WAF and DDos Mitigation Business vs Enterprise Plan

Can someone tell me what different features you have in the business vs enterprise plan when it comes to
1.) WAF (except of the number of page rules)
2.)DDoS Mitigation?

Would be great if I could get the answers on each point separately and if I could know which additional features to these 2 points you can buy when you have the enterprise plan.

Thank you guys in advance!

The sky is the limit (more or less).

Business and Enterprise are hardly comparable, as the former is still among the standard plans whereas Enterprise is heavily customisable and comes at a way heftier price tag.

For example, in regard to #2, only with Enterprise you can actually secure non-HTTP protocols via Spectrum.

In short, Free, Pro, and Business are way more comparable among each other than Enterprise.

1 Like

Thank you for the info. Can you tell me more, what “secure non-HTTP protocols via Spectrum” means and in which feature this would be included and what are some of the other benefits you would have in an enterprise plan in regards to nr 2 and nr 1 (regardless of the price)?

Are you able to explain what the ability to “proxy non-http traffic” means and which feature would enable that? I am not a pro in this area but would like to receive the information to learn more about it.
Thank you in advance for your help!

Spectrum allows you to tunnel protocols other than HTTP via Cloudflare. All other plans do not allow that. I cant tell if this is necessary for you, but it is one of the examples where Enterprise provides broader support in the context of denial-of-service protection.

If you are seriously considering to sign up for an Enterprise contract I’d strongly recommend to contact sales, as they will be best able to clarify your questions in this regard. Enterprise is quite a rare Unicorn round here :slight_smile:

thank you. I am not considering right now to sign up for that but would like to get more infos on a faster way here before being involved in a sales call. Is Spectrum the name of the feature? would that also enable to proxy non-http traffic?

It is.

That is the precise thing I was referring to.

You should be aware though, Enterprise typically is in the four digit range.

yes I know…great thanks. I can’t find any specific info on this spectrum feature in the support page of CF. Do you might have a link where I can read more about it?

Simply put, it basically is a plain TCP (most recently also UDP) proxy which simply tunnels to your origin.

Thank you so much! I also found this one

So you would basically use this feature to increase security on DDoS attacks?

Do you might have an example of a more advanced WAF feature of features :slight_smile: which you would have in enterprise such as unlimited WAF rules?

Only if you need to cover non-HTTP protocols and even then, it wouldnt increase it, it would actually enable it.

Again, for this you best contact support. As I said Enterprise is rather rare here and you will find th most accurate information with support.

ok thanks. I thought you might know it.

So can you say that TCP/UDP traffic is non-http traffic and without spectrum there would be no security on DDoS attacks for this kind of traffic?

HTTP is based on TCP (well, actually in recent months that is not entirely accurate any longer but thats a different story). As long you only want to use web based things over HTTP you dont need Spectrum. The moment you want to use anything non-HTTP related you do need it, if you want to proxy it over any Cloudflare network (with Argo there is also a slight exception when it comes to SSH and RDP but again this is a different story).

thanks a lot for taking time so respond that detailed. What you say makes sense to me. Do you have an example of something non-http related that you would like to proxy (can be anything just to make it more visible for me)?

Mail traffic for example. A lot of gaming protocols, SSH (though there is aforementioned exception), any database protocols, etc.

thanks a lot of all the info! I might come back in case I would have more questions. Have a nice weekend!

Hi Sandro! Do you know if Spectrum is automatically included in the enterprise plan or if it is available as an extra feature you can buy within the plan?

With Enterprise mostly everything depends on the individual contract. As far as I know Enterprise contracts vary greatly.

thank you. on the support page it says you can enable it which I assume means that you just “switch” it on if you have an enterprise plan without any extra costs.

That is possible, but again something best clarified with sales.