How to use NamesLink SA
1. What is SA?
SA (Security Acceleration) is a one-stop security and acceleration service provided by NamesLink for domain users, fully integrated into the domain console.
Once SA is enabled, your website traffic is routed through SA edge nodes, which provide acceleration, protection, certificate management, and traffic analytics — helping you manage site performance and basic security more easily.
What value does SA provide?
- Faster access: Caches and distributes site resources through edge nodes, reducing origin server load and improving load speed.
- Safer sites: Provides WAF, rate limiting, and IP access control to help block malicious requests and high-risk access.
- Easier HTTPS: Supports automatic free certificate issuance as well as custom certificate uploads.
- Centralized management: Manage domains, DNS, certificates, security protection, caching, and traffic trends all in one place — the NamesLink console.
- Clear status visibility: View site status, binding status, and recent traffic data on the domain detail page and the SA panel.
2. How do I access SA?
There are currently two main entry points for SA:
| Entry Point | Path | Description |
|---|---|---|
| Console sidebar | Value-Added Products > Security & Acceleration | View and manage sites connected to SA |
| Domain detail page | Domain Details > Security & Acceleration card | View the current domain's SA status, binding status, and traffic data for the last 7 days |
If you don't see the "Value-Added Products" or "Security & Acceleration" entry, this capability may not yet be enabled for your account, domain, or site.
3. Site Onboarding and Status
3.1 Onboarding logic
Once a domain's NS records point to NamesLink, the system automatically creates an SA site for that domain. Users do not need to manually create a site — you only need to check the status and configure settings in the NamesLink console.
3.2 What is shown on the domain detail page?
In the "Security & Acceleration" card on the domain detail page, you can view:
- SA status: Whether the current site is properly connected to SA.
- Binding status: Whether the domain-to-SA-site binding is functioning normally.
- Traffic data for the last 7 days: Helps you quickly understand recent access activity.
3.3 Automatic pause and resume
If a site's DNS becomes invalid, SA will automatically pause the service for that site; once DNS is restored, SA will automatically resume.
Common situations that may cause SA to pause include:
- The domain's NS records no longer point to NamesLink.
- DNS resolution is abnormal or has failed.
- The domain status is abnormal.
- The platform detects an abnormal risk on the site.
3.4 Onboarding steps
To make WAF and acceleration take effect, complete the following steps:
-
Point the domain NS to NamesLink
- Set the domain's nameservers to
ns1.nameslink.comandns2.nameslink.com. - Wait for DNS propagation to complete.
- Set the domain's nameservers to
-
Configure DNS records
- Add an A record or CNAME record for the domain (or subdomain) in the NamesLink console.
- Point the record to your origin server or target host.
-
Enable the Proxy toggle
- In the DNS record settings, turn on the Proxy toggle.
- Once enabled, traffic will pass through SA edge nodes, and WAF and acceleration rules will take effect.
4. Security Protection Configuration
SA Free Plan provides basic security protection, mainly including WAF custom rules, rate limiting, IP access control, and AI-assisted rule generation.
4.1 WAF custom rules
WAF custom rules identify and handle abnormal access based on request characteristics. You can define match conditions using expressions and choose a corresponding action.
Supported actions include:
| Action | Description | Use Case |
|---|---|---|
| Block | Directly blocks the request when the rule is matched | Clearly malicious access, attack requests, abnormal path access |
| Log | Only records the match, without blocking the request | Verifying rule effectiveness before going live, to avoid impacting legitimate users |
| Challenge | Issues a challenge verification to the visitor | Suspicious requests, suspected bots, abnormally high-frequency access |
It is recommended to first use "Log" mode to verify rule matches, then adjust to "Block" or "Challenge" based on the results.
4.2 Rate limiting
Rate limiting controls the request frequency within a specified time window, and is useful for preventing abnormally high-frequency requests, API abuse, and some CC attacks.
Key aspects to focus on when configuring:
- Match scope: Limit the entire site, a specific path, or a specific endpoint.
- Time window: The time range over which request frequency is measured.
- Request threshold: The number of requests that triggers the limit.
- Action: The response taken once triggered — block, challenge, or other restriction.
Configuration recommendations:
- Set stricter rate limits for endpoints such as login, search, and form submission.
- Configure carefully for high-traffic paths such as static resources and public pages, to avoid affecting normal access.
4.3 IP access control
IP access control manages access policies at the IP level, supporting:
- A single IP.
- An IP range.
- A list of multiple IPs.
Common use cases:
- Blocking IPs that are persistently attacking or scanning.
- Allowing internal office, monitoring, or partner IPs.
- Issuing a challenge for suspicious access sources.
When configuring IP rules, please make sure the IP range is accurate to avoid blocking legitimate users.
4.4 AI-assisted rule expression generation
SA supports AI-assisted generation of rule expressions. You can describe the protection scenario you want in natural language, and the system will help generate the corresponding rule expression.
Suitable scenarios:
- You are not familiar with rule expression syntax.
- You want to quickly create a rule to protect admin/backend paths.
- You want to block specific User-Agents, paths, or request characteristics.
For AI-generated rules, it is recommended to review them and verify using "Log" mode before applying them for blocking.
5. HTTPS and Certificate Configuration
SA supports automatic free certificate issuance, custom certificate upload, a Force HTTPS toggle, and wildcard certificates.
5.1 Automatic free certificate issuance
Once SA is enabled, you can apply for a free HTTPS certificate for your connected domain. After the certificate is successfully issued, your site can be accessed via HTTPS.
Suitable for users who:
- Have not purchased a commercial certificate.
- Want to quickly enable HTTPS for their website.
- Want to reduce the cost of applying for and maintaining certificates.
5.2 Custom certificate upload
If you already have your own certificate, you can upload a custom certificate for use.
When uploading, you will need to prepare:
- The certificate file.
- The private key file.
- Certificate content that matches your domain.
Please keep your certificate's private key secure and do not share it with unauthorized personnel.
5.3 Force HTTPS
When Force HTTPS is enabled, visitors accessing the HTTP address will be redirected to the HTTPS address.
Suitable scenarios:
- You want to enforce HTTPS across your entire site.
- You want to avoid browsers showing a "Not Secure" warning when users access via HTTP.
- You want to improve site security and user trust.
Before enabling this, please confirm that an HTTPS certificate has already been configured successfully, otherwise access may be affected.
5.4 Wildcard certificates
SA supports wildcard certificates. A wildcard certificate can cover multiple subdomains under the same primary domain, for example *.example.com.
Suitable scenarios:
- You have multiple subdomains that need HTTPS enabled uniformly.
- You want to reduce the effort of configuring certificates separately for each subdomain.
6. Acceleration and Cache Configuration
SA helps optimize access speed and reduce origin server load through cache rules, cache purging, and cache prefetching.
6.1 Cache rules
Cache rules control which resources can be cached, how they are cached, and for how long.
Cache rules support:
- Creation.
- Reordering.
- Editing.
- Deletion.
Common configuration approaches:
| Resource Type | Recommended Strategy |
|---|---|
| Static resources such as images, CSS, JS | Set a longer cache duration to improve loading speed |
| HTML pages | Set a shorter or medium cache duration based on update frequency |
| Dynamic pages such as login, checkout, user center | Cache cautiously or not at all, to avoid displaying incorrect content |
| API endpoints | Decide whether to cache based on business needs, avoid caching real-time data |
6.2 Cache rule ordering
When multiple cache rules could match the same request, the rule order affects which one takes effect. General recommendations:
- Place more specific rules earlier.
- Place more general rules later.
- After modifying rules, observe access behavior to confirm there is no incorrect caching.
6.3 Cache purging
When origin content has been updated but users still see old content, you can use cache purging.
Supported purge methods:
| Purge Method | Description | Use Case |
|---|---|---|
| URL purge | Purges a specific URL | Update to a single page or resource |
| File purge | Purges a specific file | Update to images, scripts, or style files |
| Directory purge | Purges resources under a specific directory | Bulk updates to pages or resources |
| Purge all | Clears the entire site cache | Major releases, site redesigns, urgent fixes |
Purging all cache has a broad impact, so please use it carefully.
6.4 Cache prefetching
Cache prefetching allows you to preload resources at specified URLs onto edge nodes in advance, so that visitors get faster cache hits.
Suitable scenarios:
- Prefetching key resources before a new page goes live.
- Prefetching landing pages, images, and scripts before a campaign starts.
- Preparing hot resources in advance after a major release.
7. Traffic Analytics
The SA panel Dashboard displays site traffic trends and supports viewing the following metrics:
- Number of requests.
- Traffic volume.
- Page views.
This data can help you understand changes in site access, for example:
- Whether recent traffic is growing.
- Whether there are abnormal traffic spikes.
- Whether access trends have changed after configuring cache or security rules.
If you notice an abnormal increase in requests or traffic over a short period, we recommend checking for possible attacks, crawlers, campaign traffic, or origin server issues.
8. Free Plan Limitations
SA Free Plan currently has the following usage limits:
| Limit Item | Description |
|---|---|
| WAF custom rules | Maximum 3 per site |
| WAF rate limiting rules | Maximum 1 per site |
| WAF IP allowlist rules | Maximum 1 per site |
| WAF IP access rules | Maximum 5 per site |
| Free HTTPS certificates | Maximum 2 per site |
| Custom HTTPS certificates | Maximum 1 per site |
| Cache rules | Maximum 3 per site |
| Monthly traffic quota | 50 GB, with a warning triggered at 80% usage |
| Site deletion | No site deletion option is currently available in the console |
| Menu entry | The "Value-Added Products" menu and the domain detail card are controlled by a feature toggle |
9. Frequently Asked Questions
9.1 Why wasn't an SA site automatically created for my domain?
Please check whether your domain's NS records point to NamesLink. An SA site is only automatically created once the NS records point to NamesLink.
9.2 What does it mean when SA shows as "Paused"?
A paused SA status generally means the site cannot currently use SA services normally. Common causes include DNS failure, NS records being switched away, an abnormal domain status, or the platform detecting an abnormal risk. SA will automatically resume once DNS is restored.
9.3 What should I do if legitimate users are affected after configuring a WAF rule?
We recommend first switching the rule action to "Log" to review the matches. If you confirm it is a false positive, you can relax the match conditions, adjust the rule order, or delete the rule.
9.4 What should I do if my site becomes inaccessible after enabling Force HTTPS?
Please check whether an HTTPS certificate has been successfully applied for or uploaded. If the certificate is not yet active, enforcing HTTPS may affect access.
9.5 The origin content has been updated, but users still see the old content — what should I do?
You can use the cache purge feature. For a single resource update, use URL or file purge; for larger-scale updates, use directory purge or purge all.
9.6 Why can't I see the "Value-Added Products > Security & Acceleration" entry?
This entry is controlled by a feature toggle. If SA has not yet been enabled for your account or domain, the entry may not be visible yet.
9.7 Can SA replace security configuration on my origin server?
No. SA provides basic security protection at the edge, but you still need to maintain the security of your origin server, applications, account permissions, database, and business systems.
10. Usage Recommendations
- Observe before blocking: When creating new security rules, it's recommended to first use Log mode to verify effectiveness and reduce the risk of false positives.
- Be cautious caching dynamic content: Content such as logged-in pages, user centers, checkout pages, and real-time endpoints should not be cached casually.
- Regularly review traffic trends: If requests or traffic suddenly spike, check promptly for possible attacks or abnormal crawler activity.
- Verify after certificate changes: After uploading or switching certificates, verify by accessing the HTTPS page in a browser to confirm it works correctly.
- Keep NS pointed to NamesLink: If NS records are switched away, the SA service may pause.
This document corresponds to the NamesLink SA Free Plan user help center.