Understand ESA Rule Processing & Priority Logic - Edge Security Acceleration

ESA lets you create custom conditions that combine various feature configurations to control when they take effect.

You can use the rules feature to apply special configurations for specific business needs, such as request transformation, content redirection, or cache policy setup. This feature also enables fine-grained management for security protection and traffic control. The rules feature uses consistent syntax and configuration logic to filter requests based on specific characteristics and apply the corresponding feature configuration.

Simple configuration examples

Set edge cache time for resources under a specific path

For example, static resources under the /content path are updated monthly. To balance resource persistence and freshness, you can set the cache time for resources under the /content path on ESA points of presence (POPs) to 30 days.

Configure the request filter condition using one of the following methods:
- Use console controls:
- Use the expression editor:
  (http.request.uri.path eq "/content")
Configure the edge cache time:

Set a redirect rule for specific requests

For example, you can redirect requests from the Chinese mainland from example.com to example.com.cn.

Configure the request filter condition using one of the following methods:
- Use console controls:
- Use the expression editor:
  (http.host eq "example.com" and ip.geoip.country eq "CN")
Configure the redirect destination URL:

Rule configuration structure

When a request reaches an ESA node, ESA filters and processes the request according to your rule configuration.

Every ESA rule configuration includes two parts:

Rule configuration = Rule expression + Action

You can configure a rule expression to filter requests and an action to execute operations on matched requests. The rule expression syntax is consistent for all rule-related configurations in ESA. This lets you reuse a rule configuration method from one feature in other features. For more information about how to create and deploy rules, see Rule expression structure.

Rule Precedence

Rule configurations take precedence over global settings: For the same feature, settings defined in a rule override global settings. This lets you apply general configurations broadly while using rules to customize behavior for specific requests.
For example, consider the edge time-to-live (TTL): If you configure the Edge TTL to 12 hours in Global Configuration – Edge Cache TTL and configure the TTL for resources under /content to 30 days in Rules – Configure Edge Cache TTL, the edge node adjusts the cache TTL for that resource to 30 days when the requested resource path is under /content. For resources whose request paths are not under /content, the edge node uses the global TTL of 12 hours.

Rules higher in the list have higher priority: For the same rule type, ESA executes rules from top to bottom. If a request matches multiple rules, you can drag the button to move the rule that you want to prioritize higher in the list.

Note

Different plans support different features and numbers of rules. For more information about rule quotas by plan type, see Rule and plan quotas.

Take cache rules as an example. Suppose you have these two rules:

Rule 1: Resources under the /content path expire after 30 days.

Rule 2: Files with the .jpg suffix are cached for 60 days.

In the following figure, Rule 1 appears above Rule 2.

The cache expiration times on edge nodes are:

Sample URL	Under `/content` path	`.jpg` suffix	Cache expiration time
https://example.com/content/static/pic.jpg			30 days
https://example.com/content/static/book.txt		×	30 days
https://example.com/static/pic.jpg	×		60 days
https://example.com/static/res/book.text	×	×	Do not cache

In the following figure, Rule 2 appears above Rule 1.

The cache expiration times on edge nodes are:

Sample URI	Under `/content` path	`.jpg` suffix	Cache expiration time
https://example.com/content/static/pic.jpg			60 days
https://example.com/content/static/book.txt		×	30 days
https://example.com/static/pic.jpg	×		60 days
https://example.com/static/res/book.text	×	×	Do not cache

Feature availability by plan

Category	Feature	Entrance (0 USD/month)	Pro (15 USD/month)	Premium (249 USD/month)	Enterprise (Contact sales for custom pricing)
Quick Start	Number of Nested Sub-conditions in a Rule	10	10	20	20
Quick Start	Operator - Regular Expression	Not supported	Not supported	Supported	Supported
HTTPS Rules	SSL/TLS Rules, HTTPS Rules (Shared Quota)	10	25	50	125
Security Rules		5	25	50	125
Transform Rules	Rewrite URL, Modify Outgoing Request Header, Modify Outgoing Response Header	10	25	50	125
	Managed Transform - True-Client-IP Header	Supported	Supported	Supported	Supported
	Managed Transform - Client Geolocation Header	Supported	Supported	Supported	Supported
Redirect Rules	URL Redirection	10	25	50	125
Cache rules	Cache Eligibility, Browser Cache TTL, Edge Cache TTL, Status Code Cache TTL, Custom Cachekey	10	25	50	125
	Custom Port Caching	Not supported	Not supported	Not supported	Supported
	Cache on Expired Response	Supported	Supported	Supported	Supported
	Cache Reserve	Supported	Supported	Supported	Supported
Network Optimization Rules		10	25	50	100 entries
Content Optimization Rules	File Compression, Image Optimization, Video Processing (Shared Quota)	10	25	50	100 entries
Origin Rules	Number of Rules	10	25	50	125 entries
	Custom Origin Host	Supported	Supported	Supported	Supported
	Origin Protocol and Port	Supported	Supported	Supported	Supported
	Origin SNI	Supported	Supported	Supported	Supported
	DNS Records	Supported	Supported	Supported	Supported
	Byte-range Segment	Supported	Supported	Supported	Supported
	Origin HTTP Request Timeout	Supported	Supported	Supported	Supported
	Configure Origin 301/302 Redirect Following	Supported	Supported	Supported	Supported