AWS WAF Primary Use Case
AWS WAF is installed on our hosted websites as part of our marketing industry's data protection strategy.
View full review »
I use AWS WAF instead of our load balancers. I have custom rule sets that are customized, as well as managed rule sets provided by AWS. I do some customization and also use the out-of-the-box configuration in certain places.
View full review »EN
Eniyavarman Nandhivarman
OCI/AWS Consultant at a government with 11-50 employees
AWS WAF is a firewall that protects web applications by filtering and monitoring HTTP traffic between web applications and the network. I use it for protecting infrastructure that has sensitive data, including personal identification information like Social Security numbers. AWS WAF promotes the security of this data by preventing leakage.
View full review »Buyer's Guide
AWS WAF
July 2025

Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
861,524 professionals have used our research since 2012.
I use AWS WAF to protect web applications and web traffic. It handles application input and throughput - typical web application firewall tasks.
View full review »My usual use case involves monitoring incoming calls and services deployed in AWS cloud. Security and privacy are primary concerns, so we use AWS WAF to monitor and ensure that only appropriate calls are allowed. AWS Shield is also used to protect against DDoS attacks, but I'm using the basic free version due to budget constraints.
View full review »AK
Abdalla Kenawy
AWS DevOps SRE/Infrastructure Engineer at YES!Delft
I am working on AWS Web Services to manage infrastructure as a platform. I use services like KMS, EBS, CloudFront, S3, and EC2. I also work on WAF version two.
View full review »We use AWS WAF to protect our application from different kinds of attacks. We use AWS WAF for retail customers.
View full review »If I have hosted your web applications or web services on AWS, and if you need a segregation in terms of different aspects, like at a country level or area level, especially when your website is not reachable for a particular country or a particular area, then you need to implement WAF on top of the public network. If WAF actually works on top of the network to manage each request at a global level, WAF is the first layer that handles the internet's every request, and depending on your choice, you can either accept or deny such requests.
Currently, most organizations face security challenges, and with the rise in hacking in every sector, like healthcare, IT, manufacturing, or infrastructure sector that we're talking about. You have to at least implement WAF on top of your network as well as the local network so that it filters every network traffic that comes in from any country. In our company, Fortinet WAF is what we use on top of the network as an anonymous network, and within the network, we use F5.
AWS WAF is primarily used to prevent intrusion into web applications. You can also use it to protect virtual machines within the AWS cloud. The main process involves creating rules to block common threats like SQL injection and cross-site scripting. These rules can be selected from built-in options. After configuring the firewall settings, you create a target group and attach your web application to it. The firewall filters incoming traffic based on the selected rules, blocking any suspicious activity.
UU
Ullas U K
Manager - Cyber Security and SOC at Continental Tire
The solution protects my customers’ web applications hosted in AWS.
View full review »We use Managed Rules mostly.
View full review »When customers onboard a web application and want a WAF to protect it, they ask us to configure AWS WAF for them.
View full review »We use the product to protect the environment from DDoS and SQL injection attacks. We implement WAF in the public site.
View full review »KO
Kolawole-Olowoporoku
DevOps Engineer at SEKAI
For AWS WAF, currently, we use this new application. This is another service provided by AWS for the sales business, and it's used for education. So, AWS WAF works in conjunction with AWS Cognito. We observe this when there's some kind of bot attempting to access our application or when you're trying to use a bot as a control mechanism to transcribe or manage a high volume of traffic through our endpoints.
AWS WAF manages both human traffic and bot-controlled traffic, and it can redirect you to a catch-up mechanism or sometimes simply for use. So, we've implemented different kinds of mechanisms within AWS WAF.
View full review »The primary use case for AWS WAF involves securing applications for our customers, who are mainly software developers. Their application is positioned behind the firewall.
View full review »IP
Ibru PP
Group IT Manager at Civcns
We use the solution to secure our public web server and run our document management process. We have service-oriented web servers and interactive web servers.
View full review »We are using it to monitor the requests on our site, to block sudden surges of users on our website, and also to prevent DDoS attacks.
View full review »RG
Rajneesh Gupta
Chief Technology Officer at GyFTR - Vouchagram India Pvt Ltd
Our company uses the solution with F5 to secure applications from the injection, the track, and vulnerabilities.
We use the built-in solution provided by SGO for the web.
View full review »We partner with many banks in India, and many partners use our portals to access their credit card or debit card information. So we use AWS WAF to protect our web application servers, app servers, and API servers from any malicious attacks which arise from the public internet. We also use AWS WAF for virtual patching of our servers to prevent any malicious requests from reaching the gateway to our internal systems.
We primarily use the solution for load balancing.
We have some microsites exposed through the AWS cloud. These are some sort of pilot and we are using WAF to learn how this new product fits with us, and are mostly in the testing phase with a limited impact application. We are obviously not migrating core applications or those which have a significant impact on availability or on integrity and confidentiality. Mostly we have it on microsites where we don't see a significant risk, and it is more of a learning exercise for us.
View full review »We use the AWS platform to implement custom security rules based on our company's SOP. We apply custom rules to protect specific APIs and specific endpoint URLs. This allows us to tailor our security measures to our specific needs and requirements.
View full review »KU
KarthikU
Linux admin at Ameex Technologies
AWS WAF is a tool we use in my company since we don't currently have a firewall. We can be safer if we have a firewall, and the receive protection side can avoid any vulnerability attacks.
View full review »We faced many potential threats, such as hackers flooding in the requests, so we started using AWS WAF to block those IPs and stop those attacks. If multiple IPs are trying to attack our product, we'll also use AWS WAF by selecting the endpoints the hackers were attacking and then blocking those endpoints. Our cybersecurity team primarily uses AWS WAF.
View full review »It's more of an application security tool that we use to secure applications.
We primarily use this solution for monitoring and blocking to ensure protection against application layer attacks. These include application-related core rules, database-specific attacks, Linux-based attacks and some custom rules deployed. These rules assist us in blocking specific attacks that come from the internet into our cloud infrastructure.
View full review »We use the solution as a firewall to protect the network from malicious requests.
View full review »We use the solution for publishing important applications. These sites are accessed by hundred to one million users every day.
View full review »PC
Prajith Chowthee
Independent Consultant at Unaikui
I use the solution for firewall protection. It can also be used for authentication and authorization.
At the moment, it's just myself working with AWS WAF in my company, and our use case for it is normal, or what you would expect from a Web Application Firewall. That includes basic DoS blocking and malicious IP address blocking. It's not a big thing for us, and just takes care of our baseline security.
While I cannot say for certain, I believe that we are using the latest version.
RG
Rodrigo Garcia
Physical Designer at Semtech Corporation
The regular use case is basically for blocking or giving access to different vendors to different domains. We also use it for managing and identifying the attacks and new rules that we should implement for our public domains to tune up the application firewall or tool, whatever makes more sense for us.
We're using it through the web console and API. We're just using the managed service.
View full review »VS
Vinamra Singhai
Principal Engineer at a tech services company with 51-200 employees
There are two things that we primarily use AWS WAF (Amazon Web Services Web Application Firewall) for. One use is within the company. Within the company, the intended use is to deploy our applications. It is like working with the cloud. We can start an application in S3 (Simple Storage Service), and use profiles for access to data.
The other use is that most of our clients use a similar infrastructure. They are either using AWS, Azure or maybe Google Cloud Platform (GCP). We deploy this solution for them.
Both uses are different. One is for the cloud solutions like AWS, Azure and GCP, and one is for the local server access. That is how you want to secure a server. You are securing a server, database, app servers, and ATA gateways. The other one is for implementing security for the AWS. You want to have both running side-by-side.
Let me give you an example. Suppose, most of the people working for your company are connected from external locations with company-provided laptops or systems. I want to check all devices to make sure that they are being used in a secure way and not creating any breach of security. Those checks cannot be taken care of reliably from the AWS perspective. This is why you need two solutions.
ND
DigitalProd67
Head of Digital Product Office at a energy/utilities company with 10,001+ employees
We primarily use the solution for its rich insights to improve customer experience.
View full review »We use the solution for filtering traffic. We do not want our developers to use unnecessary websites. So, we filter the websites using the tool.
View full review »We use the solution for our applications. We have deployed multiple applications on the AWS platform. We use the tool to provide additional security to our applications.
View full review »TM
Thoko Mathenjwa
AWS Security Specialist at a computer software company with 1,001-5,000 employees
We use AWS WAF to protect internet system applications.
View full review »We use the product for the protection of our public-facing web applications.
View full review »HM
Hypatia M
CVO at Megaaisec
One common use case is using detection protection for enhancing security models in AWS. Another use case is implementing log analysis and response recovery procedures for email services.
We are an AWS service provider and we use the solution for the cloud and to provide service to other users.
View full review »We use this solution to protect our web applications against common vulnerabilities. The CDN component is also quite powerful. We use this solution alongside Azure WAF.
View full review »I primarily use the solution as a gateway service and a transaction portal.
View full review »We use this solution for online web applications.
View full review »My whole business is cloud cost management. What I do is help people manage expenses. That encompasses everything from cleaning up software as a service subscriptions to optimizing AWS. My use cases for AWS WAF have to do with cloud research only.
View full review »A primary use case example is when a customer from the cloud wants to expose his applications to the internet. We make sure that the clients, the applications, whatever they're trying to export, are public but that it's not going directly public. We make a backup, for instance, to protect the sellers and applications from security checks, etc.
Our primary use case is to protect our internal web solution. We use it to have an internal application for our customers. We are an SME worldwide company, so we have some internal website solutions architects that use this as an internal portal to the internet. We apply a WAF front to our web application.
View full review »We are a technical services company and this is one of the solutions that we have helped implement for our clients. We stopped using AWS about six months ago and as such, we are not currently using the AWS Web Application Firewall.
View full review »I'm a manager and in charge of IT infrastructure and information security for an airline company. We're a customer of AWS WAF. We use the product to protect the websites that our customers access to book flights. It provides the sites with DDoS protection and OWASP top 10 application security.
The primary use of the solution is for perimeter security. I use it to secure my application and infrastructure.
View full review »Application security is our primary use case.
View full review »We use it to protect our backend services.
View full review »CL
Carlo Lainer
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees
It is our web application firewall.
View full review »It's all about the security of the cloud system.
View full review »We use this product for our web application firewall. It is used for production services.
I am not a direct customer but I have installed it for one of my clients.
View full review »We use AWS WAF to prevent cyberattacks, such as SQL Injection attacks and cross-site scripting attacks. The end users' traffic has more threats and the web application gives good support.
View full review »We are using AWS WAF for business purposes for clients. We host our client's platforms on AWS WAF.
View full review »Buyer's Guide
AWS WAF
July 2025

Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: July 2025.
861,524 professionals have used our research since 2012.