AWS WAF vs NGINX App Protect comparison

You must select at least 2 products to compare!
Amazon Logo
19,694 views|16,094 comparisons
F5 Logo
5,263 views|4,223 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between AWS WAF and NGINX App Protect based on real PeerSpot user reviews.

Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed AWS WAF vs. NGINX App Protect Report (Updated: November 2022).
656,862 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
"Stable and scalable web application firewall. Setting it up is straightforward.""The solution is stable.""AWS WAF has a lot of integrated features and services. For example, there are security services that can be integrated very well for our customers.""Their technical support has been quite good.""The most valuable features are the geo-restriction denials and the web ACL.""The customizable features are good.""The simple configuration and the scalability have been most valuable. We are able to scale across all of our different AWS instances.""I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through."

More AWS WAF Pros →

"NGINX App Protect has complete control over the HTTP session.""The most valuable feature of NGINX App Protect is its open source.""NGINX App Protect is stable.""We were looking for a product that is capable of complete automation and a container based solution. It's working.""NGINX App Protect's best features are auto-learning, which creates a profile of applications that are deployed, bot protection, and force protection, which lets you configure your brute force policy and alert for and prevent brute force attacks.""The most valuable feature of NGINX App Protect is the reverse proxy.""The policies are flexible based on the technologies you use.""The initial setup was simple and took three to four days."

More NGINX App Protect Pros →

"AWS WAF could improve by making the overall management easier. Many people that have started working with AWS WAF do not have an easy time. They should make it easy to use.""The serverless product from AWS WAF could be improved. For example, they have only one serverless series, Lambda, but they should extend and improve it. Additionally, the firewall rules are not very easy to configure.""While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex.""It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation.""We haven't faced any problems with the solution.""Technical support for AWS WAF needs improvement.""The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure.""On the UI side, I would like it if they could bring back the geolocation view on the corner."

More AWS WAF Cons →

"The integration of NGINX App Protect could improve.""Areas for improvement would be if NGINX could scan for vulnerabilities and learn and update the signatures of DoS attacks.""The dashboard could provide a more comprehensive view of the status of the connections.""The price of NGINX App Protect could improve.""As far as scalability, it takes a long time for deployment.""Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment.""NGINX App Protect could improve security.""NGINX App Protect would be improved with integration with Shape and F5 WAF, which would make it easy for users to manage all their web application security with a single solution."

More NGINX App Protect Cons →

Pricing and Cost Advice
  • "It's quite affordable. It's in the middle."
  • "The pricing should be more affordable, especially as it pertains to small clients."
  • "It's cheap."
  • "AWS WAF is pay-as-you-go, I only pay for what I'm using. There is no subscription or any payment upfront, I can terminate use at any time. Which is an advantage."
  • "You need an additional AWS subscription for this product if you are buying a managed tool."
  • "The price of AWS WAF is reasonable, it is not expensive and it is not cheap."
  • "The price of AWS WAF is expensive if you do not know how to manage your software up or down. I price of the solution is average amongst the other competitors but it would be better if it was less expensive."
  • "For our infrastructure, we probably pay around $16,000 per month for AWS WAF. Because alternative WAF solutions provide even more features, I think the AWS WAF is a bit pricey"
  • More AWS WAF Pricing and Cost Advice →

  • "Really understand the licensing model, because we underestimated that."
  • "There are no additional fees."
  • "NGINX is not expensive."
  • "The pricing is reasonable because NGINX operates on an instance basis."
  • "There is a license needed to use NGINX App Protect."
  • "There are not any additional costs we had to pay to use NGINX App Protect."
  • "There is a monthly or annual subscription to use NGINX App Protect. There are not any additional costs to the subscription."
  • "The price of NGINX App Protect is approximately $3,000 annually. All of our licenses are observed by a managed service partner."
  • More NGINX App Protect Pricing and Cost Advice →

    Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
    656,862 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Imperva WAF 2. F5 WAF 3. Polarisec Cloud WAF Typical limitations on cloud… more »
    Top Answer:Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft Azure Application Gateway web application firewall software was the better fit for… more »
    Top Answer:Their technical support has been quite good.
    Top Answer:WAF is useful to track mitigation, inclusion, prevention, and the parametric firewall.
    Top Answer:Our licensing costs are about $40,000 a year. We pay on an annual basis. We just have our operating costs on top of that.
    Top Answer:The solution does well when there's low throughput but when we go for any high throughput, it's always a challenge. I'm expecting the next version to have a better high throughput. I also find that… more »
    Average Words per Review
    Average Words per Review
    Also Known As
    AWS Web Application Firewall
    NGINX WAF, NGINX Web Application Firewall
    Learn More

    AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security.

    You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web exploits, such as SQL injection or cross-site scripting. Once defined, new rules are deployed within seconds, and can easily be tracked so you can monitor their effectiveness via real-time insights. These saved metrics include URIs, IP addresses, and geo locations for each request.

    AWS WAF Features

    Some of the solution's top features include:

    • Web traffic filtering: Get an extra layer of security by creating a centralized set of rules, easily deployable across multiple websites. These rules filter out web traffic based on conditions like HTTP headers, URIs, and IP addresses. This is very helpful for protection against exploits such as SQL injection and cross-site scripting as well as attacks from third-party applications.
    • Bot control: Malicious bot traffic can consume excessive resources and cause downtime. Gain visibility and control over bot traffic with a managed rule group. You can easily block harmful bots, such as scrapers and crawlers, and you can allow common bots, like search engines and status monitors.
    • Fraud prevention: Effectively defend your application against bot attacks by monitoring your application’s login page with a managed rule group that prevents hackers from accessing user accounts using compromised credentials. The managed rule group helps protect against credential stuffing attacks, brute-force login attempts, and other harmful login activities.
    • API for AWS WAF Management: Automatically create and maintain rules and integrate them into your development process.
    • Metrics for real-time visibility: Receive real-time metrics and captures of raw requests with details about geo-locations, IP addresses, URIs, user agents, and referrers. Integrate seamlessly with Amazon CloudWatch to set up custom alarms when events or attacks occur. These metrics provide valuable data intelligence that can be used to create new rules that significantly improve your application protections.
    • Firewall management: AWS Firewall Manager automatically scans and notifies the security team when there is a policy violation, so they can swiftly take action. When new resources are created, your security team can guarantee that they comply with your organization’s security rules.

    Reviews from Real Users

    AWS WAF stands out among its competitors for a number of reasons. Two major ones are its user-friendly interface and its integration capabilities.

    Kavin K., a security analyst at M2P Fintech, writes, “I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through.”

    NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:

    • Integrating security controls directly into the development automation pipeline
    • Applying and managing security for modern and distributed application environments such as containers and microservices
    • Providing the right level of security controls without impacting release and go-to-market velocity
    • Complying with security and regulatory requirements

    NGINX App Protect offers:

    • Expanded security beyond basic signatures to ensure adequate controls
    • F5 app‑security technology for efficacy superior to ModSecurity and other WAFs
    • Confidently run in “blocking” mode in production with proven F5 expertise
    • High‑confidence signatures for extremely low false positives
    • Increases visibility, integrating with third‑party analytics solutions
    • Integrates security and WAF natively into the CI/CD pipeline
    • Deploys as a lightweight software package that is agnostic of underlying infrastructure
    • Facilitates declarative policies for “security as code” and integration with DevOps tools
    • Decreases developer burden and provides feedback loop for quick security remediation
    • Accelerates time to market and reduces costs with DevSecOps‑automated security
    Learn more about AWS WAF
    Learn more about NGINX App Protect
    Sample Customers
    eVitamins, 9Splay, Senao International
    Information Not Available
    Top Industries
    Media Company23%
    Energy/Utilities Company15%
    Financial Services Firm15%
    Transportation Company8%
    Computer Software Company21%
    Financial Services Firm11%
    Comms Service Provider11%
    Media Company6%
    Financial Services Firm38%
    Comms Service Provider38%
    Insurance Company13%
    Computer Software Company13%
    Computer Software Company22%
    Comms Service Provider16%
    Financial Services Firm9%
    Company Size
    Small Business21%
    Midsize Enterprise24%
    Large Enterprise55%
    Small Business20%
    Midsize Enterprise15%
    Large Enterprise65%
    Small Business31%
    Midsize Enterprise15%
    Large Enterprise54%
    Small Business24%
    Midsize Enterprise14%
    Large Enterprise62%
    Buyer's Guide
    AWS WAF vs. NGINX App Protect
    November 2022
    Find out what your peers are saying about AWS WAF vs. NGINX App Protect and other solutions. Updated: November 2022.
    656,862 professionals have used our research since 2012.

    AWS WAF is ranked 4th in Web Application Firewall (WAF) with 13 reviews while NGINX App Protect is ranked 11th in Web Application Firewall (WAF) with 9 reviews. AWS WAF is rated 7.8, while NGINX App Protect is rated 8.0. The top reviewer of AWS WAF writes "Easy to deploy, implement, and manage". On the other hand, the top reviewer of NGINX App Protect writes "Capable of complete automation but is costly ". AWS WAF is most compared with Microsoft Azure Application Gateway, Cloudflare Web Application Firewall, Azure Web Application Firewall, Imperva Web Application Firewall and Imperva DDoS, whereas NGINX App Protect is most compared with F5 Advanced WAF, Mirantis Container Cloud, Microsoft Azure Application Gateway, Azure Front Door and Fortinet FortiWeb. See our AWS WAF vs. NGINX App Protect report.

    See our list of best Web Application Firewall (WAF) vendors.

    We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.