Frequently Asked Questions

• What is Atomic Edge and how does it protect my website?

  Cloud-based WAF protection between visitors and your origin

  Atomic Edge is a cloud-based Web Application Firewall (WAF) that sits between your website visitors and your web server. It inspects incoming traffic and blocks malicious requests before they reach your site. It’s designed to be straightforward to set up (no nameserver change required) and works well for WordPress and other modern stacks.

• What types of attacks does Atomic Edge block?

  Coverage for common web exploits and OWASP-aligned threats

  Atomic Edge protects against common attacks including SQL injection, cross-site scripting (XSS), remote file inclusion, command injection, and brute-force attempts. It uses the OWASP Core Rule Set and includes specialized rulesets for WordPress sites.

• Do I need to change my nameservers to use Atomic Edge?

  No—setup is designed to be DNS-record based

  Atomic Edge does not require a nameserver change. Setup is as easy as changing your domain’s A record.

• How do I configure DNS to use Atomic Edge?

  Point A/AAAA records to the provided endpoint addresses

  After creating your site, Atomic Edge provides endpoint addresses. Update your DNS records with your DNS provider:

  • A record → Atomic Edge IPv4

  • AAAA record → Atomic Edge IPv6 (if provided)

  DNS propagation is typically 5–60 minutes.

• What's the difference between the Free, Advanced, and Enterprise plans?

  Plan tiers vary by limits, rule coverage, and support

  Atomic Edge positions three plans with differences across:

  • Number of sites (Free up to 100; Advanced/Enterprise unlimited)

  • Rulesets (Free: OWASP Core only; Advanced/Enterprise: all rulesets)

  • Page protection rules (Free 5 max; Advanced 30 max; Enterprise unlimited)

  • Rate limiting capacity (Free/Advanced up to 10,000 RPM; Enterprise unlimited)

  • Priority support (Enterprise)

• How does rate limiting work, and how should I configure it?

  Request-per-minute controls per IP and URI pattern

  Rate limiting caps how many HTTP requests a single IP can make to specific URI patterns. When exceeded, the user receives an HTTP 429 response. It’s configured as a Page Protection Rule in the Access Control tab (choose Rate Limiting, set a URI pattern, and set Requests Per Minute). Suggested starting points include 60–120 RPM for normal pages, 30–60 RPM for API endpoints, and 10–30 RPM for login pages.

• Can I block AI bots from scraping my content?

  Built-in AI bot protection with selectable providers

  Atomic Edge includes AI Bot Protection and lists support for blocking major AI crawlers (including OpenAI, Anthropic, Google AI’s Google-Extended, DeepSeek, GitHub Copilot, and Perplexity). Enable it in the Bot Protection tab by toggling Bot Blocking, selecting providers, and choosing a response code (403, 404, or 451). It also states this does not affect legitimate search engines like Google Search or Bing.

• How do I protect specific pages like my admin area or login page?

  Page Protection Rules for IP restrictions, CAPTCHA, and rate limiting

  Use Page Protection Rules in the Access Control tab to apply controls to specific URIs. Examples given include:

  • IP restriction for /admin/* (including a “stealth mode” 404 response)

  • CAPTCHA challenge for /wp-login.php

  • Rate limiting for /api/*

• How long does it take for changes to take effect?

  Most settings deploy quickly, while DNS depends on propagation

  Most configuration changes take effect within seconds after saving and are deployed to distributed endpoints. Exceptions called out include DNS propagation (typically 5–60 minutes), bot IP lists updated daily, and WAF rulesets maintained automatically.

• What makes Atomic Edge different from a typical WAF?

  Granular controls, rapid updates, and developer-friendly integration

  Atomic Edge highlights differentiators including IP restriction by URI path, smart rate limiting by route and HTTP method, built-in DDoS mitigation, custom page rules management through a UI or programmable interface, and real-time global security rule updates. It also emphasizes seamless integration with modern stacks, CI/CD pipelines, and APIs.