Help Center/ Edge Security/ User Guide/ Security Protection/ Connecting a Domain Name to EdgeSec/ Configuring a Traffic Identifier for a Known Attack Source
Updated on 2025-09-15 GMT+08:00
View PDF
Share

Configuring a Traffic Identifier for a Known Attack Source

EdgeSec allows you to configure traffic identifiers by IP address, session, or user tag to block possibly malicious requests from known attack sources based on IP address, Cookie, or Params.

If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your Edge WAF instance locates. Then, you can select the project from the Enterprise Project drop-down list and configure known attack source traffic identifiers for the domain names.

Prerequisites

A protected website has been added. For details, see Adding a Website to EdgeSec.

Constraints

  • If the IP address tag is not configured, EdgeSec identifies the client IP address by default.
  • Before enabling Cookie- or Params-based known attack source rules, configure a session or user tag for the corresponding website domain name.

Procedure

  1. Log in to the EdgeSec console.
  2. In the navigation pane on the left, choose Edge Security > Website Settings. The Website Settings page is displayed.
  3. In the Domain Name column, click the domain name of the website to go to the basic information page.
  4. In the Traffic Identifier area, click the edit button next to IP Tag, Session Tag, or User Tag to configure a traffic identifier by referring to Table 1.

    Figure 1 Traffic Identifier
    Table 1 Traffic identifier parameters

    Identifier

    Description

    Example Value

    IP Tag

    HTTP request header field of the original client IP address.

    This field is used to obtain the real IP address of the client. You can customize the field name and configure multiple fields (separated by commas). After the configuration, EdgeSec preferentially reads the configured field to obtain the real IP address of the client. If multiple fields are configured, EdgeSec reads the IP address from left to right.

    CAUTION:
    • $remote_addr cannot be configured. EdgeSec uses the TCP connection IP address as the client IP address by default.
    • If the real IP address of the client is not obtained from the user-defined field, EdgeSec uses the source IP address used to establish a TCP connection with CDN as the client IP address by default.

    X-Forwarded-For

    Session Tag

    This tag is used to block possibly malicious requests based on the cookie attributes of an attack source. Configure this parameter to block requests based on cookie attributes.

    jssessionid

    User Tag

    This tag is used to block possibly malicious requests based on the Params attribute of an attack source. Configure this parameter to block requests based on the Params attributes.

    name

  5. Click Confirm.

Other Operations

Configuring a Known Attack Source Rule

Parent Topic: Connecting a Domain Name to EdgeSec