This topic describes the feature differences among the versions of Web Application Firewall (WAF) 3.0.
Scenarios for each version
WAF 3.0 offers five versions. They are categorized by billing method and service capabilities to suit different business scenarios:
Subscription Basic: Suitable for small or personal websites with no special security requirements.
Subscription Pro: Suitable for small and medium-sized websites with no special security requirements.
Subscription Enterprise: Suitable for medium-sized enterprise websites or public-facing services that have high security standards.
Subscription Ultimate: Suitable for medium and large enterprise websites with large-scale business operations or custom security needs. Contact your account manager to customize specifications.
Pay-as-you-go: This version uses a post-paid model and is suitable for scenarios where business usage fluctuates.
Version comparison
Performance metrics: WAF 3.0 uses HTTP/HTTPS requests per second (QPS) as the core metric for traffic specifications, instead of bandwidth. You only need to monitor the frequency of your business requests, not bandwidth limits. If the highest available peak QPS does not meet your business needs, contact your account manager.
Domain name rules: When you add a domain name, WAF counts each root domain name, subdomain, and wildcard domain name as a single, independent domain name.
Billing: This topic compares the features of different WAF versions. For specific billing information, see Subscription billing and Pay-as-you-go billing.
Core features
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
QPS limit per version | 10 QPS | 2,000 QPS | 5,000 QPS | 10,000 QPS | The Chinese mainland: 30,000 QPS Outside the Chinese mainland: 3,000 QPS |
Purchasable QPS extension | The Chinese mainland: 30,000 QPS Outside the Chinese mainland: 5,000 QPS | The Chinese mainland: 30,000 QPS Outside the Chinese mainland: 5,000 QPS | The Chinese mainland: 30,000 QPS Outside the Chinese mainland: 1,000 QPS | ||
The Chinese mainland: 60,000 QPS Outside the Chinese mainland: 1,000 QPS | The Chinese mainland: 60,000 QPS Outside the Chinese mainland: 1,000 QPS | The Chinese mainland: 60,000 QPS Outside the Chinese mainland: 1,000 QPS | |||
Number of domain names | 3 | 5 | 10 | 50 | 1,000 |
Number of purchasable additional domain names | 10 | 500 | 2,000 | 5,000 | |
1 | 1 | ||||
Complimentary domain names for hybrid cloud extension nodes | Add 1 node to get 100 complimentary domain names. Add 2 or more nodes to get 200 complimentary domain names. | Add 1 node to get 100 complimentary domain names. Add 2 or more nodes to get 200 complimentary domain names. | |||
Number of protected objects (cloud product instances and domain names that can be added) | 300 | 600 | 2,500 | 10,000 | 10,000 |
10 | 10 | 10 | 10 | 100 | |
Number of protected objects per protected object group | 50 | 50 | 50 | 50 | 100 |
Number of manageable member accounts for the multi-account management feature | 5 | 20, customizable |
Resource access features
When you use the cloud native mode to add ECS, Server Load Balancer (SLB), or Network Load Balancer (NLB) instances, the number of traffic redirection ports cannot exceed the limit for protected objects.
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
Paid Support | |||||
The Chinese mainland: Outside the Chinese mainland: | The Chinese mainland: Outside the Chinese mainland: | The Chinese mainland: Supported as a paid feature Outside the Chinese mainland: | |||
Paid Support | Paid support | Paid Support | Paid Support | ||
Paid Support | Paid Support | Paid Support | Paid Support | ||
Adjust file upload size limit (default: 2 GB) |
Basic security protection features
Version information: The updated web core protection rules no longer support rule groups. For more information, see [Announcement] WAF 3.0 basic protection rule feature upgrade.
Custom rule limits: Custom rules can block a maximum of 20,000 IP addresses. If you exceed this limit, the rules may fail to take effect.
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
Number of configurable custom rule groups for web core protection rules | 10 | 30 | 30 | ||
Number of configurable custom protection templates for web core protection rules | 3 | 10 | 20 | 50 | 20 |
Number of whitelist templates | 20 | 20 | 20 | 50 | 50 |
Number of rules per whitelist template | 100 | 100 items | 100 items | 100 items | 100 items |
Number of IP blacklist templates | 5 | 10 | 20 | 20 | |
Number of IP addresses and rules per IP blacklist template | 400 IP addresses, 2 protection rules | 600 IP addresses, 3 protection rules | 1,000 IP addresses, 5 protection rules | 1,000 IP addresses, 5 protection rules | |
Number of custom rule templates | 10 | 20 | 50 | 50 | |
Number of rules per custom rule template | 100 entries | 200 items | 200 | 200 items | |
Match fields for custom rules | IP address or URL match | IP address, URL, all headers, regex, and body match | IP address, URL, all headers, regex, and body match | IP address, URL, all headers, regex, and body match | |
Number of IP addresses per custom rule | 100 | 100 | 100 | 100 | |
Actions for custom rules | JavaScript verification | JavaScript verification, slider CAPTCHA | JavaScript verification, slider CAPTCHA | JavaScript verification, slider CAPTCHA | |
Rate limiting rules in custom rules | |||||
Number of web tamper-proofing templates | 10 | 20 | 50 | 50 | |
Number of rules per web tamper-proofing template | 50 items | 50 items | 50 items | 50 items | |
Number of data leak prevention templates | 10 | 20 | 20 | 20 | |
Number of rules per data leak prevention template | 50 items | 50 items | 50 | 50 items | |
Number of Location Blacklist templates | 10 | 20 | 20 | ||
Number of HTTP flood protection templates | 5 | 10 | 20 | 20 | |
Number of scan protection templates | 5 | 10 | 20 | 20 | |
Number of custom response templates | 20 | 50 | 50 | ||
Maximum number of protected objects and protected object groups per protection template | 10 | 100 | 200 | 500 | 100 |
Advanced security protection features
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
Supported as a paid feature, with a maximum of 20 templates | Supported as a paid feature, with a maximum of 50 templates | Supported as a paid feature, with a maximum of 100 templates | Paid Support | ||
Supported as a paid feature. You can enable it by temporarily upgrading your instance. | Supported as a paid feature. You can enable it by temporarily upgrading your instance. | Supported. No extra fee is required. | Paid Support | ||
Paid Support | Paid support | Paid Support | Supported as a paid feature | ||
Paid Support | Paid Support | Paid Support | Paid Support | ||
Threat intelligence | Paid support | ||||
Number of IP addresses in an IP address book | 3,000 | 10,000 | 50,000, customizable | 3,000 |
O&M and monitoring features
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
Paid Support | Paid Support | Paid support | |||