Application Load Balancer (ALB) is available in three editions: Basic, Standard, and WAF-Enabled. Each edition builds on the previous one — Standard adds advanced routing, security, and traffic management on top of Basic, and WAF-Enabled adds integrated Web Application Firewall (WAF 3.0) protection on top of Standard.
The instance performance metrics of ALB are independent of the edition.
Upgraded ALB instances support traffic management through security groups or access control lists (ACLs), while instances before upgrade only support ACLs. To use security groups, create a new instance or contact your account manager to upgrade an existing instance.
Edition comparison
| Feature | Basic | Standard | WAF-Enabled |
|---|---|---|---|
| Listener protocols | |||
| QUIC | Supported | Supported | Supported |
| HTTP/2 | Supported | Supported | Supported |
| HTTP/3 | Supported | Supported | Supported |
| WebSocket | Supported | Supported | Supported |
| Forwarding rules — routing conditions | |||
| Host- or path-based routing | Supported | Supported | Supported |
| HTTP header-based routing | Supported | Supported | Supported |
| Query string-based routing | Not supported | Supported | Supported |
| Cookie-based routing | Not supported | Supported | Supported |
| HTTP method-based routing | Not supported | Supported | Supported |
| Source IP-based routing | Not supported | Supported | Supported |
| Response status code-based routing | Not supported | Supported | Supported |
| Response header-based routing | Not supported | Supported | Supported |
| Forwarding rules — actions | |||
| Forward to | Supported | Supported | Supported |
| Redirect | Supported | Supported | Supported |
| Rewrite or return fixed response | Not supported | Supported | Supported |
| Add or remove headers | Not supported | Supported | Supported |
| Traffic mirroring | Not supported | Supported | Supported |
| QPS throttling | Not supported | Supported | Supported |
| CORS | Not supported | Supported | Supported |
| AScript | Not supported | Supported | Supported |
| Server group types | |||
| Server, IP, and Function Compute types | Supported | Supported | Supported |
| Security | |||
| Access control allowlist/denylist | Supported | Supported | Supported |
| Security groups | Supported | Supported | Supported |
| TLS cipher suites | Supported | Supported | Supported |
| SNI multi-certificate support | Supported | Supported | Supported |
| RSA and ECC dual certificates | Supported | Supported | Supported |
| ECC certificates | Supported | Supported | Supported |
| TLS 1.3 | Supported | Supported | Supported |
| End-to-end HTTPS | Not supported | Supported | Supported |
| Mutual TLS (mTLS) | Not supported | Supported | Supported |
| Custom TLS security policy | Not supported | Supported | Supported |
| Web Application Firewall (WAF) | Not supported (can upgrade to WAF-Enabled) | Not supported (can upgrade to WAF-Enabled) | Supported |
| Monitoring and statistics | |||
| Access logs | Supported | Supported | Supported |
| Basic monitoring metrics | Supported | Supported | Supported |
| Tracing analysis | Not supported | Supported | Supported |
| Advanced features | |||
| Global Accelerator (GA) | Supported | Supported | Supported |
| Session persistence | Supported | Supported | Supported |
| Backend persistent connections | Supported | Supported | Supported |
| Instance cloning | Supported | Supported | Supported |
| Retrieve real client source IP | Not supported | Supported | Supported |
| Slow start | Not supported | Supported | Supported |
| Connection draining | Not supported | Supported | Supported |
| Disable cross-zone load balancing | Not supported | Supported | Supported |