WAF can be used in dedicated mode or ELB access mode. The following part describes specifications.
Access Mode Description
Table 1 describes dedicated WAF instances.
Table 1 Access mode descriptionItem
|
Dedicated Mode
|
ELB Access Mode
|
|---|
Deployment method
|
A dedicated engine is used for each instance.
|
WAF is integrated into the dedicated ELB load balancer gateway through SDKs.
|
Application scenarios
|
Service servers are deployed on the cloud.
This mode is suitable for large enterprise websites that have a large service scale and have customized security requirements.
|
Service servers are deployed on the cloud.
This mode is suitable for large enterprise websites having high security requirements on service stability.
|
Protected objects
|
|
|
Advantages
|
- Enable cloud and on-premises deployment.
- Enable exclusive use of WAF instance.
- Meet requirements for protection against large-scale traffic attacks.
- Deploy dedicated WAF instances in a VPC to reduce network latency.
|
|
Service Scale
For more details, see Table 2.
Table 2 Applicable service scaleService Metrics
|
Specifications
|
|---|
Peak rate of normal service requests
|
The following lists the specifications of a single instance.
- Specifications: WI-500. Referenced performance:
- HTTP services - Recommended QPS: 5,000. Maximum QPS: 10,000.
- HTTPS services - Recommended QPS: 4,000. Maximum QPS: 8,000.
- WebSocket service - Maximum concurrent connections: 5,000
- Maximum WAF-to-server persistent connections: 60,000
- Specifications: WI-100. Referenced performance:
- HTTP services - Recommended QPS: 1,000. Maximum QPS: 2,000.
- HTTPS services - Recommended QPS: 800. Maximum QPS: 1,600
- WebSocket service - Maximum concurrent connections: 1,000
- Maximum WAF-to-server persistent connections: 60,000
NOTICE: Maximum QPS values are for reference only. They may vary depending on your businesses. The real-world QPS is related to the request size and the type and quantity of protection rules you customize.
|
Service bandwidth threshold
|
- Specifications: WI-500. Referenced performance:
Throughput: 500 Mbit/s
- Specifications: WI-100. Referenced performance:
Throughput: 100 Mbit/s
|
Number of domain names
|
2,000 (Supports 2,000 top-level domain names)
|
Quantity of supported ports
|
- Standard ports: Unlimited
- Non-standard ports: Unlimited
|
Peak rate of CC attack protection
|
- Specifications: WI-500. Referenced performance:
Maximum QPS: 20,000
- Specifications: WI-100. Referenced performance:
Maximum QPS: 4,000
|
CC attack protection rules
|
100
|
Precise protection rules
|
100
|
Reference table rules
|
100
|
IP address blacklist and whitelist rules
|
1,000
|
Geolocation access control rules
|
100
|
Web tamper protection rules
|
100
|
Information leakage prevention rules
|
100
|
Global protection whitelist rules
|
1,000
|
Data masking rules
|
100
|
- The number of domains is the total number of top-level domain names (for example, example.com), single domain names/subdomain names (for example, www.example.com), and wildcard domain names (for example, *.example.com).
- If a domain name maps to different ports, each port is considered to represent a different domain name. For example, www.example.com:8080 and www.example.com:8081 are counted towards your quota as two distinct domain names.