Overview
Menu

Overview

Security protection provides secure policy configuration and security event alert options for applications integrating with EdgeOne. This helps you verify traffic and requests at the edge, preventing external attacks and security risks from impacting your business and sensitive data.

After integrating with EdgeOne's security acceleration service and subscribing to relevant security protection services, you can configure the following security policies:
Note:
DDoS protection is designed for network-layer defense against DDoS attacks and is suitable for L4 proxy applications (TCP/UDP applications). Configuration for DDoS protection is only available for users with Exclusive DDoS Protection Usage enabled.
If you need to configure Referer blocklist/allowlist, User-Agent (UA) blocklist/allowlist, IP blocklist/allowlist, or region blocking through Web protection, please navigate to Web Protection > Custom Rules >Basic Access Control. For more details, see Web Protection - Custom Rules.
The available rule configurations and execution methods may vary based on the EdgeOne plan you have subscribed to. See Comparison of EdgeOne Plans for package specifications.
Category
Function
Application Scenario
Default Configuration

DDoS Protection(DDoS protection at the network layer)

Automatic protection cleansing for DDoS attacks targeting L4 services (TCP/UDP applications).
For example:
Daily Protection: Utilize the Moderate protection level to discard traffic exhibiting clear DDoS attack characteristics.
Emergency recovery during attack bypass: Implement the Strict protection level to discard all traffic suspected of DDoS attacks.
Protection Level: Moderate

Discard or permit traffic from specified IP addresses.
For example:
Internal Call Permit: Permit the internal service IP 11.11.11.11, allowing high-frequency access between services.
None

Block client access from specified regions.
For example:
Ban access from overseas: Discard traffic with source IPs located outside mainland China.
None

Discard or allow traffic based on specified source/destination ports.
For example:
Discard high-risk reflection port: Drop traffic with source port matching UDP 53, prohibiting access to private UDP protocol applications.
None

Discard traffic containing specified data or parameters.
For example:
Discard unusually long UDP packets: Discard UDP traffic with a length exceeding 500.
None

Discard traffic of specified IP protocols.
For example:
Block external PING commands: Configure blocking of ICMP protocol traffic.
None

Intercept abnormal TCP behaviors such as high-frequency connections and abnormal connections.
None


Mitigate HTTP/HTTPS DDoS attacks, including high-frequency access and slow request attacks.
High-Frequency Access Request Limit
Limit Level: Adaptive
Loose - Disposal Method: JavaScript Challenge
Slow Attack Protection
Disabled
Intelligent Client Filtering
Disposal Method: JavaScript Challenge

Intercept vulnerabilities targeting web applications (SQL injection, cross-site scripting, remote code execution, etc.).
For example:
Intercept Apache log4j vulnerabilities: Enable rules related to log4j vulnerabilities in open-source components for interception.
All rules are enabled for observation mode.

Handle requests based on header content and IP.
For example:
Hotlink Protection: Intercept requests based on Referer header matching.
Regional Blocking: Intercept requests from clients with IP matching specified regions.
IP Blocklist: Intercept based on specified IP or IP groups.
None

Intercept clients accessing beyond preset access rates.
For example:
Intercept clients causing a large number of errors in a short time at the origin: Set the rate allowed for each IP causing origin errors and intercept IP access beyond the threshold.
Intercept account ID with excessively high access frequency to a specific API: Set the frequency allowed for each account (specified account ID position) to access a specific API, intercepting account access beyond the threshold.
Intercept clients with excessively high access frequency fingerprints (JA3 fingerprints): Set the access rate for each JA3 fingerprint (i.e., TLS fingerprint) and intercept access with the same fingerprint beyond the threshold.
None

Skip protection rules in web protection by module.
For example:
Allow internal services: Set the internal service IP list and specified API paths to allow clients on the list unrestricted access to that path.
None

Skip specified managed rules.
For example:
Allow user content uploads: Configure business paths and false-positive rules to allow requests when parameters contain user-written content.
None


Intercept bot requests based on risk levels. (Suitable for quickly enabling bot management strategies and establishing bot access profiles).
For example:
Intercept misuse of CDN resources (scraping): Intercept malicious bot requests.
None

Handle crawlers for search engines, open-source development tools, and commercial purposes.
For example:
Allow Google search engine crawlers: Use search engine feature rule libraries to configure allowing Google search engine crawlers.
Intercept cURL tool access: Use UA feature libraries to intercept access from web development tools.
None

Handle requests from clients with a history of malicious behavior or high-risk characteristics based on IP threat intelligence.
For example:
Intercept VPN/proxy requests: Intercept clients identified as malicious proxies, fast-dial IPs, or proxy IP pools.
None

Intercept requests with abnormal browser runtime environments and access behavior.
For example:
Cookie Challenge: Enable cookie verification to intercept clients not supporting cookies.
Intercept automated tool access: Enable client behavior verification to identify JavaScript runtime environment anomalies and abnormal access behavior in automated tools.
None

Counteract bot tools based on the features, headers, and client IP of requests. The feature provides more disposal options for bot counteraction.
For example:
Counteract high-risk bots accessing sensitive business: Match based on access paths and client profiles, configure observation, silent, and response after waiting with certain weights.
None

Skip various protection rules of bot management.
For example:
Allow internal crawl tools: Allow crawlers from internal service IPs to access specified APIs.
None