Edge Security Acceleration (ESA) detects and filters traffic at points of presence (POP) through WAF, bot management, DDoS protection, and origin protection to prevent malicious attacks from reaching the origin. This not only protects the security of the data center but also accelerates access to enhance user experience.
Feature introduction
Feature | Introduction | |
The Analytics dashboard displays statistics such as blocked requests, alerted requests, and total requests related to Web Application Firewall (WAF) and bot management. You can dynamically tailor your protection rules based on the statistics. | ||
Custom rules allow you to control user access to resources on your website. To create a custom rule for your website, specify the match conditions and action such as block or monitor on incoming requests that meet the conditions. | ||
You can create rate limiting rules via ESA to limit the rate of requests that match specific conditions. For example, if an IP address visits your website at a high frequency within a specific period of time, you can create a rate limiting rule to specify a request rate limit, and enable slider CAPTCHA verification or add the IP address to the blacklist for a period of time when the configured limit is reached. | ||
Intrusion attacks such as SQL injection, cross-site scripting (XSS), code execution, CRLF injection, remote file inclusion, and webshells pose high risks but are usually difficult to detect by using custom rules and rate limiting rules. To address this issue, ESA offers built-in intelligent managed rules to defend against OWASP attacks and the latest origin vulnerabilities. You can enable protection against various types of attacks without manual configurations and updates. | ||
The scan protection module detects the behavior and characteristics of automated scanners to prevent attackers or scanners from scanning websites. Attack sources are blocked or added to the blacklist. This reduces the risk of intrusions into web services and prevents undesired traffic generated by malicious scanners. | ||
You can configure whitelist rules to allow requests with the specified characteristics, exempting them from all or certain rules, including custom rules, rate limiting rules, managed rules, scan protection rules, and bot management rules. | ||
Bot management rules can be used to protect your websites or native iOS and Android apps against crawlers. To use the anti-crawler feature on your native iOS and Android apps, you must integrate the Anti-Bot SDK. You can create different anti-crawler rules for requests that have different characteristics. You can also use the built-in crawler libraries such as search engine crawler library, AI protection, bot threat intelligence library, data center blacklist, and fake spider list. This frees you from manual updates and analysis of crawler characteristics. | ||
If your website is under a DDoS attack, ESA will continue to accelerate and protect your website, unlike some other proxy services that may disable acceleration in such cases. ESA provides built-in DDoS protection features for your website based on your plan. | ||
You can add the list of ESA POP IP addresses to your origin firewall settings. This enables only traffic routed through verified IP addresses to reach your origin and thereby safeguard your business. | ||
You can configure additional security settings on the Settings page. | ||