Edge Services FAQ

What is Edge Services?Link to this anchor

Edge Services is a feature for Scaleway Load Balancers and Object Storage buckets. Creating Edge Services pipelines towards your Load Balancers or Object Storage buckets provides:

• A caching service to improve performance by reducing load on your origin, and
• A Web Application Firewall to protect your origin from threats and malicious activity, and
• A customizable and secure endpoint for accessing content via Edge Services, which can be set to a subdomain of your choice and secured with an SSL/TLS certificate.

Which products are compatible with Edge Services?Link to this anchor

Edge Services is currently available for Scaleway Object Storage buckets and Scaleway Load Balancers.

How much does Edge Services cost?Link to this anchor

On November 1st 2024, Edge Services transitioned from Public Beta to General Availability, and became billable. Pricing is based on monthly subscription plans: three plans are available, each allowing a fixed number of pipelines, and a certain amount of egress cache data. Any consumption that exceeds the limits of the plan is charged at an additional rate.

Find out more about how Edge Service subscription plans and billing works on our Understanding Edge Services pricing page.

If I customize my Edge Services endpoint with my own domain, can it serve content over HTTPS?Link to this anchor

Yes, if you choose to customize your Edge Services endpoint with your own subdomain, you are prompted to generate or upload an SSL/TLS certificate for that subdomain so that Edge Services can serve content over HTTPS. This certificate can either be a Let’s Encrypt certificate generated and managed by Scaleway, or you can import your own certificate. If you import your own certificate, it will be stored in Scaleway Secret Manager, and billed accordingly.

What is WAF?Link to this anchor

Web Application Firewall is a feature available via Edge Services. When enabled, WAF filters requests to your origin to determine whether they are potentially malicious. You can choose the paranoia level to be used when evaluating requests, and set exclusions to define traffic that should not be filtered by WAF. Requests that are judged to be malicious are blocked or logged, depending on the settings you choose. Find out more about WAF in our detailed documentation.

How can I use WAF with a different type of Scaleway resource?Link to this anchor

For now, WAF is only compatible with Load Balancers and Object Storage. You must put other resources behind a Load Balancer in order to benefit from WAF. Watch this space for other solutions in the future.

Can I use WAF and caching simultaneously?Link to this anchor

Yes, you can have both of these features enabled at the same time on the same Load Balancer pipeline. WAF protects your Load Balancer origin only: it does not filter requests served by the cache.

What ruleset is used by WAF? Is it updated automatically?Link to this anchor

Scaleway Edge Services WAF uses the OWASP Core Rule Set (CRS). This is an industry standard, open source ruleset for WAF, which protects against multiple categories of attack such as SQL injection and cross-site scripting. Full details are available in the OWASP CRS documentation.

We handle the automatic updating of rules, removing this hassle from you the user.