Limitations and Constraints

• A domain package allows you to add 10 domain names to WAF, including one top-level domain and nine subdomains or wildcard domains related to the top-level domain.
• The QPS limit and bandwidth limit of a QPS expansion package:
  • For web applications deployed on Huawei Cloud

    Service bandwidth: 50 Mbit/s

    QPS: 1,000 (Each HTTP GET request is a query.)

  • For web applications not deployed on Huawei Cloud

    Service bandwidth: 20 Mbit/s

    QPS: 1,000 (Each HTTP GET request is a query.)

  

  • If you want to use the ELB access mode, make sure you are using standard, professional, or platinum cloud WAF. When you are using cloud WAF, the quotas for the domain name, QPS, and rule extension packages are shared between the ELB access and CNAME access modes.
  • The bandwidth limit applies only to websites accessed in cloud mode. Websites accessed in ELB mode have no bandwidth limit but only QPS limit.
• A rule expansion package allows you to configure up to 10 IP address blacklist and whitelist rules.

• In cloud CNAME access mode, only domain names can be added to WAF. In dedicated mode and cloud ELB access mode, you can add domain names or IP addresses WAF, but these two modes require origin servers to be deployed on Huawei Cloud.
• In cloud mode, only the professional and platinum editions support IPv6 protection, HTTP/2, and load balancing algorithms.
• In cloud mode, if you are using WAF standard edition, only System-generated policy can be selected for Policy.

• You can enter a multi-level single domain name (for example, top-level domain name example.com and level-2 domain name www.example.com) or a wildcard domain name (*.example.com).
  

  The wildcard domain name * can be added to WAF. When the domain name is set to *, only non-standard ports except 80 and 443 can be protected.

  The following are the rules for adding wildcards to domain names:

  • If the server IP address of each subdomain name is the same, enter a wildcard domain name. For example, if the subdomain names a.example.com, b.example.com, and c.example.com have the same server IP address, you can add the wildcard domain name *.example.com to WAF to protect all three.
  • If the server IP addresses of subdomain names are different, add subdomain names as single domain names one by one.
• A protected domain name can only be added to WAF once.

  Each combination of a domain name and a non-standard port is counted towards the domain name quota of the WAF edition you are using. For example, www.example.com:8080 and www.example.com:8081 use two domain names of the quota. If you want to protect web services over multiple ports with the same domain name, add the domain name and each port to WAF.

• If a domain name is added to WAF in cloud CNAME access mode, make sure the domain name has been registered with an ICP license. WAF will check the domain name ICP license. Domain names that are not licensed cannot be added to WAF.

• If you want to use dedicated WAF, a dedicated Elastic Load Balance (ELB) load balancer should be used to distribute workloads for the website. For details about load balancer types, see Differences Between Dedicated and Shared Load Balancers.
  

  Dedicated WAF instances issued before April 2023 cannot be used with dedicated network load balancers. If you use a dedicated network load balancer (TCP/UDP), ensure that your dedicated WAF instance has been upgraded to the latest version (issued after April 2023).

• In cloud ELB access mode, only dedicated load balancers with Specifications set to Application load balancing (HTTP/HTTPS) can be used.

• Only .pem certificates can be used in WAF.
• Currently, certificates purchased in Huawei Cloud SCM can be pushed only to the default enterprise project. For other enterprise projects, SSL certificates pushed by SCM cannot be used.
• Only accounts with the SCM Administrator and SCM FullAccess permissions can select SCM certificates.

After your website is connected to WAF, you can upload a file no larger than 10 GB each time.

• Cloud mode - professional edition: 10
• Cloud mode - platinum or dedicated edition: 20
• Cloud mode - standard edition: 5