Architecture Overview

AtomicEdge provides distributed web application firewall protection through a network of edge endpoints positioned between your users and your origin server. This document explains the core architecture and request flow.

Request Flow

When a user accesses your protected site:

DNS resolution directs the request to AtomicEdge edge endpoints
The edge endpoint processes the request through configured WAF rules
Legitimate traffic is forwarded to your origin server
Malicious requests are blocked or rate-limited before reaching your infrastructure
Response data flows back through the edge to the user

Components

Edge Endpoints

Edge endpoints are distributed servers running high-performance reverse proxy software with integrated WAF capabilities. Each endpoint:

Terminates SSL/TLS connections
Evaluates requests against active WAF rulesets
Enforces rate limiting and access controls
Forwards legitimate traffic to your origin
Logs security events for analysis

WAF Engine

The WAF engine provides ModSecurity-compatible rule processing with support for:

OWASP Core Rule Set (CRS) for general web application protection
WordPress-specific attack signatures
Comodo rule set for additional coverage
Custom rule disabling for false positive management

Rules are evaluated in phases as the request is processed. Detection occurs before your application receives the request, providing defense-in-depth security.

Management Interface

The management interface allows you to:

Add and configure protected sites
Enable or disable rule groups
Configure response behaviors (block, rate limit, allow)
View security logs and traffic analytics
Manage access control lists

Configuration changes deploy to edge endpoints typically within 30-60 seconds.

DNS Configuration

AtomicEdge uses DNS to route traffic through edge endpoints. You configure DNS records to point your domain to provided edge endpoint addresses. The system supports:

A records for IPv4 endpoints
AAAA records for IPv6 endpoints
CNAME records for flexible routing

Your origin server backend IP is configured in the site settings, allowing the edge to forward legitimate traffic.

SSL/TLS Handling

AtomicEdge terminates SSL/TLS connections at the edge, then establishes a separate connection to your origin. This allows:

WAF inspection of encrypted traffic
Automatic SSL certificate provisioning
Centralized certificate management
Support for modern TLS versions

You can configure whether the edge-to-origin connection uses HTTP or HTTPS based on your infrastructure requirements.

Rule Processing

WAF rules are organized into groups:

Core rules apply to all HTTP traffic
Specialized rules target specific attack vectors
Custom disabled rules override group defaults

Each site can enable specific rule groups and disable individual rules that cause false positives for legitimate traffic patterns.

Logging and Monitoring

All requests generate access logs. Requests that trigger WAF rules generate additional security event logs containing:

Attack type and rule ID
Source IP and geographic location
Request URI and parameters
Timestamp and unique event ID

Logs are available through the management interface and can be exported for integration with external SIEM systems.

Scalability

The distributed architecture provides:

Geographic distribution for reduced latency
Automatic failover between endpoints
DDoS mitigation through distributed processing
No single point of failure

Traffic routes to the nearest healthy endpoint, with automatic failover if an endpoint becomes unavailable.

Backend Communication

Edge endpoints communicate with your origin server using the configured backend IP address. Ensure your firewall allows traffic from edge endpoint IPs to your origin server on the configured port (typically 80 or 443).

You can optionally configure IP whitelist restrictions on your origin server to only accept traffic from known edge endpoint addresses, providing an additional security layer.