This topic describes the Pro, Business, Enterprise, and Exclusive editions of Web Application Firewall (WAF) and associated features. Each edition is billed on a subscription basis. If you purchase a subscription WAF instance, you can select the Pro, Business, Enterprise, or Exclusive edition. Each WAF edition applies to a different business scale and provides specific protection features. The features that are provided by each edition may vary based on the region where the WAF instance is deployed.
Supported business scales
The following table lists the business scales supported by each edition. We recommend that you select the Business or Enterprise edition for medium-sized enterprise websites.
|Business specification item||Pro edition||Business edition||Enterprise edition||Exclusive edition|
|Website scale||Small- and medium-sized websites that do not have special security requirements||Medium-sized enterprise websites that can be accessed over the Internet and have high data security requirements||Medium- and large-sized enterprise websites that have custom security requirements||Large-sized enterprise websites that have custom configuration requirements for business|
|Peak QPS||2,000||5,000||Higher than 10,000||5,000|
|Maximum bandwidth, in Mbit/s (The origin server is deployed on Alibaba Cloud.)||50||100||200||100|
|Maximum bandwidth, in Mbit/s (The origin server is not deployed on Alibaba Cloud.)||10||30||50||30|
|Default number of first-level domains that can be protected||1||1||1||1,000|
|Default number of domains that can be protected in total (Wildcard domains are supported.)||10||10||10||1,000|
- √ indicates that the feature is supported by the edition.
- ○ indicates that the feature is supported only by WAF instances that are deployed in regions in mainland China.
- × indicates that the feature is not supported by the edition.
|Feature||Documentation||Pro edition||Business edition||Enterprise edition||Exclusive edition|
|HTTPS protection with a few clicks for websites||Enable HTTPS advanced settings||√||√||√||√|
|Protection for ports other than standard ports 80, 8080, 443, and 8443||Supported custom ports||×||√||√||√|
|Protection against common web attacks, such as SQL injection and XSS||Configure the RegEx Protection Engine||√||√||√||√|
|Automatic update of protection rules against web zero-day vulnerabilities||√||√||√||√|
|Intelligent load balancing||Intelligent load balancing||○||√||√||√|
|Configuration of custom rule groups||Customize protection rule groups||×||×||√||√|
|Detection of web zero-day vulnerabilities by using the Big Data Deep Learning Engine||Configure the Big Data Deep Learning Engine||○||○||○||○|
|Positive security models based on deep learning of website traffic||Configure the positive security model||×||×||○||○|
|Protection against HTTP flood attacks that target web services||Configure HTTP flood protection||√||√||√||√|
|Protection against HTTP flood attacks that target API services||Create a custom protection policy||×||√||√||√|
|Custom access frequency control on URLs||Create a custom protection policy||×||√||√||√|
|IP address whitelist, IP address blacklist, URL whitelist, and URL blacklist for access control||Configure the IP blacklist||√||√||√||√|
|Advanced settings of access control on HTTP requests based on header fields including User-Agent and Referer||Create a custom protection policy||√||√||√||√|
|Targeted protection against web attacks, such as penetration tests||Create a custom protection policy||√||√||√||√|
|Location-based IP address blocking (Block access requests from regions outside mainland China with a few clicks.)||Configure the IP blacklist||×||×||√||√|
|Web page tamper-proofing||Configure tamper-proofing||×||○||○||○|
|Blocking of spam registration requests
Note Data risk control is a value-added service in the bot management module. If you want to use data risk control, you must enable it first.
|Configure data risk control||×||○||√||√|
|Scan protection||Configure scan protection||√||√||√||√|
|Intelligent protection against automated attacks and intelligent protection of bot
Note The bot management module is a value-added service. If you want to use this service, you must enable it when you purchase a WAF instance.
|Set a bot threat intelligence rule||√||√||√||√|
|Trusted communications to protect native applications and defense against bot script
Note The application protection module is a value-added service. If you want to use this service, you must enable it when you purchase a WAF instance.
|Configure application protection||√||√||√||√|
|Prevention against the leak of sensitive data, such as ID card numbers, mobile numbers, and bank card numbers||Configure data leakage prevention||×||√||√||√|
|Account security||Configure account security||×||√||√||√|
|API security||API request security||×||√||√||√|
|Log Service for WAF
Note The Log Service for WAF feature is a value-added service. If you want to use this service, you must enable it when you purchase a WAF instance.