Try our new research platform with insights from 80,000+ expert users
AWS WAF Logo

AWS WAF pros and cons

Vendor: Amazon Web Services (AWS)
4.0 out of 5
Badge Leader
Leave a review

Pros & Cons summary

AWS WAF effectively blocks threats to external applications, preventing unauthorized access. It is scalable, integrates with AWS services, and offers configurable rules for precise traffic filtering. Quick deployment makes it practical, but improvements are needed in DDoS protection, bot mitigation, and pricing simplicity. Expanding rule set capabilities and incorporating AI for threat analysis could enhance security. Documentation and support require enhancement for better usability and understanding.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

AWS WAF is appreciated for its ease of deployment and configuration, often completing setups in a matter of minutes.
Its integration with Amazon Web Services is seamless, making it suitable for those heavily relying on AWS platforms.
AWS WAF efficiently protects against various cyber threats including SQL injections and scripting attacks, enhancing security measures across applications.
Scalability and customization are key strengths, allowing AWS WAF to adjust to different operational demands and tailor security rules accordingly.
The automation of security measures, such as blocking attacks and applying rate limiting, is highly valued, providing robust defense with minimal manual intervention.

CONS

AWS WAF requires improvement in automation for rule management to reduce manual effort.
AWS WAF documentation needs regular updates and clarity to ease feature implementation.
Cost management in AWS WAF is confusing, requiring better pricing models and billing transparency.
Technical support and troubleshooting for AWS WAF need enhancement for quicker issue resolution.
DDoS protection and advanced security measures in AWS WAF should be integrated and strengthened.
 

AWS WAF Pros review quotes

VS
Aug 5, 2020
This product supplies options for web security for applications accessing sensitive information.
Read full review
Adrian Milea - PeerSpot reviewer
Aug 3, 2022
The agility is great for us in terms of cloud services in general.
Read full review
it_user1376373 - PeerSpot reviewer
Jul 5, 2020
AWS has flexibility in terms of WAF rules.
Read full review
Buyer's Guide
AWS WAF
October 2025
Free Report: AWS WAF Reviews and More
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: October 2025.
DOWNLOAD NOW
872,019 professionals have used our research since 2012.
RG
Nov 11, 2020
The access instruction feature is the most valuable. This is what we use the most.
Read full review
reviewer1530864 - PeerSpot reviewer
Jan 11, 2022
As a basic WAF, it's better than nothing. So if you need something simple out of the box with default features, AWS WAF is good.
Read full review
Kavin Kalaiarasu - PeerSpot reviewer
Oct 13, 2022
I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through.
Read full review
Azam S M - PeerSpot reviewer
Oct 9, 2025
The biggest benefit of AWS WAF for us is to filter malicious requests, so we can protect our environment and application from malicious actors.
Read full review
AshishGautam - PeerSpot reviewer
Dec 27, 2023
The product's initial setup phase was very simple.
Read full review
NetworkAf67c - PeerSpot reviewer
Mar 11, 2019
The most valuable feature is the security, making sure that files are protected, preventing unauthorized users from accessing the system.
Read full review
Sita Thomas - PeerSpot reviewer
Nov 27, 2024
One of the most valuable features of AWS WAF is its ability to filter web app traffic, allowing us to specify conditions such as IP addresses and HTTP headers.
Read full review
Show 10 more reviews (out of 60)
 

AWS WAF Cons review quotes

VS
Aug 5, 2020
The technical support does not respond to bugs in the coding of the product.
Read full review
Adrian Milea - PeerSpot reviewer
Aug 3, 2022
For uniformity, AWS has a well-accepted framework. However, it'll be better for us if we could have some more documented guidelines on how the specific business should be structured and the roles that the cloud recommends.
Read full review
it_user1376373 - PeerSpot reviewer
Jul 5, 2020
When users choose the free service, there isn't great support available to them.
Read full review
Buyer's Guide
AWS WAF
October 2025
Free Report: AWS WAF Reviews and More
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: October 2025.
DOWNLOAD NOW
872,019 professionals have used our research since 2012.
RG
Nov 11, 2020
It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right.
Read full review
reviewer1530864 - PeerSpot reviewer
Jan 11, 2022
We don't have much control over blocking, because the WAF is managed by AWS.
Read full review
Kavin Kalaiarasu - PeerSpot reviewer
Oct 13, 2022
It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation.
Read full review
Azam S M - PeerSpot reviewer
Oct 9, 2025
One of the things that should be improved in AWS WAF is the monitoring; we need to identify the requests and where they are coming from.
Read full review
AshishGautam - PeerSpot reviewer
Dec 27, 2023
The area of reporting in the product needs to have a proper format.
Read full review
NetworkAf67c - PeerSpot reviewer
Mar 11, 2019
They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats.
Read full review
Sita Thomas - PeerSpot reviewer
Nov 27, 2024
I find the documentation somewhat complex to implement during the initial stages.
Read full review
Show 10 more reviews (out of 60)

Product Categories

Product Categories
Web Application Firewall (WAF)

Popular Comparisons

Popular Comparisons
Prisma Cloud by Palo Alto Networks vs AWS WAF Logo
Prisma Cloud by Palo Alto Networks vs AWS WAF
Imperva Application Security Platform vs AWS WAF Logo
Imperva Application Security Platform vs AWS WAF
Azure Front Door vs AWS WAF Logo
Azure Front Door vs AWS WAF
Microsoft Azure Application Gateway vs AWS WAF Logo
Microsoft Azure Application Gateway vs AWS WAF
F5 Advanced WAF vs AWS WAF Logo
F5 Advanced WAF vs AWS WAF
Fortinet FortiWeb vs AWS WAF Logo
Fortinet FortiWeb vs AWS WAF
NetScaler vs AWS WAF Logo
NetScaler vs AWS WAF
Cloudflare Web Application Firewall vs AWS WAF Logo
Cloudflare Web Application Firewall vs AWS WAF
Akamai App and API Protector vs AWS WAF Logo
Akamai App and API Protector vs AWS WAF
Azure Web Application Firewall vs AWS WAF Logo
Azure Web Application Firewall vs AWS WAF
Radware Alteon vs AWS WAF Logo
Radware Alteon vs AWS WAF
Fastly vs AWS WAF Logo
Fastly vs AWS WAF
NGINX App Protect vs AWS WAF Logo
NGINX App Protect vs AWS WAF
Barracuda Web Application Firewall vs AWS WAF Logo
Barracuda Web Application Firewall vs AWS WAF
F5 Distributed Cloud Services vs AWS WAF Logo
F5 Distributed Cloud Services vs AWS WAF
See all alternatives

Product Categories

Product Categories
Web Application Firewall (WAF)

Popular Comparisons

Popular Comparisons
Prisma Cloud by Palo Alto Networks vs AWS WAF Logo
Prisma Cloud by Palo Alto Networks vs AWS WAF
Imperva Application Security Platform vs AWS WAF Logo
Imperva Application Security Platform vs AWS WAF
Azure Front Door vs AWS WAF Logo
Azure Front Door vs AWS WAF
Microsoft Azure Application Gateway vs AWS WAF Logo
Microsoft Azure Application Gateway vs AWS WAF
F5 Advanced WAF vs AWS WAF Logo
F5 Advanced WAF vs AWS WAF
Fortinet FortiWeb vs AWS WAF Logo
Fortinet FortiWeb vs AWS WAF
NetScaler vs AWS WAF Logo
NetScaler vs AWS WAF
Cloudflare Web Application Firewall vs AWS WAF Logo
Cloudflare Web Application Firewall vs AWS WAF
Akamai App and API Protector vs AWS WAF Logo
Akamai App and API Protector vs AWS WAF
Azure Web Application Firewall vs AWS WAF Logo
Azure Web Application Firewall vs AWS WAF
Radware Alteon vs AWS WAF Logo
Radware Alteon vs AWS WAF
Fastly vs AWS WAF Logo
Fastly vs AWS WAF
NGINX App Protect vs AWS WAF Logo
NGINX App Protect vs AWS WAF
Barracuda Web Application Firewall vs AWS WAF Logo
Barracuda Web Application Firewall vs AWS WAF
F5 Distributed Cloud Services vs AWS WAF Logo
F5 Distributed Cloud Services vs AWS WAF
See all alternatives
Related questions
  • 99
What are the limitations of AWS WAF vs alternative WAFs?
  • 56
Can you share your experience on migration from Akamai Kona Site to Amazon CloudFront and AWS WAF?
  • 25
How does AWS WAF compare to Microsoft Azure Application Gateway?
  • 63
Which lesser known firewall product has the best chance at unseating the market leaders?
  • 41
Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
  • 59
What do you recommend for a securing Web Application?
  • 34
Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
  • 30
Imperva WAF vs. Barracuda: Which One is Better?
  • 121
F5 vs. Imperva WAF?
  • 184
When should companies use SSL Inspection?