We performed a comparison between AWS WAF and Microsoft Azure Application Gateway based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, AWS WAF has a slight edge over Microsoft Azure Application Gateway. Our reviewers found Microsoft to have challenges with stability, scalability, and support.
"Their technical support has been quite good."
"As a basic WAF, it's better than nothing. So if you need something simple out of the box with default features, AWS WAF is good."
"Stable and scalable web application firewall. Setting it up is straightforward."
"AWS has flexibility in terms of WAF rules."
"Its best feature is that it is on the cloud and does not require local hardware resources."
"This product supplies options for web security for applications accessing sensitive information."
"This is not a product that you need to install. You just use it."
"The solution is stable."
"The solution was very easy to configure. It wasn't hard at all to adjust it to our needs."
"The most valuable features of Microsoft Azure Application Gateway are the policies, the data store they are using, and the cloud platform it operates on."
"The health probe is pretty good for your backend health. It tells you whether it's communicating and talking to the endpoint correctly. It is quite useful."
"The solution is easy to set up."
"Good customization; able to report and take action on alerts."
"It does an excellent job of load balancing."
"It has a filter available, although we are not currently using it because it is not part of our requirements. But it is a good option and when it becomes part of our requirements we will definitely use it."
"The most valuable feature is WAF."
"On the UI side, I would like it if they could bring back the geolocation view on the corner."
"We haven't faced any problems with the solution."
"The technical support does not respond to bugs in the coding of the product."
"When users choose the free service, there isn't great support available to them."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
"The pricing model is complicated."
"The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure."
"I would like to see it more tightly integrated with other AWS services."
"One of the challenges we faced was the solution does not support any other PCP protocols apart from HTTP and HTTPS."
"The security of the product could be adjusted."
"The monitoring on the solution could be better."
"The increased security that we are considering is because of some of the things that the security team has brought to our attention. They have pointed out that we would most likely require a better web application firewall than Azure Application Gateway."
"It takes a lot of time for a certificate to update in the system. That is a huge drawback, affecting the load-balancing side. And when there are changes to the load balancing, it affects the end-user."
"It is a bit tricky to configure. You've got to have a very specific format to configure it. They should make it a little bit easier to configure. Mapping the certificates into it isn't easy, and it could be better. Currently, you've to write a bit of automation to pull certificates directly to HTTPS."
"Needs easier integration with the existing SIAM."
"The configuration is very specific right now and needs to be much more flexible."
AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 - TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.
To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.
AWS WAF is ranked 4th in Web Application Firewall (WAF) with 12 reviews while Microsoft Azure Application Gateway is ranked 3rd in Web Application Firewall (WAF) with 12 reviews. AWS WAF is rated 7.6, while Microsoft Azure Application Gateway is rated 7.0. The top reviewer of AWS WAF writes "Use this product to make it possible to deploy web applications securely". On the other hand, the top reviewer of Microsoft Azure Application Gateway writes "Needs better security and functionality, and requires more intelligence to make it competitive". AWS WAF is most compared with Imperva Web Application Firewall, Azure Web Application Firewall, Cloudflare Web Application Firewall, Azure Front Door and Akamai Kona Site Defender, whereas Microsoft Azure Application Gateway is most compared with Azure Front Door, F5 BIG-IP Local Traffic Manager (LTM), F5 Advanced WAF, HAProxy and Cloudflare. See our AWS WAF vs. Microsoft Azure Application Gateway report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.