diff --git a/pages/edge-services/faq.mdx b/pages/edge-services/faq.mdx
index 3bbc4b3e74..87e8adb869 100644
--- a/pages/edge-services/faq.mdx
+++ b/pages/edge-services/faq.mdx
@@ -5,7 +5,7 @@ meta:
content:
h1: Edge Services FAQ
dates:
- validation: 2025-05-14
+ validation: 2025-06-26
category: network
productIcon: EdgeServicesProductIcon
---
@@ -36,7 +36,7 @@ Yes, if you choose to [customize your Edge Services endpoint with your own subdo
## What is WAF?
-**W**eb **A**pplication **F**irewall is a feature available via Edge Services. It is currently in Public Beta. When enabled, WAF filters requests to your origin to determine whether they are potentially malicious. You can choose the [paranoia level](/edge-services/concepts/#paranoia-level) to be used when evaluating requests, and set [exclusions](/edge-services/concepts/#exclusions) to define traffic that shouldn't be filtered by WAF. Requests that are judged to be malicious are blocked or logged, depending on the settings you choose. Find out more about WAF in our [detailed documentation](/edge-services/reference-content/understanding-waf/).
+**W**eb **A**pplication **F**irewall is a feature available via Edge Services. When enabled, WAF filters requests to your origin to determine whether they are potentially malicious. You can choose the [paranoia level](/edge-services/concepts/#paranoia-level) to be used when evaluating requests, and set [exclusions](/edge-services/concepts/#exclusions) to define traffic that should not be filtered by WAF. Requests that are judged to be malicious are blocked or logged, depending on the settings you choose. Find out more about WAF in our [detailed documentation](/edge-services/reference-content/understanding-waf/).
## How can I use WAF with a different type of Scaleway resource?
diff --git a/pages/edge-services/how-to/configure-waf.mdx b/pages/edge-services/how-to/configure-waf.mdx
index 7cc4a8dce1..1bca5e02cb 100644
--- a/pages/edge-services/how-to/configure-waf.mdx
+++ b/pages/edge-services/how-to/configure-waf.mdx
@@ -6,17 +6,13 @@ content:
h1: How to configure Edge Services Web Application Firewall
paragraph: Learn how to configure a Web Application Firewall (WAF) for Edge Services. Protect your Load Balancer origin from threats and malicious requests, and fine tune your settings to pick the right paranoia level and exclusions for your use case.
dates:
- validation: 2025-03-03
+ validation: 2025-06-26
posted: 2024-07-24
tags: object-storage edge-services cdn network waf paranoia block exclusions
categories:
- network
---
-
-Edge Services WAF is currently in [Public Beta](https://www.scaleway.com/en/betas/).
-
-
An Edge Services **W**eb **A**pplication **F**irewall (WAF) evaluates requests to your Load Balancer origin to determine whether they are potentially malicious. You can choose the [paranoia level](/edge-services/concepts/#paranoia-level) to be used when evaluating requests, and set [exclusions](/edge-services/concepts/#exclusions) to define traffic that shouldn't be filtered by WAF. Requests that are judged to be malicious are blocked or logged, depending on the settings you choose.
This page walks you through the process of enabling and configuring WAF to protect your Load Balancer origin.
diff --git a/pages/edge-services/how-to/subscribe-edge-services.mdx b/pages/edge-services/how-to/subscribe-edge-services.mdx
index dbf5a3e78e..7444bef635 100644
--- a/pages/edge-services/how-to/subscribe-edge-services.mdx
+++ b/pages/edge-services/how-to/subscribe-edge-services.mdx
@@ -6,7 +6,7 @@ content:
h1: How to subscribe to Edge Services
paragraph: Find out how to take your first steps with Scaleway Edge Services by subscribing to a pricing plan. Learn how to choose the best plan for your needs and change your plan at the click of a button.
dates:
- validation: 2025-05-14
+ validation: 2025-06-26
posted: 2024-10-15
tags: object-storage edge-services subscription-plan subscribe billing pricing
categories:
@@ -25,7 +25,7 @@ To use Edge Services, you must subscribe to a [pricing plan](https://www.scalewa
- A certain amount of WAF requests (the number of requests that can be filtered through WAF across all your pipelines)
-WAF is currently in Public Beta, and free of charge. Additional charges for exceeding your plan's WAF requests will only come into effect once the feature goes into General Availability.
+Note that the Starter plan does not include any WAF requests. Nonetheless, you can purchase an add-on that gives you a certain amount of requests for a fixed monthly price. The option to purchase the add-on will be displayed when you enable WAF on a pipeline.
If you create more pipelines than are included in your plan, or your pipelines' caches egress more data than is included, or you make more WAF requests than are included, you will be charged additionally for this. The rates per pipeline/GB of data are indicated on the [pricing](https://www.scaleway.com/en/pricing/network/#edge-services) page.
diff --git a/pages/edge-services/index.mdx b/pages/edge-services/index.mdx
index f6311c4e9f..01a807d50c 100644
--- a/pages/edge-services/index.mdx
+++ b/pages/edge-services/index.mdx
@@ -8,7 +8,7 @@ meta:
sentiment="info"
title="Edge Services WAF now available in the Scaleway console!"
>
- Edge Services now offers a Web Application Firewall (WAF) service, currently in Public Beta. Activate and manage WAF in the Scaleway console or API / developer tools. Find out more in our [dedicated documentation](/edge-services/reference-content/understanding-waf/).
+ Edge Services now offers a Web Application Firewall (WAF) service. Activate and manage WAF in the Scaleway console or API / developer tools. Find out more in our [dedicated documentation](/edge-services/reference-content/understanding-waf/).
-WAF is currently in Public Beta and therefore **free of charge**. When WAF enters General Availability, the free pricing model will end. See [below](#waf) for details on how it will be billed in the future.
+The Starter plan does not include WAF. To use WAF on this plan, you must pay an additional monthly add-on charge (see [below](#waf-add-on)).
If you subscribe to a plan, and exceed its monthly limits for pipelines, cache data, or WAF requests you will incur additional charges that month.
-Essentially, your Edge Services monthly bill is made up of your **monthly subscription plan price** + **any additional pipeline charges incurred** + **any additional cache charges incurred**.
+Essentially, your Edge Services monthly bill is made up of your **monthly subscription plan price** + **any additional pipeline charges incurred** + **any additional cache charges incurred** + **optional WAF add-on** (Started plan only) + **any additional WAF charges incurred**.
For full details of the price and limits of each plan, refer to the [pricing page](https://www.scaleway.com/en/pricing/network/#edge-services). Subscription plans are scoped to a single Scaleway [Project](/organizations-and-projects/concepts/#project).
## Keeping track of your Edge Services consumption
-You can check the number of pipelines you have at any one time in the **Pipelines** tab of the Edge Services dashboard in the Scaleway console. [Scaleway Cockpit](/edge-services/how-to/monitor-cockpit/) can be used to monitor the data egressing from your Edge Services caches.
+We provide a number of ways to keep track of your Edge Services consumption:
-## WAF
+- View the details of your current plan, your last monthly invoice, and the costs accumulated so far for Edge Services this month, in the **Plans** tab of your [Edge Services dashboard](https://console.scaleway.com/edge-services)
-Although WAF is currently in Public Beta and available free of charge, read on to find out more about how it will be charged once in General Availability
+
-Each plan (except Starter plan) will include a fixed amount of WAF requests to use across all your pipelines. If you exceed the amount of WAF requests in a month that is allowed on your plan (or by the Starter add-on), you will be charged a fee per million additional requests.
+- Use [Scaleway Cockpit](/network/edge-services/how-to/monitor-cockpit/) to monitor the data egressing from your Edge Services caches.
-The **Starter** plan will be the only plan that does not include a set amount of WAF requests. To use WAF on this plan, you must pay an additional monthly add-on charge. This add-on will then let you enable WAF on all your pipelines, and use a fixed amount of WAF requests for that month across all pipelines.A ny WAF requests that exceed this amount will be charged additionally.
+## WAF add-on
+
+The Starter plan is the only plan that does not include WAF. To use WAF on this plan, you must pay an additional monthly add-on charge (see [pricing page](https://www.scaleway.com/en/pricing/network/#edge-services)).
+
+To add the WAF add-on to your Starter plan, simply [enable WAF](/edge-services/how-to/configure-waf/) on a pipeline. You are then prompted to accept the add-on. You must pay the add-on charge in order to use WAF on the Starter plan.
+
+
+
+This add-on then lets you enable WAF on all your pipelines, and use a fixed amount of WAF requests for that month across all pipelines. Any WAF requests that exceed this amount will be charged additionally, as described below.
## Included usage vs additional charges
@@ -57,6 +65,7 @@ Additional charges apply when you either:
- Have more pipelines in existence (at any given time) than the limit of your monthly plan
- Egress more data from all your pipelines' caches combined, than the limit of your monthly plan
+- Filter more requests through WAF, for all of your pipelines combined, than the limit of your monthly plan or add-on.
Read on to understand more about how additional charges are applied.
@@ -105,6 +114,30 @@ You consumed 200 GB of cache data that was not included within your monthly plan
`{Fee per GB of additional cache} * 200 GB`
e.g. `0.0135 * 200 = €2.70`
+### Additional WAF charges
+
+WAF consumption is based on the number of requests processed by all your Edge Services pipelines' Web Application Firewalls combined, in a given month. Requests that are served by the cache are **not** processed by WAF, as WAF protects only your origin.
+
+For every million requests processed by Edge Services WAF in a month, **beyond** the limit of your monthly plan (or add-on, in the case of the Starter plan), an additional charge applies.
+
+For example:
+
+
+The example prices and limits used below are subject to change. You should always refer to the [pricing page](https://www.scaleway.com/en/pricing/network/#edge-services) for the most up-to-date information.
+
+
+- For the entire month of November, you are subscribed to the **Professional** plan, which has a limit of 5M WAF requests.
+- Over the course of the month, a total of 8M requests were processed by WAF across all your Edge Services pipelines.
+
+You used 3M extra WAF requests that were not included within your monthly plan. Your November Edge Services billing, in terms of additional WAF charges, is therefore calculated as follows:
+
+`{Fee per additional 1M WAF requests} * 3`
+e.g. `0.5 * 3 = €1.50`
+
+
+You are charged proportionally for additional WAF requests, even though the price is set per million. If, for example, you only make 500,000 additional WAF requests in a month, you will be charged `{Fee per additional 1M WAF requests} / 2`.
+
+
## Changing your subscription plan
You can upgrade or downgrade your subscription plan at any time. Read on to understand how changing plan mid-month affects your billing.
@@ -173,4 +206,50 @@ The example prices and limits used below are subject to change. You should alway
You consumed 200 GB of cache data that was not included within your monthly Starter plan, between November 1-10. For the rest of the month, you were within the limits of your new Professional plan. Your November Edge Services billing, in terms of the additional cache charges, is therefore calculated as follows:
`{Fee per GB of additional cache} * 200 GB`
-e.g. `0.0135 * 200 = €2.70`
\ No newline at end of file
+e.g. `0.0135 * 200 = €2.70`
+
+### WAF charges
+
+Any additional WAF request charges accumulated when you exceeded your previous plan's limit will remain on your monthly bill. From the moment you change your plan, your WAF request consumption resets to 0. During the rest of the month, you can consume WAF requests up to the new plan's limit without being charged.
+
+
+- If you **downgrade** your plan, all the WAF requests made within the hour of changing plans will count towards the WAF request consumption of the new plan.
+- If you **upgrade** your plan, all the WAF requests made within the hour of changing plans will count towards the cache consumption of the old plan.
+
+
+For example:
+
+
+The example prices and limits used below are subject to change. You should always refer to the [pricing page](https://www.scaleway.com/en/pricing/network/#edge-services) for the most up-to-date information.
+
+
+- From November 1-10 you are subscribed to the **Professional** plan, which has a limit of 5M WAF requests.
+- From November 1-10 you make 10M WAF requests.
+- On November 11, you upgrade to the **Advanced** plan, which has a limit of 50M WAF requests. Your WAF request usage resets to 0.
+- Between November 11 and the end of the month, you make 50M WAF requests.
+
+You made 5M WAF requests that were not included within your monthly Professional plan, between November 1-10. For the rest of the month, you were within the limits of your new Advanced plan. Your November Edge Services billing, in terms of the additional cache charges, is therefore calculated as follows:
+
+`{Fee per additional 1M WAF requests} * 5`
+e.g. `0.5* 5 = €2.50`
+
+### WAF add-on
+
+This scenario applies to a user who is subscribed to the Starter plan and pays the WAF add-on price, then upgrades to a higher level plan.
+
+You will be billed pro-rata for the add-on charge, based on how long you were subscribed to the Starter plan with an add-on before upgrading, during the billing month.
+
+For example:
+
+
+The example prices and limits used below are subject to change. You should always refer to the [pricing page](https://www.scaleway.com/en/pricing/network/#edge-services) for the most up-to-date information.
+
+
+- From November 1-10 you are subscribed to the **Starter** plan and **WAF add-on**
+- On November 11, you switch to the **Professional** plan.
+- You remain subscribed to the **Professional** plan for the rest of the month (ending November 30)
+
+There are 30 days in the month of November, and you spent 10 of them subscribed to the Starter plan with the WAF add-on. When you upgraded to the Professional plan, the WAF add-on was no longer applicable because WAF was automatically included in your subscription plan. Your November Edge Services billing, in terms of the WAF add-on, is therefore calculated as follows:
+
+`({Monthly price for WAF add-on} / 30 days) * 10 days`
+e.g. `(4 / 30) * 10 = 1.33`
\ No newline at end of file
diff --git a/pages/edge-services/reference-content/understanding-waf.mdx b/pages/edge-services/reference-content/understanding-waf.mdx
index da534a9d48..fb4c0d06de 100644
--- a/pages/edge-services/reference-content/understanding-waf.mdx
+++ b/pages/edge-services/reference-content/understanding-waf.mdx
@@ -7,16 +7,12 @@ content:
paragraph: Learn how to protect your web applications with Edge Services Web Application Firewall (WAF). Discover the principles, paranoia levels, and limitations of WAF, and find out how to define exclusions for optimal security and performance.
tags: edge-services web-application-firewall waf paranoia-levels exclusions
dates:
- validation: 2025-05-14
+ validation: 2025-06-26
creation: 2025-03-03
categories:
- network
---
-
-WAF is currently in Public Beta.
-
-
You can choose to enable the **W**eb **A**pplication **F**irewall (WAF) feature on your Edge Services pipeline, for added protection. This documentation page gives a detailed overview of WAF, and the different settings, modes and functionalities available.
## WAF overview
@@ -91,7 +87,6 @@ Each exclusion can consist of:
## WAF limitations
-- WAF is currently in Public Beta.
- WAF protects your origin only, and not your cache.
- You can add a maximum of 100 WAF exclusions
- You cannot currently specify exclusions at the individual rule level. Requests matching exclusion filters bypass WAF entirely.