All Products
Search

This Product

    Web Application Firewall:Announcement on changes to the billing and implementation of pay-as-you-go WAF instances

    Document Center

    Web Application Firewall:Announcement on changes to the billing and implementation of pay-as-you-go WAF instances

    Last Updated:Dec 13, 2024

    Dear Alibaba Cloud users, Alibaba Cloud plans to adjust the billing rules of pay-as-you-go Web Application Firewall (WAF) instances. Thank you for your understanding and support.

    Period

    The changes are planned to take effect at 00:00:00 on December 10, 2024 (UTC+8). The actual effective time shall prevail.

    Content

    1. If users of pay-as-you-go WAF 2.0 and WAF 3.0 instances do not add domain names or cloud service assets to the instances, the instances are released.

    2. The basic web protection is renamed the core web protection.

    3. The maximum threshold value for traffic billing protection is changed. If you want to specify a higher threshold value, contact your account manager or solution architect.

      • Chinese mainland: 30,000 queries per second (QPS).

      • Outside the Chinese mainland: 3,000 QPS.

    4. The billable items for hourly billing are changed.

    Impact

    The changes do not affect bills that are already generated. Subsequent bills are generated based on the new billable items. Thank you for your understanding and support.

    • Added billable items:

      • WAF instance: After you purchase a pay-as-you-go WAF instance, you are charged for this billable item. Unit price: 0.5 security capacity unit (SeCU) per hour.

      • Peak traffic throttling: You can specify a request percentage or QPS threshold for specific URLs or regions to create a rule to trigger throttling. You can configure the settings for traffic surge scenarios, such as promotions, to ensure the availability and stability of origin servers. Unit price: 150 SeCUs per rule-hour.

    • Adjusted billable items:

      Billable item

      Before

      After

      Core web protection - protection template

      Note

      You are charged for default protection templates after you add protected objects to WAF. You are charged for protection templates regardless of whether the templates are enabled.

      1 SeCU per template-hour

      3 SeCUs per template-hour

      Scan protection

      1 SeCU per rule-hour

      10 SeCUs per rule-hour

      Peak QPS

      Note

      If the portion exceeding the default limit is less than 5 QPS, it is calculated as 5 QPS.

      • Peak QPS ≤ 5,000: 0 SeCUs per hour

      • Peak QPS > 5,000: 1 SeCU per 5 QPS per hour for the portion exceeding 5,000 QPS

      • Peak QPS ≤ 1,000: 0 SeCUs per hour

      • Peak QPS > 1,000: 1 SeCU per 5 QPS per hour for the portion exceeding 1,000 QPS

      Custom rule

      • Basic rules: 1 SeCU per rule-hour

      • Advance rules: 2 SeCUs per rule-hour

      Note

      Rules that meet one of the following conditions are advanced rules, and the others are basic rules:

      • The rule type is throttling.

      • The following match fields are used: Body and Body Parameter.

      • The following logical operators are used: regular expression match and regular expression mismatch.

      • The following advanced parameters are configured: Canary Release and Effective Mode.

      • Basic rules: 2 SeCUs per rule-hour

      • Advance rules: 5 SeCUs per rule-hour

      Note

      Rules that meet one of the following conditions are advanced rules, and the others are basic rules:

      • The rule type is throttling.

      • The following match fields are used: Cookie, Content-Type, Content-Length, X-Forwarded-For, Body, Http-Method, File Extension, Filename, Server-Port, Header, Cookie Namet, Body Parameter.

      • The following logical operators are used: regular expression match and regular expression mismatch.

      • The following advanced parameters are configured: Canary Release and Effective Mode.

      Region blacklist

      3 SeCUs per rule-hour

      10 SeCUs per rule-hour

      Bot management

      1 SeCU per 10,000 requests

      Note

      If the number of requests within an hour is not a multiple of 10,000, it is rounded up to the nearest multiple of 10,000.

      1 SeCU per 7,500 requests

      Note

      If the number of requests within an hour is not a multiple of 7,500, it is rounded up to the nearest multiple of 7,500.

      API security

      1 SeCU per 10,000 requests

      Note

      If the number of requests within an hour is not a multiple of 10,000, it is rounded up to the nearest multiple of 10,000.

      1 SeCU per 7,500 requests

      Note

      If the number of requests within an hour is not a multiple of 7,500, it is rounded up to the nearest multiple of 7,500.

      Domain names added in CNAME record mode

      • One domain name: 0 SeCU

      • More than one domain name: 2 SeCUs per additional domain name-hour

      Tiered pricing:

      • One domain name: 0 SeCU

      • 2 to 10 domain names: 5 SeCUs per additional domain name-hour

      • 11 to 100 domain names: 3 SeCUs per additional domain name-hour

      • More than 100 domain names: 1 SeCU per additional domain name-hour