Try our new research platform with insights from 80,000+ expert users

AWS WAF vs Imperva Web Application Firewall comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jul 27, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare
Sponsored
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
76
Ranking in other categories
CDN (1st), Distributed Denial-of-Service (DDoS) Protection (1st), Managed DNS (1st), Cloud Security Posture Management (CSPM) (13th)
AWS WAF
Average Rating
8.0
Reviews Sentiment
7.6
Number of Reviews
59
Ranking in other categories
Web Application Firewall (WAF) (2nd)
Imperva Web Application Fir...
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
52
Ranking in other categories
Web Application Firewall (WAF) (7th)
 

Featured Reviews

Carlos Alam Hernandez Baruch - PeerSpot reviewer
Fast and secure deployments simplify operations for government and fintech clients
It is a fast and secure DNS. It is very easy to deploy, and my customers are happy with this tool. Additionally, the CDN performance in Mexico is excellent, providing fast service and tools. It offers reliability during high-traffic periods, ensuring no impact on the environment. It helps my clients avoid using on-premise boxes, simplifying operations as they only use the prices on Cloudflare.
Kavin Kalaiarasu - PeerSpot reviewer
AWS's cloud-native security simplifies rule enforcement but needs better DDoS integration
The dashboarding could be improved, and the default metrics provided by AWS WAF could be upgraded. The rate at which AWS updates their managed rule sets could be better. Features like bot protection or DDoS mitigation, available with other WAF vendors, do not come natively with AWS WAF. Instead, they are part of AWS Shield. Providing DDoS protection as part of their WAF solution would be beneficial.
Mitesh D Patel - PeerSpot reviewer
Effectively defends against threats like cross-site scripting (XSS), SQL injection, and others
It does bring value. For example, consider a BFSI customer. Their application is critical and represents their brand. Without a WAF, an attack could take their application down, harming their reputation. It leads to hampering the customer's workflow. With an Imperva WAF, they protect against attacks like DDoS or SQL injection, ensuring their application remains available and customers are happy. That's the main benefit for both the customer and the organization. The impact depends on the customer's use case. If their business primarily operates online, a CDN is beneficial for traffic optimization. Moreover, the integration options depend on the specific use case of our customers. Generally, integration capabilities are good with SIEM (Security Information and Event Management) parts.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's a great product because it's scalable, has great coverage, and is mature with good defenses against DDoS attacks."
"The most valuable feature is its usability."
"The most valuable feature is its usability."
"The most valuable feature of the solution is external DNS. It is also very secure. They have their own main server and once you configure it, the product takes care of everything. There are no issues in resolving IPs and low latency is also present."
"The most valuable feature of Cloudflare DNS is security."
"The most valuable feature is the web application firewall."
"It is a stable solution. I rate the stability a ten out of ten...I rate the scalability a ten out of ten."
"Many websites require an SSL certificate because they sell stuff and want SSL. Cloudflare comes with an SSL certificate built in. It's automatic. You sign yourself up for Cloudflare, and an SSL certificate automatically protects your website. You don't necessarily need a certificate if you have a connection between your website and your host, the server, Cloudflare, and the host."
"The solution is stable."
"We do not have to maintain the solution."
"The product’s availability, ease of configuration, and documentation are valuable."
"The most valuable features of AWS WAF are its cloud-native and on-demand."
"The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats."
"Their technical support has been quite good."
"We can host any DB or application on the solution."
"The automation of blocking for security attacks is valuable, with AWS applying rate limiting."
"If you are using the appliance as opposed to the virtual deployment, it can stand as the network layer-two and provide real transparency."
"The solution can scale."
"I am impressed with the product's scalability, availability, easy management, and security. We were able to integrate the product with Azure and Sentinel."
"There are many features. There is ease of deployment. You can deploy the Imperva Web Application Firewall in two to three minutes. After that, you have to set the policies. For setting policies, you have toggle buttons. You can turn something on or off."
"The solution is cloud-based and offers us good uptime. It has combined web and API security. Therefore, with one license, you access both application security and also API security."
"Configuration for different application sources is most valuable. We can segregate the traffic that an application is carrying and identify the sizing in Imperva."
"The tool's profiling feature maps all the web application directories and related components on the profile directory. It has improved the security of my client's website applications."
"It has fewer false positives"
 

Cons

"There could be more courses with engineers. I like e-learning, however, having a specialist in a classroom is more comfortable for me."
"The solution could use more analytics on the backend to give us more insights into everything. More reports would be helpful."
"We're facing challenges due to an upgrade in the machine learning model. The problem arises from some users abusing the APIs, resulting in an influx of suspicious traffic. Cloudflare's learning model mistakenly identifies this traffic as human. Consequently, it assigns it a higher trust score, akin to legitimate human traffic, causing complications in our architecture. Previously, such traffic would have been categorized as suspicious, enabling us to apply appropriate blocking rules. However, we encounter difficulties distinguishing between genuine and suspicious traffic with the new categorization. Despite these challenges, overall, Cloudflare remains the preferred solution compared to Azure, AWS CloudFront, and Google Cloud Armor."
"Cloudflare doesn't have a reverse lookup. We can only do a DNS lookup to get the IP address from the hostname. It doesn't work if you want to look up the hostname from an IPA address."
"Even if I wanted to, I wouldn't be able to buy Cloudflare in my country."
"The timing aspect can lead to it being considered overpriced. This is a particular concern we have with Cloudflare, as they may struggle with accurately detecting the client."
"It would be helpful if the solution could continue evolving to compete with the other solutions on the market."
"For large enterprises, the pricing is okay. However, the enterprise price for small projects is a bit high. A mid-tier pricing option would be beneficial."
"The product must provide more features."
"The cost must be reduced."
"This solution could be improved if the configuration steps were more specific to WAF, compared to other cloud services."
"We must monitor and clean up the WAF manually."
"The setup is complicated."
"AWS WAF would be better if it uses AI or machine learning to detect a potential attack or a potential IP that creates an attack even before it happens. I want AWS WAF to capture the IP and automatically write the rule to automate the entire process."
"The dashboarding could be improved, and the default metrics provided by AWS WAF could be upgraded."
"We don't have much control over blocking, because the WAF is managed by AWS."
"They recently separated the WAF and the DAM management gateways in order for each of these to be managed from different areas, so I believe it now requires additional investments for what was previously a single complete solution."
"Sometimes, support tickets don't get addressed quickly."
"The reporting is missing some features, such as: only two export formats, and the time period does not include the last day, week, year."
"It should be more user-friendly. Like other web solutions, it would be helpful to be able to easily do policy configuration and identification inside the application. Understanding the in-depth configuration of a policy is somewhat difficult for an engineer, and they can improve that."
"It is complicated to integrate the solution's on-cloud version with other platforms."
"I don't really use it and therefore can't speak to areas of improvement."
"Some of the features should be included in the next release is a file integrating monitoring tool. This feature should be improved."
"The only disadvantage of Imperva is that it is a pretty costly solution."
 

Pricing and Cost Advice

"I think the pricing is competitive. I think as far as licensing is concerned it's pretty straightforward because it's based on domain. It's just that sometimes domains could be tricky with some customers."
"We are using the free version."
"The product's pricing is minimal compared to other products."
"We are using the free tier of the solution."
"The cost primarily depends on the size of the organization."
"The price of the solution is expensive."
"The tool is a premium product, so it is very expensive."
"The pricing for the service is reasonable, neither excessively cheap nor prohibitively expensive. It aligns well with the value of their solution."
"I would rate AWS WAF's pricing a seven out of ten."
"There are different scale options available for WAF."
"The pricing is good and manageable."
"The solution's cost depends on the use cases."
"AWS WAF has reasonable pricing."
"The product’s pricing is reasonable."
"AWS is not that costly by comparison. They are maybe close to $40 per month. I think it was between $29 or $39."
"The solution is affordable."
"Licensing can range from one to twenty thousand dollars annually. Additionally, some features, including software support, require an annual subscription as well."
"The price of Imperva Web Application Firewalls is expensive compared to others."
"It is a very affordable solution."
"There is a license for this solution and we purchase the license annually with no additional fees."
"Everybody complains about the price of this solution."
"The pricing is somewhat expensive. It is actually a huge investment when compared to other countries."
"Imperva’s pricing is a bit higher in the market since it offers a full-blown WAF."
"We sell three-year licenses for Imperva Web Application Firewall to our customers. The price is a little expensive."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
865,295 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Comms Service Provider
11%
Financial Services Firm
9%
Manufacturing Company
7%
Computer Software Company
16%
Financial Services Firm
14%
Manufacturing Company
9%
Government
6%
Financial Services Firm
15%
Computer Software Company
12%
Insurance Company
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GR...
Which would you choose - Cloudflare DNS or Quad9?
Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service...
What do you like most about Cloudflare?
Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.
What are the limitations of AWS WAF vs alternative WAFs?
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Im...
How does AWS WAF compare to Microsoft Azure Application Gateway?
Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft...
What do you like most about AWS WAF?
The most valuable feature of AWS WAF is its highly configurable rules system.
Is Citrix ADC (formerly Netscaler) the best ADC to use and if not why?
For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you hav...
DDoS solutions: Any other solutions to consider aside from Radware DDoS Protection Service and F5 Silverline DDoS Protection?
You can have a look to Imperva Cloud WAF, the anti-DDoS mitigation is under 1s and works very well. I observed a lot ...
 

Also Known As

Cloudflare DNS
AWS Web Application Firewall
No data available
 

Overview

 

Sample Customers

Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
eVitamins, 9Splay, Senao International
BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens
Find out what your peers are saying about AWS WAF vs. Imperva Web Application Firewall and other solutions. Updated: July 2025.
865,295 professionals have used our research since 2012.