Updated on 2024-02-29 GMT+08:00

How Many Rules Can I Add to a WAF Instance?

The number of rules that you can add varies depending on the protection types in the WAF edition you are using. Table 1 lists the specifications included in different editions.

Table 1 WAF editions and applicable service scales

Service Scale

Standard

Professional

Platinum

Cloud Mode (Pay-Per-Use Billing)

Dedicated Mode

Peak rate of normal service requests

  • Service requests: 2,000 QPS
  • WAF-to-Server connections: 6,000 per domain name
  • Service requests: 5,000 QPS
  • WAF-to-Server connections: 6,000 per domain name
  • Service requests: 10,000 QPS
  • WAF-to-Server connections: 6,000 per domain name

N/A

The following lists the specifications of a single instance.

  • Specifications: WI-500. Referenced performance:
    • HTTP services - Recommended QPS: 5,000. Maximum QPS: 10,000.
    • HTTPS services - Recommended QPS: 4,000. Maximum QPS: 8,000.
    • WebSocket service - Maximum concurrent connections: 5,000
    • Maximum WAF-to-server persistent connections: 60,000
  • Specifications: WI-100. Referenced performance:
    • HTTP services - Recommended QPS: 1,000. Maximum QPS: 2,000.
    • HTTPS services - Recommended QPS: 800. Maximum QPS: 1,600
    • WebSocket service - Maximum concurrent connections: 1,000
    • Maximum WAF-to-server persistent connections: 60,000
NOTICE:

Maximum QPS values are for your reference only. They may vary depending on your businesses. The real-world QPS is related to the request size and the type and quantity of protection rules you customize.

Service bandwidth threshold (The origin server is deployed on the cloud.)

100 Mbit/s

200 Mbit/s

300 Mbit/s

N/A

  • Specifications: WI-500. Performance:

    Throughput: 500 Mbit/s

  • Specifications: WI-100. Referenced performance:

    Throughput: 100 Mbit/s

Service bandwidth threshold (The origin server is not deployed on Huawei Cloud.)

30 Mbit/s

50 Mbit/s

100 Mbit/s

N/A

N/A

Number of domains

10 (Supports one top-level domain name.)

50 (Supports five top-level domain names.)

80 (Supports eight top-level domain names.)

30 (Supports three top-level domain names.)

2,000 (Supports 2,000 top-level domain names)

Back-to-source IP address quantity (the number of WAF back-to-source IP addresses that can be allowed by a protected domain name)

20

50

80

20

N/A

Peak rate of CC attack defense

100,000 QPS

200,000QPS

1,000,000 QPS

N/A

  • Specifications: WI-500. Referenced performance:

    Maximum QPS: 20,000

  • Specifications: WI-100. Referenced performance:

    Maximum QPS: 4,000

Number of CC attack defense rules

20

50

100

200

100

Number of precise protection rules

20

50

100

200

100

Number of reference table rules

N/A

50

100

200

100

Number of IP address blacklist or whitelist rules

1,000

2,000

5,000

200

1,000

Number of geolocation access control rules

N/A

50

100

200

100

Number of web tamper protection rules

20

50

100

200

100

Number of information leakage prevention rules

N/A

50

100

200

100

Global protection whitelist rules

1,000

1,000

1,000

2,000

1,000

Number of data masking rules

20

50

100

200

100