Buying Cloud Mode WAF

If you plan to use cloud mode - CNAME access or cloud mode - load balancer access to connect your website to WAF, you need to buy cloud mode WAF.

Cloud mode - CNAME access: applies to the scenario where service servers are deployed on Huawei Cloud, other cloud other than Huawei Cloud, or on-premises and the protected object is a domain name. For more details, see Connecting Your Website to WAF with Cloud Mode - CNAME Access.
Cloud mode - load balancer access: applies to the scenario where service servers are deployed on Huawei Cloud and the protected object is a domain name, public IP address, or private IP address. For more details, see Connecting Your Website to WAF with Cloud Mode - Load Balancer Access.

After buying cloud mode WAF, you still need to submit a service ticket to enable the load balancer access method. For details about supported regions, see Function Overview.

Before You Start

Only one billing mode can be selected for your WAF instance in an account.
You can switch between yearly/monthly and pay-per-use billing modes for your WAF. For details, see Can I Switch Between Yearly/Monthly and Pay-per-Use Payments for WAF?
If your yearly/monthly cloud mode WAF expires or is unsubscribed, you can buy a yearly/monthly or pay-per-use WAF again.
- If you buy a pay-per-use WAF in the same project where your original WAF is deployed, the WAF configuration data will be retained.
- If you buy a yearly/monthly WAF in the same region where your original WAF is deployed, the WAF configuration data will be retained.
You can disable pay-per-use billing mode and then buy a yearly/monthly or pay-per-use WAF.

After the pay-per-use billing mode is disabled, the WAF billing stops, the WAF configuration data is saved, and WAF Mode changes to Suspended. In this situation, WAF forwards your website traffic without inspecting traffic.

Prerequisites

IAM users for logging in to the WAF console must have the WAF Administrator and BSS Administrator permissions.

Constraints

WAF supports protection for all regions. For details about supported regions, see In Which Regions Is WAF Available?
Only one edition can be selected in a larger geographical region using the same account.
- CN North: CN North-Beijing1, CN North-Beijing4, CN North-Beijing2, CN North-Ulanqab1, CN North-Ulanqab201, CN North-Ulanqab202, and CN North-Beijing3
- CN East: CN East-Shanghai1, CN East-Shanghai2, CN East-Qingdao, and CN East 2
- CN South: CN South-Guangzhou and CN South-Shenzhen

With professional or enterprise WAF, you can protect any non-standard ports for your website. To do so, submit a ticket to enable them first.

Buying a Yearly/monthly Cloud WAF Instance

Log in to the WAF console.
Click in the upper left corner and select a region or project.
(Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
In the upper right corner of the page, click Buy WAF.
On the Dashboard page, click Buy WAF.

On the Buy Web Application Firewall page, complete the following configurations.

**Table 1** Parameters for purchasing yearly/monthly cloud mode WAF.
Parameter		Description	Example Value
Basic Settings	WAF Mode	WAF mode you want to buy. If you select Cloud Mode, you can use Cloud Mode - CNAME Access or Cloud Mode - Load balancer access to connect websites to WAF.	Cloud Mode
	Billing Mode	Billing mode of WAF. Yearly/Monthly: a prepaid billing mode. Pay-per-use: a postpaid billing mode. For details about billing modes, see WAF Billing Overview.	Yearly/Monthly billing
	Region	Region where the WAF instance will be deployed. Select a region from the Region drop-down list. Only one WAF edition can be purchased in a region. Generally, a WAF instance purchased in any region can protect web services in all regions. To make a WAF instance forward your website traffic faster, select the region nearest to your services.	CN-Hong Kong
Edition	Edition	Select Basic course. WAF provides many tiered specifications, including Starter, Standard, Professional, and Enterprise editions, ranking from low to high specifications. For details service scale and function differences, see Edition Differences. To use Cloud Mode - Load balancer access, you need to buy the standard, professional, or enterprise edition first. Cloud Mode - Load balancer shares its domain name, QPS, and rule expansion package quotas with Cloud Mode - CNAME, and the service specifications are the same as those of the basic package for cloud mode you buy.	Professional
	Expansion Packages	You can buy domain name, bandwidth, and rule expansion packages to obtain extra quotas based on the basic package. For more details, see Expansion Packages (Optional). The expansion package specifications are as follows: One domain name expansion package supports up to 10 domain names. A QPS expansion package protects up to: Service requests: 1,000 QPS Service bandwidth: 20 Mbit/s (for origin servers not deployed on Huawei Cloud) or 50 Mbit/s (for origin servers deployed on Huawei Cloud.) NOTE: The bandwidth limit applies only to websites connected to WAF using cloud mode CNAME access. There is no bandwidth limit but only QPS limit for websites connected to WAF using load balancer access. A rule expansion package allows you to configure up to 10 IP address blacklist and whitelist rules.	Domain expansion packages: 1 Bandwidth expansion package: 1 Rule expansion packages: 1
	Final Specifications	After you select Basic course, Advanced Functions, and Expansion Packages, WAF calculates the total number of selected quotas in real time.	--
Usage Settings	Required Duration	Select the purchase duration. The duration ranges from one month to three years.	1 year
Usage Settings	Auto-Renewal	Whether to automatically renew the WAF service when it expires. If you enable this, WAF will automatically renew the subscription upon expiration based on the required duration you configure. Hover over View Billing Rules and Renewal Durations and click Learn More. For details, see Auto-Renewal Rules.	Auto-renewal

Confirm the product details and click Buy Now.
On the Confirm Configuration page, confirm the order details, select I have read and agree to the WAF Disclaimer, and click Pay.
On the payment page, select a payment method and complete the payment.

After WAF is enabled, you can go to the WAF console. In the navigation pane on the left, choose Instance Management > Product Details. On the product details page, view the details of purchased instances. For details, see Viewing Product Details.

Buying Pay-per-Use Cloud Mode WAF

To buy pay-per-use WAF instances, submit a service ticket to enable the service.

Log in to the WAF console.
Click in the upper left corner and select a region or project.
(Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
In the upper right corner of the page, click Buy WAF.
On the Buy Web Application Firewall page, select Pay-per-use for Billing Mode and select a region.

Generally, a WAF instance purchased in any region can protect web services in all regions. To make a WAF instance forward your website traffic faster, select the region nearest to your services.

Figure 1 Pay-per-use

In the lower right corner of the page, click Next.
Click Back to Website Settings and add domain names of websites to be protected.

If you want to disable WAF, choose Instance Management > Product Details, and click Disable Pay-Per-Use Billing next to Cloud Mode.
- If you want to check the WAF edition in use and how long it will expire, choose Instance Management > Product Details in the navigation pane on the left and view details. For details, see Viewing Product Details.
- If you no longer need WAF, click Disable Pay-Per-Use Billing next to the Cloud Mode column on the Product Details page.

Follow-up Operations

Connecting a Website to WAF: With cloud mode, you can use CNAME access and ELB load balancer access to connect a website to WAF over website domain names or IP addresses.
Viewing Protection Events: After a domain name or IP address is connected to WAF, by default, WAF enables General Check in Basic Web Protection, with Protective Action set to Log only and Protection Level to medium, and enables Scanner in Anti-Crawler, with Protective Action set to Log only. You can view and handle protection events on the Events page.
Configuring Protection Policies: If default protection rules cannot meet your website security requirements, you can configure custom protection rules.
Querying a Protection Event: View website protection details.

Related Operations

Changing Editions and Specifications: If you are using cloud mode WAF, you can upgrade the WAF edition in use or increase the quotas of expansion packages to protect more domain names or traffic.
How Do I Unsubscribe from WAF?: You can unsubscribe from yearly/monthly WAF.
How Do I Renew WAF?: You can renew yearly/monthly WAF.

Parent Topic: Buying Cloud Mode WAF

Previous topic: Buying Cloud Mode WAF

Next topic: (Optional) Buying Expansion Packages