--- title: "Acquia Edge Standard - April 2026" date: "2026-04-30T12:37:24+00:00" summary: image: type: "announcement" url: "/acquia-cloud-platform/add-ons/edge-standard/announcement/2026-04-30/97416-acquia-edge-standard-april-2026" id: "f7475720-5800-4a3c-b776-a8035c78db71" --- **Intended audience**: This release is designed for security engineers, DevOps teams, and digital platform owners who manage web application security and performance of their Acquia Hosted Drupal Applications. . =================================================================================================================================================================================================================== This release delivers several enhancements and new features to Acquia Edge Standard. These updates are designed to provide our customers with greater control over their traffic, deeper visibility into security threats, and improved management for their Edge Standard WAF & CDN. Introducing Acquia Managed WAF Rulesets --------------------------------------- Release category: Web Application Firewall (WAF) Protection ### What is new with Acquia Managed Rulesets * Improved threat coverage: Use Acquia‑curated managed rulesets built on vendor best practices to protect against common web exploits, bots, and application‑layer threats. * Profile‑based protection: Apply rulesets that add protections by traffic profile (for example, CMS frameworks or login flows) to align protection levels with specific application surfaces. * Integrated Edge experience: Configure and monitor WAF rulesets directly in the Edge Standard console as part of the Security Metrics dashboard. ### Key benefits of Acquia Managed Rulesets * Proactive defense: Improve your security posture with curated protection that responds to threat patterns without requiring constant manual tuning, designed for Drupal sites. * Operational efficiency: Centrally manage rules across domains from a single console instead of maintaining fragmented rule configurations. Introducing Adjustable Rate Limiting ------------------------------------ Release category: Threat Mitigation & Traffic Control ### What is new with Adjustable Rate Limiting * Flexible thresholds: Define rate‑limit policies per path or domain to control abusive traffic patterns. * Global and domain‑level rules: Apply rate limits across your Edge footprint or scope them down to specific domains and routes. * Visibility into blocked traffic: View rate‑limited events and their impact through the Security Metrics dashboard. ### Key benefits of Adjustable Rate Limiting * Protection against DoS‑style behavior: Protect origin infrastructure from abusive clients, bots, or scripts by limiting bursty or sustained traffic. * Improved resilience: Offload malicious or noisy traffic at the edge before it reaches your applications. * incident response: Use detailed metrics to spot and adjust misconfigured limits without waiting for user‑reported issues. Introducing the Security Metrics Dashboard (GA Enhancements) ------------------------------------------------------------ Release category: Security Analytics & Observability ### What is new with Security Metrics Dashboard * Threats mitigated overview: Visualize how many threats are being blocked or challenged across your domains, with trends over time. * Rule‑level insight: Attribute blocked traffic to specific rules, rulesets, or security actions to understand which controls are driving protection. * Threat discovery & anomaly detection: Identify anomalous spikes in allowed or blocked traffic, with the ability to drill into source IPs, geos, and user agents. * Performance correlation: Filter and compare CDN performance metrics (requests, bandwidth) by security disposition such as blocked vs allowed traffic. ### Key benefits of Security Metrics Dashboard * Faster investigations: Narrow investigations to the most relevant rules, domains, or traffic segments when anomalies appear. * Better tuning decisions: Use historical data to safely move rules from alert‑only to blocking modes. * Shared visibility: Provide a common view for security, DevOps, and business stakeholders into how Edge is protecting your sites. Introducing Role‑Based Access for Edge Standard ----------------------------------------------- Release category: Governance & Access Management ### What is new with RBAC * Role‑based permissions: Assign predefined roles for Edge Standard, Viewer, Cache Manager, and Admin to control who can view, modify, or deploy configuration. * Least‑privilege access: Limit sensitive actions such as WAF rule changes and rate‑limit updates to a smaller set of users. * Improved governance: Align Edge roles with your broader organizational access policies and identity provider configuration. ### Key benefits of RBAC * Reduced risk of misconfiguration: Prevent accidental or unauthorized changes to critical Edge settings by separating view and edit responsibilities. * Operational clarity: Provide domain experts (for example, performance teams) with the access they need without granting full administrative control. Introducing IP Allow Listing (Trusted IPs) ------------------------------------------ Release category: Access Control ### What is new with IP Allow Listing * Trusted IP configuration: Define IP addresses and ranges that should always be allowed, even when other protections are in place. * Flexible scoping: Apply allow lists at the domain or rule level to meet complex enterprise networking requirements. * UI‑driven management: Configure and maintain IP access rules directly from the Edge Standard console. ### Key benefits of IP Allow Listing * Uninterrupted access for trusted users: Ensure internal teams, monitoring systems, or partners are not blocked by security policies. * Safer rule hardening: Tighten WAF and rate‑limit rules while preserving access for known, trusted traffic. * Improved operational workflows: Reduce tickets related to internal tool or VPN traffic being blocked at the edge.