# Security Edge Inline Overview <a href="https://docs.wallarm.com/about-wallarm/subscription-plans.md#security-edge-paid-plan"><img src="../../../../images/security-edge-tag.svg" style="border: none;"></a>

The [**Security Edge**](https://docs.wallarm.com/installation/security-edge/overview.md) platform provides a managed service for deploying Wallarm Nodes across geographically distributed locations within a Wallarm-hosted environment. One of its key deployment options is **inline** deployment, offering real-time, robust protection for your entire API landscape without the need for any onsite installation.

![!](https://docs.wallarm.com/images/waf-installation/security-edge/inline/traffic-flow.png)

## Use cases

This is an ideal solution for securing APIs when:

* You are looking for a fully managed security solution with minimal operational complexity.
* You can route traffic via DNS to Wallarm.

## How it works

With Security Edge Inline, your API traffic is routed through Wallarm's globally distributed Points of Presence (PoPs), where Wallarm Nodes are deployed, hosted, and managed by Wallarm.

* DNS-based traffic redirection: you configure your DNS to point your API domains to Wallarm Edge Node.
* PoP selection and routing: requests are directed to the nearest available PoP based on latency or your selected region(s).
* Real-time inspection and filtering: the inline Node analyzes incoming requests and blocks malicious ones before forwarding legitimate traffic to your origin servers.
* Multi-cloud and multi-region: you can deploy inline Nodes across different cloud regions for high availability and geo-redundancy.
* Automatic scaling and updates: Wallarm handles Node scaling, updates, and maintenance - no action required on your side.
* [Custom block pages](https://docs.wallarm.com/installation/security-edge/inline/custom-block-page.md): when a request is blocked, the Node returns an HTTP 403 response along with a block page. You can use the default NGINX page, the Wallarm-branded page, or upload a custom HTML block page.
* [Access control lists (ACL)](https://docs.wallarm.com/installation/security-edge/inline/access-control-lists.md): define which IP addresses can access specific hosts and locations of your APIs preventing unauthorized activity and potential attacks.
* [Cache rules](https://docs.wallarm.com/installation/security-edge/inline/cache-rules.md): define how responses from specific hosts and locations are stored and reused to reduce backend load and improve performance.
* Improved detection of bots, scanners, and brute‑force attempts with [JA4 fingerprinting](https://github.com/FoxIO-LLC/ja4), enabled by default: this feature uses TLS-based fingerprints that are difficult to spoof even if attackers change IPs, `User-Agent` headers, or other request attributes.

    !!! info "Version requirement"
        JA4 fingerprinting is available in Node version 6.7.4-1 and later.

## Limitations

* Only domains shorter than 64 characters are supported.
* Only HTTPS traffic is supported; HTTP is not allowed.
* [Custom blocking code](https://docs.wallarm.com/admin-en/configuration-guides/configure-block-page-and-code.md) configuration is not yet supported.

## Deployment

To deploy Security Edge Inline, follow the [step-by-step instructions](https://docs.wallarm.com/installation/security-edge/inline/deployment.md).