Overview
Web Protection provides application layer protection for HTTP/HTTPS protocols. You can use EdgeOne's preset security policies or define your own security policies to identify and handle risky requests, protect sensitive data on your site, and ensure stable service operation.
Note:
EdgeOne does not charge for requests blocked by security policies.
Applicable Scenarios
Web Protection can control and mitigate various risks, with typical scenarios including:
Vulnerability attack protection: For sites involving customer data or sensitive business data, you can enable managed rules to intercept injection attacks, cross-site scripting attacks, remote code execution attacks, and malicious attack requests from third-party component vulnerabilities.
Access control: Distinguish between valid and unauthorized requests to prevent sensitive business exposure to unauthorized visitors. This includes external site link control, partner access control, and attack client filtering.
Mitigating resource occupation: Limit the access frequency of each visitor to avoid excessive resource occupation, which may cause service availability decline. EdgeOne's rate limiting can effectively mitigate site resource exhaustion and ensure stable service availability.
Mitigating service abuse: Limit session or business dimension abuse, including batch registration, batch login, excessive use of API, and other malicious usage scenarios. Strengthen the usage quota of a single session (such as users, instances, etc.) to ensure that users use service resources within a reasonable limit.
API parameter verification: Verify API parameters to ensure the legality of requests and control interface exposure risk.
Features
Web Protection provides the following features, and it is suggested to configure them based on the business type and expected client types for business:
Note:
Different protection modules' disposal order priority and the execution priority of the same priority rules within the module. For details, see Web Protection Requests Processing Order.
Protection Module | Function Introduction |
Requests that match the conditions skip the scanning of the specified security module and will not hit the rules in the corresponding module. For managed rules, more detailed exceptions can be configured to skip the scanning of specified managed rules. | |
Apply the corresponding action to requests that match the specified conditions. | |
Identify CC attacks (Layer 7 DDoS attack) and apply the corresponding action. | |
Count the number of requests that match the conditions within a certain period of time. When the number exceeds the specified threshold, the rule applies and handles the requests that match the conditions. After the number of requests falls below the threshold, the action remains effective for a certain period of time, and then no longer applies until triggered again. | |
Identify non-human access behavior (bot clients) and apply the corresponding action based on bot client type or behavioral features. | |
Identify attack features (including SQL injection, XSS attack, open source component vulnerability, etc.) in request headers or body, and apply the corresponding action. Rules are defined by EdgeOne and auto-renewal. |