Product Specifications

WAF can be used in dedicated mode or ELB access mode. The following part describes specifications.

Access Mode Description

Table 1 describes dedicated WAF instances.

Table 1 Access mode description

Item

Dedicated Mode

ELB Access Mode

Deployment method

A dedicated engine is used for each instance.

WAF is integrated into the dedicated ELB load balancer gateway through SDKs.

Application scenarios

Service servers are deployed on the cloud.

This mode is suitable for large enterprise websites that have a large service scale and have customized security requirements.

Service servers are deployed on the cloud.

This mode is suitable for large enterprise websites having high security requirements on service stability.

Protected objects

  • Domain names

  • IP addresses

  • Domain names

  • IP addresses

Advantages

  • Enable cloud and on-premises deployment.

  • Enable exclusive use of WAF instance.

  • Meet requirements for protection against large-scale traffic attacks.

  • Deploy dedicated WAF instances in a VPC to reduce network latency.

  • Scaling out of your WAF protection capabilities without changing your service architecture

  • Non-inline deployment and zero impacts on your website services

  • High reliability

    If your WAF instance becomes faulty, the load balancer directly distributes your website traffic over the origin servers. Your website services will not be affected.

Service Scale

For more details, see Table 2.

Table 2 Applicable service scale

Service Metrics

Specifications

Peak rate of normal service requests

The following lists the specifications of a single instance.

  • Specifications: WI-500. Referenced performance:

    • HTTP services - Recommended QPS: 5,000. Maximum QPS: 10,000.

    • HTTPS services - Recommended QPS: 4,000. Maximum QPS: 8,000.

    • WebSocket service - Maximum concurrent connections: 5,000

    • Maximum WAF-to-server persistent connections: 60,000

  • Specifications: WI-100. Referenced performance:

    • HTTP services - Recommended QPS: 1,000. Maximum QPS: 2,000.

    • HTTPS services - Recommended QPS: 800. Maximum QPS: 1,600

    • WebSocket service - Maximum concurrent connections: 1,000

    • Maximum WAF-to-server persistent connections: 60,000

Important

NOTICE: Maximum QPS values are for reference only. They may vary depending on your businesses. The real-world QPS is related to the request size and the type and quantity of protection rules you customize.

Service bandwidth threshold

  • Specifications: WI-500. Referenced performance:

    Throughput: 500 Mbit/s

  • Specifications: WI-100. Referenced performance:

    Throughput: 100 Mbit/s

Number of domain names

2,000 (Supports 2,000 top-level domain names)

Quantity of supported ports

  • Standard ports: Unlimited

  • Non-standard ports: Unlimited

Peak rate of CC attack protection

  • Specifications: WI-500. Referenced performance:

    Maximum QPS: 20,000

  • Specifications: WI-100. Referenced performance:

    Maximum QPS: 4,000

CC attack protection rules

100

Precise protection rules

100

Reference table rules

100

IP address blacklist and whitelist rules

1,000

Geolocation access control rules

100

Web tamper protection rules

100

Information leakage prevention rules

100

Global protection whitelist rules

1,000

Data masking rules

100

Important

  • The number of domains is the total number of top-level domain names (for example, example.com), single domain names/subdomain names (for example, www.example.com), and wildcard domain names (for example, *.example.com).

  • If a domain name maps to different ports, each port is considered to represent a different domain name. For example, www.example.com:8080 and www.example.com:8081 are counted towards your quota as two distinct domain names.

last updated: 2024-11-14 08:44 UTC - commit: 0dac5e70f288fcbceae9b3712e8d35da924d7c2c