All Products
Search

This Product

    Edge Security Acceleration:Configure managed transforms

    Document Center

    Edge Security Acceleration:Configure managed transforms

    Last Updated:Feb 17, 2025

    You can use the managed transforms feature of Edge Security Acceleration (ESA) to apply common adjustments to HTTP request and response headers.

    HTTP request headers

    Add the "ali-real-client-ip" header

    If you enable Add "ali-real-client-ip" Header, ESA includes the custom header ali-real-client-ip in origin requests to specify the real client IP addresses.

    Note

    You can still see the real client IP on access and origin log. For more information, see Access logs, firewall logs, and TCP/UDP proxy logs.

    Add visitor location headers

    If you enable this switch, ESA retrieves content from the origin server with the custom header ali-ip-country included. This header specifies the geographical location of the client.

    When you set the value of the header, you must specify 2-letter alpha-2 country or region codes that follow the ISO 3166-1 standard. For example, if you set the value of the ali-ip-country header to sg, the client is located in Singapore.

    Add security request headers

    If you enable this switch, ESA adds bot-related HTTP headers to origin requests. The headers can specify whether a request comes from a verified bot and may contain a TLS fingerprint.

    Note

    A TLS fingerprint is a unique identifier that is generated by capturing the parameters and behavior of a client during a TLS/SSL connection. It can be used to identify clients.

    HTTP response headers

    Add security response headers

    If you enable this switch, ESA adds the following security HTTP response headers for cross-site scripting (XSS) protection when responding to clients:

    • x-content-type-options: nosniff

    • x-xss-protection: 1; mode=block

    • x-frame-options: SAMEORIGIN

    • referrer-policy: same-origin

    • expect-ct: max-age=86400, enforce

    Configure a managed transform rule

    1. Log on to the ESA console.

    2. In the left-side navigation pane, click Websites.

    3. On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.

    4. In the left-side navigation pane, choose Rules > Transform Rules.

    5. Click the Managed Transforms tab.

    6. Enable the following options as needed:

      • Add "ali-real-client-ip" Header

      • Add Visitor Location Headers

      • Add Security Request Headers

      • Add Security Response Headers

    Availability

    The following features are available on all plans:

    • Add "ali-real-client-ip" header

    • Add Visitor Location headers

    • Add Security Request headers

    • Add Security Response headers