Edge Security Acceleration (ESA) is integrated with Web Application Firewall (WAF) to identify traffic patterns and filter out malicious requests. Only trusted requests can be redirected to origin servers. WAF can protect web servers against intrusions, secure important business data, and prevent server anomalies caused by attacks.
Usage notes
Requests filtered out by WAF rules are not subject to billing or plan quotas.
Features
Feature | Description |
Custom rules allow you to control user access to resources on your website. To create a custom rule for your website, specify the match conditions and action such as block or monitor that you want to perform on incoming requests that meet the conditions. | |
You can create rate limiting rules via Edge Security Acceleration (ESA) to limit the rate of requests that match specific conditions. For example, if an IP address visits your website at a high frequency within a specific period of time, you can create a rate limiting rule to specify a request rate limit, and enable slider CAPTCHA verification or add the IP address to the blacklist for a period of time when the configured limit is reached. | |
Intrusion attacks such as SQL injection, cross-site scripting (XSS), code execution, CRLF injection, remote file inclusion, and webshells pose high risks but are usually difficult to detect by using custom rules and rate limiting rules. To address this issue, Edge Security Acceleration (ESA) offers built-in intelligent managed rules to defend against OWASP attacks and the latest origin vulnerabilities. You can enable protection against various types of attacks without manual configurations and updates. | |
The scan protection module detects the behavior and characteristics of automated scanners to prevent attackers or scanners from scanning websites. Attack sources are blocked or added to the blacklist. This reduces the risk of intrusions into web services and prevents undesired traffic generated by malicious scanners. | |
You can configure whitelist rules to allow requests with the specified characteristics, exempting them from all or certain rules, including custom rules, rate limiting rules, managed rules, scan protection rules, and bot management rules. |
Filterable request characteristics
A complete rule that is used to filter requests consists of conditional expressions and logical operators. You can specify multiple conditional expressions and combine them to filter requests. For more information, see Rules engine.
Actions
The following table describes the actions that can be triggered when requests match a rule.
Action | Description |
Block | WAF blocks requests that match the rule and returns an error page to the client who initiated the requests. |
Monitor | WAF does not block the requests that match the rule. The hits are recorded in logs. You can query WAF logs to identify requests that match the rule and analyze the protection performance. For example, you can query logs to check whether normal requests are blocked. |
JavaScript Challenge | WAF returns JavaScript code to the client. The JavaScript code can be automatically executed by the normal browsers that the client uses. If the client passes the JavaScript challenge, WAF allows requests that are sent from the client within a specific time range. The default time range is 30 minutes. If the client fails the JavaScript challenge, WAF blocks requests that are sent from the client. |
Slider CAPTCHA | WAF returns pages that are used for slider CAPTCHA verification to the client. If the client passes the slider CAPTCHA verification, WAF allows requests that are sent from the client within a specific time range. The default time range is 30 minutes. If the client fails the slider CAPTCHA verification, WAF blocks requests that are sent from the client. |