You are reading Edgio v6 docs. Check out our latest docs for Edgio v7.
Edgio
Edgio

Introduction to Security

Many web sites, web applications, and web servers receive and process requests from outside a company’s protected internal network. As a result, they are vulnerable to a variety of malicious attacks including SQL injections, cross-site scripting, and application layer distributed denial of service (DDoS).

This exposure poses a threat to your infrastructure, the application’s performance, and the confidentiality, integrity, and availability of the data delivered by those resources over the Internet. These types of attacks can result in unauthorized access to content, the loss of personally identifiable information (PII), the dissemination of private/copyrighted information, and network downtime.

Protect your external web infrastructure against these threats through the following security measures:

  • DDoS Protection

    Protect your websites from Distributed Denial of Service (DDoS) attacks. Our worldwide presence establishes an imposing and extensive barrier between an origin server and malicious traffic, regardless of whether it consists of a high-volume HTTP GET flood attack or a slow DDoS attack.

  • Origin Shield

    Shield your web servers from high volumes of traffic through our Origin Shield. Our Origin Shield consists of two intermediate caching layers through which traffic is filtered before it can reach your web servers. Consolidating requests through these caching layers dramatically reduces the volume of traffic that your web servers will need to handle. This ensures that your servers remain performant during peak traffic periods.

  • Web Application Firewall

    Monitor, detect, and prevent application layer attacks through our Web Application Firewall (WAF). Our WAF:

    • Inspects inbound HTTP/HTTPS traffic against reactive and proactive security policies.
    • Identifies undesired traffic through HTTP request delivery profiles.
    • Identifies undesired traffic through custom critieria that matches your business needs.
    • Responds to malicious or suspicious activity in-band and on a real-time basis.
    • Restricts the flow of site traffic (aka rate limiting) with the intention of:
      • Diverting malicious or inadvertent DDoS traffic.
      • Preventing your web servers from being overloaded.
    • Filters out traffic generated by basic bots to prevent them from scraping your site, carding, spamming your forms, launching DDoS attacks, and committing ad fraud.
    • Uses our open source Waflz rules engine that is optimized for low latency.
    • Runs at the CDN edge to prevent malicious traffic from being proxied to the origin. This reduces the load on your web servers and improves site performance.
  • Website Security through EdgeJS

    Set up basic website security, such as a Content Security Policy (CSP), a TLS certificate, Basic Authentication enforcement, variables for sensitive data (e.g., API keys), and protection against cache poisoning.

How Does It Work?

The following diagram highlights how traffic is screened before it is processed for delivery. The distributed nature of our worldwide network provides an additional layer of protection to origin servers.