We performed a comparison between AWS WAF and NGINX App Protect based on real PeerSpot user reviews.Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"Stable and scalable web application firewall. Setting it up is straightforward."
"The solution is stable."
"AWS WAF has a lot of integrated features and services. For example, there are security services that can be integrated very well for our customers."
"Their technical support has been quite good."
"The most valuable features are the geo-restriction denials and the web ACL."
"The customizable features are good."
"The simple configuration and the scalability have been most valuable. We are able to scale across all of our different AWS instances."
"I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through."
"NGINX App Protect has complete control over the HTTP session."
"The most valuable feature of NGINX App Protect is its open source."
"NGINX App Protect is stable."
"We were looking for a product that is capable of complete automation and a container based solution. It's working."
"NGINX App Protect's best features are auto-learning, which creates a profile of applications that are deployed, bot protection, and force protection, which lets you configure your brute force policy and alert for and prevent brute force attacks."
"The most valuable feature of NGINX App Protect is the reverse proxy."
"The policies are flexible based on the technologies you use."
"The initial setup was simple and took three to four days."
"AWS WAF could improve by making the overall management easier. Many people that have started working with AWS WAF do not have an easy time. They should make it easy to use."
"The serverless product from AWS WAF could be improved. For example, they have only one serverless series, Lambda, but they should extend and improve it. Additionally, the firewall rules are not very easy to configure."
"While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex."
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"We haven't faced any problems with the solution."
"Technical support for AWS WAF needs improvement."
"The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure."
"On the UI side, I would like it if they could bring back the geolocation view on the corner."
"The integration of NGINX App Protect could improve."
"Areas for improvement would be if NGINX could scan for vulnerabilities and learn and update the signatures of DoS attacks."
"The dashboard could provide a more comprehensive view of the status of the connections."
"The price of NGINX App Protect could improve."
"As far as scalability, it takes a long time for deployment."
"Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment."
"NGINX App Protect could improve security."
"NGINX App Protect would be improved with integration with Shape and F5 WAF, which would make it easy for users to manage all their web application security with a single solution."
AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security.
You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web exploits, such as SQL injection or cross-site scripting. Once defined, new rules are deployed within seconds, and can easily be tracked so you can monitor their effectiveness via real-time insights. These saved metrics include URIs, IP addresses, and geo locations for each request.
AWS WAF Features
Some of the solution's top features include:
Reviews from Real Users
AWS WAF stands out among its competitors for a number of reasons. Two major ones are its user-friendly interface and its integration capabilities.
Kavin K., a security analyst at M2P Fintech, writes, “I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through.”
NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:
NGINX App Protect offers:
AWS WAF is ranked 4th in Web Application Firewall (WAF) with 13 reviews while NGINX App Protect is ranked 11th in Web Application Firewall (WAF) with 9 reviews. AWS WAF is rated 7.8, while NGINX App Protect is rated 8.0. The top reviewer of AWS WAF writes "Easy to deploy, implement, and manage". On the other hand, the top reviewer of NGINX App Protect writes "Capable of complete automation but is costly ". AWS WAF is most compared with Microsoft Azure Application Gateway, Cloudflare Web Application Firewall, Azure Web Application Firewall, Imperva Web Application Firewall and Imperva DDoS, whereas NGINX App Protect is most compared with F5 Advanced WAF, Mirantis Container Cloud, Microsoft Azure Application Gateway, Azure Front Door and Fortinet FortiWeb. See our AWS WAF vs. NGINX App Protect report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.