No more typing reviews! Try our Samantha, our new voice AI agent.

AWS WAF vs R&S Web Application Firewall (DenyAll) comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare Web Application ...
Sponsored
Ranking in Web Application Firewall (WAF)
7th
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
26
Ranking in other categories
No ranking in other categories
AWS WAF
Ranking in Web Application Firewall (WAF)
6th
Average Rating
8.0
Reviews Sentiment
6.8
Number of Reviews
63
Ranking in other categories
No ranking in other categories
R&S Web Application Firewal...
Ranking in Web Application Firewall (WAF)
49th
Average Rating
9.0
Reviews Sentiment
8.5
Number of Reviews
1
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Web Application Firewall (WAF) category, the mindshare of Cloudflare Web Application Firewall is 4.0%, down from 5.8% compared to the previous year. The mindshare of AWS WAF is 4.3%, down from 7.6% compared to the previous year. The mindshare of R&S Web Application Firewall (DenyAll) is 0.5%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Web Application Firewall (WAF) Mindshare Distribution
ProductMindshare (%)
AWS WAF4.3%
Cloudflare Web Application Firewall4.0%
R&S Web Application Firewall (DenyAll)0.5%
Other91.2%
Web Application Firewall (WAF)
 

Featured Reviews

DB
CTO at PlayNirvana
Advanced security reporting has protected high-traffic betting platforms from constant attacks
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we have a dedicated IT team for that, and I'm not involved with Cloudflare much anymore. But if I were to compare them to F5, I would like to see more features that F5 offers. F5 has an option to bring the whole infrastructure, the whole WAF and all their packages, Bot Management, and everything else on your infrastructure. You need to install certain services from their side, and then you can choose if you would like requests to hit your servers immediately or if requests need to be proxied through F5 backbone. That would be a nice addition because we have 90% of the traffic as legit traffic coming from whitelisted servers. If it comes from whitelisted servers, I don't need to go every request through the backbone; I could easily just IP whitelist everything. Then I could maybe have Bot Management on my infrastructure that drastically reduces the price of Cloudflare. I would like to see Push CDN more improved in the next release of Cloudflare Web Application Firewall. And maybe something similar to Pushpin that Fastly has, which is an option where you can push messages that then can be scaled globally over the network. From our perspective, if we have a listener that listens for stock updates, I would just need to have one processor that pushes those updates to the Cloudflare API, and then Cloudflare would broadcast that message to all listeners. Cloudflare will check the order of the message, and if you, as a customer, are not connected or have some kind of network issue, when you reconnect, you will receive the latest state and missing updates.
Azam S M - PeerSpot reviewer
Infrastructure Lead at Danat Fz LLC
Has successfully filtered malicious traffic and allowed country-specific access controls
For improvement in AWS WAF, we can have better monitoring. One of the things that should be improved in AWS WAF is the monitoring; we need to identify the requests and where they are coming from. If it's a bot, we should differentiate the requests, whether they are automated or not. The way we see it now is just mentioned as a percentage from bots and actual users, which should include proper graphs and detailed information. We also need a feature where we can filter specific requests. If there are scripts in the requests, we should be able to filter those requests to see if there are any scripts running from them.
SS
General Manager at 3R Technologie
Geo-localization and IP reputation help to keep our clients secure and more available
The area that should be improved is licensing. When using an active/passive cluster, we have to pay 70% of the master appliance and license for the passive server that does not work. Since we know that only one server works at a time, we should pay only one license for the appliances and for the support as well. In my opinion, this has to be improved. If possible, the client software should be a web application instead of downloading software for the management. This can avoid login problems when they update or patch.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cloudflare has positively impacted my organization by making it easier for me to handle and set up DNS for multiple clients; I can easily go in and access their accounts, make changes they need, and it's a one-stop shop."
"I have not had any issues with this solution, and I would recommend it to others who are interested in using it."
"The product has a valuable security control functionality."
"The setup process is very simple for me."
"Very glad the WAF rulesets works out of box, and requires very little tuning or maintenance."
"Cloudflare is cheaper compared to Azure WAF, which I have considered before."
"The most valuable part of the solution for us overall is exactly that it is a Software-as-a-Service product."
"The Cloudflare Web Application Firewall's most valuable feature is its ease of configuration."
"The product's initial setup phase was very simple."
"Stable and scalable web application firewall. Setting it up is straightforward."
"The solution's initial setup process is easy."
"The agility is great for us in terms of cloud services in general."
"It's simple, easy to use."
"We have received good support from the customer service and support team."
"I think AWS WAF is a great solution."
"AWS WAF has helped to strengthen the security of my environment; it has also helped to improve the posture of our application, prevent all DDoS attacks and unnecessary traffic and SQL injection that is reducing the performance of our application."
"By publishing the application without fear, my customer has created new revenue by making the website available anytime and anywhere."
"The three most valuable features that I noticed are the geo-localization of the user, the IP reputation, and the compartmental analysis."
 

Cons

"If they add logs history within the Cloudflare offering, that would be a great benefit."
"The user interface is very simple and straightforward, but users need knowledge about DNS to accomplish tasks."
"The dashboard could be more user-friendly."
"Cloudflare Web Application Firewall should improve visibility for a customer."
"Its stability could be better."
"They need to improve their support because getting a response for basic requests took around 48 hours, which is too long."
"Their documentation could be better. They don't have documentation that explains everything well."
"We don't even use Cloudflare Bot Management because it's too expensive; you need to pay per request, and it's much cheaper to get one or two additional machines."
"The issue with AWS WAF is that the rule structure is very complicated and it is very hard to maintain."
"I would like to be able to view a graphical deployment map in the user interface that will give me an overview of the configuration and help to determine whether I have missed any steps."
"While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex."
"One area for improvement in AWS WAF could be the limitation on the number of rules, particularly those from third-party sources, within the free tier."
"The complexity of deploying turnkey solutions could be simplified."
"The cost must be reduced."
"The cost management has room for improvement."
"The solution could improve by having better rules, they are very basic at the moment."
"The area that should be improved is licensing."
 

Pricing and Cost Advice

"We pay $210 per month for CloudFlare WAF."
"The pricing model is very straightforward compared to the competition. You just pay per month for the product and usage."
"Cloudflare offers different types of subscriptions for businesses, enterprises, and personal users, and the pricing is negotiable."
"It is not too pricey."
"Cloudflare Web Application Firewall is more affordable than other solutions."
"The solution's pricing option needs to be more transparent for enterprise clients."
"The annual licensing fee is $10,000 USD."
"The solution is expensive."
"AWS WAF has reasonable pricing."
"The price of AWS WAF is reasonable, it is not expensive and it is not cheap."
"AWS is not that costly by comparison. They are maybe close to $40 per month. I think it was between $29 or $39."
"For Kubernetes microservices, AWS is more expensive compared to OCI. AWS costs approximately 70 cents per hour, while OCI is 50% cheaper."
"It's an annual subscription."
"The solution's cost depends on the use cases."
"Its price is fair. There is a very fair amount that they charge. It has a pay-as-you-go model, so it pretty much depends on how much a user uses it. As per the cloud norms, the more you use, the more you pay. I would rate it a five out of ten in terms of pricing."
"There are different scale options available for WAF."
Information not available
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
903,118 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
17%
Financial Services Firm
9%
Comms Service Provider
9%
Manufacturing Company
7%
Financial Services Firm
13%
Manufacturing Company
9%
Computer Software Company
7%
Comms Service Provider
6%
No data available
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise6
Large Enterprise6
By reviewers
Company SizeCount
Small Business22
Midsize Enterprise12
Large Enterprise28
No data available
 

Questions from the Community

What needs improvement with Cloudflare Web Application Firewall?
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we...
What is your primary use case for Cloudflare Web Application Firewall?
We are using Cloudflare Web Application Firewall's advanced reporting and analytics tools with their Zero Trust, so e...
What are the limitations of AWS WAF vs alternative WAFs?
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Im...
How does AWS WAF compare to Microsoft Azure Application Gateway?
Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft...
What is your experience regarding pricing and costs for AWS WAF?
AWS WAF is affordable; it depends on the number of rules you apply. The licensing cost for AWS WAF is just pay-as-you...
Which Web Application Firewall (WAF) would you recommend? R&S or Imperva?
Imperva is a strong choice, given their security focus and ongoing R&D into the product in areas such as bot mana...
 

Also Known As

Cloudflare WAF
AWS Web Application Firewall
Rohde & Schwarz Web Application Firewall, R&S WAF, DenyAll Web Application Security
 

Overview

 

Sample Customers

crunchbase, udacity, marketo, okcupid, zendesk
eVitamins, 9Splay, Senao International
Information Not Available
Find out what your peers are saying about Imperva, Fortinet, F5 and others in Web Application Firewall (WAF). Updated: June 2026.
903,118 professionals have used our research since 2012.