Try our new research platform with insights from 80,000+ expert users

AWS WAF vs Sucuri comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 1, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare
Sponsored
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
76
Ranking in other categories
CDN (1st), Distributed Denial-of-Service (DDoS) Protection (1st), Managed DNS (1st), Cloud Security Posture Management (CSPM) (13th)
AWS WAF
Average Rating
8.0
Reviews Sentiment
7.6
Number of Reviews
59
Ranking in other categories
Web Application Firewall (WAF) (1st)
Sucuri
Average Rating
8.4
Reviews Sentiment
7.5
Number of Reviews
6
Ranking in other categories
Web Application Firewall (WAF) (24th), Distributed Denial-of-Service (DDoS) Protection (16th), Domain Name System (DNS) Security (13th)
 

Featured Reviews

Carlos Alam Hernandez Baruch - PeerSpot reviewer
Fast and secure deployments simplify operations for government and fintech clients
It is a fast and secure DNS. It is very easy to deploy, and my customers are happy with this tool. Additionally, the CDN performance in Mexico is excellent, providing fast service and tools. It offers reliability during high-traffic periods, ensuring no impact on the environment. It helps my clients avoid using on-premise boxes, simplifying operations as they only use the prices on Cloudflare.
Kavin Kalaiarasu - PeerSpot reviewer
AWS's cloud-native security simplifies rule enforcement but needs better DDoS integration
The dashboarding could be improved, and the default metrics provided by AWS WAF could be upgraded. The rate at which AWS updates their managed rule sets could be better. Features like bot protection or DDoS mitigation, available with other WAF vendors, do not come natively with AWS WAF. Instead, they are part of AWS Shield. Providing DDoS protection as part of their WAF solution would be beneficial.
Akshit Malik - PeerSpot reviewer
Provides website security, safeguarding against various threats and effective protection against DDoS attacks
The initial setup is moderate because it's neither too easy nor too hard. Sucuri provides us with many ways to set up our site, handle the routing, and perform the necessary configurations. It's deployed on the cloud. We used the managed service of Sucuri and then routed all the requests from Sucuri to our AWS platform.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable features of the solution are performance and security."
"The most valuable feature of Cloudflare is the GUI. You are able to control the solution very well through the interface. There is a lot of functionality that is embedded in the service."
"When using services like Heroku, Cloudflare is very useful for CNAME flattening. I also use it for their end-to-end SSL with TLS authentication on nginx for securing servers."
"The technical support is good."
"The simplicity of the overall dashboard makes it a great product for a user like me who has less understanding of the internet than a developer or other more technical people. It gives me peace of mind. I also love the easy customization of the Page Rules."
"It's very user-friendly."
"The solution automatically detects and responds to certain types of traffic based on geolocation."
"Easier http to https redirect using page rules"
"The agility is great for us in terms of cloud services in general."
"The most valuable feature is the security, making sure that files are protected, preventing unauthorized users from accessing the system."
"It is Amazon. Everything is scalable. It is beyond what we need."
"The initial setup was very straightforward. Deployment took about ten minutes or less."
"Their technical support has been quite good."
"AWS WAF has a lot of integrated features and services. For example, there are security services that can be integrated very well for our customers."
"AWS has flexibility in terms of WAF rules."
"The solution is stable."
"Domain name scanning since it allows us to scan all our domain names and determine whether it has malware or if is reported as phishing."
"The initial setup was very easy."
"The initial setup was straightforward. Straight forward because the plugin can simply be installed and then it does its job. It's not complex, there is no learning curve. The online scan is simple, you put in the website address and the scan gives us a report on the browser itself. It's simple to use."
"It significantly eases the workload and streamlines the initial setup required to protect a website."
"I use it as a WAF, which is basically a web firewall to monitor and block traffic to our web server."
"The most valuable part is the analytics and visualization."
 

Cons

"There are some issues with the CDN services."
"Cloudflare should add more documentation and pricing to the cloud version."
"For the free and Pro plans, Cloudflare could use a simple bot to provide information to users. This would improve support, especially for less advanced users who utilize the free components."
"Technical support is lacking."
"I think the APIs are a little bit hard for us to work with. The APIs could be more open so that we could integrate better with our SolarWinds or our monitoring solution."
"It should have easier documentation for the configuration. It's very technical and people who aren't technical should also be able to do the configuration."
"We're facing challenges due to an upgrade in the machine learning model. The problem arises from some users abusing the APIs, resulting in an influx of suspicious traffic. Cloudflare's learning model mistakenly identifies this traffic as human. Consequently, it assigns it a higher trust score, akin to legitimate human traffic, causing complications in our architecture. Previously, such traffic would have been categorized as suspicious, enabling us to apply appropriate blocking rules. However, we encounter difficulties distinguishing between genuine and suspicious traffic with the new categorization. Despite these challenges, overall, Cloudflare remains the preferred solution compared to Azure, AWS CloudFront, and Google Cloud Armor."
"For large enterprises, the pricing is okay. However, the enterprise price for small projects is a bit high. A mid-tier pricing option would be beneficial."
"They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats."
"There is room for improvement in pricing."
"It will be helpful if the product recommends rules that we can implement."
"AWS WAF should provide better protection to its users, and the security features need to improve."
"The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on."
"AWS WAF's signature sets have room for improvement due to false positives."
"The solution can improve its price."
"The solution's pricing could be improved."
"Confident score: Currently it does not have one and there are cases that most websites flagged are false-positives."
"I would rate this solution an eight out of ten. The reason is that we have found sometimes customers or Google saying that there is something wrong with the website but Sucuri says that the site is clean so we do have to look at the site manually which means that the Sucuri scan does not pick up anything and everything."
"In terms of improvement, the cost factor is always there."
"The main improvement I would like to see is support for .NET applications. If they could include this feature, I would include more sites in the protection."
"Sucuri could provide help for specific security alerts in-line instead of requiring users to search for it in the help section."
"It would greatly benefit customers if they implemented an online chat or messaging system for quicker assistance."
 

Pricing and Cost Advice

"We don't have any issues with the price."
"So far I use free tier and happy with it. You can subscribe to business package if needed."
"The product's pricing is cheap."
"The product's pricing is minimal compared to other products."
"Cloudflare's pricing is not much higher and is good for middle-level organizations."
"It's a premium model. You can start at zero and work your way up to the enterprise model, which has a very high pricing level."
"The solution is expensive when compared to other products but offers unlimited bandwidth."
"I believe their performance has improved, but I'd like to refrain from discussing the pricing aspect related to the cloud. The pricing, in my opinion, could be simplified, and I think they should consider reevaluating the pricing for support, as it can be quite high. At times, this cost can make it challenging to choose CARFAGuard or opt for the support."
"AWS is not that costly by comparison. They are maybe close to $40 per month. I think it was between $29 or $39."
"The pricing should be more affordable, especially as it pertains to small clients."
"The product’s pricing is reasonable."
"The price is average."
"AWS WAF is pay-as-you-go, I only pay for what I'm using. There is no subscription or any payment upfront, I can terminate use at any time. Which is an advantage."
"AWS WAF has reasonable pricing."
"AWS WAF costs $5 monthly plus $1 for the rule. It's cheap, cost-wise. It's worth the money."
"The solution is affordable."
"It stands out as a more cost-effective option compared to other cloud-based security services like Cloudflare or JetPass."
"Sucuri offers different plans, both the standard plan and an advanced plan. So there are different plans to choose from."
"The ROI has been very good. Because of the solution, I have a tax break. The site developers were not always experienced people. We used to pay more for cleaning up the site when it was infected. Now, we have peace of mind knowing that the solution will clean up the site and that we won't have to go through the unnecessary process of restoring it from a backup. The protection on the WAF and the measures for backups have also prevented our site from going down."
"I’d simply say it’s really worth it."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
861,170 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Comms Service Provider
10%
Financial Services Firm
10%
Manufacturing Company
7%
Computer Software Company
16%
Financial Services Firm
14%
Manufacturing Company
9%
Government
5%
Educational Organization
14%
Computer Software Company
12%
Manufacturing Company
9%
Real Estate/Law Firm
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GR...
Which would you choose - Cloudflare DNS or Quad9?
Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service...
What do you like most about Cloudflare?
Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.
What are the limitations of AWS WAF vs alternative WAFs?
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Im...
How does AWS WAF compare to Microsoft Azure Application Gateway?
Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft...
What do you like most about AWS WAF?
The most valuable feature of AWS WAF is its highly configurable rules system.
What do you like most about Sucuri?
The initial setup was very easy.
What is your experience regarding pricing and costs for Sucuri?
The pricing is very reasonable. Sucuri offer other features as an add-on, such as backup, but these have an additiona...
What needs improvement with Sucuri?
The main improvement I would like to see is support for .NET applications. If they could include this feature, I woul...
 

Comparisons

 

Also Known As

Cloudflare DNS
AWS Web Application Firewall
No data available
 

Overview

 

Sample Customers

Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
eVitamins, 9Splay, Senao International
The Loft Salon, Tom McFarlin, WPBeginner, Taylor Town, Everything Everywhere, Financial Ducks in a Row, Chubstr, Real Advice Gal, Sujan Patel, Wallao, List25, School the World
Find out what your peers are saying about AWS WAF vs. Sucuri and other solutions. Updated: June 2025.
861,170 professionals have used our research since 2012.