Intrusion attacks such as SQL injection, cross-site scripting (XSS), code execution, CRLF injection, remote file inclusion, and webshells pose high risks but are usually difficult to detect by using custom rules and rate limiting rules. To address this issue, Edge Security Acceleration (ESA) offers built-in intelligent managed rules to defend against OWASP attacks and the latest origin vulnerabilities. You can enable protection against various types of attacks without manual configurations and updates.
Configure managed rules
Log on to the ESA console.
In the left-side navigation pane, click Websites.
On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.
In the left-side navigation tree, choose Security > WAF. On the page that appears, click the Managed Rules tab.
In the Recommended Ruleset section on the Managed Rules tab, click Enable to enable the managed ruleset to protect your website from intrusion attacks and vulnerabilities.
To manage managed rules, enable the managed ruleset first.
After the managed ruleset is enabled, you can disable, edit, or delete the managed ruleset.
On the Edit Managed Ruleset page, configure protection levels and actions for all traffic or filtered traffic.
Click OK.
Feature availability
Feature | Entrance | Pro | Premium | Enterprise |
Managed rules | Supports basic rules | Yes | Yes | Yes |