How Traffic Inspection Works at the Edge

When a request passes through an edge security layer, it doesn't just get forwarded. It's inspected, scored, and acted on in milliseconds, before it reaches your origin.

The inspection pipeline

• TLS termination: the proxy decrypts the request so it can inspect the HTTP layer. Without terminating TLS, you can only see IP-level metadata.
• IP and ASN reputation check: the source IP is checked against threat intelligence feeds. Known bot networks and malicious ASNs trigger immediate action.
• WAF rule matching: the request URL, headers, and body are evaluated against a rule set for SQL injection, XSS, and other payload signatures.
• Rate limit evaluation: the client's request history over a rolling window is checked against per-endpoint limits.
• Behavioral scoring: session-level signals (request timing, header fingerprint, previous request patterns) feed a composite bot score.

Acting on inspection results

The action can be: allow (forward to origin), challenge (serve a JS or CAPTCHA challenge), block (return 403), or throttle (delay the response to add friction without a hard block). The decision is logged regardless, giving you a full record of what was seen and what happened.