You can configure additional security protection settings on the Settings page.
Feature description
Define client IP
You can define the originating client IP addresses that match the Web Application Firewall (WAF) and bot management rules. By default, the client IP addresses that are used to connect to points of presence (POPs) are used. You can also add custom headers to clarify the client IP addresses.
In most cases, after you add your website to Edge Security Acceleration (ESA), your website is accelerated and protected by ESA. If no other proxy is deployed, client requests are directly forwarded to ESA POPs, and ESA can identify the real client IP address.
However, if you have deployed a third-party reverse proxy such as WAF, anti-DDoS, or websites with Edge Routine activated between the client and ESA, the proxy is directly connected to ESA POPs, and ESA cannot identify the real client IP address. In this case, you need to specify custom headers in the Client IP Definition section and write the IP information in the headers of your client requests. This way, ESA can obtain the real client IP address.
Procedure
Log on to the ESA console.
In the left-side navigation pane, click Websites.
On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.
In the left-side navigation tree, choose Security > Settings.
In the Client IP Definition section, click Configure.
Connect IP (default): the client IP address that is used to connect to ESA POPs.
Custom Header: Use custom headers to define the client IP address. Separate multiple headers with commas (,). You can enter up to five headers.
Click OK.
Security level
ESA checks whether incoming requests are malicious based on Alibaba Cloud's well-stocked threat intelligence library. Identified malicious requests are challenged based on the security level you configured. Only requests that pass the challenges can be served as expected. The following describes the security levels.
Low: Challenges only requests from the IP addresses with the highest threat level. This is the default value.
Medium: Challenges requests from IP addresses with a high threat level. We recommend that you select this option for websites that have high security requirements.
High: Challenges requests from any suspicious IP addresses. We recommend that you select this option only during critical periods.
I'm Under Attack: Challenges all requests. We recommend that you select this option only when your website is under attack.
Essentially Off: Retains only the minimum platform protection policies of ESA. We recommend that you select this option only when there are unacceptable false positives. ESA will still challenge high-risk requests at this level to ensure platform security.
Off (Available in Enterprise Plan): Completely disables protection. This option is available only for customers on Enterprise plans. We recommend that you select this option only when there are unacceptable false positives.
A higher security level may impact the experience of legitimate visitors. Adjust the security level flexibly based on the actual situation.
If your website encounters false positives for IP addresses or APIs, manually add them to the whitelist. For more information, see Whitelist rules.
Security level suggestions
If your website has a history of being attacked or is currently under attack, consider a high security level.
For websites with a history of traffic spikes, a medium security level is advisable.
Websites without a history of being attacked or traffic surges may opt for a low security level.
Procedure
Log on to the ESA console.
In the left-side navigation pane, click Websites.
On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.
In the left-side navigation tree, choose Security > Settings.
In the Security Level section, click Configure, and select a level from the drop-down list.
Click OK.