No more typing reviews! Try our Samantha, our new voice AI agent.
AWS WAF Logo

AWS WAF Reviews

Vendor: Amazon Web Services (AWS)
4.0 out of 5
Badge Leader
Leave a review

What is AWS WAF?

AWS WAF provides configurable rules, integration with AWS services, and scalable protection against web threats like SQL injections and DDoS attacks. Its automation and reliable performance are highly valued by users.

Get the AWS WAF Buyer's Guide and find out what your peers are saying about AWS WAF, Prisma Cloud by Palo Alto Networks, Imperva Application Security Platform and more!
AWS WAF is the #5 ranked solution in top Web Application Firewalls. PeerSpot users give AWS WAF an average rating of 8.0 out of 10. AWS WAF is most commonly compared to Prisma Cloud by Palo Alto Networks: AWS WAF vs Prisma Cloud by Palo Alto Networks. AWS WAF is popular among the large enterprise segment, accounting for 59% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 15% of all views.
Buyer's Guide
AWS WAF
April 2026
Get the report
Helped 892,383 peers since 2012

Featured AWS WAF reviews

Read more reviews

AWS WAF mindshare

As of April 2026, the mindshare of AWS WAF in the Web Application Firewall (WAF) category stands at 4.8%, down from 10.3% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Web Application Firewall (WAF) Mindshare Distribution
ProductMindshare (%)
AWS WAF4.8%
Imperva Application Security Platform7.6%
Fortinet FortiWeb6.5%
Other81.1%
Web Application Firewall (WAF)

PeerResearch reports based on AWS WAF reviews

TypeTitleDate
CategoryWeb Application Firewall (WAF)Apr 30, 2026Download
ProductReviews, tips, and advice from real usersApr 30, 2026Download
ComparisonAWS WAF vs Fortinet FortiWebApr 30, 2026Download
ComparisonAWS WAF vs F5 Advanced WAFApr 30, 2026Download
ComparisonAWS WAF vs Imperva Application Security PlatformApr 30, 2026Download
Suggested products
TitleRatingMindshareRecommending
Prisma Cloud by Palo Alto Networks4.22.0%98%114 interviewsAdd to research
Imperva Application Security Platform4.37.6%95%143 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

AWS WAF offers valuable features like threat blocking for external applications integration with AWS services scalability and ease of use. Users appreciate its security capabilities including DDoS protection OWASP integration and SQL injection prevention customizable rules and automation enhance security further Its cloud-native nature seamless integration easy deployment and affordability are highly praised making AWS WAF an effective choice for enhancing web application security and managing traffic efficiently.
  • "I'm satisfied with AWS WAF, and I've had no issues with it."
  • "AWS WAF is pay-as-you-go, I only pay for what I'm using; there is no subscription or any payment upfront, and I can terminate use at any time, which is an advantage."
  • "Overall, this is a good product and I recommend it."

Room for Improvement

AWS WAF requires improved automation, enhanced user interface, and more comprehensive security measures. Users seek better threat detection, intuitive billing, and more integrated management features. Enhancements in bot protection and reporting are necessary, while improvements in documentation and pricing are needed. Increasing the number of rules and providing real-time analysis with AI could enhance its functionality. There is also a demand for better integration with third-party solutions and more proactive threat management.
  • "Technical support for AWS WAF could still be improved, e.g. support could be faster, more knowledgeable, and friendlier."
  • "The solution could improve by having better rules, they are very basic at the moment."
  • "I would like to see it more tightly integrated with other AWS services."

ROI

AWS WAF helps organizations by providing an extra security layer and enhancing customer satisfaction. It is seen as necessary yet potentially costly. The return on investment can be challenging to quantify, but when treated as a time and resource-saving tool, it's vital for AWS-focused teams. It allows companies to avoid hiring extra staff by blocking threats effectively, which saves expenses related to additional security personnel, and reduces costs associated with preventing unwanted DDoS attacks.

Pricing

AWS WAF offers pay-as-you-go pricing without subscription fees, aligning costs with service usage. Pricing is competitive, with entry costs as low as $5 monthly plus additional for rules, though expenses can increase based on traffic and applications. Users find it affordably priced compared to alternatives but acknowledge potential costliness with high data transfer or complex configurations. Large organizations may benefit from its scalability, while small users could find it costly without optimized management.
  • "For Kubernetes microservices, AWS is more expensive compared to OCI. AWS costs approximately 70 cents per hour, while OCI is 50% cheaper."
  • "On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven or eight out of ten."
  • "The solution is affordable."

Popular Use Cases

Many users employ AWS WAF for application security, protecting web applications and infrastructure from DDoS and SQL injection attacks. It enhances security by filtering and monitoring HTTP traffic, blocking suspicious activity. AWS WAF is used for perimeter security, protecting backend services and public-facing applications. It manages internet traffic, applying custom security rules to protect APIs and endpoints while providing insights to improve customer experience. Some use it for cloud platform security on AWS, Azure, or Google Cloud.

Service and Support

AWS WAF's support is mostly effective, with certain organizations experiencing helpful, knowledgeable, and prompt interactions. Many receive quick initial responses, though some find the response time could improve and note a lack of product expertise. Various customers report satisfaction and successful problem resolutions, while others encounter delays and unsatisfactory support, particularly when addressing complex issues. Despite some frustrations, AWS support is well-regarded. Several users appreciate the support personnel's accessibility and problem-solving capabilities.

Deployment

AWS WAF's initial setup experiences varied. Some said it was straightforward, taking as little as ten minutes. Others mentioned complexity, particularly with integrations or custom rules, requiring more time and resources. For some, AWS documentation eased the process, while certain setups demanded more knowledge. Setup times ranged from a few minutes to several weeks, with factors like team size and AWS environment influencing ease and duration.

Scalability

AWS WAF offers robust scalability, accommodating medium to large businesses effectively. It features automatic scaling, allowing adjustments based on traffic loads. Managed entirely by AWS, the scalability is praised, with ratings typically high. Users appreciate lack of infrastructure management, ensuring simplified scaling processes. Despite some noting potential for improvement, satisfaction with its scalable nature is evident, particularly in cloud environments. Medium-sized organizations predominantly utilize it, although it's equipped to handle larger demands.

Stability

AWS WAF is consistently praised for stability, with many rating it highly on a scale from eight to ten. Users report reliable performance without downtime or major issues. It effectively blocks malicious traffic, ensuring secure environments. While some minor issues with custom rules are noted, scalability and redundancy make it robust. Its ability to operate without impacting other cloud services enhances its effectiveness, with many relying on AWS WAF without encountering stability-related problems.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our AWS WAF Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business22
Midsize Enterprise11
Large Enterprise20
By reviewers
By visitors reading reviews
Company SizeCount
Small Business217
Midsize Enterprise98
Large Enterprise458
By visitors reading reviews

Top industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
10%
Manufacturing Company
9%
Government
6%
Comms Service Provider
6%
Healthcare Company
5%
Media Company
4%
University
3%
Retailer
3%
Insurance Company
3%
Construction Company
3%
Outsourcing Company
3%
Marketing Services Firm
3%
Wholesaler/Distributor
3%
Performing Arts
3%
Real Estate/Law Firm
3%
Educational Organization
2%
Hospitality Company
2%
Energy/Utilities Company
2%
Legal Firm
2%
Non Profit
1%
Transportation Company
1%
Consumer Goods Company
1%
Pharma/Biotech Company
1%
Leisure / Travel Company
1%
Recreational Facilities/Services Company
1%
Mining And Metals Company
1%
Religious Institution
1%

Compare AWS WAF with alternative products

Go!

Learn more about AWS WAF

AWS WAF is a web application firewall offering significant security features like geo-restriction, custom rules, and IP filtering. Designed for seamless orchestration within AWS environments, it facilitates easy configuration and threat automation. Users benefit from its security policies, enhancing application performance by protecting against threats such as cross-site scripting. Despite its strengths, there is a call for enhanced user interfaces, better documentation, flexible pricing, and improved support. Expanding features like real-time analysis, bot protection, and AI integration can further elevate its utility.

What are the key features of AWS WAF?
  • Configurable Rules: Customize rules to suit specific security needs.
  • Seamless Integration: Works smoothly with AWS services for comprehensive protection.
  • Scalability: Handles growing security demands efficiently.
  • Threat Automation: Automates many threat blocking processes reducing manual intervention.
  • Geo-Restriction: Restricts traffic based on geographic locations enhancing security.
  • Custom Rules and IP Filtering: Tailors traffic filtering to organizational requirements.
What benefits and ROI can users expect from AWS WAF?
  • Robust Security: Protects applications against multiple web threats improving safety.
  • Easy Configuration: Simplifies the process of establishing security protocols.
  • Performance Reliability: Users experience consistent and dependable service.
  • Improved Application Performance: Ensures applications run securely and efficiently without unnecessary disruptions.

AWS WAF is extensively used in industries hosting applications on AWS, protecting sensitive data, and monitoring for unauthorized access. Custom and managed rules help cater to infrastructure needs, serving a vital role in maintaining application security across various sectors.

AWS WAF was previously known as AWS Web Application Firewall.

AWS WAF customers

eVitamins, 9Splay, Senao International

Related questions

  • 78
What are the limitations of AWS WAF vs alternative WAFs?
  • 57
Can you share your experience on migration from Akamai Kona Site to Amazon CloudFront and AWS WAF?
  • 39
How does AWS WAF compare to Microsoft Azure Application Gateway?
  • 129
Which lesser known firewall product has the best chance at unseating the market leaders?
  • 68
Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
  • 184
What do you recommend for a securing Web Application?
  • 67
Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
  • 53
Imperva WAF vs. Barracuda: Which One is Better?
  • 112
F5 vs. Imperva WAF?
  • 231
When should companies use SSL Inspection?

Product Categories

Product Categories
Web Application Firewall (WAF)

Popular Comparisons

Popular Comparisons
Prisma Cloud by Palo Alto Networks vs AWS WAF Logo
Prisma Cloud by Palo Alto Networks vs AWS WAF
Imperva Application Security Platform vs AWS WAF Logo
Imperva Application Security Platform vs AWS WAF
Cloudflare Web Application Firewall vs AWS WAF Logo
Cloudflare Web Application Firewall vs AWS WAF
Fortinet FortiWeb vs AWS WAF Logo
Fortinet FortiWeb vs AWS WAF
NetScaler vs AWS WAF Logo
NetScaler vs AWS WAF
Azure Front Door vs AWS WAF Logo
Azure Front Door vs AWS WAF
F5 Advanced WAF vs AWS WAF Logo
F5 Advanced WAF vs AWS WAF
Gigamon Deep Observability Pipeline vs AWS WAF Logo
Gigamon Deep Observability Pipeline vs AWS WAF
Microsoft Azure Application Gateway vs AWS WAF Logo
Microsoft Azure Application Gateway vs AWS WAF
Akamai App and API Protector vs AWS WAF Logo
Akamai App and API Protector vs AWS WAF
F5 Distributed Cloud Services vs AWS WAF Logo
F5 Distributed Cloud Services vs AWS WAF
Azure Web Application Firewall vs AWS WAF Logo
Azure Web Application Firewall vs AWS WAF
Fastly vs AWS WAF Logo
Fastly vs AWS WAF
Radware Alteon vs AWS WAF Logo
Radware Alteon vs AWS WAF
Check Point WAF (formerly CloudGuard WAF) vs AWS WAF Logo
Check Point WAF (formerly CloudGuard WAF) vs AWS WAF
See all alternatives
 
AWS WAF Reviews Summary
Author infoRatingReview Summary
Infrastructure Lead at Danat Fz LLC4.0I've used AWS WAF for four years to block unauthorized access, finding custom regex rules valuable, though monitoring and bot detection need improvement; setup is manageable, but DDoS protection requires an additional solution.
DevOps Engineer at a tech vendor with 1,001-5,000 employees4.5I’ve used AWS WAF for over five years to block malicious traffic and IPs, finding it scalable, stable, and cost-effective, though the dashboard needs improvement. Its automation and managed rules significantly enhance my application’s security and performance.
Security Engineer at a computer software company with 1,001-5,000 employees4.0We use AWS WAF on our websites as part of our data protection strategy due to its seamless integration and ease within the AWS platform. Despite improvements needed in signature sets and limited stateful capabilities, it effectively enhances security and saves resources.
AWS DevOps SRE/Infrastructure Engineer at Capgemini4.0I manage infrastructure on AWS using services like KMS, EBS, and WAF version two. AWS WAF's automation in blocking security threats is valuable, though integrating with services like Kafka could be improved. While it can be costly, its security benefits are worth it.
Security Analyst at M2P Fintech3.5I use AWS WAF for its cloud-native functionality, ease of rule management, and better control within AWS infrastructure, though its dashboarding and metric functionalities need improvement. Previously, we switched from Imperva to AWS for cost optimization.
OCI/AWS Consultant at a government with 11-50 employees2.0I use AWS WAF to safeguard sensitive data by filtering HTTP traffic for web applications. While Oracle Cloud Infrastructure offered cost benefits, AWS was chosen for compliance. I appreciate its flexibility but see room for improvement in other AWS services.
Director of Security Architecture at a healthcare company with 10,001+ employees3.0I use AWS WAF to protect web applications, appreciating its integration and ease of deployment within AWS. However, I'm seeking alternatives due to concerns about dependency on AWS and the need for improved usability and functionality in multi-cloud environments.
Associate Vice President - Engineering at Fedo.ai4.5I use AWS WAF for monitoring incoming calls and enhancing security by filtering web app traffic. Its ability to prevent attacks like SQL injection is valuable, though documentation could be simpler. AWS enhances customer satisfaction and security.