All Products
Document Center

Dynamic Content Delivery Network:Overview of WAF (new version)

Last Updated:Sep 28, 2023

Dynamic Content Delivery Network (DCDN) is integrated with Web Application Firewall (WAF) to provide security services on points of presence (POPs). WAF identifies and filters out malicious requests and then forwards only legitimate requests to origin servers. WAF can protect web servers against intrusions, secure important business data, and prevent server anomalies that are caused by attacks.


The new version of WAF is resulted from the deep integration of the cloud-native architecture of the core WAF engine and POPs. The integration provides new protection capabilities to WAF and an overhauled console. Protection settings are more streamlined and accessible in the console, which provides a more user-friendly experience.

Compared with the old version of WAF Enterprise Edition, the new version provides the following benefits:

  • New cloud-native architecture

    The WAF engine is integrated into POPs. All traffic that flows through DCDN can be protected by WAF. Protection settings, such as the web regular expression engine and custom protection rules, are implemented on all DCDN POPs to form a wide protection network around the world.

  • New protection configurations

    WAF allows you to configure protection policies that meet your business requirements. WAF also streamlines your workflow by allowing you to batch configure and apply protection policies and protection rules for protected domain names.

    • Protected domain name: the domain name that is added to the new version of WAF.

    • Protection policy: a collection of protection rules. You can configure a default policy to uniformly apply a set of predefined rules to domain names that you added to WAF. You can also create custom protection policies based on your business requirements.

    • Protection rule: a rule that is defined in a protection policy, such as the medium rule group (protection rule) in web regular expression protection or the custom rule for access control.

  • New pay-as-you-go billing method

    The new version of WAF generates bills every hour based on security capacity units (SeCUs), which provides a simple and straightforward mechanism to quantify resource usage and simplifies the billing process.

Features of the new version of WAF

The following table describes the website protection configurations that are supported by the new version of WAF.



Supported by the new version of WAF

Domain name management

Configuration management



Whitelist for precise access control


Web security

Regular expression protection

Zero-day attack protection


Block and warning modes

Decoding and analysis of request data in specific formats


Custom rule groups for regular expression protection


Access control and throttling

IP blacklist


Region blacklist


Custom protection policy


Scan protection


Monitoring reports

Overview and reports


Log service

Real-time logs


Bot management

Allowed crawlers


Bot threat intelligence


Crawler whitelist


Application protection



Verification code and custom response



The new version of WAF uses SeCUs as billing units and supports the pay-as-you-go billing method and resource plans. For more information, see Billing of WAF (new version).


To purchase a WAF plan (new version), go to the buy page.

Is my active WAF subscription affected by the release of the new version of WAF?

No. An Alibaba Cloud account can use only one WAF instance. If you enable the new version of WAF, the old version of WAF Business Edition is hidden and becomes unavailable. If you have enabled the old version of WAF Business Edition, the new version of WAF is hidden. You can continue to use the old version of WAF Business Edition. Alibaba Cloud provides migration plans for users who want to migrate data from the old version of WAF Business Edition to the new version of WAF.