Help Center/ Edge Security/ Getting Started/ Quick Access to Edge Security
Updated on 2025-11-11 GMT+08:00
View PDF
Share

Quick Access to Edge Security

When you add a domain name in CNAME mode, ESA allocates a CNAME value to the domain name and forwards user requests to edge security nodes through DNS resolution, implementing whole site acceleration and security protection.

Prerequisites

  • You have registered a Huawei Cloud account and completed real-name authentication.
  • You have enabled CDN.

Purchasing EdgeSec

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Content Delivery & Edge > CDN and Security. The Huawei Cloud CDN page is displayed.
  3. In the navigation pane on the left, choose Domains. Click Add Domain Name to configure CDN acceleration for the domain name.
  4. On the Add Domain Names page, set domain name parameters. The parameters are as follows:

    • Service Area: Chinese mainland
    • Domain Name: Customize the value.
    • Service Type: Website

      If there are dynamic requests, set Service Type to Whole site.

    • Origin Protocol: Select Same as user.

  5. In the Origin Server Settings area, click Add Origin Server, enter the origin server address, and add an origin server for the domain name.
  6. Click OK.
  7. Click OK. The View Results dialog box is displayed. Confirm the information and click OK.
  8. (Optional) For quick configuration, click Skip. You can also select a template and click Submit.
  9. Configure the CNAME and click Skip in the lower right corner.
  10. After the domain name is added, the system automatically allocates a CNAME to the domain name. You can view the CNAME in the CNAME column on the Domains page.

    • The CNAME cannot be accessed directly. You must add the CNAME to your domain's DNS records. Then requests for your domain name will be redirected to CDN PoPs for acceleration.
    • If your services cover both China and outside China, you need to set CDN Service to outside China. Then, add a record that maps the CNAME to both the DNS service in the Chinese mainland and outside China on the DNS platform.
    • For details about how to add a domain name, see Adding a Domain Name.

  11. After the CNAME record is added, your traffic can be scheduled to CDN. You can purchase edge security acceleration in Security page to use the security protection service.

  12. Click Subscribe. The Buy ESA Package page is displayed. Set the product parameters.
  13. Confirm the order details and click Pay Now.

Accessing a Domain Name

  1. In the navigation pane on the left, choose Edge Security > Domain Names. The Domain Names page is displayed.
  2. In the upper left corner of the list, click Add Domain Names. For details about the parameters, see Table 1.

    Figure 1 Adding a website to EdgeSec
    Table 1 Parameters for adding a protected website

    Name

    Description

    Protected Domain Name

    Select a domain name. You can select a domain name whose Service Type is Website, File download, On-demand services, or Whole site on the Domains page.

    NOTE:

    The protected domain name added here is the domain name added in CDN domain name management.

    Configure Policy

    The System-generated policy is selected by default. You can select a policy you configured before.

  3. Click OK.

Configuring Protection Policies

  1. In the navigation pane on the left, choose Edge Security > Policies. The Policies page is displayed.
  2. In the upper left corner of the list, click Add Policy and set the policy name.
  3. Click OK.
  4. Click the name of the added protection policy. On the displayed page, enable basic web protection and CC attack protection. The recommended parameter settings are as follows:

    Table 2 Recommended policy configuration

    Policy Name

    Parameters

    Basic Web Protection
    • Protection Action: Log only
    • General Check: enabled
    • Web Shell Detection: enabled

    CC Attack Protection
    • Rate Limit Mode: Source IP Address
    • Trigger: Set Field to Path, Logic to Include, and Content to /. Indicates that all paths containing a slash (/) match the CC rule.
    • Rate Limit Frequency: 5 times within 1 minute. Indicates that if the source IP address matches the rate limit condition for 5 times within 1 minute, the request will be blocked within the protection duration (response code 418 is returned). If you select Human-machine verification, a verification code is displayed on the page. You need to enter the verification code to continue the access.
    • Protection Action: Blocked
    • Protection Duration: 60s

  5. Return to the Protection Policies page, choose More > Add Domain Name in the Operation column of the policy name, select the domain name to be bound, and click OK.