Plans and Editions
Last updated: 2025-08-06 17:18:46
The Web Application Firewall (WAF) offers two payment models: prepaid annual and monthly subscription, and a combination of prepaid annual and monthly subscription with flexible postpaid options. It is available in two instance types: SaaS and CLB instances. This article introduces the features supported under different WAF instances and subscription plans.
SaaS WAF Instance (Non-Mainland China Region)
Feature | Item | Premium | Enterprise | Ultimate |
Basic support | Applicable Scenarios | Applicable to standardized protection for small and medium websites. | Applicable to protection for small and medium website applications and customized protection for medium and large websites. | Applicable to protection for large and super large website applications and customized protection for complex website applications. |
| QPS Peak | Default QPS: 2,500 QPS Supports business extension pack: 5,000 QPS | Default QPS: 5,000 QPS Supports business extension pack: 10,000 QPS | Default QPS: 10,000 QPS Supports business extension pack: 20,000 QPS |
| Bandwidth Peak | Default bandwidth: 50 Mbps Supports business extension pack: 125 Mbps | Default bandwidth: 100 Mbps Supports business extension pack: 250 Mbps | Default bandwidth: 200 Mbps Supports business extension pack: 500 Mbps |
| Dedicated IP | Supported | Supported | Supported |
| Supported Primary Domains | 2 pcs/domain | 3 pcs/domain | 4 pcs/domain |
| Supported Total Domains (including primary and subdomains) | 20 pcs/domain | 30 pcs/domain | 40 pcs/domain |
| Wildcard Domain Protection | Not supported | Supported | Supported |
| IPv6 Protection | Not supported | Supported | Supported |
Access Management | Access port support | Supports standard ports: 80, 8080, 443, 8443 | In addition to standard ports, it supports protection for specific ranges of non-standard ports: 5 pcs/domain/protocol type. | In addition to standard ports, it supports protection for specific ranges of non-standard ports: 10 pcs/domain/protocol type. |
| Dedicated IP | Supported | Supported | Supported |
| Traffic Tagging | Not supported | Supported | Supported |
| Client Information Passing | Not supported | Supported | Supported |
| HTTP2/WebSocket | Supported | Supported | Supported |
Basic Security Protection | Rule Protection Engine | Supported | Supported | Supported |
| 0-Day Vulnerability Virtual Patching | Supported | Supported | Supported |
| Precise Allowlist | 100 pcs/domain | 120 pcs/domain | 150 pcs/domain |
| Rule Allowlist | 200 pcs/domain | 400 pcs/domain | 500 pcs/domain |
| IP Block/Allowlist | 1,000 pcs/domain | 5,000 pcs/domain | 20,000 pcs/domain |
| Region Blocking | Supported | Supported | Supported |
| Access Control (Custom Policy) | 100 pcs/domain | 120 pcs/domain | 150 pcs/domain |
| Emergency Mode CC Protection | Supported | Supported | Supported |
| IP/Session-Based Custom CC Protection | 5 pcs/domain | 20 pcs/domain | 50 pcs/domain |
| Data Leakage Prevention | 5 pcs/domain | 10 pcs/domain | 50 pcs/domain |
| Webpage Tampering Protection | 10 pcs/domain | 20 pcs/domain | 50 pcs/domain |
| Bulk Protection | Not supported | The max supported config rules are limited by single domain specs. Bulk protection rules use up a single domain's rule quota. | The max supported config rules are limited by single domain specs. Bulk protection rules use up a single domain's rule quota. |
| Advanced Vulnerability Protection (AI Engine) | Not supported | Not supported | Not supported |
Advanced Security Value-Added Protection | BOT Traffic Management | Paid support | Paid support | Paid support |
| API Security | Paid support | Paid support | Paid support |
| Business Security | Paid support | Paid support | Paid support |
Log Management | Attack Log Query and Download | Supported | Supported | Supported |
| Attack Log Delivery | Not supported | Supported | Supported |
| All Attack Types Log Storage | Supported | Supported | Supported |
| Access Log Delivery | Paid support | Paid support | Paid support |
| Access Log Query and Download (requires log package purchase) | Supported | Supported | Supported |
Professional Services | One-to-One Pre-Sales Support | Not supported | Supported | Supported |
| WeChat or Enterprise WeChat Support | 5*8 hours | 7*12 hours | 7*12 hours |
| 7*24 Hours Ticket Pre-Sales, After-Sales Support | Supported | Supported | Supported |
CLB WAF Instance (Non-Mainland China Region)
Feature | Item | Premium | Enterprise | Ultimate |
Basic support | Applicable Scenarios | Applicable to standardized protection for small and medium websites. | Applicable to protection for small and medium website applications and customized protection for medium and large websites. | Applicable to protection for large and super large website applications and customized protection for complex website applications. |
| QPS Peak | Default QPS: 2,500 QPS Supports business extension pack: 10,000 QPS | Default QPS: 5,000 QPS Supports business extension pack: 20,000 QPS | Default QPS: 10,000 QPS Supports business extension pack: 40,000 QPS |
| Cross-Region Interconnection Support | Not supported | Not supported | Supported for 10 regions |
| Binding Load Balancer Listeners | 200 pcs/domain | 300 pcs/domain | 500 pcs/domain |
| Supported Primary Domains | 2 pcs/domain | 3 pcs/domain | 4 pcs/domain |
| Supported Total Domains (including primary and subdomains) | 20 pcs/domain | 30 pcs/domain | 40 pcs/domain |
| Wildcard Domain Support | Not supported | Supported | Supported |
| IPv6 Protection | Supported | Supported | Supported |
Access Management | Object Access | Not supported | Supported | Supported |
Basic Security Protection | Rule Protection Engine | Supported | Supported | Supported |
| 0-Day Vulnerability Virtual Patching | Supported | Supported | Supported |
| Precise Allowlist | 100 pcs/domain | 120 pcs/domain | 150 pcs/domain |
| Rule Allowlist | 200 pcs/domain | 400 pcs/domain | 500 pcs/domain |
| IP Block/Allowlist | 1,000 pcs/domain | 5,000 pcs/domain | 20,000 pcs/domain |
| Region Blocking | Supported | Supported | Supported |
| Access Control (Custom Policy) | 100 pcs/domain | 120 pcs/domain | 150 pcs/domain |
| IP/Session-Based Custom CC Protection | 5 pcs/domain | 20 pcs/domain | 50 pcs/domain |
| Bulk Protection | Not supported | The max supported config rules are limited by single domain specs. Bulk protection rules use up a single domain's rule quota. | The max supported config rules are limited by single domain specs. Bulk protection rules use up a single domain's rule quota. |
| Advanced Vulnerability Protection (AI Engine) | Not supported | Not supported | Not supported |
Advanced Security Value-Added Protection | BOT Traffic Management | Paid support | Paid support | Paid support |
| API Security | Paid support | Paid support | Paid support |
| Business Security | Paid support | Paid support | Paid support |
Log Management | Attack Log Query and Download | Supported | Supported | Supported |
| Attack Log Delivery | Not supported | Supported | Supported |
| All Attack Types Log Storage | Supported | Supported | Supported |
| Access Log Delivery | Paid support | Paid support | Paid support |
| Access Log Query and Download (requires log package purchase) | Supported | Supported | Supported |
Professional Services | Certificate Two-way Authentication | Supported | Supported | Supported |
| One-to-One Pre-Sales Support | Not supported | Supported | Supported |
| WeChat or Enterprise WeChat Support | 5*8 hours | 7*12 hours | 7*12 hours |
| 7*24 Hours Ticket Pre-Sales, After-Sales Support | Supported | Supported | Supported |
SaaS WAF Instance (Mainland China Region)
Feature | Item | Premium | Enterprise | Ultimate |
Basic support | Applicable Scenarios | Applicable to standardized protection for small and medium websites. | Applicable to protection for small and medium website applications and customized protection for medium and large websites. | Applicable to protection for large and super large website applications and customized protection for complex website applications. |
| QPS Peak | Default QPS: 2,500 QPS Supports business extension pack to extend QPS: 20,000 QPS Supports flexible postpaid QPS extension: 100,000 QPS | Default QPS: 5,000 QPS Supports business extension pack to extend QPS: 30,000 QPS Supports flexible postpaid QPS extension: 150,000 QPS | Default QPS: 10,000 QPS Supports business extension pack to extend QPS: 40,000 QPS Supports flexible postpaid QPS extension: 200,000 QPS |
| Bandwidth Peak | Default bandwidth: 50 Mbps Supports business extension pack to extend bandwidth: 500 Mbps | Default bandwidth: 100 Mbps Supports business extension pack to extend bandwidth: 750 Mbps | Default bandwidth: 200 Mbps Supports business extension pack to extend bandwidth: 1,000 Mbps |
| Dedicated IP | Supported | Supported | Supported |
| Supported Primary Domains | 2 | 3 | 4 |
| Supported Total Domains (including primary and subdomains) | 20 | 30 | 40 |
| Wildcard Domain Protection | Not supported | Supported | Supported |
| IPv6 Protection | Not supported | Supported | Supported |
Access Management | Access port support | Supported standard ports 80, 8080, 443, 8443 | In addition to standard ports, it supports protection for specific ranges of non-standard ports: 5 pcs/domain/protocol type | In addition to standard ports, it supports protection for specific ranges of non-standard ports: 10 pcs/domain/protocol type |
| Dedicated IP | Supported | Supported | Supported |
| Traffic Tagging | Not supported | Supported | Supported |
| Client Information Passing | Not supported | Supported | Supported |
| HTTP2/WebSocket | Supported | Supported | Supported |
Basic security protection | Rule Protection Engine | Supported | Supported | Supported |
| 0-Day Vulnerability Virtual Patching | Supported | Supported | Supported |
| Precise Allowlist | 100 pcs/domain | 120 pcs/domain | 150 pcs/domain |
| Rule Allowlist | 200 pcs/domain | 400 pcs/domain | 500 pcs/domain |
| IP block/allowlist | 1,000 pcs/domain | 5,000 pcs/domain | 20,000 pcs/domain |
| Back-end Concurrent Long Connections | Unlimited | Unlimited | Unlimited |
| Region Blocking | Supported | Supported | Supported |
| Access Control (Custom Policy) | 100 pcs/domain | 120 pcs/domain | 150 pcs/domain |
| Emergency Mode CC Protection | Supported | Supported | Supported |
| IP/Session-Based Custom CC Protection | 5 pcs/domain | 20 pcs/domain | 50 pcs/domain |
| Data Leakage Prevention | 5 pcs/domain | 10 pcs/domain | 50 pcs/domain |
| Webpage Tampering Protection | 10 pcs/domain | 20 pcs/domain | 50 pcs/domain |
| Bulk Protection | Not supported | The max supported config rules are limited by single domain specs. Bulk protection rules use up a single domain's rule quota. | The max supported config rules are limited by single domain specs. Bulk protection rules use up a single domain's rule quota. |
| Advanced Vulnerability Protection (AI Engine) | Not supported | Not supported | Supported |
Advanced Security Value-Added Protection | BOT Traffic Management | Paid support | Paid support | Paid support |
| API Security | Paid support | Paid support | Paid support |
| Business Security | Paid support | Paid support | Paid support |
Log Management | Attack Log Query and Download | Supported | Supported | Supported |
| Attack Log Delivery | Not supported | Supported | Supported |
| All Attack Types Log Storage | Supported | Supported | Supported |
| Access Log Delivery | Paid support | Paid support | Paid support |
| Access Log Query and Download (requires log package purchase) | Supported | Supported | Supported |
Professional Services | One-to-One Pre-Sales Support | Not supported | Supported | Supported |
| WeChat or Enterprise WeChat Support | 5*8 hours | 7*12 hours | 7*12 hours |
| 7*24 Hours Ticket Pre-Sales, After-Sales Support | Supported | Supported | Supported |
CLB WAF Instance (Mainland China Region)
Feature | Item | Premium | Enterprise | Ultimate |
Basic support | Applicable Scenarios | Applicable to standardized protection for small and medium websites. | Applicable to protection for small and medium website applications and customized protection for medium and large websites. | Applicable to protection for large and super large website applications and customized protection for complex website applications. |
| QPS Peak | Default QPS: 2,500 QPS Supports business extension pack: 40,000 QPS Supports flexible postpaid extension: 200,000 QPS | Default QPS: 5,000 QPS Supports business extension pack: 60,000 QPS Supports flexible postpaid extension: 300,000 QPS | Default QPS: 10,000 QPS Supports business extension pack: 80,000 QPS Supports flexible postpaid extension: 400,000 QPS |
| Cross-Region Interconnection Support | Not supported | Not supported | Supported for 10 regions |
| Binding Load Balancer Listeners | 200 | 300 | 500 |
| Supported Primary Domains | 2 pcs/domain | 3 pcs/domain | 4 pcs/domain |
| Supported Total Domains (including primary and subdomains) | 20 pcs/domain | 30 pcs/domain | 40 pcs/domain |
| Wildcard Domain Support | Not supported | Supported | Supported |
| IPv6 Protection | Supported | Supported | Supported |
Access Management | Object Access | Not supported | Supported | Supported |
Basic Security Protection | Rule Protection Engine | Supported | Supported | Supported |
| 0-Day Vulnerability Virtual Patching | Supported | Supported | Supported |
| Precise Allowlist | 100 pcs/domain | 120 pcs/domain | 150 pcs/domain |
| Rule Allowlist | 200 pcs/domain | 400 pcs/domain | 500 pcs/domain |
| IP Block/Allowlist | 1,000 pcs/domain | 5,000 pcs/domain | 20,000 pcs/domain |
| Region Blocking | Supported | Supported | Supported |
| Access Control (Custom Policy) | 100 pcs/domain | 120 pcs/domain | 150 pcs/domain |
| IP/Session-Based Custom CC Protection | 5 pcs/domain | 20 pcs/domain | 50 pcs/domain |
| Bulk Protection | Not supported | The max supported config rules are limited by single domain specs. Bulk protection rules use up a single domain's rule quota. | The max supported config rules are limited by single domain specs. Bulk protection rules use up a single domain's rule quota. |
| Advanced Vulnerability Protection (AI Engine) | Not supported | Not supported | Supported |
Advanced Security Value-Added Protection | BOT Traffic Management | Paid support | Paid support | Paid support |
| API Security | Paid support | Paid support | Paid support |
| Business Security | Paid support | Paid support | Paid support |
Log Management | Attack Log Query and Download | Supported | Supported | Supported |
| Attack Log Delivery | Not supported | Supported | Supported |
| All Attack Types Log Storage | Supported | Supported | Supported |
| Access Log Delivery | Paid support | Paid support | Paid support |
| Access Log Query and Download (requires log package purchase) | Supported | Supported | Supported |
Professional Services | Certificate Two-way Authentication | Supported | Supported | Supported |
| One-to-One Pre-Sales Support | Not supported | Supported | Supported |
| WeChat or Enterprise WeChat Support | 5*8 hours | 7*12 hours | 7*12 hours |
| 7*24 Hours Ticket Pre-Sales, After-Sales Support | Supported | Supported | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback