"The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats."
"As a basic WAF, it's better than nothing. So if you need something simple out of the box with default features, AWS WAF is good."
"Their technical support has been quite good."
"The most valuable features are the geo-restriction denials and the web ACL."
"The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements."
"The most valuable features of AWS WAF are its cloud-native and on-demand."
"The solution is stable."
"This is not a product that you need to install. You just use it."
"Technical support has a very fast response time and they are helpful."
"It is a SaaS solution unlike much of the competition."
"It is configurable via API."
"The security features are valuable. The particular feature we use is called OWASP."
"On the UI side, I would like it if they could bring back the geolocation view on the corner."
"The technical support does not respond to bugs in the coding of the product."
"We don't have much control over blocking, because the WAF is managed by AWS."
"I would like to see it more tightly integrated with other AWS services."
"When users choose the free service, there isn't great support available to them."
"We haven't faced any problems with the solution."
"The setup is complicated."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
"It would be ideal if the solution offered better log integration and more integration with different platforms."
"Their documentation could be better. They don't have documentation that explains everything well. They have documentation for everything you're looking for, but they lack a single piece of documentation to tie everything together. As a new user or beginner, it took us a little bit of time to figure out how to put all these things in place."
"The ModSecurity core rules need to be updated."
AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
Cloudflare Web Application Firewall's intuitive dashboard enables users to build powerful rules through easy clicks and also provides Terraform integration. Every request to the WAF is inspected against the rule engine and the threat intelligence curated from protecting over 27 Million websites. Suspicious requests can be blocked, challenged or logged as per the needs of the user while legitimate requests are routed to the destination, agnostic of whether it lives on-premise or in the cloud. Analytics and Cloudflare Logs enable visibility into actionable metrics for the user.
AWS WAF is ranked 5th in Web Application Firewall (WAF) with 12 reviews while Cloudflare Web Application Firewall is ranked 15th in Web Application Firewall (WAF) with 3 reviews. AWS WAF is rated 7.6, while Cloudflare Web Application Firewall is rated 8.0. The top reviewer of AWS WAF writes "Use this product to make it possible to deploy web applications securely". On the other hand, the top reviewer of Cloudflare Web Application Firewall writes "A SaaS solution that is API configurable and a convenient part of a suite but needs updating of core rules". AWS WAF is most compared with Microsoft Azure Application Gateway, Imperva Web Application Firewall, Azure Front Door, Akamai Kona Site Defender and F5 Silverline Managed Services, whereas Cloudflare Web Application Firewall is most compared with Azure Front Door, Microsoft Azure Application Gateway, Fastly, Signal Sciences and Indusface AppTrana. See our AWS WAF vs. Cloudflare Web Application Firewall report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.