This topic compares the features of the different editions of Web Application Firewall (WAF) 3.0.
Scenarios for each edition
WAF 3.0 is available in five editions. These editions are categorized by billing method and service capabilities to suit different business scenarios.
Subscription Basic: Ideal for small or personal websites with no special security requirements.
Subscription Pro: Designed for small- and medium-sized websites with standard security needs.
Subscription Enterprise: Recommended for medium-sized enterprise websites or public-facing services with high security standards.
Subscription Ultimate: Suitable for medium to large enterprise websites with large-scale business operations or custom security requirements. Contact your account manager to customize specifications.
Pay-as-you-go: This edition uses a pay-as-you-go billing method and is ideal for scenarios where business usage frequently changes.
Edition comparison
Performance metrics: The primary performance metric for WAF 3.0 is queries per second (QPS) for HTTP/HTTPS requests. WAF 3.0 no longer relies on bandwidth limits. Focus on your business's request rate, not bandwidth constraints. If the maximum available QPS does not meet your business needs, contact your account manager.
Domain name rules: When you add a domain name, each primary domain name, subdomain, or wildcard domain name counts as a separate domain name.
Billing details: For more information, see Subscription billing and Pay-as-you-go billing.
Core features
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
QPS limit per edition | 10 QPS | 2,000 QPS | 5,000 QPS | 10,000 QPS | The Chinese mainland: 30,000 QPS Outside the Chinese mainland: 3,000 QPS |
Additional purchasable QPS | The Chinese mainland: 30,000 QPS Outside the Chinese mainland: 5,000 QPS | The Chinese mainland: 30,000 QPS Outside the Chinese mainland: 5,000 QPS | The Chinese mainland: 30,000 QPS Outside the Chinese mainland: 1,000 QPS | ||
The Chinese mainland: 60,000 QPS Outside the Chinese mainland: 1,000 QPS | The Chinese mainland: 60,000 QPS Outside the Chinese mainland: 1,000 QPS | The Chinese mainland: 60,000 QPS Outside the Chinese mainland: 1,000 QPS | |||
Maximum number of domain names | 3 | 5 | 10 | 50 | 1,000 |
Number of additional domain names | 10 | 500 | 2,000 | 5,000 | |
1 | 1 | ||||
Complimentary domain names for hybrid cloud extension nodes | Add 1 node to get 100 free domain names. Add 2 or more nodes to get 200 free domain names. | Add 1 node to get 100 free domain names. Add 2 or more nodes to get 200 free domain names. | |||
Number of protected objects (cloud service instances and domain names) | 300 | 600 | 2,500 | 10,000 | 10,000 items |
Number of protected object groups | 10 | 10 | 10 | 10 | 100 |
Number of protected objects per protected object group | 50 | 50 | 50 | 50 | 100 |
Number of manageable member accounts for multi-account management | 5 | 20, customizable |
Resource access features
When you add ECS, Classic Load Balancer (CLB), and Network Load Balancer (NLB) instances in cloud native mode, the number of traffic redirection ports must not exceed the maximum number of protected objects.
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
Paid support | |||||
The Chinese mainland: Outside the Chinese mainland: | The Chinese mainland: Outside the Chinese mainland: | The Chinese mainland: Paid support Outside the Chinese mainland: | |||
Paid support | Paid support | Paid support | Paid support | ||
Paid support | Paid support | Paid support | Paid support | ||
Adjust upload file size limit (default: 2 GB) |
Basic security protection features
Version notes: The updated web core protection rules no longer support rule groups. For more information, see [Announcement] WAF 3.0 basic protection rule feature upgrade.
Custom rule limits: Custom rules can block a maximum of 20,000 IP addresses. If you exceed this limit, the rules may fail to take effect.
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
Number of configurable custom rule groups for web core protection rules | 10 | 30 | 30 | ||
Number of configurable custom protection templates for web core protection rules | 3 | 10 | 20 | 50 | 20 |
Whitelist templates | 20 | 20 | 20 | 50 | 50 |
Number of rules per whitelist template | 100 items | 100 items | 100 items | 100 entries | 100 |
IP blacklist templates | 5 | 10 | 20 | 20 | |
Number of IP addresses and rules per IP blacklist template | 400 IP addresses, 2 protection rules | 600 IP addresses, 3 protection rules | 1,000 IP addresses, 5 protection rules | 1,000 IP addresses, 5 protection rules | |
Custom rule templates | 10 | 20 | 50 | 50 | |
Number of rules per custom rule template | 100 | 200 items | 200 entries | 200 items | |
Match fields for custom rules | IP or URL match | IP, URL, all headers, regex, body match | IP, URL, all headers, regex, body match | IP, URL, all headers, regex, body match | |
Number of IP addresses per custom rule | 100 | 100 | 100 | 100 | |
Actions for custom rules | JavaScript validation | JS challenge, slider | JS challenge, slider | JS challenge, slider | |
Rate limiting rules in custom rules | |||||
Web tamper-proofing templates | 10 | 20 | 50 | 50 | |
Number of rules per web tamper-proofing template | 50 items | 50 | 50 | 50 items | |
Data leakage prevention templates | 10 | 20 | 20 | 20 | |
Number of rules per data leakage prevention template | 50 items | 50 items | 50 | 50 items | |
Geo-blocking templates | 10 | 20 | 20 | ||
HTTP flood protection templates | 5 | 10 | 20 | 20 | |
Scan protection templates | 5 | 10 | 20 | 20 | |
Custom response templates | 20 | 50 | 50 | ||
Maximum number of protected objects and object groups per protection template | 10 | 100 | 200 | 500 | 100 |
Advanced security protection features
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
Paid support, up to 20 templates | Paid support, up to 50 templates | Paid support, up to 100 templates | Paid support | ||
Paid support. Enable it by temporarily upgrading your instance. | Paid support. Enable it by temporarily upgrading your instance. | Supported, no additional fees | Paid support | ||
Paid support | Paid support | Paid support | Paid support | ||
Paid support | Paid support | Paid support | Paid support | ||
Paid support | |||||
Number of IP addresses in an IP address book | 3,000 | 10,000 | 50,000, customizable | 3,000 |
O&M and monitoring features
Feature | Subscription Basic | Subscription Pro | Subscription Enterprise | Subscription Ultimate | Pay-as-you-go |
Paid support | Paid support | Paid support | |||