All Products
Search
Document Center

Web Application Firewall:Purchase a subscription WAF 3.0 instance

Last Updated:Jan 08, 2024

To get started with Web Application Firewall (WAF) 3.0, you must purchase a WAF 3.0 instance. WAF 3.0 supports the subscription and pay-as-you-go billing methods. This topic describes how to purchase a subscription WAF 3.0 instance.

Purchase instructions

You can purchase a subscription WAF 3.0 instance of one of the following editions: Basic, Pro, Enterprise, and Ultimate. For information about the subscription WAF 3.0 instances of the preceding editions, see the following documentation:

Prerequisites

Your Alibaba Cloud account does not have a WAF instance. If your Alibaba Cloud account has a WAF 2.0 instance, you must release the WAF 2.0 instance before you purchase a WAF 3.0 instance. For information about how to release a WAF 2.0 instance, see Terminate the WAF service.

Note

You can use the self-service migration tool that is provided by Alibaba Cloud to migrate a WAF 2.0 instance to WAF 3.0. For more information, see Migrate a WAF 2.0 instance to WAF 3.0.

Procedure

  1. Go to the WAF 3.0 (Subscription) buy page.

  2. Set the Billing Method parameter to Subscription. Then, configure other parameters based on your business requirements. The following table describes the parameters.

  3. Purchase a WAF 3.0 Basic Edition instance

    If your services require only basic security protection, we recommend that you purchase a WAF 3.0 Basic Edition instance.

    Parameter

    Description

    Region

    Select the region where the WAF 3.0 instance is deployed. Valid values: Chinese Mainland and Outside Chinese Mainland.

    Edition

    Select the edition of the WAF 3.0 instance. Select Basic.

    Extra Domains

    Specify the additional quota of domain names that you want to purchase. If you purchase a WAF 3.0 Basic Edition instance, you can add three domain names to WAF free of charge. You can purchase an additional quota of 10 domain names.

    Subscription Duration

    Select the subscription duration of the instance and specify whether to enable Auto-renewal.

    Note

    If you want to test a WAF instance before you purchase the instance, contact your account manager to apply for a proof of concept (PoC) project and set the Subscription Duration parameter to 7-day Trial. Then, you are provided a seven-day free trial.

    Purchase a WAF 3.0 Pro Edition, Enterprise Edition, or Ultimate Edition instance

    • If you want to enable the Simple Log Service for WAF, classified protection, bot management, and API security features for your services, we recommend that you purchase a WAF 3.0 Pro, Enterprise, or Ultimate Edition instance.

    • If you want to configure custom protection policies, we recommend that you purchase a WAF 3.0 Enterprise or Ultimate Edition instance.

    • If you have specific security requirements, purchase an Ultimate Edition instance.

    Parameter

    Description

    Region

    Select the region where the WAF 3.0 instance is deployed. Valid values: Chinese Mainland and Outside Chinese Mainland.

    Edition

    Select the region where the WAF 3.0 instance resides. Select Pro, Enterprise, or Ultimate.

    Bot Management - Web Application Protection

    Specify whether to enable the web application protection feature of the bot management module.

    You can enable this feature to mitigate the security threats that occur due to bot traffic on web pages or HTML5 pages. For more information, see Create anti-crawler rules for websites.

    Bot Management - App Protection

    Specify whether to enable the app protection feature of the bot management module.

    If your business supports native apps and you have security requirements, such as requirements for trusted communications or bot prevention, we recommend that you enable this feature. For more information, see Create anti-crawler rules for apps.

    API Security

    Specify whether to enable the API security module. For more information, see API security.

    Extended QPS

    Specify the QPS value by which you want to increase the quota.

    If the peak traffic that you want to add to WAF 3.0 exceeds the default QPS quota, you can increase the QPS quota.

    Note

    Different WAF 3.0 editions have different default QPS quotas. For more information, see the description of the peak QPS of different WAF 3.0 editions in the Editions topic.

    Threshold of Burstable QPS (Pay-as-you-go)

    Specify the maximum QPS value that can be billed based on the pay-as-you-go billing method. For more information, see Burstable QPS (pay-as-you-go).

    If your peak service traffic exceeds the QPS quota that you purchased for your WAF instance, your WAF instance may be added to a sandbox. After you enable the burstable QPS (pay-as-you-go) feature, you are charged for excess QPS resources based on the pay-as-you-go billing method. The feature helps prevent your WAF instance from being added to a sandbox. After a WAF instance is added to a sandbox, the service-level agreement (SLA) is no longer guaranteed and service exceptions may occur. For more information, see The sandbox feature.

    Extra Domains

    Specify the additional quota of domain names that you want to purchase.

    If the number of domain names that you want to add to WAF 3.0 exceeds the default quota, you can purchase an additional quota.

    Note

    Different editions have different default quotas and limits for additional quotas. For more information, see the description of the number of domain names that are supported by different WAF 3.0 editions in the Editions topic.

    Exclusive IP Address

    Specify the number of exclusive IP addresses that you want to purchase. Exclusive IP addresses apply only to the domain names that are added to WAF in CNAME record mode.

    If you want to protect an important domain name, you can purchase an exclusive IP address for your WAF instance and assign the IP address to the domain name. For more information, see Enable an exclusive IP address.

    Additional Protection Nodes

    Specify the number of protection nodes for the hybrid cloud protection cluster. Pro Edition does not support this feature.

    If your web services are deployed on third-party clouds and data centers, you can add your web services to WAF in hybrid cloud mode. This way, you can manage and protect the web services in a centralized manner.

    Before you add your services to WAF 3.0 in hybrid cloud mode, you must deploy hybrid cloud clusters as WAF protection clusters. You must deploy at least two protection nodes for a hybrid cloud cluster. If the number of protection nodes that you want to deploy exceeds the default quota, you can purchase additional protection nodes. For more information, see Hybrid cloud mode.

    Intelligent Load Balancing

    Specify whether to enable the intelligent load balancing feature. The intelligent load balancing feature applies only to the domain names that are added to WAF in CNAME record mode.

    You can enable the intelligent load balancing feature to ensure high availability and minimize latency during automatic disaster recovery. For more information, see Intelligent load balancing.

    Log Service

    Specify whether to enable Simple Log Service for WAF.

    You can enable Simple Log Service for WAF to store, view, and analyze WAF logs in real time. For more information, see Overview of log management.

    Log Storage Capacity

    Specify the log storage capacity based on your business requirements. The minimum storage capacity is 3 TB. Unit: TB. If the log storage usage reaches the upper limit, WAF logs are no longer recorded. For more information, see Configure log settings and manage log storage capacity.

    Subscription Duration

    Select the subscription duration of the WAF 3.0 instance and specify whether to enable Auto-renewal.

    Note

    If you want to test a WAF instance before you purchase the instance, contact your account manager to apply for a PoC project and set the Subscription Duration parameter to 7-day Trial. Then, you are provided a seven-day free trial.

  4. Click Buy Now and complete the payment.

What to do next

After you purchase a WAF 3.0 instance, perform the following steps to use WAF 3.0 to protect your services:

  1. Add your services to WAF 3.0. For more information, see Website configuration overview.

  2. Configure protection policies for protected objects. For more information, see Protection configuration overview.

  3. View protection data. For more information, see View security reports.

References