We performed a comparison between AWS WAF and NGINX App Protect based on real PeerSpot user reviews.
Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product's initial setup phase was very simple."
"It's simple, easy to use."
"We preferred the product based on its cost. AWS WAF is an out-of-the-box solution and integrates with the AWS services that we use. It's natively integrated with AWS."
"What I like best about AWS WAF is that it's a simple tool, so I could understand the basics of AWS WAF in two to three hours."
"The solution is stable."
"The web solution effectively protects from vulnerabilities and cyber attacks."
"We can host any DB or application on the solution."
"The initial setup was very straightforward. Deployment took about ten minutes or less."
"The most valuable feature is that I can establish different services from the firewall."
"WAF is useful to track mitigation, inclusion, prevention, and the parametric firewall."
"NGINX App Protect has complete control over the HTTP session."
"NGINX App Protect's best features are auto-learning, which creates a profile of applications that are deployed, bot protection, and force protection, which lets you configure your brute force policy and alert for and prevent brute force attacks."
"The stability of the product is very impressive since it handles 60,000 to 70,000 requests or transactions per second."
"I tested specific features and evaluated the solution against the Web Application Firewall. I conducted research to test different detection percentages. I did not use it directly for protection but for evaluation purposes."
"It is a stable solution."
"The initial setup was simple and took three to four days."
"The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure."
"I would like to be able to view a graphical deployment map in the user interface that will give me an overview of the configuration and help to determine whether I have missed any steps."
"In a future release of this solution, I would like to see additional management features to make things simpler."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
"The solution should identify why it blocks particular websites."
"It's a bit difficult to apply the right rules for the right security."
"I believe there is a need to move towards real-time analysis with the help of AI and intelligent systems in the future. This would reduce the reliance on manual work and enhance the functionality of detection protection. By incorporating AI-driven data analysis and data science techniques, we can improve the solution's user-friendliness, security compatibility, and accuracy."
"AWS WAF could improve by making the overall management easier. Many people that have started working with AWS WAF do not have an easy time. They should make it easy to use."
"The configuration needs to be more flexible because it is difficult to do things that are outside of the ordinary."
"Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment."
"Areas for improvement would be if NGINX could scan for vulnerabilities and learn and update the signatures of DoS attacks."
"Its technical support could be better."
"NGINX App Protect would be improved with integration with Shape and F5 WAF, which would make it easy for users to manage all their web application security with a single solution."
"They could provide a better user interface."
"The dashboard could provide a more comprehensive view of the status of the connections."
"It's challenging if you need to go for a high throughput."
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while NGINX App Protect is ranked 15th in Web Application Firewall (WAF) with 19 reviews. AWS WAF is rated 8.0, while NGINX App Protect is rated 8.2. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of NGINX App Protect writes "Capable of complete automation but is costly ". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF, Imperva Web Application Firewall and Radware Cloud WAF Service, whereas NGINX App Protect is most compared with Microsoft Azure Application Gateway, F5 Advanced WAF, Fortinet FortiWeb, Cloudflare Web Application Firewall and Noname Security. See our AWS WAF vs. NGINX App Protect report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.