Edge Security
  • DDoS and Web Protection
    • Overview
    • DDoS Protection
      • DDoS Protection Overview
      • Exclusive DDoS Protection Usage
      • Configuration of Exclusive DDoS protection Rules
        • Increase DDoS Protection Level
        • Configuration IP blocklist/allowlist
        • Configuration Region Blocking Rule
        • Configuration Port Filtering
        • Configuration Features Filtering
        • Configuration Protocol Blocking Rule
        • Configuration Connections Attack Protection
        • Exclusive DDoS Traffic Alarm
        • Related References
          • DDoS Protection Processing Order
          • Action
          • Related Concepts Introduction
      • Related References
        • DDoS Protection Console Update (2026-01-12)
    • Web Protection
      • Overview
      • Configuring Web Protection Policy
      • Custom rule
      • Rate Limiting
        • Bandwidth Abuse Protection
        • CC attack defense
        • Custom Rate Limiting Rules
      • Hosting Rules
        • Managed rules
        • High-Frequency Scan Protection
      • Exception Rules
      • Managed Custom Rules
      • Web security monitoring alarm
      • Related References
        • Web Protection Request Processing Order
        • Action
        • Match Condition
    • Bot Management
      • Overview
      • AI Crawler Control
      • Bot Intelligent analysis
      • Bot Basic Feature Management
      • Client Reputation
      • Active Detection
      • Custom Bot Rule
      • Client authentication (Beta)
        • Overview
        • Attestation Flow
        • Integration Guidelines
          • Step 1: Configure Authentication Method
          • Step 2: Integrate Client Authentication
            • Browser & WebView Integration
            • iOS Integration
            • iOS Integration
            • Mobile Integration References
          • Step 3: Configure Client Attestation Rules
          • Step 4: Verify Client Attestation
      • Related References
        • Action
    • API Discovery(Beta)
Docs Overview/
Edge Security/
DDoS and Web Protection/
Web Protection/
Related References/
Web Protection Request Processing Order/

Web Protection Request Processing Order

When Web Protection receives a request, it will first go through each security module in the following order, and only requests that have passed the security module scans will continue to be processed by other function modules.
Module processing order
Processing method of requests
Exception rules
When a request matches multiple rules, all matched rules apply.
Custom rule
When a request matches multiple rules, they are executed in order from high to low priority (priority value from small to large).Note 1
Rate limiting
All rules hit by the request are counted, and rules that meet the rate condition apply independently.Note 2
Rules that meet the rate condition are executed in order from high to low priority (priority value from small to large) .Note 2
CC attack defense
When a request hits multiple rules, all matched rules apply.
Bot management
For details, please see Bot Management.
Note:

Note 1:
When a request matches multiple custom rules, if a higher priority rule handles the request (except for observation), the request will not continue to match lower priority rules. When the priorities are the same, the actions are executed in the following order: observe > release > Managed challenge > JavaScript challenge > redirect > Return specified page > blocking IP > intercept.

Note 2:
Hitting an effective rate limiting rule does not affect the statistics of other rate limiting rules. When the same request hits multiple rate limiting rules, the matching and handling are performed according to the priority order of the effective rate limiting rules. When multiple rate limiting rules with the same priority are effective and matched by the request at the same time, the actions are executed in the following order: observe > release > Managed challenge > JavaScript challenge > redirect > Return specified page > blocking IP > intercept.