Home About Me

A Free EdgeOne Setup That Adds Real Protection to Your Site

2026-06-18

Why I switched

A few days ago, I saw a site get taken down by a malicious attack. Around the same time, I noticed people discussing EdgeOne and mentioning that its free plan could be claimed permanently, so I spent an afternoon testing it and putting it in front of my own site.

The main goal was protection, not just speed. Basic CDN options can be acceptable for acceleration, but once you start adding CAPTCHA or challenge pages, the slowdown becomes much more noticeable. That was the main reason I looked elsewhere. In my case, this setup is also a practical stopgap while handling origin exposure separately.

In actual use, performance has been solid. More importantly, it adds a meaningful layer between visitors and the origin server. What follows is a step-by-step walkthrough based on that deployment process.

What you need before starting

Prepare these first:

  1. A device with internet access and a browser
  2. An email account that can receive verification codes
  3. A website you fully control, including DNS management
  4. A human operator

Claiming the free plan

Start by opening edgeone.ai/zh in your browser. This is not the mainland Tencent Cloud site. According to user feedback, selecting the global region on the domestic side can still lead to the same plan and service behavior, but the setup described here follows the overseas entry flow.

On the landing page:

  1. Click the blue scrolling banner button labeled Get Now.
  2. Click the button for logging in and running a speed test to win a free plan.
  3. If you do not have a Google account, register directly with an email address.

There is one detail here that matters: do not choose Hong Kong, China as your region during registration. That region requires phone verification. Choosing an overseas region only needs email verification. For server region, selecting the United States works fine and does not affect later use.

After that:

  1. Complete the human verification.
  2. Enter the email code.
  3. Check the first agreement box; the second is optional.
  4. Click Free Sign Up.

Once inside, choose Continue on mobile device if prompted. Desktop speed test numbers may look better, but the actual features are the same.

Then scroll down and click Test for free plan, and on the next section, click Test for free plan again.

The system will run a speed test and show nearby nodes. Mainland China nodes require ICP filing, and that filing in turn requires a mainland server. That is also part of why the service is often described as especially strong in Asia.

When the test finishes, social sharing buttons will appear. Click them directly. The page may not seem to change at first, but after going back one level, you should see a message saying:

Automatically adding Free Plan to your account...

If you click both sharing buttons in sequence, you can receive two permanent free plans. The benefits are the same, so the second one can be kept for another site or as a spare. Once the page shows You've received 2 free plans, click using the plan.

Adding a domain to the service

At this point the page should redirect automatically. Although the signup route comes from an overseas traffic funnel, the actual service runs on Tencent Cloud domain infrastructure.

From the plan list, pick either free plan and continue with the corresponding action button.

When adding your site:

  1. Enter the domain you want to connect.
  2. Do not include the protocol.
  3. Do not include www in this first input field.
  4. After the system confirms the domain can be added, click Start Access.

Depending on the region you selected, you may see compliance prompts. If you chose the United States, a Data Security Plan window appears. Select No for the second item, then confirm.

Next:

  1. Pick any available package.
  2. Scroll to the bottom.
  3. Agree to the terms.
  4. Click Next.

Verifying site ownership

You can use whichever ownership verification method you are most comfortable with, but file verification is the most straightforward.

The process is:

  1. Download the verification file.
  2. Open your server and go to the site root directory.
  3. Create a nested folder named .well-known if it does not already exist.
  4. Upload the verification file into that directory.

The leading dot in .well-known is required.

After that, enter the domain you want to accelerate or protect. Subdomains and different domain forms are supported, such as cdn.zooyoo.top, www.zooyoo.top, and @.zooyoo.top.

Before you submit this step, there is one critical rule:

Remove the existing direct-connect A record first. The domain may go offline briefly, but you should update DNS again after the CDN settings are in place.

This temporary interruption is expected. If you leave the old direct origin A record in place, verification may fail or later protection may not behave as intended.

Origin settings and DNS changes

For origin protocol, choose based on your site’s current configuration. If your site already forces HTTPS, selecting only HTTPS is the better option. That keeps the entire path encrypted and improves security.

For the origin address:

  • Prefer using the origin server IP
  • If your firewall rules are very strict, you can use a domain instead
  • In that case, configure request sourcing to match the corresponding hostname

Submit the verification. If it fails, the first thing to check is whether the previous direct DNS record was actually removed.

Once verification passes, go to your domain’s DNS control panel and add the CNAME record exactly as prompted. Then return to the setup page and continue.

At the same time, you can request the free HTTPS certificate. The platform issues it automatically, so there is no need to import anything manually.

Deployment usually finishes in about one minute. After that, you can inspect the origin connection status and the detected resource types. When the interface shows a green indicator, the setup is complete. Visit the domain in a browser, and if the site opens normally, the CDN is working.

Finding the management console again

After deployment, go back to the EdgeOne homepage and open the Console from the top navigation. Be careful not to confuse it with the domestic Tencent Cloud console, since their data is not shared.

In the console:

  1. Open Overview
  2. Find the domain in the list
  3. Click into its detail page

That is where the useful tuning starts.

Recommended acceleration settings

In the left sidebar, open Site Acceleration and enable the following items:

  • Ignore case, if your site paths are not case-sensitive
  • Intelligent compression globally
  • Force HTTPS
  • HTTP/2 under network optimization
  • IPv6 access
  • Client IP header: X-Forwarded-For
  • Client IP geolocation header
  • Network error logging

These settings help keep the origin less exposed, make firewall and verification rules work properly, and improve both efficiency and access security.

Recommended protection settings

Then go to Security Protection -> Web Protection and adjust the site-level protection policy like this:

  • Adaptive frequency control: Strict + Block
  • Anti-abuse / anti-brushing traffic: Block
  • AI crawler handling: Allow
  • Evaluation mode: Off
  • Rule set: Ultra strict + Block
  • Maximum request body inspection length: 10MB
  • Human verification page: enable only if needed

That last one deserves caution. Challenge pages can interfere with RSS, sitemap fetching, and indexing on some platforms. If your site depends on smooth crawler access, test carefully before leaving it on.

Notes after deployment

The overall experience is quite good. It offers both acceleration and meaningful protection, and the free plan is enough to make it worth deploying on smaller sites.

A few setup details may vary slightly depending on the interface version, but most option names have built-in help buttons, and those are useful if a term is unclear.

One thing matters more than anything after the CDN is in place: protect your origin IP carefully. If it leaks, attackers can bypass the CDN layer and hit the server directly.

There is also a nice extra: the service issues an SSL certificate by default, TrustAsia DV TLS RSA CA 2025, with a 90-day validity period and automatic renewal support. In practice, that makes the HTTPS side of the deployment much easier to maintain.

Related Posts