Updated on 2024-03-14 GMT+08:00

Edition Differences

WAF provides cloud and dedicated modes for you to deploy WAF instances. For more details, see Cloud and Dedicated WAF Modes.

Cloud and Dedicated WAF Modes

You can select the cloud WAF and/or dedicated WAF instances to meet your business needs. For their differences, see Table 1. Figure 1 shows deployment architectures.

Figure 1 Cloud and dedicated WAF deployment architectures
Table 1 Description of how to use different modes of WAF instances

Item

Cloud Mode

Dedicated mode

Billing mode

Pay-per-use

Pay-per-use

Application scenarios

Service servers are deployed on a cloud or in on-premises data centers.

Service servers are deployed on a cloud.

Dedicated WAF instances are suitable large enterprise websites that have a large service scale and have customized security requirements.

Protection objects

Domain names

  • Domain names
  • IP addresses

Advantages

  • Protection capability scaling by upgrading specifications
  • Protection for cloud and on-premises web services
  • Flexible deployment
  • Exclusive use of WAF instances
  • Protection against large-scale traffic attacks
  • Low network latency with dedicated WAF instances being deployed in a VPC

Specifications Supported by Each Edition

Table 2 lists the specifications of cloud WAF and a dedicated WAF instance.
Table 2 Applicable service scale

Service Scale

Cloud Mode

Dedicated Mode

Peak rate of normal service requests

-

The following lists the specifications of a single instance.

  • Specifications: WI-500. Referenced performance:
    • HTTP services - Recommended QPS: 5,000. Maximum QPS: 10,000.
    • HTTPS services - Recommended QPS: 4,000. Maximum QPS: 8,000.
    • WebSocket service - Maximum concurrent connections: 5,000
    • Maximum WAF-to-server persistent connections: 60,000
  • Specifications: WI-100. Referenced performance:
    • HTTP services - Recommended QPS: 1,000. Maximum QPS: 2,000.
    • HTTPS services - Recommended QPS: 800. Maximum QPS: 1,600
    • WebSocket service - Maximum concurrent connections: 1,000
    • Maximum WAF-to-server persistent connections: 60,000
NOTICE:

Maximum QPS values are for reference only. They may vary depending on your businesses. The real-world QPS is related to the request size and the type and quantity of protection rules you customize.

Service bandwidth threshold (Origin servers are deployed on the cloud.)

-

  • Specifications: WI-500. Referenced performance:

    Throughput: 500 Mbit/s

  • Specifications: WI-100. Referenced performance:

    Throughput: 100 Mbit/s

Number of domain names

30 (Supports three top-level domain names.)

2,000 (Supports 2,000 top-level domain names)

Back-to-source IP address quantity (the number of WAF IP addresses that can be allowed by a protected domain name)

20

N/A

Quantity of supported ports

N/A

  • Standard ports: 80 and 443
  • Non-standard ports: Unlimited

Peak rate of CC attack protection

N/A

  • Specifications: WI-500. Referenced performance:

    Maximum QPS: 20,000

  • Specifications: WI-100. Referenced performance:

    Maximum QPS: 4,000

CC attack protection rules

200

100

Precise protection rules

1,000

100

Reference table rules

1,000

100

IP address blacklist and whitelist rules

2,000

100

Geolocation access control rules

200

100

Web tamper protection rules

200

100

Information leakage prevention rules

200

100

Global protection whitelist rules

2,000

1,000

Data masking rules

200

100