Try our new research platform with insights from 80,000+ expert users

AWS WAF Primary Use Case

reviewer1340643 - PeerSpot reviewer
Security Engineer at a computer software company with 1,001-5,000 employees
AWS WAF is installed on our hosted websites as part of our marketing industry's data protection strategy. View full review »
Kavin Kalaiarasu - PeerSpot reviewer
Security Analyst at M2P Fintech

I use AWS WAF instead of our load balancers. I have custom rule sets that are customized, as well as managed rule sets provided by AWS. I do some customization and also use the out-of-the-box configuration in certain places.

View full review »
EN
OCI/AWS Consultant at a government with 11-50 employees

AWS WAF is a firewall that protects web applications by filtering and monitoring HTTP traffic between web applications and the network. I use it for protecting infrastructure that has sensitive data, including personal identification information like Social Security numbers. AWS WAF promotes the security of this data by preventing leakage.

View full review »
Buyer's Guide
AWS WAF
July 2025
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
861,524 professionals have used our research since 2012.
reviewer2143125 - PeerSpot reviewer
Director of Security Architecture at a healthcare company with 10,001+ employees

I use AWS WAF to protect web applications and web traffic. It handles application input and throughput - typical web application firewall tasks.

View full review »
Sita Thomas - PeerSpot reviewer
Associate Vice President - Engineering at Fedo.ai

My usual use case involves monitoring incoming calls and services deployed in AWS cloud. Security and privacy are primary concerns, so we use AWS WAF to monitor and ensure that only appropriate calls are allowed. AWS Shield is also used to protect against DDoS attacks, but I'm using the basic free version due to budget constraints.

View full review »
AK
AWS DevOps SRE/Infrastructure Engineer at YES!Delft

I am working on AWS Web Services to manage infrastructure as a platform. I use services like KMS, EBS, CloudFront, S3, and EC2. I also work on WAF version two.

View full review »
Rohit Kesharwani - PeerSpot reviewer
Manager, Engineering at 7-Eleven

We use AWS WAF to protect our application from different kinds of attacks. We use AWS WAF for retail customers.

View full review »
AshishGautam - PeerSpot reviewer
IT Project Manager at Rajiv Gandhi Cancer Institute In India

If I have hosted your web applications or web services on AWS, and if you need a segregation in terms of different aspects, like at a country level or area level, especially when your website is not reachable for a particular country or a particular area, then you need to implement WAF on top of the public network. If WAF actually works on top of the network to manage each request at a global level, WAF is the first layer that handles the internet's every request, and depending on your choice, you can either accept or deny such requests.

Currently, most organizations face security challenges, and with the rise in hacking in every sector, like healthcare, IT, manufacturing, or infrastructure sector that we're talking about. You have to at least implement WAF on top of your network as well as the local network so that it filters every network traffic that comes in from any country. In our company, Fortinet WAF is what we use on top of the network as an anonymous network, and within the network, we use F5.

View full review »
Abdul Qayyum - PeerSpot reviewer
Software Architect at Vodworks

AWS WAF is primarily used to prevent intrusion into web applications. You can also use it to protect virtual machines within the AWS cloud. The main process involves creating rules to block common threats like SQL injection and cross-site scripting. These rules can be selected from built-in options. After configuring the firewall settings, you create a target group and attach your web application to it. The firewall filters incoming traffic based on the selected rules, blocking any suspicious activity.

View full review »
UU
Manager - Cyber Security and SOC at Continental Tire

The solution protects my customers’ web applications hosted in AWS.

View full review »
Manikandan-R - PeerSpot reviewer
Senior Project Manager at Synopsys Inc

We use Managed Rules mostly.

View full review »
Aditya Mehta - PeerSpot reviewer
Director at AM Equipment & Services Private Limited

When customers onboard a web application and want a WAF to protect it, they ask us to configure AWS WAF for them.

View full review »
Aravind D - PeerSpot reviewer
Senior Cloud Engineer at ASSA ABLOY Group

We use the product to protect the environment from DDoS and SQL injection attacks. We implement WAF in the public site.

View full review »
KO
DevOps Engineer at SEKAI

For AWS WAF, currently, we use this new application. This is another service provided by AWS for the sales business, and it's used for education. So, AWS WAF works in conjunction with AWS Cognito.  We observe this when there's some kind of bot attempting to access our application or when you're trying to use a bot as a control mechanism to transcribe or manage a high volume of traffic through our endpoints. 

AWS WAF manages both human traffic and bot-controlled traffic, and it can redirect you to a catch-up mechanism or sometimes simply for use. So, we've implemented different kinds of mechanisms within AWS WAF.

View full review »
reviewer1953606 - PeerSpot reviewer
Senior Administrator at a media company with 51-200 employees

The primary use case for AWS WAF involves securing applications for our customers, who are mainly software developers. Their application is positioned behind the firewall.

View full review »
IP
Group IT Manager at Civcns

We use the solution to secure our public web server and run our document management process. We have service-oriented web servers and interactive web servers.

View full review »
Akshit Malik - PeerSpot reviewer
Junior Associate - IT at a tech services company with 201-500 employees

We are using it to monitor the requests on our site, to block sudden surges of users on our website, and also to prevent DDoS attacks.

View full review »
RG
Chief Technology Officer at GyFTR - Vouchagram India Pvt Ltd

Our company uses the solution with F5 to secure applications from the injection, the track, and vulnerabilities. 

We use the built-in solution provided by SGO for the web. 

View full review »
Kavin Kalaiarasu - PeerSpot reviewer
Security Analyst at M2P Fintech

We partner with many banks in India, and many partners use our portals to access their credit card or debit card information. So we use AWS WAF to protect our web application servers, app servers, and API servers from any malicious attacks which arise from the public internet. We also use AWS WAF for virtual patching of our servers to prevent any malicious requests from reaching the gateway to our internal systems.

View full review »
Adrian Milea - PeerSpot reviewer
Raiffeisen at Raiffeisen Bank Romania

We primarily use the solution for load balancing. 

We have some microsites exposed through the AWS cloud. These are some sort of pilot and we are using WAF to learn how this new product fits with us, and are mostly in the testing phase with a limited impact application. We are obviously not migrating core applications or those which have a significant impact on availability or on integrity and confidentiality. Mostly we have it on microsites where we don't see a significant risk, and it is more of a learning exercise for us.

View full review »
reviewer2231622 - PeerSpot reviewer
Infrastructure Engineer

We use the AWS platform to implement custom security rules based on our company's SOP. We apply custom rules to protect specific APIs and specific endpoint URLs. This allows us to tailor our security measures to our specific needs and requirements.

View full review »
KU
Linux admin at Ameex Technologies

AWS WAF is a tool we use in my company since we don't currently have a firewall. We can be safer if we have a firewall, and the receive protection side can avoid any vulnerability attacks.

View full review »
Aravindhan Suresh - PeerSpot reviewer
DevOps Engineer at Hippo Video

We faced many potential threats, such as hackers flooding in the requests, so we started using AWS WAF to block those IPs and stop those attacks. If multiple IPs are trying to attack our product, we'll also use AWS WAF by selecting the endpoints the hackers were attacking and then blocking those endpoints. Our cybersecurity team primarily uses AWS WAF.

View full review »
Venkatesh VRH - PeerSpot reviewer
Cloud Security Manager at a computer software company with 501-1,000 employees

It's more of an application security tool that we use to secure applications. 

View full review »
Trivikram Rajendreaprabhu - PeerSpot reviewer
Senior security engeneer at a media company with 1,001-5,000 employees

We primarily use this solution for monitoring and blocking to ensure protection against application layer attacks. These include application-related core rules, database-specific attacks, Linux-based attacks and some custom rules deployed. These rules assist us in blocking specific attacks that come from the internet into our cloud infrastructure.

View full review »
Prasanth MG - PeerSpot reviewer
Software Engineer at Readyly

We use the solution as a firewall to protect the network from malicious requests.

View full review »
reviewer2032722 - PeerSpot reviewer
Security implmentation engineer at a security firm with 51-200 employees

We use the solution for publishing important applications. These sites are accessed by hundred to one million users every day.

View full review »
PC
Independent Consultant at Unaikui

I use the solution for firewall protection. It can also be used for authentication and authorization.

View full review »
reviewer1530864 - PeerSpot reviewer
Engineer at a renewables & environment company with 501-1,000 employees

At the moment, it's just myself working with AWS WAF in my company, and our use case for it is normal, or what you would expect from a Web Application Firewall. That includes basic DoS blocking and malicious IP address blocking. It's not a big thing for us, and just takes care of our baseline security.

View full review »
reviewer1498707 - PeerSpot reviewer
Solution Architect at a non-profit with 10,001+ employees

While I cannot say for certain, I believe that we are using the latest version. 

View full review »
RG
Physical Designer at Semtech Corporation

The regular use case is basically for blocking or giving access to different vendors to different domains. We also use it for managing and identifying the attacks and new rules that we should implement for our public domains to tune up the application firewall or tool, whatever makes more sense for us.

We're using it through the web console and API. We're just using the managed service.

View full review »
VS
Principal Engineer at a tech services company with 51-200 employees

There are two things that we primarily use AWS WAF (Amazon Web Services Web Application Firewall) for. One use is within the company. Within the company, the intended use is to deploy our applications. It is like working with the cloud. We can start an application in S3 (Simple Storage Service), and use profiles for access to data.  

The other use is that most of our clients use a similar infrastructure. They are either using AWS, Azure or maybe Google Cloud Platform (GCP). We deploy this solution for them.  

Both uses are different. One is for the cloud solutions like AWS, Azure and GCP, and one is for the local server access. That is how you want to secure a server. You are securing a server, database, app servers, and ATA gateways. The other one is for implementing security for the AWS. You want to have both running side-by-side.  

Let me give you an example. Suppose, most of the people working for your company are connected from external locations with company-provided laptops or systems. I want to check all devices to make sure that they are being used in a secure way and not creating any breach of security. Those checks cannot be taken care of reliably from the AWS perspective. This is why you need two solutions.  

View full review »
ND
Head of Digital Product Office at a energy/utilities company with 10,001+ employees

We primarily use the solution for its rich insights to improve customer experience.

View full review »
Uddeshya Kumar - PeerSpot reviewer
Product Owner at SecLogic Limited

We use the solution for filtering traffic. We do not want our developers to use unnecessary websites. So, we filter the websites using the tool.

View full review »
Ashish  Paikrao - PeerSpot reviewer
Cloud Infrastructure Engineer at Pathlock

We use the solution for our applications. We have deployed multiple applications on the AWS platform. We use the tool to provide additional security to our applications.

View full review »
TM
AWS Security Specialist at a computer software company with 1,001-5,000 employees

We use AWS WAF to protect internet system applications. 

View full review »
reviewer1399293 - PeerSpot reviewer
Superintendent of Cloud Platforms at a manufacturing company with 1,001-5,000 employees

We use the product for the protection of our public-facing web applications. 

View full review »
HM
CVO at Megaaisec

One common use case is using detection protection for enhancing security models in AWS. Another use case is implementing log analysis and response recovery procedures for email services.

View full review »
Prakash-Kumar - PeerSpot reviewer
CEO at Axcess.io

We are an AWS service provider and we use the solution for the cloud and to provide service to other users.

View full review »
reviewer1940067 - PeerSpot reviewer
Regional Security Team Lead at a computer software company with 1,001-5,000 employees

We use this solution to protect our web applications against common vulnerabilities. The CDN component is also quite powerful. We use this solution alongside Azure WAF.

View full review »
it_user1556748 - PeerSpot reviewer
Jefe subdepartamento Operaciones at a government with 10,001+ employees

I primarily use the solution as a gateway service and a transaction portal. 

View full review »
reviewer1515378 - PeerSpot reviewer
AWS Security Specialist at a tech services company with 501-1,000 employees

We use this solution for online web applications.

View full review »
reviewer1410801 - PeerSpot reviewer
President at a tech services company with 1-10 employees

My whole business is cloud cost management. What I do is help people manage expenses. That encompasses everything from cleaning up software as a service subscriptions to optimizing AWS. My use cases for AWS WAF have to do with cloud research only.  

View full review »
it_user1376373 - PeerSpot reviewer
Cloud security Consultant at 8KMiles

A primary use case example is when a customer from the cloud wants to expose his applications to the internet. We make sure that the clients, the applications, whatever they're trying to export, are public but that it's not going directly public. We make a backup, for instance, to protect the sellers and applications from security checks, etc. 

View full review »
it_user753234 - PeerSpot reviewer
IT Governance at PeerSpot

Our primary use case is to protect our internal web solution. We use it to have an internal application for our customers. We are an SME worldwide company, so we have some internal website solutions architects that use this as an internal portal to the internet. We apply a WAF front to our web application.

View full review »
reviewer1275378 - PeerSpot reviewer
Principal Consultant at a tech services company with 10,001+ employees

We are a technical services company and this is one of the solutions that we have helped implement for our clients. We stopped using AWS about six months ago and as such, we are not currently using the AWS Web Application Firewall.

View full review »
it_user1220484 - PeerSpot reviewer
Manager, IT Infrastructure & Information Security at flyadeal

I'm a manager and in charge of IT infrastructure and information security for an airline company. We're a customer of AWS WAF. We use the product to protect the websites that our customers access to book flights. It provides the sites with DDoS protection and OWASP top 10 application security.

View full review »
reviewer1143783 - PeerSpot reviewer
Advisory and IT Transformation Consultant at a tech services company with 10,001+ employees

The primary use of the solution is for perimeter security. I use it to secure my application and infrastructure.

View full review »
Develope2e0c - PeerSpot reviewer
Developer at a tech services company with 1-10 employees

Application security is our primary use case.

View full review »
Founder4214 - PeerSpot reviewer
Founder at a consultancy with 1-10 employees

The primary use case is application security.

We are using the latest version.

View full review »
Engineera5be - PeerSpot reviewer
Engineer at a tech vendor with 501-1,000 employees

We use it to protect our backend services.

View full review »
CL
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees

It is our web application firewall.

View full review »
NetworkAf67c - PeerSpot reviewer
Network Analyst

It's all about the security of the cloud system.

View full review »
reviewer1234011 - PeerSpot reviewer
Cloud architect at a tech vendor with 1-10 employees

We use this product for our web application firewall. It is used for production services.

I am not a direct customer but I have installed it for one of my clients.

View full review »
reviewer1230804 - PeerSpot reviewer
Principal Cloud Architect at a tech services company with 51-200 employees

We use AWS WAF to prevent cyberattacks, such as SQL Injection attacks and cross-site scripting attacks. The end users' traffic has more threats and the web application gives good support.

View full review »
reviewer939417 - PeerSpot reviewer
IT Auditor & Compliance Officer at a tech vendor with 51-200 employees

We are using AWS WAF for business purposes for clients. We host our client's platforms on AWS WAF.

View full review »
Buyer's Guide
AWS WAF
July 2025
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
861,524 professionals have used our research since 2012.