Try our new research platform with insights from 80,000+ expert users

AWS WAF vs Imperva Web Application Firewall comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 20, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare
Sponsored
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
75
Ranking in other categories
CDN (1st), Distributed Denial-of-Service (DDoS) Protection (1st), Managed DNS (1st), Cloud Security Posture Management (CSPM) (13th)
AWS WAF
Average Rating
8.0
Reviews Sentiment
7.6
Number of Reviews
59
Ranking in other categories
Web Application Firewall (WAF) (1st)
Imperva Web Application Fir...
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
52
Ranking in other categories
Web Application Firewall (WAF) (5th)
 

Featured Reviews

Spencer Malmad - PeerSpot reviewer
It's easy to set up because you point the DNS to it, and it's working in under 15 minutes
Cloudflare is highly scalable. Cloudflare is a system with a web portal that the end users like me see. It's a console where we can adjust the DNS, caching, and security features all in that console. Cloudflare owns thousands of servers across the world that cache the data. It's a powerful solution. When clients sign up for Cloudflare, they're getting this monster content delivery network, security, and a web application firewall in one. It's all rolled into one, and it's massive. Unless you have your website hosted on a massive hosting provider, there's no way that you can deliver the amount of data that Cloudflare can provide to the end users. If you have static content, there's no way that you can ever match what Cloudflare can do. Obviously, there are competitors to Cloudflare that do the same, but I'm saying other types of solutions. Let's say you go with F5. Great, that's on-prem. That's in your colo. You can't deliver as much data to the internet as you can with a CDN. You don't have to spend $20,000 on a net scaler, F5, or whatever Cisco's selling now. You don't have to buy that. You pay them $50 a month or $150 a month. It's totally worth it because even in five years, you'll never get the performance value, not just the actual ROI. You have to consider how much throughput you can get with Cloudflare.
Kavin Kalaiarasu - PeerSpot reviewer
AWS's cloud-native security simplifies rule enforcement but needs better DDoS integration
The dashboarding could be improved, and the default metrics provided by AWS WAF could be upgraded. The rate at which AWS updates their managed rule sets could be better. Features like bot protection or DDoS mitigation, available with other WAF vendors, do not come natively with AWS WAF. Instead, they are part of AWS Shield. Providing DDoS protection as part of their WAF solution would be beneficial.
Abdullah Jin - PeerSpot reviewer
Offers bot protection and DDoS Protection and protects public-facing portals
Support is one thing I wish Imperva could improve. They follow the phone model and keep rotating you from one customer service person to another. The layer one support isn't very clear about the workings of the product. My feedback is primarily about Imperva Cloud, not on-premise. On-premise is a whole new story. Support is the issue for Imperva Cloud. It's also a bit pricey. It's a premium service and very expensive. The licensing model is not very straightforward. Every feature is priced separately, and to enjoy maximum protection, you'll have to spend a lot of money. The licensing model is a bit complex, and each feature is very pricey. For example, API security and web application protection are two separate license packages.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The tool is user-friendly."
"The solution automatically detects and responds to certain types of traffic based on geolocation."
"The solution offers the flexibility to control configuration rules."
"The most valuable feature of the solution is external DNS. It is also very secure. They have their own main server and once you configure it, the product takes care of everything. There are no issues in resolving IPs and low latency is also present."
"Cloudflare consolidates various capabilities into one product, streamlining processes."
"The solution provides good load balancing and protection against DDoS attacks."
"Smaller businesses have seen great ROI due to the low investment and strong performance."
"The overall experience with Cloudflare is positive, with a rating of eight out of ten."
"Their technical support has been quite good."
"AWS WAF helps mitigate different kinds of bot attacks and SQL injection that happen within the retail industry."
"The most valuable feature is that it is very easy to configure. It just takes a couple of minutes."
"If hackers try to insert bugs, the tool blocks it."
"The cloud-native nature of AWS is crucial since most of our workload is in AWS, making AWS WAF native to Amazon Web Services."
"Its best feature is that it is on the cloud and does not require local hardware resources."
"The most valuable features are the geo-restriction denials and the web ACL."
"This product supplies options for web security for applications accessing sensitive information."
"The most valuable feature of Imperva, in addition to its strong knowledge base, is its effective protection for web applications."
"The solution can be configured in just a couple of minutes."
"It has threat intelligence and we are using Incapsula. With threat intelligence, we can separate HTTP and HTTPS traffic. We can use Incapsula to send all the threat intelligence to the WAF."
"The solution is very scalable. It is one of the most important features. You can also expand resources and features as well."
"The configurability of the tools and the ease of operation to be the most valuable feature of Imperva."
"There are many features. There is ease of deployment. You can deploy the Imperva Web Application Firewall in two to three minutes. After that, you have to set the policies. For setting policies, you have toggle buttons. You can turn something on or off."
"It is easy to use and has good security."
"It has fewer false positives"
 

Cons

"It should be easier to collect the logs with companies like Sumo. However, based on my discussions with the salespeople, I understand that's how they make their money. With the enterprise product, they want people doing those kinds of enterprise features to do the logging. They want them to pay a lot of money, and that's where I have an issue with them. That should be a default. You should be able to get the log no matter what. The logging should be universal."
"The solution could use more analytics on the backend to give us more insights into everything. More reports would be helpful."
"The timing aspect can lead to it being considered overpriced. This is a particular concern we have with Cloudflare, as they may struggle with accurately detecting the client."
"It would be beneficial for us if Cloudflare could offer a scrubbing solution. This would involve taking a snapshot of my website and keeping it live during a DDoS attack, ensuring uninterrupted service for our users. DDoS attacks are typically short in duration, and having Cloudflare maintain the site's availability from its secure network would enhance the overall user experience. I would appreciate it if Cloudflare could consider implementing this feature. Many organizations already utilize similar capabilities in their CDN platforms, where a static snapshot of the web page is displayed during DDoS attacks. In terms of features, Cloudflare needs to enhance its resilience and stay more focused on adopting new technologies. For instance, solutions like F5 XC Box, Access Solution, and Distributed Cloud Solution have impressive features, and Cloudflare should strive to match and exceed those capabilities. There's a need for improvement in areas like AI-based DDoS attacks and Layer 7 WAF features. Cloudflare should prioritize enhancements in areas such as behavioral DDoS and protection against SQL injection attacks, considering the prevalent trend of public exposure to the internet for business reasons. Overall, Cloudflare needs to invest more in advancing its feature set."
"The tool needs to improve caching of servers. The product needs to include PFX certificate as well."
"Cloudflare does not have an on-premise solution. If they had different approaches they could be better suited to accommodate more customers, such as on-premise and hybrid deployments. For example, hybrid deployments would be useful where you could move the traffic from the enterprise to the cloud."
"It would be helpful if the solution could continue evolving to compete with the other solutions on the market."
"I believe they currently have this feature, but there will most likely be integration with APIs so we can control some features through API."
"I believe there is a need to move towards real-time analysis with the help of AI and intelligent systems in the future. This would reduce the reliance on manual work and enhance the functionality of detection protection. By incorporating AI-driven data analysis and data science techniques, we can improve the solution's user-friendliness, security compatibility, and accuracy."
"One area that could be improved is the DDoS protection."
"The cost management has room for improvement."
"For now, there is no feature to protect against attack of the bad bots"
"We have issues with reporting, troubleshooting, and analytics. AWS WAF needs to bring costs down."
"They should make the implementation process faster."
"The product could be improved by expanding the weightage units of rules."
"They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats."
"It would be nice to have more security control over mobile applications so I would suggest adding more mobile security features. It would also be beneficial to see improvements in regards to interface bandwidth performance, CPU time, and RAM size. Learning capability of the device is quite weak."
"The process to upgrade from one version to another can be a lot simpler than it is currently."
"The product's customization capabilities are a bit problematic, requiring support cases for backend modifications."
"It should be more user-friendly. Like other web solutions, it would be helpful to be able to easily do policy configuration and identification inside the application. Understanding the in-depth configuration of a policy is somewhat difficult for an engineer, and they can improve that."
"I am looking for more data enrichment. We should have the ability to add our own custom data to the system, to the live traffic."
"There's always room for improvement. Occasionally, there might be false-positive alerts."
"Imperva Web Application Firewall is a good system, but we found that the visibility of the diverse-path server, e.g. where the traffic is coming from, the different IPs, etc., needs improvement."
"Imperva Web Application Firewall could improve the console by making it easier to use."
 

Pricing and Cost Advice

"The pricing for the service is reasonable, neither excessively cheap nor prohibitively expensive. It aligns well with the value of their solution."
"The cost primarily depends on the size of the organization."
"That is one of the great features. I was able to access the majority of the features and services for free."
"When you compare Cloudflare DNS to other solutions, such as Akamai, the price is reasonable."
"The price is reasonable."
"So far I use free tier and happy with it. You can subscribe to business package if needed."
"We are using the free tier of the solution."
"The solution has many features but there are ones that you need to pay for. Sometimes you have to find out which is available for free and which you have to pay for."
"For Kubernetes microservices, AWS is more expensive compared to OCI. AWS costs approximately 70 cents per hour, while OCI is 50% cheaper."
"It's quite affordable. It's in the middle."
"Its price is fair. There is a very fair amount that they charge. It has a pay-as-you-go model, so it pretty much depends on how much a user uses it. As per the cloud norms, the more you use, the more you pay. I would rate it a five out of ten in terms of pricing."
"You need an additional AWS subscription for this product if you are buying a managed tool."
"I would rate AWS WAF's pricing a seven out of ten."
"The pricing is good and manageable."
"AWS is not that costly by comparison. They are maybe close to $40 per month. I think it was between $29 or $39."
"It's cheap."
"The tool is expensive."
"Licensing can range from one to twenty thousand dollars annually. Additionally, some features, including software support, require an annual subscription as well."
"There are a couple of different licensing models."
"Imperva Web Application Firewall is expensive."
"It's an excellent product, but it can be very costly."
"There is a license for this solution and we purchase the license annually with no additional fees."
"It is a very affordable solution."
"It is very costly, but the return on investment is very high. Its cost was around $70,000, and we got it back in just six months."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
851,371 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
16%
Computer Software Company
14%
Comms Service Provider
9%
Financial Services Firm
8%
Computer Software Company
16%
Financial Services Firm
14%
Manufacturing Company
8%
Government
6%
Financial Services Firm
17%
Computer Software Company
13%
Insurance Company
8%
Manufacturing Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GR...
Which would you choose - Cloudflare DNS or Quad9?
Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service...
What do you like most about Cloudflare?
Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.
What are the limitations of AWS WAF vs alternative WAFs?
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Im...
How does AWS WAF compare to Microsoft Azure Application Gateway?
Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft...
What do you like most about AWS WAF?
The most valuable feature of AWS WAF is its highly configurable rules system.
Is Citrix ADC (formerly Netscaler) the best ADC to use and if not why?
For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you hav...
DDoS solutions: Any other solutions to consider aside from Radware DDoS Protection Service and F5 Silverline DDoS Protection?
You can have a look to Imperva Cloud WAF, the anti-DDoS mitigation is under 1s and works very well. I observed a lot ...
 

Also Known As

Cloudflare DNS
AWS Web Application Firewall
No data available
 

Overview

 

Sample Customers

Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
eVitamins, 9Splay, Senao International
BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens
Find out what your peers are saying about AWS WAF vs. Imperva Web Application Firewall and other solutions. Updated: April 2025.
851,371 professionals have used our research since 2012.