Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 25 additions & 22 deletions pages/edge-services/concepts.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,24 @@ description: Understand Scaleway Edge Services terminology with our glossary of
tags: edge-services edge services pipeline custom-domain cache
dates:
creation: 2024-07-24
validation: 2025-09-22
validation: 2026-06-09
---
import image from './assets/scaleway-edge-services-pipeline.webp'

## Backend

A backend (formerly referred to as [origin](#origin)) is the primary source from which a Scaleway Edge Services pipeline retrieves and caches data. An Edge Services backend can consist of either:

- An [Object Storage bucket](/object-storage/how-to/create-a-bucket/), or
- A [Load Balancer](/load-balancer/how-to/create-load-balancer/) and frontend port that Edge Services connects to in order to request content, and (optionally) a specified [host](#destination-host) associated with the Load Balancer, used in the HTTP request `Host` header.

<Message type="note">
An Edge Services backend is different from a [Load Balancer backend](/load-balancer/reference-content/configuring-backends/), which is a backend server receiving requests forwarded by a [Load Balancer frontend](/load-balancer/reference-content/configuring-frontends/).
</Message>

## Cache

The storage location where Edge Services stores copies of content that it has retrieved from a given origin. When users request content from the Edge Services endpoint, it serves content directly from the cache wherever possible, in accordance with the caching rules defined by the user. This reduces load on the origin bucket or Load Balancer/backend servers.
The storage location where Edge Services stores copies of content that it has retrieved from a given backend. When users request content from the Edge Services endpoint, it serves content directly from the cache wherever possible, in accordance with the caching rules defined by the user. This reduces load on the bucket or Load Balancer/backend servers.

Note that if an object has a caching directive, the caching directive always takes precedence over any lifetime setting defined in Edge Services.

Expand All @@ -28,55 +38,48 @@ Refer to [CNAME records for Edge Services](/edge-services/reference-content/cnam
## Edge Services

Edge Services is an additional feature for Scaleway Load Balancers and Object Storage buckets. It provides:
- A [caching service](/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [origin](#origin)
- A [Web Application Firewall](/edge-services/how-to/configure-waf/) to protect your origin from threats and malicious activity
- A [caching service](/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [backend](#backend)
- A [Web Application Firewall](/edge-services/how-to/configure-waf/) to protect your backend from threats and malicious activity
- A customizable and secure [endpoint](#endpoint) for accessing content via Edge Services, which can be set to a subdomain of your choice.

Read the [Edge Services Quickstart](/edge-services/quickstart/) to get started.

## Endpoint

The endpoint from which a given Edge Services pipeline can be accessed, e.g. `https://pipeline-id.svc.edge.scw.cloud`. When a client requests content from the Edge Services endpoint, it is served by Edge Services and its cache, rather than from the origin (Object Storage bucket or Load Balancer backend servers) directly. Edge Services automatically manages redirection from HTTP to HTTPS.
The endpoint from which a given Edge Services pipeline can be accessed, e.g. `https://pipeline-id.svc.edge.scw.cloud`. When a client requests content from the Edge Services endpoint, it is served by Edge Services and its cache, rather than from the backend (Object Storage bucket or Load Balancer) directly. Edge Services automatically manages redirection from HTTP to HTTPS.

The endpoint can be customized with a user-defined subdomain, allowing you to replace the standardized endpoint with the subdomain of a domain you already own, e.g. `http://my-own-domain.com`. An associated [certificate](#certificate), and [CNAME record](#cname-record) will be required, in this case.

## Exclusions

In the context of an Edge Services [Web Application Firewall](#web-application-firewall), exclusions let you define filters for requests that should not be evaluated by WAF, but rather pass straight to the Load Balancer origin. Learn more about [creating exclusions](/edge-services/how-to/configure-waf/#how-to-set-exclusions).
In the context of an Edge Services [Web Application Firewall](#waf), exclusions let you define filters for requests that should not be evaluated by WAF, but rather pass straight to the backend. Learn more about [creating exclusions](/edge-services/how-to/configure-waf/#how-to-set-exclusions).

## Origin

The primary source from which a Scaleway Edge Services pipeline retrieves and caches data. An origin can consist of either:

- An [Object Storage bucket](/object-storage/how-to/create-a-bucket/), or
- A [Load Balancer](#origin-load-balancer) and frontend port that Edge Services connects to the request content, and (optionally) a specified [host](#origin-host) associated with the Load Balancer, used in the HTTP request Host Header.

## Origin host

In the case of a Load Balancer origin, the specific host for which Edge Services requests and caches data. This is an optional setting: when specified, this host (e.g. `mydomain.com`) is used in the HTTP Host Header when Edge Services requests data from the Load Balancer. If no origin host is specified, the `Host` from the incoming request will be used.
Previously, the term origin was used to describe a Load Balancer or Object Storage bucket that was the target of an Edge Services pipeline. Moving forward, for enhanced clarity, we will use the term [backend](#backend) rather than origin.

The origin host must be associated with the origin Load Balancer / its backend servers, and only one host may be set per pipeline. If your Load Balancer is in front of multiple hosts, you can create a separate Edge Services pipeline for each. Each host will therefore get its own Edge Services endpoint and cache.
## Destination host

## Origin Load Balancer
In the case of a Load Balancer as an Edge Services backend, the specific host for which Edge Services requests and caches data. This is an optional setting: when specified, this host (e.g. `mydomain.com`) is used in the HTTP `Host` header when Edge Services requests data from the Load Balancer. If no destination host is specified, the `Host` from the incoming request will be used.

The Load Balancer defined by the user as origin for a given Edge Services pipeline. The pipeline connects to this Load Balancer, on the specified frontend port to request content.
The destination host must be associated with the Load Balancer / its backend servers, and only one host may be set per pipeline. If your Load Balancer is in front of multiple hosts, you can create a separate Edge Services pipeline for each. Each host will therefore get its own Edge Services endpoint and cache.

## Paranoia level

In the context of an Edge Services [Web Application Firewall](#waf), the paranoia level determines how sensitive the request-evaluation mechanism is to potential threats. Four paranoia levels are available, with level 1 being the least sensitive, and level 4 being the most sensitive. The higher the paranoia level, the more likely it is that a given request will be judged to be malicious. For full details on paranoia levels, see our [detailed documentation](/edge-services/reference-content/understanding-waf/#waf-ruleset-and-paranoia-levels).

## Pipeline

<Lightbox image={image} alt="A diagram shows the elements and workflow of an Edge Services pipeline. The user connects to the customizable Edge Services endpoint (with its SSL/TLS certificate), which fetches content from the Edge Services cache, which itself fetches content to cache from an origin which is either an Object Storage bucket or Load Balancer. A Web Application Firewall sits between the cache and origin, protecting the origin from threats." />
<Lightbox image={image} alt="A diagram shows the elements and workflow of an Edge Services pipeline. The user connects to the customizable Edge Services endpoint (with its SSL/TLS certificate), which fetches content from the Edge Services cache, which itself fetches content to cache from a backend which is either an Object Storage bucket or Load Balancer. A Web Application Firewall sits between the cache and backend, protecting the backend from threats." />

An Edge Services pipeline consists of an [origin](#origin), which Edge Services can protect from threats with a [Web Application Firewall](#web-application-firewall), and for which it also requests and [caches](#cache) content. Each pipeline also has an [endpoint](#endpoint) from which content is accessed and served via Edge Services. The pipeline's endpoint can be customized with a user-defined [subdomain](/domains-and-dns/concepts/#subdomain) and associated [certificate](#certificate) so that Edge Services can serve content over HTTPS.
An Edge Services pipeline consists of a [backend](#backend), which Edge Services can protect from threats with a [Web Application Firewall](#waf), and for which it also requests and [caches](#cache) content. Each pipeline also has an [endpoint](#endpoint) from which content is accessed and served via Edge Services. The pipeline's endpoint can be customized with a user-defined [subdomain](/domains-and-dns/concepts/#subdomain) and associated [certificate](#certificate) so that Edge Services can serve content over HTTPS.

You can create an Edge Services pipeline for each of your Object Storage buckets or Load Balancer origins. Note that caching and WAF can be enabled and disabled at will, so are optional parts of the pipeline, as is the customization of the endpoint. WAF is only available for Load Balancer origins, not Object Storage buckets.
You can create an Edge Services pipeline for each of your Object Storage buckets or Load Balancers. Note that caching and WAF can be enabled and disabled at will, so are optional parts of the pipeline, as is the customization of the endpoint.

## Protocol

The protocol (HTTP or HTTPS) that the Edge Services pipeline should use when sending requests to an origin Load Balancer. HTTPS is recommended, but you should choose the protocol that corresponds with your Load Balancer setup.
The protocol (HTTP or HTTPS) that the Edge Services pipeline should use when sending requests to a backend. HTTPS is recommended, but you should choose the protocol that corresponds to your Load Balancer setup.

## WAF

An Edge Services **W**eb **A**pplication **F**irewall (WAF) evaluates requests to your origin to determine whether they are potentially malicious. You can set the [paranoia level](#paranoia-level) to be used when evaluating requests. Requests that are judged to be malicious are then blocked or logged, depending on the settings you choose. Find out more about [configuring a WAF](/edge-services/how-to/configure-waf/).
An Edge Services **W**eb **A**pplication **F**irewall (WAF) evaluates requests to your backend to determine whether they are potentially malicious. You can set the [paranoia level](#paranoia-level) to be used when evaluating requests. Requests identified as malicious are then blocked or logged depending on your settings. Find out more about [configuring a WAF](/edge-services/how-to/configure-waf/).
18 changes: 7 additions & 11 deletions pages/edge-services/faq.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
title: Edge Services FAQ
description: Get answers to the most frequently asked questions about Scaleway Edge Services. Learn about compatible products, billing, key features, and more.
dates:
validation: 2025-09-22
validation: 2026-06-09
productIcon: EdgeServicesProductIcon
---
import image from './assets/scaleway-edge-services-pipeline.webp'
Expand All @@ -12,17 +12,17 @@ import image from './assets/scaleway-edge-services-pipeline.webp'

### What is Edge Services?

Edge Services is a feature for Scaleway Load Balancers and Object Storage buckets. Creating Edge Services [pipelines](/edge-services/concepts/#pipeline) towards your Load Balancers or Object Storage buckets provides:
Edge Services is a comprehensive solution for exposing HTTP services to the internet with built-in security, reliability, and performance. Creating Edge Services [pipelines](/edge-services/concepts/#pipeline) toward your Scaleway resources provides:

- A [caching service](/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [origin](/edge-services/concepts/#origin), and
- A [Web Application Firewall](/edge-services/how-to/configure-waf/) to protect your origin from threats and malicious activity, and
- A [caching service](/edge-services/how-to/configure-cache/) to improve performance by reducing load on your [backend](/edge-services/concepts/#backend), and
- A [Web Application Firewall](/edge-services/how-to/configure-waf/) to protect your backend from threats and malicious activity, and
- A customizable and secure endpoint for accessing content via Edge Services, which can be set to a subdomain of your choice and secured with an SSL/TLS certificate.

<Lightbox image={image} alt="A diagram shows the elements and workflow of an Edge Services pipeline. The user connects to the customizable Edge Services endpoint (with its SSL/TLS certificate), which fetches content from the Edge Services cache, which itself fetches content to cache from an origin which is either an Object Storage bucket or Load Balancer. A Web Application Firewall sits between the cache and origin, protecting the origin from threats." />
<Lightbox image={image} alt="A diagram shows the elements and workflow of an Edge Services pipeline. The user connects to the customizable Edge Services endpoint (with its SSL/TLS certificate), which fetches content from the Edge Services cache, which itself fetches content to cache from a backend. A Web Application Firewall sits between the cache and backend, protecting the backend from threats." />

### What is WAF?

**W**eb **A**pplication **F**irewall is a feature available via Edge Services. When enabled, WAF filters requests to your origin to determine whether they are potentially malicious. You can choose the [paranoia level](/edge-services/concepts/#paranoia-level) to be used when evaluating requests, and set [exclusions](/edge-services/concepts/#exclusions) to define traffic that should not be filtered by WAF. Requests that are judged to be malicious are blocked or logged, depending on the settings you choose. Find out more about WAF in our [detailed documentation](/edge-services/reference-content/understanding-waf/).
**W**eb **A**pplication **F**irewall is a feature available via Edge Services. When enabled, WAF filters requests to your backend to determine whether they are potentially malicious. You can choose the [paranoia level](/edge-services/concepts/#paranoia-level) used when evaluating requests, and set [exclusions](/edge-services/concepts/#exclusions) to define traffic that should not be filtered by WAF. Requests identified as malicious are blocked or logged depending on your settings. Find out more about WAF in our [detailed documentation](/edge-services/reference-content/understanding-waf/).

## Pricing and billing

Expand All @@ -42,10 +42,6 @@ Edge Services is currently available for Scaleway [Object Storage buckets](/obje

For now, WAF is only compatible with Load Balancers and Object Storage. You must put other resources behind a Load Balancer in order to benefit from WAF. Watch this space for other solutions in the future.

<Message type="note">
WAF can be configured via the console for Load Balancer pipelines only. To configure WAF for an Object Storage bucket pipeline, use the [API](https://www.scaleway.com/en/developers/api/edge-services/).
</Message>

## Specifications

### If I customize my Edge Services endpoint with my own domain, can it serve content over HTTPS?
Expand All @@ -54,7 +50,7 @@ Yes, if you choose to [customize your Edge Services endpoint with your own subdo

### Can I use WAF and caching simultaneously?

Yes, you can have both of these features enabled at the same time on the same Load Balancer pipeline. WAF protects your Load Balancer origin only: it does not filter requests served by the cache.
Yes, you can have both of these features enabled at the same time on the same pipeline. WAF protects your backend only: it does not filter requests served by the cache.

### What ruleset is used by WAF? Is it updated automatically?

Expand Down
Loading
Loading