EdgeNext
Documentation home

EdgeNext Documentation

Product guides, setup instructions, and technical references.

Security CDN

Overview

By configuring Web security features, you can enhance your website’s overall protection and defend against common web-based attacks. The supported protection capabilities include, but are not limited to, SQL injection, cross-site scripting (XSS), malicious bots, abnormal requests, and sensitive information leaks. These features help ensure business continuity and safeguard user data.

Types of Web Security Policies

Security CDN provides three types of Web security policies:

  • Global Security Policy

A unified security policy that applies to all domains under Security CDN. This policy is automatically applied to newly added domains, ensuring consistent protection and centralized management.

  • Domain-level Security Policy

A dedicated security policy for individual domains, suitable for domains with customized protection requirements. This allows for more granular and flexible security control.

  • Template-Based Security Policy

A set of predefined security policy templates that can be quickly applied to multiple domains. Ideal for applying a consistent security policy across a group of domains, ensuring uniform protection configuration for all associated domains.

Classification Function Description Version Limitations
Access Control Granular Access Control Granular Access Control supports multi-dimensional access policies based on IP, geographic location, request path, User-Agent, request rate, and more, enabling users to flexibly identify and manage requests from different sources, effectively mitigating malicious access, business abuse, and abnormal traffic, thereby enhancing overall security protection. Basic and Pro Edition: Support only a subset of match types.
Business and Ultimate Edition: Support all match types.
Granular Access Control (HTTPS) Granular Access Control (HTTPS) supports defining access policies based on multiple dimensions, including IP address, geographic location, IP type, and JA3 fingerprinting. This capability enables flexible identification and management of requests from different sources, effectively mitigating malicious access, service abuse, and anomalous traffic, thereby enhancing the overall security posture. Basic Edition and above
Regional Blocking Regional Blocking allows users to control access based on the geographic location (country or region) of incoming requests. By configuring blacklists or whitelists, users can precisely manage access permissions for different regions and further set effective time periods for more flexible control strategies. Basic Edition and above
Referer-based Hotlink Protection Referer-based Hotlink Protection is an access control mechanism based on the Referer field in HTTP request headers, used to prevent unauthorized third-party sites from directly linking or stealing resources. By setting allowed or denied referer lists, users can effectively protect their resources from illegal usage, especially suitable for static resource anti-theft scenarios such as images, audio, video, and documents. Basic Edition and above
DDoS Protection DDoS Protection DDoS Protection provides defense capabilities against common large-scale traffic attacks. Pro Edition and above
Application-layer DDoS Protection Application-layer DDoS Protection targets attacks that simulate legitimate user requests to continuously consume server resources, aiming to make web services unavailable. This protection function ensures stable availability of web applications under attack through intelligent traffic identification, behavioral analysis, and strategic response. Basic Edition and above
Visitor Authentication Visitor Authentication enables client identity verification and access control via specified HTTP request headers. SCDN edge nodes judge access permissions based on configured header fields and values, implementing a non-intrusive, flexible, and lightweight visitor authentication mechanism. Business Edition and above
Bot Protection Bot Behavior Management Bot Behavior Management is a security module for identifying, classifying, and controlling automated program access behaviors. It effectively blocks malicious bots such as scrapers, API abusers, credential stuffing, and abuse bots, while allowing friendly bots (e.g., search engines) and legitimate automation tools, balancing security and business openness. Ultimate Edition
Vulnerability and Intrusion Protection WAF Rule Engine WAF Rule Engine provides effective protection against web attacks such as SQL injection, sensitive file access, remote command execution, WebShell, cross-site scripting (XSS), code execution, malicious scanning, web application vulnerabilities, and file upload attacks. Pro Edition and above
WebShell Webshell Detection uses intelligent algorithmic models for deep detection of web backdoors in systems. Pro Edition and above
CSRF Protection CSRF Protection defends against Cross-Site Request Forgery attacks, protecting users from being tricked into unauthorized operations during login sessions, especially for sensitive interfaces such as account changes, payments, and order submissions. Business Edition and above
Replay Attack Protection Replay Attack Protection prevents attackers from intercepting legitimate requests and reusing them within a short time window, bypassing authentication and repeating sensitive operations (e.g., transfers, logins, confirmations). This function uses request signatures combined with time validation to effectively block replayed requests. Business Edition and above
WAF Block Page Customization WAF Block Page Customization allows users to customize the content displayed to visitors when malicious requests are blocked. Pro Edition and above

Need help? Contact our support team at support@edgenext.com.

Back to documentation home