Edge Security

Overview
DDoS Protection
- DDoS Protection Overview
- Exclusive DDoS Protection Usage
- Configuration of Exclusive DDoS protection Rules
  - Increase DDoS Protection Level
  - Exclusive DDoS Traffic Alarm
  - Configuration IP blocklist/allowlist
  - Configuration Region Blocking Rule
  - Configuration Port Filtering
  - Configuration Features Filtering
  - Configuration Protocol Blocking Rule
  - Configuration Connections Attack Protection
  - Related References
    - Action
    - Related Concepts Introduction
Web Protection
- Overview
- Managed rules
- CC attack defense
- Custom rule
- Custom Rate Limiting Rules
- Exception Rules
- Managed Custom Rules
- Web security monitoring alarm
- Refer
  - Web Protection Request Processing Order
  - Action
  - Match Condition
Bot Management
- Overview
- Bot Intelligent analysis
- Bot Basic Feature Management
- Client Reputation
- Active Detection
- Custom Bot Rule
- Bot Exception Rule
- Related References
  - Action
Rules Template
IP and IP Segment Grouping
Origin Protection
Custom Response Page
Alarm Notification
SSL/TLS
- Overview
- Deploying/Updating SSL Certificate for A Domain Name
- Configuring A Free Certificate for A Domain Name
- HTTPS Configuration
  - Forced HTTPS Access
  - Enabling HSTS
  - SSL/TLS Security Configuration
    - Configuring SSL/TLS Security
    - TLS Versions and Cipher Suites
  - Enabling OCSP Stapling

Custom Response Page

Feature Overview
In some cases, users may encounter exceptions and receive a response status code when accessing the site. In order to help users better understand the problems and solutions, EdgeOne provides a custom response page feature. This feature can help you inform users of the current website status through a specified custom response page, and avoid users from failing to determine the specific reason and handling method in case of request errors.
﻿
EdgeOne offers the custom response page feature in both site acceleration and security protection features. You can perform configuration according to actual scenarios.
Custom Site Origin-Pull Error Response Pages: You can customize the response page content for the origin-pull status codes 4xx or 5xx. For details, see Custom Error Page.
Custom Security Protection Policy Block Response Pages: You can customize the status code and response page content when Web protection or Bot protection block policies are triggered. For details, see Configuring Custom Response Pages in Security Protection.
﻿
Additionally, to facilitate management and usage, EdgeOne offers the Custom Response Page Template feature, which can be used to manage the response page content and be referenced by different feature modules. By editing this response page template, you can simultaneously apply the modified response page content to all referencing feature modules.
Configuring the Custom Response Page Template
You can customize the Content-Type and the included content information of the response page. Refer to the following steps for configuration:
1. Log in to the EdgeOne console and click Site List in the left sidebar. Then click the site to be configured in the site list.
2. On the site details page, click Custom Response Page.
3. Click Add Custom Response Pages and configure the custom response page content. The related parameters are explained as follows:
Content-Type: The value of the HTTP response header Content-Type included in the custom response page during response. Supported values are application/html, application/json, text/plain, and application/xml. For example, if text/plain is selected, the HTTP response header Content-Type: text/plain will be returned when EdgeOne responds with the custom response page.
Page content: The body of the custom response page, not exceeding 2 KB. It is recommended to contain {{ EO_REQ_ID }} in the page content. This field will automatically get the user's request ID information during response, and will be replaced with the request ID to facilitate problem locating.
﻿
4. Click Save to complete the creation of the response page.
Note:
If the custom response page has already been referenced by other feature modules, it cannot be deleted. If deletion is required, navigate to the feature module referencing this page and dereference it first.
After a created custom response page is edited and saved, all feature modules referencing this custom response page will automatically apply the edited page.
Configuring Custom Response Pages in Security Protection
Assume that a custom Web protection rule configured for the current site domain www.example.com only allows accesses by users within the Chinese mainland, and blocks accesses by users in other regions. When the users in other regions attempt to access, you should inform them of the block reason through a custom response page. You have referred to Configuring Custom Response Page Template to configure a custom response page named  Custom-Pages1 . Then you can take the following steps to configure it:
1. Log in to the EdgeOne console and click Site List in the left sidebar. Then click the Site to be configured in the site list.
2. Click Security > Web Security . By default, it is a site-level security policy. To configure differentiated security policies for a specific domain name under the current site, you can enter the  Domain-level security policy tab and click the corresponding domain name  to enter the configuration page for the domain-level security policy. The subsequent steps are the same.
3. Under the custom block page classification, select the block page module you need to configure. For example, you can select the Web Protection Block (except by Managed Rules) page and click  Edit .
4. On the edit page, configure the content of the custom response page, select Use file page for blocking, and choose the pre-configured page named Custom-Pages1.
﻿
5. Then click Save to complete the configuration.
﻿

Feature Overview
Configuring the Custom Response Page Template
Configuring Custom Response Pages in Security Protection