This topic describes the features available in different versions of Web Application Firewall (WAF) 3.0.
Scenarios for each version
WAF 3.0 is available in five versions. Each version is designed for different business scenarios and varies by billing method and service capabilities:
Subscription Basic: Ideal for small or personal websites with minimal security requirements.
Subscription Pro: Designed for small- and medium-sized websites with standard security needs.
Subscription Enterprise: Recommended for medium-sized enterprise websites or public-facing services with high security standards.
Subscription Ultimate: Suitable for medium to large enterprise websites with large-scale business operations or custom security requirements. Contact your account manager to customize specifications.
Pay-as-you-go: This version uses a postpaid billing method and is ideal for scenarios where business traffic fluctuates.
Version comparison
Performance metrics: The primary performance metric for WAF 3.0 is queries per second (QPS) for HTTP/HTTPS requests. WAF 3.0 no longer relies on bandwidth limits. Focus on your business's request rate, not bandwidth constraints. If the maximum available QPS does not meet your business needs, contact your account manager.
Domain name rules: When you add a domain name, each primary domain name, subdomain, or wildcard domain name counts as a separate domain name.
Billing details: For more information about billing, see Subscription billing details and Pay-as-you-go billing details.
Core features
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
QPS limit per version | 10 QPS | 2,000 QPS | 5,000 QPS | 10,000 QPS | The Chinese mainland: 30,000 QPS Outside the Chinese mainland: 3,000 QPS |
Additional purchasable QPS | The Chinese mainland: 30,000 QPS Outside the Chinese mainland: 5,000 QPS | The Chinese mainland: 30,000 QPS Outside the Chinese mainland: 5,000 QPS | The Chinese mainland: 30,000 QPS Outside the Chinese mainland: 1,000 QPS | ||
The Chinese mainland: 60,000 QPS Outside the Chinese mainland: 1,000 QPS | The Chinese mainland: 60,000 QPS Outside the Chinese mainland: 1,000 QPS | The Chinese mainland: 60,000 QPS Outside the Chinese mainland: 1,000 QPS | |||
Number of domain names you can add | 3 | 5 | 10 | 50 | 1,000 |
Number of additional purchasable domain names | 10 | 500 | 2,000 | 5,000 | |
1 | 1 | ||||
Domain name quota bonus for additional hybrid cloud nodes | Add 1 node to get 100 free domain names, or add 2 or more nodes to get 200 free domain names. | Add 1 node to get 100 free domain names, or add 2 or more nodes to get 200 free domain names. | |||
Number of protected objects (cloud service instances and domain names) | 300 | 600 | 2,500 | 10,000 | 10,000 |
Number of protected object groups | 10 | 10 | 10 | 10 | 100 |
Number of protected objects per protected object group | 50 | 50 | 50 | 50 | 100 |
Number of member accounts for multi-account management | 5 | 20, customizable |
Resource access features
When adding ECS, Server Load Balancer (SLB), and Network Load Balancer (NLB) instances in cloud native mode, the number of traffic redirection ports cannot exceed the limit for protected objects.
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
The Chinese mainland: Outside the Chinese mainland: | The Chinese mainland: Outside the Chinese mainland: | The Chinese mainland: Outside the Chinese mainland: | |||
Paid support | Paid support | Paid support | |||
Paid support | Paid support | Paid support |
Basic security protection features
Version notes: Web core protection rules in the new version no longer support rule groups. For more information, see [Notice] WAF 3.0 basic protection rule feature upgrade.
Custom rule limit: A custom blocking rule can contain a maximum of 20,000 IP addresses. If this limit is exceeded, the rule may not take effect.
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
Number of custom rule groups for web core protection rules | 10 | 30 | 30 | ||
Number of custom protection templates for web core protection rules | 3 | 10 | 20 | 50 | 20 |
Number of whitelist templates | 20 | 20 | 20 | 50 | 50 |
Number of rules per whitelist template | 100 | 100 | 100 | 100 | 100 |
Number of IP blacklist templates | 5 | 10 | 20 | 20 | |
Number of IPs and rules per IP blacklist template | 400 IPs and 2 protection rules | 600 IPs and 3 protection rules | 1,000 IPs and 5 protection rules | 1,000 IPs and 5 protection rules | |
Number of custom rule templates | 10 | 20 | 50 | 50 | |
Number of rules per custom rule template | 100 | 200 | 200 | 200 | |
Match fields for custom rules | IP or URL | IP, URL, full header, regular expression, and body | IP, URL, full header, regular expression, and body | IP, URL, full header, regular expression, and body | |
Number of IPs matched per custom rule | 100 | 100 | 100 | 100 | |
Rule actions for custom rules | JavaScript validation | JavaScript validation, slider | JavaScript validation, slider | JavaScript validation, slider | |
Frequency Control rules for custom rules | |||||
Number of web tamper-proofing templates | 10 | 20 | 50 | 50 | |
Number of rules per web tamper proofing template | 50 | 50 | 50 | 50 | |
Number of data leakage prevention templates | 10 | 20 | 20 | 20 | |
Number of rules per data leakage prevention template | 50 | 50 | 50 | 50 | |
Location Blacklist template count | 10 | 20 | 20 | ||
Number of HTTP flood protection templates | 5 | 10 | 20 | 20 | |
Number of scan protection templates | 5 | 10 | 20 | 20 | |
Number of custom response templates | 20 | 50 | 50 | ||
Maximum number of protected objects and object groups per protection template | 10 | 100 | 200 | 500 | 100 |
Advanced security protection features
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
Paid support, up to 20 templates | Paid support, up to 50 templates | Paid support, up to 100 templates | |||
Paid support. Enable this feature by temporarily upgrading your instance. | Paid support. Enable this feature by temporarily upgrading your instance. | Supported. No additional fees. | Paid support. Enable this feature by temporarily upgrading your instance. | ||
Paid support | Paid support | Paid support | |||
Paid support, up to 5 templates | Paid support, up to 5 templates | Paid support, up to 5 templates | Paid support, up to 5 templates |
O&M and monitoring features
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
Paid support | Paid support | Paid support | |||