WAF Overview
Last updated:2026-01-15 16:43:58
What Is WAF?
Tencent Cloud Web Application Firewall (WAF) is an AI-based, one-stop solution for operational risk protection of web services. It employs a dual-engine approach of AI + rule-based mechanisms to identify malicious traffic, safeguard website security, and enhance the safety and reliability of web assets. Through BOT Behavior Analytics, it defends against malicious access behaviors while protecting core business security and data security of websites.
The CDC Environment Web Application Firewall Has the Following Features
The creation entry is the CDC independent entry and must be created in the CDC console. For details, see Creating WAF.
You can choose to use cloud-based WAF or CDC on-premises deployed WAF based on your business characteristics. For example, when your business provides internet-facing services, selecting cloud-based WAF can achieve the same level of protection.
The locally deployed WAF in CDC has the following versions:
WAF - Enterprise Edition (20 domains, 8000QPS)
Supports customizing CC protection policies, including IP address-based Session CC protection policies, with 20 rules/domain.
Supports custom protection policies based on conditions such as IP address, URL, Referer, UA, Cookie, Body, with 20 rules/domain.
Supports IP address allowlist and blocklist management, with 5000 entries/domain.
Supports precise allowlist management, 100 entries/domain.
The protection engine nodes are used in conjunction with CLB. One set of clusters is sold starting from 2 nodes by default, including forwarding and rule protection engines, precise allowlist management, blocklist management, and so on.
A single protection node supports a peak of 8000QPS for Web traffic protection. Increasing the number of protection nodes enhances the business protection capacity of the corresponding cluster. Scaling out supports the expansion and upgrade of individual nodes.
WAF - Flagship Edition (50 domains, 10000QPS)
Supports custom CC protection policies, including IP address-based Session CC protection policies, with 50 rules/domain.
Supports custom protection policies based on conditions such as IP address, URL, Referer, UA, Cookie, Body, with 50 rules/domain.
Supports IP address allowlist and blocklist management, with 20000 entries/domain.
Supports precise allowlist management, 100 entries/domain.
The protection engine nodes are used in conjunction with CLB. One set of clusters is sold starting from 2 nodes by default, including forwarding and rule protection engines, precise allowlist management, blocklist management, and so on.
A single protection node supports a peak of 10000QPS for Web traffic protection. Increasing the number of protection nodes enhances the business protection capacity of the corresponding cluster. Scaling up supports the expansion and upgrade of individual nodes.
WAF General Information Guide
WAF General Information | Remarks |
You can perform unified management of the WAF list here. | |
WAF General Documentation Directory | |
Learn about WAF. | |
Getting Started with WAF | |
Quickly locate and resolve issues. |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback