Li, Qiao aea4b89c6e WAF Dedicated User Guide 20231030 version.

Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: Li, Qiao <qiaoli@huawei.com>
Co-committed-by: Li, Qiao <qiaoli@huawei.com>

2024-10-01 07:48:08 +00:00

15 KiB

Raw Permalink Blame History

Product Specifications

WAF can be used in dedicated mode or ELB access mode. The following part describes specifications.

Access Mode Description

Table 1 describes dedicated WAF instances.

**Table 1** Access mode description
Item	Dedicated Mode	ELB Access Mode
Deployment method	A dedicated engine is used for each instance.	WAF is integrated into the dedicated ELB load balancer gateway through SDKs.
Application scenarios	Service servers are deployed on the cloud. This mode is suitable for large enterprise websites that have a large service scale and have customized security requirements.	Service servers are deployed on the cloud. This mode is suitable for large enterprise websites having high security requirements on service stability.
Protected objects	Domain names IP addresses	Domain names IP addresses
Advantages	Enable cloud and on-premises deployment. Enable exclusive use of WAF instance. Meet requirements for protection against large-scale traffic attacks. Deploy dedicated WAF instances in a VPC to reduce network latency.	Scaling out of your WAF protection capabilities without changing your service architecture Non-inline deployment and zero impacts on your website services High reliability If your WAF instance becomes faulty, the load balancer directly distributes your website traffic over the origin servers. Your website services will not be affected.

Service Scale

For more details, see Table 2.

**Table 2** Applicable service scale
Service Metrics	Specifications
Peak rate of normal service requests	The following lists the specifications of a single instance. Specifications: WI-500. Referenced performance: HTTP services - Recommended QPS: 5,000. Maximum QPS: 10,000. HTTPS services - Recommended QPS: 4,000. Maximum QPS: 8,000. WebSocket service - Maximum concurrent connections: 5,000 Maximum WAF-to-server persistent connections: 60,000 Specifications: WI-100. Referenced performance: HTTP services - Recommended QPS: 1,000. Maximum QPS: 2,000. HTTPS services - Recommended QPS: 800. Maximum QPS: 1,600 WebSocket service - Maximum concurrent connections: 1,000 Maximum WAF-to-server persistent connections: 60,000 NOTICE: Maximum QPS values are for reference only. They may vary depending on your businesses. The real-world QPS is related to the request size and the type and quantity of protection rules you customize.
Service bandwidth threshold	Specifications: WI-500. Referenced performance: Throughput: 500 Mbit/s Specifications: WI-100. Referenced performance: Throughput: 100 Mbit/s
Number of domain names	2,000 (Supports 2,000 top-level domain names)
Quantity of supported ports	Standard ports: Unlimited Non-standard ports: Unlimited
Peak rate of CC attack protection	Specifications: WI-500. Referenced performance: Maximum QPS: 20,000 Specifications: WI-100. Referenced performance: Maximum QPS: 4,000
CC attack protection rules	100
Precise protection rules	100
Reference table rules	100
IP address blacklist and whitelist rules	1,000
Geolocation access control rules	100
Web tamper protection rules	100
Information leakage prevention rules	100
Global protection whitelist rules	1,000
Data masking rules	100

The number of domains is the total number of top-level domain names (for example, example.com), single domain names/subdomain names (for example, www.example.com), and wildcard domain names (for example, *.example.com).
If a domain name maps to different ports, each port is considered to represent a different domain name. For example, www.example.com:8080 and www.example.com:8081 are counted towards your quota as two distinct domain names.

Parent topic: Service Overview