


NGINX App Protect and Barracuda WAF-as-a-Service are competitors in the web application firewall market. Barracuda WAF-as-a-Service seems to have an edge in terms of feature set, while NGINX App Protect is often preferred for its pricing and customer service.
Features: NGINX App Protect offers seamless integration with NGINX environments, effective DDoS protection, and comprehensive command-line management. Barracuda WAF-as-a-Service provides comprehensive threat intelligence, real-time attack detection, and robust threat prevention capabilities tailored to extensive security needs.
Room for Improvement: NGINX App Protect could enhance deployment simplicity, expand integration beyond NGINX, and include broader threat intelligence features. Barracuda WAF-as-a-Service might improve cost efficiency, offer better customization for smaller infrastructures, and streamline its user interface.
Ease of Deployment and Customer Service: NGINX App Protect may require more technical expertise upfront but offers strong support for NGINX platforms, coupled with responsive customer service. Barracuda WAF-as-a-Service facilitates easier deployment with minimal infrastructure changes and delivers commendable customer service.
Pricing and ROI: NGINX App Protect is noted for competitive pricing and attractive ROI, especially when integrated with existing NGINX setups, offering reduced additional expenditure. Barracuda WAF-as-a-Service, despite being perceived as more expensive, offers significant return on investment through its extensive security features, which can justify the cost for comprehensive security needs.
My experience with the pricing or licensing of Cloudflare Web Application Firewall is that many features can be accessed for free, so the pricing is definitely reasonable.
Barracuda WAF-as-a-Service has positively impacted our organization by reducing cyber threats like ransomware and phishing by ninety-five percent.
For us, the biggest value comes from improved security and the reduced workload on the team, which makes the investment feel justified.
From an ROI and impact perspective, there is a 20 to 35% reduction in day-to-day administrative effort.
I would rate the technical support with Cloudflare as excellent every time I've had to contact them.
The technical support of Cloudflare Web Application Firewall rates between five and seven at maximum.
We had an incident requiring direct support, and the representatives were really helpful, resolving our query within forty-five minutes.
The engineers were helpful and knowledgeable, and we were able to get the guidance we needed.
I would rate Barracuda WAF-as-a-Service customer support as a nine on a scale of one to ten.
They were quick and efficient when we had issues.
I would rate the customer support a 9 on a scale of 1 to 10.
The scalability of Cloudflare Web Application Firewall rates between 8 to 9, as it depends upon the use cases and what exactly the client needs.
Scalability is good for Barracuda WAF-as-a-Service; we can scale up or down based on our needs.
As our needs have grown and we have added more applications, it has handled this expansion without creating extra management overhead.
The scalability of NGINX App Protect is good and open source at its best.
The stability of Cloudflare Web Application Firewall deserves a perfect 10 out of 10.
We have not faced any downtime, crashes, or lag.
Barracuda WAF-as-a-Service is extremely accurate in detection and reporting, and I find very few false positives.
Barracuda WAF-as-a-Service has been stable in our experience, and we have not faced any major downtime or service-impacting issues.
It is a quality solution, and I would rate its stability as eight out of ten.
The product can improve by having more multitenancy capability, which is currently not available.
I think they're doing a good job with DNS and as support for any domains that I create or that my clients create, it's mandatory for me to ensure they have Cloudflare as their DNS provider.
And maybe something similar to Pushpin that Fastly has, which is an option where you can push messages that then can be scaled globally over the network.
The ROI they have given us is tremendous, and they are doing really well in terms of product, scalability, and service.
Modernizing the UI further, simplifying packaging and licensing clarity, enhancing the executive reporting and risk dashboard, and expanding broader cloud-native integration would be beneficial improvements.
There is one issue regarding local data storage, as they do not have that capability, and we are storing the data in another foreign country, which is against the law.
There was more information from F5 regarding hardware requirements and specifications to deploy the service.
For now, I think NGINX App Protect is good, but maybe I would like to see the logging feature added.
The GUI and web GUI configuration could be improved to be easier to manage and use.
This system allows us to pay only for what we use, saving a lot of money, so I give it a ten out of ten as it is both a money and time saver for the organization.
Barracuda service is customizable but external references note that licensing and cost planning can become complex.
While it may not be the cheapest solution available, we believe the security, ease of management, and operational benefits provide good value for the investment.
The custom rules and the geo-redundant geographical rule feature, which allows me to implement geographical rules for customers, add significant value.
The best features of Cloudflare Web Application Firewall are multiple, including the WAF, rate limiter, and bot attack protection.
Cloudflare Web Application Firewall's advanced reporting and analytics tools add a layer that we're able to visualize and see before it actually hits the local firewall.
The centralized dashboard is helping us streamline visibility across our admin panels and provides site-to-site visibility deployed directly to our AWS environment, securing VPC traffic and ensuring the firewall is in place.
One of the strongest points is the speed of deployment, which features a three-step deployment wizard, pre-built templates, and quick onboarding, making it suitable for teams that want protection fast without complex infrastructure setup.
I particularly appreciate its ability to automatically detect and block common web attacks such as SQL injection, XSS, and bot-based threats without requiring manual intervention.
The most valuable feature is the ability to operate in a DevOps environment and to be configured through API and pipeline by the developers themselves.
Some threats like injection and running scripts, SQL injections, these all get stopped and rejected by the server.
Detecting bots and blocking IPs have proven effective for securing applications.
| Product | Mindshare (%) |
|---|---|
| Cloudflare Web Application Firewall | 4.0% |
| NGINX App Protect | 2.0% |
| Barracuda WAF-as-a-Service | 0.9% |
| Other | 93.1% |


| Company Size | Count |
|---|---|
| Small Business | 16 |
| Midsize Enterprise | 6 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 13 |
| Midsize Enterprise | 2 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 7 |
| Large Enterprise | 13 |
Cloudflare Web Application Firewall integrates DDoS protection, load balancing, and firewall capabilities. Its ease of use, configurability, and robust security measures make it a versatile choice for protecting web applications.
Cloudflare Web Application Firewall provides a comprehensive defense against threats with advanced reporting and robust security measures. It includes DNS integration, rate limiting, and extensive rule sets, all within a SaaS model that allows API configurability. Users value its caching, scalability, and pricing, although enhancements are needed in rate-limiting and third-party integration. Improvements in customer support, especially in India, real-time controls, and user documentation are also desired. Users seek a more intuitive dashboard, better log management, and improved alert systems, along with multitenancy capabilities and enhanced reporting.
What are the key features of Cloudflare Web Application Firewall?Cloudflare Web Application Firewall finds application in industries like banking and retail by acting as a comprehensive security gateway, managing authentication and authorization while protecting web applications from malicious Layer 7 traffic. It also implements load balancing, CDN, and zero-trust policies, supported by advanced reporting, analytics tools, and threat scoring to meet specific industry needs.
Barracuda WAF-as-a-Service streamlines cloud security with features like automatic updates, real-time detection, and bot protection. It enhances AWS environments with simplified management and threat intelligence.
Barracuda WAF-as-a-Service provides robust application security, leveraging automatic security updates and real-time attack detection to defend against threats. Its centralized dashboard offers an intuitive management experience, complemented by automated policies. Real-time threat intelligence, application control, and VPN support contribute to its security efficacy. Its capabilities to detect and prevent DDoS, application, and unknown OS attacks ensure comprehensive protection. Although licensing complexity, high costs, stability concerns, and regional compliance issues pose challenges, it effectively secures websites and email systems against malware, phishing, and ransomware, and simplifies cloud migration.
What are the key features of Barracuda WAF-as-a-Service?In industries like e-commerce and finance, Barracuda WAF-as-a-Service is implemented for its effectiveness in securing cloud-based applications while reducing the need for on-premises equipment. Its strength in protecting both websites and email systems makes it a preferred choice for businesses migrating to cloud solutions.
NGINX App Protect offers comprehensive security features like auto-learning and bot protection. Its real-time threat detection and ease of integration make it suitable for web and mobile application security across on-premises, cloud, and container environments.
NGINX App Protect stands out with its adaptive machine learning, scalable deployment options, and robust API connectivity, offering Layer 7 DDoS protection and an OWASP-certified WAF. While it supports comprehensive traffic and security management, enhancements in platform integration, automation, and technical support could improve usability. The pricing model and policy management options could also see refinement. Commonly employed in securing web and mobile applications, it addresses threats including OWASP Top 10 vulnerabilities and DDoS attacks, while providing seamless integration with Kubernetes and CI/CD pipelines.
What are the key features of NGINX App Protect?NGINX App Protect finds broader use in sectors like banking and telecommunications, where it secures high-performance digital infrastructures. Its application spans perimeter security, load balancing, and acts as a reverse proxy in environments necessitating stringent security, high throughput, and robust management. The tool's adaptability facilitates its deployment alongside containers, ensuring compatibility with contemporary development practices.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.