploy lightweight Blockchain as a Service (BaaS) services and API gateway services.	Edge KV
IPA	Layer 4 acceleration	IP Application Accelerator (IPA) is an acceleration feature that is offered by Alibaba Cloud DCDN. IPA provides high-performance Layer 4 acceleration for traffic over TCP and UDP. It ensures low latency and high service stability for real-time interactions such as messaging in social media, data synchronization in online gaming, online education, and financial transactions.	What is IP Application Accelerator? Add a domain name to IPA