Try our new research platform with insights from 80,000+ expert users

AWS WAF vs Sucuri comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 1, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare
Sponsored
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
76
Ranking in other categories
CDN (1st), Distributed Denial-of-Service (DDoS) Protection (1st), Managed DNS (1st), Cloud Security Posture Management (CSPM) (13th)
AWS WAF
Average Rating
8.0
Reviews Sentiment
7.6
Number of Reviews
59
Ranking in other categories
Web Application Firewall (WAF) (1st)
Sucuri
Average Rating
8.4
Reviews Sentiment
7.5
Number of Reviews
6
Ranking in other categories
Web Application Firewall (WAF) (24th), Distributed Denial-of-Service (DDoS) Protection (16th), Domain Name System (DNS) Security (13th)
 

Featured Reviews

Carlos Alam Hernandez Baruch - PeerSpot reviewer
Fast and secure deployments simplify operations for government and fintech clients
It is a fast and secure DNS. It is very easy to deploy, and my customers are happy with this tool. Additionally, the CDN performance in Mexico is excellent, providing fast service and tools. It offers reliability during high-traffic periods, ensuring no impact on the environment. It helps my clients avoid using on-premise boxes, simplifying operations as they only use the prices on Cloudflare.
Kavin Kalaiarasu - PeerSpot reviewer
AWS's cloud-native security simplifies rule enforcement but needs better DDoS integration
The dashboarding could be improved, and the default metrics provided by AWS WAF could be upgraded. The rate at which AWS updates their managed rule sets could be better. Features like bot protection or DDoS mitigation, available with other WAF vendors, do not come natively with AWS WAF. Instead, they are part of AWS Shield. Providing DDoS protection as part of their WAF solution would be beneficial.
Akshit Malik - PeerSpot reviewer
Provides website security, safeguarding against various threats and effective protection against DDoS attacks
The initial setup is moderate because it's neither too easy nor too hard. Sucuri provides us with many ways to set up our site, handle the routing, and perform the necessary configurations. It's deployed on the cloud. We used the managed service of Sucuri and then routed all the requests from Sucuri to our AWS platform.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It is a stable solution. I rate the stability a ten out of ten...I rate the scalability a ten out of ten."
"The most valuable feature is the web application firewall."
"The most valuable feature of Cloudflare is the GUI. You are able to control the solution very well through the interface. There is a lot of functionality that is embedded in the service."
"It's a great product because it's scalable, has great coverage, and is mature with good defenses against DDoS attacks."
"The most valuable feature of Cloudflare DNS is its global reach and it is always evolving."
"Easier http to https redirect using page rules"
"The most valuable features of the solution are performance and security."
"I rate its stability a ten out of ten."
"The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements."
"It is a one-click WAF with no effort needed."
"Rule groups are valuable."
"The most valuable feature of the solution is the ability to integrate central sets. It protects from intrusion attacks such as scripting and SQL injections."
"The most valuable feature of AWS WAF is its highly configurable rules system."
"This product supplies options for web security for applications accessing sensitive information."
"The initial setup was very straightforward. Deployment took about ten minutes or less."
"I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through."
"I use it as a WAF, which is basically a web firewall to monitor and block traffic to our web server."
"It significantly eases the workload and streamlines the initial setup required to protect a website."
"The initial setup was very easy."
"Domain name scanning since it allows us to scan all our domain names and determine whether it has malware or if is reported as phishing."
"The most valuable part is the analytics and visualization."
"The initial setup was straightforward. Straight forward because the plugin can simply be installed and then it does its job. It's not complex, there is no learning curve. The online scan is simple, you put in the website address and the scan gives us a report on the browser itself. It's simple to use."
 

Cons

"Technical support is not well developed. While there are good engineers, Cloudflare does not offer hands-on technical support to fix customer problems but rather a self-service model."
"The product support needs to be accessible from more places, a wider area of coverage."
"Cloudflare's console should be made more user-friendly."
"I think the APIs are a little bit hard for us to work with. The APIs could be more open so that we could integrate better with our SolarWinds or our monitoring solution."
"The solution could use more analytics on the backend to give us more insights into everything. More reports would be helpful."
"In the last two years, there has been a certain amount of downtime when using the VDM."
"Cloudflare does not have an on-premise solution. If they had different approaches they could be better suited to accommodate more customers, such as on-premise and hybrid deployments. For example, hybrid deployments would be useful where you could move the traffic from the enterprise to the cloud."
"Cloudflare should add more documentation and pricing to the cloud version."
"AWS WAF should provide better protection to its users, and the security features need to improve."
"The product should improve the DDoS-related features."
"In a future release of this solution, I would like to see additional management features to make things simpler."
"On the UI side, I would like it if they could bring back the geolocation view on the corner."
"I would like to see the addition of more advanced rate-limiting features in the next release. It would be beneficial to extend rate limiting beyond just web servers to the main node level."
"Rule exclusion could be a bit more transparent."
"One area that could be improved is the DDoS protection."
"We haven't faced any problems with the solution."
"Sucuri could provide help for specific security alerts in-line instead of requiring users to search for it in the help section."
"I would rate this solution an eight out of ten. The reason is that we have found sometimes customers or Google saying that there is something wrong with the website but Sucuri says that the site is clean so we do have to look at the site manually which means that the Sucuri scan does not pick up anything and everything."
"In terms of improvement, the cost factor is always there."
"Confident score: Currently it does not have one and there are cases that most websites flagged are false-positives."
"It would greatly benefit customers if they implemented an online chat or messaging system for quicker assistance."
"The main improvement I would like to see is support for .NET applications. If they could include this feature, I would include more sites in the protection."
 

Pricing and Cost Advice

"The product's pricing is minimal compared to other products."
"Cloudflare's pricing is not much higher and is good for middle-level organizations."
"In terms of licensing costs, we don't pay for licensing for Cloudflare. We only establish communication, then for peering, Cloudflare takes care of the cross-connection in different data centers."
"The price of the solution is expensive."
"We are using the free version."
"The solution is expensive when compared to other products but offers unlimited bandwidth."
"A free version of the solution is available."
"The pricing depends on the usage, but the cheapest would be around 5,000 USD a month."
"There are different scale options available for WAF."
"The product is moderately priced."
"It's quite affordable. It's in the middle."
"AWS WAF costs $5 monthly plus $1 for the rule. It's cheap, cost-wise. It's worth the money."
"We are kind of doing a POC comparison to see what works best. Pricing-wise, AWS is one of the most attractive ones. It is fairly cheap, and we like the pricing part. We're trying to see what makes more sense operation-wise, license-wise, and pricing-wise."
"The solution's cost depends on the use cases."
"AWS WAF has reasonable pricing."
"For Kubernetes microservices, AWS is more expensive compared to OCI. AWS costs approximately 70 cents per hour, while OCI is 50% cheaper."
"Sucuri offers different plans, both the standard plan and an advanced plan. So there are different plans to choose from."
"I’d simply say it’s really worth it."
"It stands out as a more cost-effective option compared to other cloud-based security services like Cloudflare or JetPass."
"The ROI has been very good. Because of the solution, I have a tax break. The site developers were not always experienced people. We used to pay more for cleaning up the site when it was infected. Now, we have peace of mind knowing that the solution will clean up the site and that we won't have to go through the unnecessary process of restoring it from a backup. The protection on the WAF and the measures for backups have also prevented our site from going down."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
862,514 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Comms Service Provider
11%
Financial Services Firm
10%
Manufacturing Company
7%
Computer Software Company
16%
Financial Services Firm
15%
Manufacturing Company
9%
Government
6%
Computer Software Company
13%
Manufacturing Company
10%
Financial Services Firm
9%
Real Estate/Law Firm
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GR...
Which would you choose - Cloudflare DNS or Quad9?
Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service...
What do you like most about Cloudflare?
Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.
What are the limitations of AWS WAF vs alternative WAFs?
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Im...
How does AWS WAF compare to Microsoft Azure Application Gateway?
Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft...
What do you like most about AWS WAF?
The most valuable feature of AWS WAF is its highly configurable rules system.
What do you like most about Sucuri?
The initial setup was very easy.
What is your experience regarding pricing and costs for Sucuri?
The pricing is very reasonable. Sucuri offer other features as an add-on, such as backup, but these have an additiona...
What needs improvement with Sucuri?
The main improvement I would like to see is support for .NET applications. If they could include this feature, I woul...
 

Comparisons

 

Also Known As

Cloudflare DNS
AWS Web Application Firewall
No data available
 

Overview

 

Sample Customers

Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
eVitamins, 9Splay, Senao International
The Loft Salon, Tom McFarlin, WPBeginner, Taylor Town, Everything Everywhere, Financial Ducks in a Row, Chubstr, Real Advice Gal, Sujan Patel, Wallao, List25, School the World
Find out what your peers are saying about AWS WAF vs. Sucuri and other solutions. Updated: July 2025.
862,514 professionals have used our research since 2012.