How Many Rules Can I Add to a WAF Instance?

The number of rules that you can add varies depending on the protection types in the WAF edition you are using. Table 1 lists the specifications included in different editions.

**Table 1** WAF editions and applicable service scales
Service Scale	Standard	Professional	Platinum	Cloud Mode (Pay-Per-Use Billing)	Dedicated Mode
Peak rate of normal service requests	Service requests: 2,000 QPS WAF-to-Server connections: 6,000 per domain name	Service requests: 5,000 QPS WAF-to-Server connections: 6,000 per domain name	Service requests: 10,000 QPS WAF-to-Server connections: 6,000 per domain name	N/A	The following lists the specifications of a single instance. Specifications: WI-500. Referenced performance: HTTP services - Recommended QPS: 5,000. Maximum QPS: 10,000. HTTPS services - Recommended QPS: 4,000. Maximum QPS: 8,000. WebSocket service - Maximum concurrent connections: 5,000 Maximum WAF-to-server persistent connections: 60,000 Specifications: WI-100. Referenced performance: HTTP services - Recommended QPS: 1,000. Maximum QPS: 2,000. HTTPS services - Recommended QPS: 800. Maximum QPS: 1,600 WebSocket service - Maximum concurrent connections: 1,000 Maximum WAF-to-server persistent connections: 60,000 NOTICE: Maximum QPS values are for your reference only. They may vary depending on your businesses. The real-world QPS is related to the request size and the type and quantity of protection rules you customize.
Service bandwidth threshold (The origin server is deployed on the cloud.)	100 Mbit/s	200 Mbit/s	300 Mbit/s	N/A	Specifications: WI-500. Performance: Throughput: 500 Mbit/s Specifications: WI-100. Referenced performance: Throughput: 100 Mbit/s
Service bandwidth threshold (The origin server is not deployed on Huawei Cloud.)	30 Mbit/s	50 Mbit/s	100 Mbit/s	N/A	N/A
Number of domains	10 (Supports one top-level domain name.)	50 (Supports five top-level domain names.)	80 (Supports eight top-level domain names.)	30 (Supports three top-level domain names.)	2,000 (Supports 2,000 top-level domain names)
Back-to-source IP address quantity (the number of WAF back-to-source IP addresses that can be allowed by a protected domain name)	20	50	80	20	N/A
Peak rate of CC attack defense	100,000 QPS	200,000QPS	1,000,000 QPS	N/A	Specifications: WI-500. Referenced performance: Maximum QPS: 20,000 Specifications: WI-100. Referenced performance: Maximum QPS: 4,000
Number of CC attack defense rules	20	50	100	200	100
Number of precise protection rules	20	50	100	200	100
Number of reference table rules	N/A	50	100	200	100
Number of IP address blacklist or whitelist rules	1,000	2,000	5,000	200	1,000
Number of geolocation access control rules	N/A	50	100	200	100
Number of web tamper protection rules	20	50	100	200	100
Number of information leakage prevention rules	N/A	50	100	200	100
Global protection whitelist rules	1,000	1,000	1,000	2,000	1,000
Number of data masking rules	20	50	100	200	100

Parent topic: WAF Instance Specifications Change

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel