The traffic billing protection feature is supported only for pay-as-you-go Web Application Firewall (WAF) 3.0 instances. When the feature is enabled, if traffic spikes occur, the instance is added to a sandbox to prevent costs from exceeding your budget. This topic describes the traffic billing protection feature and how to specify a threshold value for traffic billing protection.
Introduction
If the peak queries per second (QPS) of a pay-as-you-go WAF instance exceeds the specified threshold value for traffic billing protection, the WAF instance is added to a sandbox. WAF does not charge you fees that are generated in the hour when the WAF instance is added to a sandbox. You can view the fees that would have been added to your bill, including traffic processing fees and feature fees in the traffic billing protection feature.
If a WAF instance is added to a sandbox, the Service Level Agreement (SLA) is no longer guaranteed and service access exceptions may occur. The service access exceptions include but are not limited to packet loss, rate limiting, limited connections, failed protection, log data exceptions, report data exceptions, access timeout, traffic scrubbing that is triggered by DDoS attacks, and blackhole filtering. To prevent service access exceptions, we recommend that you change the threshold value for traffic billing protection at the earliest opportunity. For more information, see The sandbox feature.
By default, traffic billing protection is enabled and cannot be disabled. When you purchase a pay-as-you-go WAF instance, you must specify a threshold value for traffic billing protection based on your business requirements.
The following section describes the maximum threshold values that are supported by a pay-as-you-go WAF instance for traffic billing protection. By default, the threshold value for traffic billing protection of a pay-as-you-go WAF instance is set to the maximum value.
Chinese mainland: 100,000 QPS.
Outside the Chinese mainland: 10,000 QPS.
If you want to specify a higher threshold value, contact your sales manager or solution architect.
The traffic billing protection feature does not incur fees.
After you specify a threshold value for traffic billing protection, the following scenarios occur:
If the peak QPS of a pay-as-you-go WAF instance is lower than or equal to the threshold value, the WAF instance is not added to a sandbox.
If the peak QPS of a pay-as-you-go WAF instance exceeds the specified threshold value for traffic billing protection, the WAF instance is added to a sandbox. WAF does not charge you fees that are generated in the hour when the WAF instance is added to a sandbox. You can view the savings that you obtained by using the traffic billing protection feature.
If the peak QPS of the WAF instance is lower than the specified threshold value for traffic billing protection in the subsequent hour, the WAF instance is removed from the sandbox.
If the peak QPS of a pay-as-you-go WAF instance is higher than the specified threshold value for traffic billing protection in the subsequent hour, the WAF instance is in the sandbox. WAF does not charge you fees that are generated in the hour when the WAF instance is in the sandbox.
You can change the threshold value for traffic billing protection based on your business requirements.
Specify a threshold value for traffic billing protection
New WAF instances
On the WAF 3.0 (Pay-as-you-go) buy page, configure the Traffic Billing Protection Threshold parameter and complete the payment.
NoteYou can change the threshold value for traffic billing protection twice every calendar month. The change takes effect the subsequent hour.
Existing WAF instances
Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region in which the WAF instance is deployed. You can select Chinese Mainland or Outside Chinese Mainland for the region.
In the left-side navigation pane, click Overview.
In the Protected Assets section, click Modify Traffic Protection Threshold.
In the Modify Traffic Protection Threshold panel, change the value of the Traffic Billing Protection Threshold parameter and complete the payment.
NoteYou can view your service traffic on the Traffic tab of the Overview page and change the threshold value for traffic billing protection based on your business requirements.
After you change the threshold value for traffic billing protection, you can click View Traffic Protection Details in the Protected Assets section of the Overview page to view the threshold value for traffic billing protection and protection details in the previous 30 days.
Related operations
View hourly fees
On the Bills page, find the date for which you want to view the bill and click View Details in the Actions column.
In the Hourly Bill and Details of Hourly Bill sections, you can view the hourly fees.
Hourly Bill: View the savings that you obtained by using the traffic billing protection feature. When the WAF instance is in a sandbox, you are not charged fees for the instance.
Details of Hourly Bill: View the hourly fees and the savings that you obtained by using the traffic billing protection feature. The fees include traffic processing fees and feature fees.
Use the alert monitoring feature of CloudMonitor
If the peak QPS of your WAF instance exceeds the specified threshold value for traffic billing protection, CloudMonitor sends notifications to alert contacts by email or text message. We recommend that you check the notifications and manage the alerts at the earliest opportunity. For more information, see Configure CloudMonitor notifications.