Traffic billing protection automatically caps your pay-as-you-go WAF 3.0 costs. When your traffic exceeds a threshold you define, WAF places the instance into a sandbox and waives fees for that hour.
This feature applies only to pay-as-you-go WAF 3.0 instances. It is enabled by default, cannot be disabled, and does not incur any fees.
How it works
When peak queries per second (QPS) exceeds the Traffic Billing Protection Threshold, WAF 3.0 places the instance into a sandbox -- a restricted operating state that prevents runaway costs during traffic spikes. All fees for the sandboxed hour are waived.
| Condition | Result |
|---|---|
| Peak QPS at or below the threshold | Normal operation. Standard fees apply. |
| Peak QPS exceeds the threshold | Instance enters sandbox. Fees for that hour are waived. |
| Next hour: QPS drops below the threshold | Instance exits sandbox. Normal billing resumes. |
| Next hour: QPS remains above the threshold | Instance stays in sandbox. Fees continue to be waived. |
While sandboxed, the WAF 3.0 Service Level Agreement (SLA) is no longer guaranteed. Service access exceptions may occur, including packet loss, rate limiting, limited connections, failed protection, log data exceptions, report data exceptions, access timeout, DDoS-triggered traffic scrubbing, and blackhole filtering. To avoid service disruptions, adjust the Traffic Billing Protection Threshold promptly. For details, see Sandbox feature.
Thresholds and limits
Default maximum thresholds
| Region | Default maximum threshold |
|---|---|
| Chinese Mainland | 30,000 QPS |
| Outside Chinese Mainland | 3,000 QPS |
The threshold is set to the maximum value by default. To request a higher threshold, contact your account manager or solution architect.
Modification limits
Changes allowed: up to twice per calendar month
Effective time: the subsequent hour after the change
Configure the threshold
New instances
On the WAF 3.0 (Pay-as-you-go) buy page, set the Traffic Billing Protection Threshold parameter and complete the purchase. For more information, see Purchase a pay-as-you-go WAF 3.0 instance.
Existing instances
-
Log on to the Web Application Firewall 3.0 console. From the top menu bar, select the resource group and region (Chinese Mainland or Outside Chinese Mainland) for the WAF instance.
In the left-side navigation pane, click Overview.
In the Protected Assets section, click Modify Traffic Protection Threshold.
Change the Traffic Billing Protection Threshold value and complete the payment.
Monitor traffic and costs
View traffic protection details
On the Overview page, click the Traffic tab to review your traffic trends.
In the Protected Assets section, click View Traffic Protection Details to view the current threshold and protection history for the previous 30 days.
For more information about the Overview page, see Overview.
View hourly fees and savings
On the Bills page, find the target date and click View Details.
In the Hourly Bill section, view the savings from traffic billing protection. While the instance is sandboxed, no fees are charged.
In the Details of Hourly Bill section, view itemized hourly fees -- including traffic processing fees and feature fees -- along with savings from traffic billing protection.
For more information, see View bills.
Set up CloudMonitor alerts
WAF 3.0 integrates with CloudMonitor to send email or text message notifications when peak QPS exceeds the threshold. Configure alerts to stay informed when peak QPS exceeds the threshold.
For instructions, see Configure CloudMonitor notifications.