If you are using subscription-based Web Application Firewall (WAF) instances, you can choose from the following editions based on your needs. WAF offers the Pro, Business, Enterprise, and Exclusive editions. These editions only supports the subscription billing method. Different WAF editions support different business scales and provide different protection features. Features provided by each edition may vary depending on the region (Mainland China or International) where the WAF instance is deployed.
Editions and applicable website scales
The following table lists the website scales supported by each edition. We recommend that you choose the Business or Enterprise edition for medium websites.
|Website scale||Small and medium websites that do not have special security requirements for their businesses.||Medium enterprise websites, websites provide services to all Internet users, and websites that have high requirements on data security.||Medium and large enterprise websites with a large business scale or custom security requirements.||Large enterprise websites with a large business scale and business-specific custom security requirements.|
|Peak request rate||2,000 QPS||5,000 QPS||Higher than 10,000 QPS||5,000 QPS|
|Maximum bandwidth (origin servers are deployed on Alibaba Cloud)||50 Mbit/s||100 Mbit/s||200 Mbit/s||100 Mbit/s|
|Maximum bandwidth (origin servers are not deployed on Alibaba Cloud)||10 Mbit/s||30 Mbit/s||50 Mbit/s||30 Mbit/s|
|Default maximum supported domains||1||1||1||1,000|
|Default maximum supported subdomains (supports wildcard domains)||10||10||10||1,000|
Features supported by each edition
- √ indicates that the feature is supported by the edition.
- ○ indicates that the feature is only supported by WAF instance deployed in mainland China regions. It is not supported by WAF instances deployed in regions outside mainland China.
- × indicates that the feature is not supported by the edition.
|Enable HTTPS protection for a website||HTTPS advanced settings||√||√||√||√|
|Protection for standard ports other than 80, 8080, 443, and 8443||Support for non-standard ports||×||√||√||√|
|IPv6 malicious request detection||IPv6 traffic protection||×||○||○||○|
|Protection against common web attacks, such as SQL injection and XSS attacks||Web application protection||√||√||√||√|
|Automatic update of protection rules against web zero-day vulnerabilities||√||√||√||√|
|Custom rule groups||Custom rule groups||×||×||√||√|
|Web zero-day vulnerability detection based on the big data deep learning engine||Big data deep learning engine||○||○||○||○|
|Positive security models based on deep learning of website traffic||Positive security model||×||×||○||○|
|Protection against HTTP floods targeting web services||HTTP flood protection||√||√||√||√|
|Protection against HTTP floods targeting API services||Custom HTTP flood protection||×||√||√||√|
|Access frequency control for URLs||Custom HTTP flood protection||×||√||√||√|
|IP whitelist, IP blacklist, URL whitelist, and URL blacklist||Configure a whitelist or blacklist||√||√||√||√|
|Advanced HTTP request control based on header fields including US and Referer||HTTP ACL policy||√||√||√||√|
|Targeted protection against web attacks, for example, penetration tests||HTTP ACL policy||√||√||√||√|
|Location-based IP blocking (block access requests from regions outside mainland China)||Blocked regions||×||×||√||√|
|Webpage tamper-proofing||Website tamper-proofing||×||○||○||○|
|Malicious registration interception||Data risk control||×||○||√||√|
|Data masking to protect sensitive data such as ID cards, phone numbers, and bank card numbers||Data leakage prevention||×||√||√||√|
|Intelligent retrieval of access log entries||Log search||×||×||√||×|
|Real-time log query and analysis service
Note The real-time log query and analysis service is a value-added service. You must make a purchase to use this service For more information about pricing, see Billing methods.
|Real-time log analysis||√||√||√||√|
Note The data visualization service is a value-added service. You must make a purchase to use this service By default, all WAF Exclusive instances support the data visualization service.