Billing of WAF (new edition) - Dynamic Content Delivery Network

The new version of Dynamic Content Delivery Network Web Application Firewall (DCDN WAF) uses security capacity units (SeCUs) as billing units to simplify billing logic and bill management. The number of requests that are processed by DCDN WAF and the WAF protection configurations are converted into a number of SeCUs. You are charged for the usage of SeCUs on an hourly basis.

Note

For more information about the features of the new version of WAF, see Overview of WAF (new version).

Pricing: The price of each SeCU is USD 0.008.

The following table describes the conversion rules.

Billable item	Conversion rule	Billing method	Billing cycle
Number of requests Note Number of requests: the number of requests that are processed by DCDN WAF when clients access DCDN points of presence (POPs) to request resources that belong to a protected domain name.	Number of SeCUs = Number of requests that are processed by DCDN WAF within 1 hour/5000. The calculated number of SeCUs is rounded up to the nearest integer. For example, if the number of requests that are processed within 1 hour is 13,425, the request processing fee is calculated based on 3 SeCUs. Note If the number of requests that are processed within 1 hour is 0, the request processing fee is 0.	Pay-as-you-go or subscription (resource plans)	You are charged for requests on an hourly basis and for rules on a daily basis. A bill may be generated 3 to 4 hours after a billing cycle ends.
Basic web protection	Free of charge.
Number of custom protection rules (including enabled and disabled rules)	1 basic rule = 1 SeCU 1 advanced rule = 2 SeCUs Note Custom protection rules that meet one of the following conditions are advanced rules. For information about custom protection policies, see Configure custom protection policies. The rule for which rate limiting is enabled. For more information, see Configure custom protection policies. The rule that uses the following match fields: Post-Body, Post-Arg, AppSdk, Client-ID, Client-Type, and Client-Faked. For more information, see Match Conditions. The rule that uses the following logical operators: Regex Match, Regular Expression Mismatch, Does Not Contain Any Value, and Contains One of Multiple Values. For more information, see Match Conditions. You are charged for configured rules even if the rules are not enabled or are not associated with domain names.
Configure a whitelist	Free of charge.
Number of IP blacklist rules	1 IP blacklist rule = 2 SeCUs
Number of region blacklist rules	1 region blacklist rule = 2 SeCUs
Number of scan protection rules	1 scan protection rule = 2 SeCUs
Number of bot management rules	1 bot management rule = 50 SeCUs

Important

If you want to stop billing for a rule, you need to delete the rule.
From 00:00 on March 28, 2023, requests that are blocked by WAF are no longer included in the bills for HTTPS requests for static content, HTTP or HTTPS requests for dynamic content, WAF SeCUs, and downstream traffic. This improves the cost-effectiveness of WAF. This policy applies only to requests that are blocked by WAF. We recommend that you do not turn on IP Blacklist or Whitelist in Access Control after you enable WAF. Otherwise, you are charged for requests that are blocked by the IP blacklist or whitelist feature. For more information, see Configure an IP blacklist or whitelist.