WAF Mode Overview
Huawei Cloud WAF supports two WAF modes: cloud mode and dedicated mode. The billing mode varies depending on the mode. You can select a WAF mode that fits your service requirements.

If you have enabled enterprise projects, you can select your enterprise project from the Enterprise Project drop-down list and add websites to be protected in the project.
Dedicated WAF instances are not available in some regions. For details, see Notice on Web Application Firewall (Dedicated Mode) Discontinued.
Cloud mode is a cloud-based WAF deployment method. In this mode, Huawei Cloud WAF cluster resources are shared with all users. With this mode, you do not need to deploy any hardware or maintain the software. It is ready for use out of the box, highly available, and auto-scalable. You can select yearly/monthly or pay-per-using billing.
- Supported service scale and functions: For details, see Edition Differences.
- Access modes
- Cloud mode - CNAME access
- DNS resolves the protected domain name to the CNAME address of the WAF cluster. WAF detects and filters out malicious attack traffic and returns normal traffic to the origin server through back-to-source IP addresses.
- With this mode, you can protect web services deployed on our cloud, other clouds, and on-premises servers. The protected objects are domain names.
- Cloud mode - Load balancer access
To use cloud mode - load balancer access, you need to purchase the standard, professional, or enterprise edition billed on a yearly/monthly basis first. Then you can submit a service ticket to request for the use of this mode. For details about regions supported by Cloud Mode - Load Balancer Access, see Function Overview.
- In this mode, WAF is integrated into the Elastic Load Balance (ELB) gateway through SDKs. After detecting and filtering malicious attack traffic, WAF synchronizes the detection result to ELB. ELB then determines whether to forward client requests to the origin server based on the detection result it received.
- With this mode, you can protect web services deployed on Huawei Cloud. The protected objects are domain names, public IP addresses, and private IP addresses.
- Cloud mode - CNAME access
- Billing modes
In cloud mode, you can pay yearly/monthly (prepaid) or pay-per-use (postpaid). To accommodate your workloads of different scales, the yearly/monthly billing mode is supported by the standard, professional, and enterprise editions. For details service scale and function differences, see Edition Differences.
- If you buy the standard or professional edition and use the cloud mode CNAME access, LLM content security of the corresponding edition is also available for you.
- If you buy the standard, professional, or enterprise edition, you can buy expansion packages of the corresponding edition. We provide domain name, bandwidth, and rule expansion packages for you.
Figure 1 WAF cloud mode - How to buy: For details, see Buying Cloud Mode WAF.
Dedicated mode provides you with completely isolated and independently deployed protection nodes. Unlike cloud mode, with which multiple users share the same WAF cluster, dedicated engines are isolated and customizable. This prevents resource competition or "neighbor effect" (for example, impact caused by attacks at other users) in a shared environment.
- Supported service scale and functions: To implement dedicated deployment, you need to buy dedicated WAF engines. WAF provides two instance specifications: WI-500 and WI-100. For details about their performance, see Edition Differences.
- Access modes
Dedicated mode access is supported.
- After a website is connected to WAF, the website traffic is sent to WAF through an ELB load balancer. WAF blocks abnormal requests and forwards normal requests to the origin server over the back-to-source IP address of the dedicated WAF engine.
- With this mode, you can protect web services deployed on Huawei Cloud. The protected objects are domain names, public IP addresses, and private IP addresses.
- Billing modes
The cloud mode supports pay-per-use (postpaid) billing. For details, see Figure 2.
You are advised to buy at least two WAF instances and use both of them to protect your services. With multiple WAF instances being used for your services, if one of them becomes faulty, WAF automatically switches the traffic to other running WAF instances to ensure continuous protection.
- How to buy: For details, see Buying Dedicated Mode WAF.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot