No more typing reviews! Try our Samantha, our new voice AI agent.

F5 Rules for AWS WAF vs The Fastly Next-Gen WAF (powered by Signal Sciences) comparison

Sponsored
 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare Web Application ...
Sponsored
Ranking in Web Application Firewall (WAF)
7th
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
26
Ranking in other categories
No ranking in other categories
F5 Rules for AWS WAF
Ranking in Web Application Firewall (WAF)
15th
Average Rating
8.4
Reviews Sentiment
7.8
Number of Reviews
10
Ranking in other categories
Business Rules Management (3rd)
The Fastly Next-Gen WAF (po...
Ranking in Web Application Firewall (WAF)
33rd
Average Rating
7.6
Reviews Sentiment
4.8
Number of Reviews
4
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Web Application Firewall (WAF) category, the mindshare of Cloudflare Web Application Firewall is 4.0%, down from 5.8% compared to the previous year. The mindshare of F5 Rules for AWS WAF is 0.4%, up from 0.0% compared to the previous year. The mindshare of The Fastly Next-Gen WAF (powered by Signal Sciences) is 1.1%, up from 0.9% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Web Application Firewall (WAF) Mindshare Distribution
ProductMindshare (%)
Cloudflare Web Application Firewall4.0%
F5 Rules for AWS WAF0.4%
The Fastly Next-Gen WAF (powered by Signal Sciences)1.1%
Other94.5%
Web Application Firewall (WAF)
 

Featured Reviews

DB
CTO at PlayNirvana
Advanced security reporting has protected high-traffic betting platforms from constant attacks
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we have a dedicated IT team for that, and I'm not involved with Cloudflare much anymore. But if I were to compare them to F5, I would like to see more features that F5 offers. F5 has an option to bring the whole infrastructure, the whole WAF and all their packages, Bot Management, and everything else on your infrastructure. You need to install certain services from their side, and then you can choose if you would like requests to hit your servers immediately or if requests need to be proxied through F5 backbone. That would be a nice addition because we have 90% of the traffic as legit traffic coming from whitelisted servers. If it comes from whitelisted servers, I don't need to go every request through the backbone; I could easily just IP whitelist everything. Then I could maybe have Bot Management on my infrastructure that drastically reduces the price of Cloudflare. I would like to see Push CDN more improved in the next release of Cloudflare Web Application Firewall. And maybe something similar to Pushpin that Fastly has, which is an option where you can push messages that then can be scaled globally over the network. From our perspective, if we have a listener that listens for stock updates, I would just need to have one processor that pushes those updates to the Cloudflare API, and then Cloudflare would broadcast that message to all listeners. Cloudflare will check the order of the message, and if you, as a customer, are not connected or have some kind of network issue, when you reconnect, you will receive the latest state and missing updates.
Vibin Thomas - PeerSpot reviewer
Technical Team Lead - Content Security at Valuepoint Systems
Advanced protection has reduced web attacks and improves application performance and operations
One area where F5 Rules for AWS WAF can be improved is in simplifying the tuning process. While F5 Rules for AWS WAF is powerful, fine-tuning it to match specific application behavior can sometimes be complex and time-consuming, especially for teams without deep WAF expertise. Another improvement could be enhanced visibility and reporting. Although AWS WAF provides logs, having more intuitive and built-in dashboards or clearer categorization of rule triggers would make it easier to quickly identify and analyze attack patterns. Additionally, expanding the capabilities around bot management and behavior analysis would be beneficial compared to some dedicated bot management solutions. More advanced detection techniques could further strengthen the protection against sophisticated automated traffic. Finally, providing more predefined templates or best practice recommendations for different application types would help speed up the deployment and reduce the initial configuration effort.
reviewer2161107 - PeerSpot reviewer
Staff Engineer at a retailer with 1,001-5,000 employees
Room for improvement with user interface while competitive pricing impresses
It is managed through Infrastructure as Code, so all configurations can be managed in the code itself, which is beneficial. Because it uses rules, it is easy to set up, and we have many different sites where the configurations are straightforward. Though the UI is not very interactive, which is a downside, we can manage many things. The UI is not very intuitive and could be better. However, we manage all the configurations through code, which is easy to maintain. It has extensive anomaly detection capabilities, so the traffic is classified into several categories where thresholds can be defined and customized based on false positives and false negatives. This is advantageous because you do not need to tweak it very often. Once you set it up, an audit once a quarter would suffice. Because The Fastly Next-Gen WAF (powered by Signal Sciences) is API-driven, we have integrations with the CI/CD pipeline through GitHub Actions, making it easy to integrate.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product has improved our security posture by blocking bad actors."
"The stability of Cloudflare Web Application Firewall deserves a perfect 10 out of 10."
"The most valuable part of the solution for us overall is exactly that it is a Software-as-a-Service product."
"I'm highly satisfied. It's remarkably user-friendly, enabling me to quickly identify issues, and deploy solutions, and it offers the necessary features."
"Someone with a basic understanding of networking and security will be able to implement the firewall's basic features within 15 minutes."
"It is configurable via API."
"The impact of Cloudflare Web Application Firewall's integration with existing web technologies on our site's performance and security measures is quite great, actually."
"Technical support has a very fast response time and they are helpful."
"After implementing F5 Rules for AWS WAF, we observed a reduction of approximately 60 to 70% in web application security incidents reaching our application team, particularly blocking common threats like bot traffic and SQL injections without impacting our downstream systems."
"F5 Rules for AWS WAF's OWASP protection and bot protection have reduced attacks on my applications by 72 to 90%."
"Overall, the combination of reduced manual effort, improved security posture, and better application performance has delivered a strong return on investment."
"F5 Rules for AWS WAF should be highly recommended for AI applications, as security is a major concern, and using F5 helps prevent security issues and stabilizes organizations and applications."
"F5 Rules for AWS WAF is a strong, enterprise-focused solution for organizations that need robust web application security, centralized policy management, and better visibility into application layer threats within AWS environments."
"In the past few years, we have zero security incidents, indicating a return on investment."
"I advise anyone looking for a great tool to secure their public-facing applications to start using F5 Rules for AWS WAF."
"F5 Rules for AWS WAF has positively impacted us by improving our web application security without adding too much operational overhead."
"The product's most valuable feature is its ability to set up the rules easily."
"Because The Fastly Next-Gen WAF (powered by Signal Sciences) is API-driven, we have integrations with the CI/CD pipeline through GitHub Actions, making it easy to integrate."
"When configuring a web application firewall using Signal Sciences, we configure a rule whereby no one except a few people can access the application."
"Fastly (Signal Sciences) integrates and tags the intermittent traffic based on patterns. It generates signals and provides them in a dashboard where we can view them and decide whether to allow or deny traffic. It's a more advanced and easy-to-navigate dashboard."
 

Cons

"Cloudflare should update the version of the ModSecurity core rule set that they run on."
"They have some limitations with third-party integrations."
"Its stability could be better."
"The learning curve was steep initially."
"We have noticed some latency when the call goes through the firewall. That could be improved."
"We don't even use Cloudflare Bot Management because it's too expensive; you need to pay per request, and it's much cheaper to get one or two additional machines."
"The solution's learning curve can still be further reduced"
"The user interface is very simple and straightforward, but users need knowledge about DNS to accomplish tasks."
"One area where F5 Rules for AWS WAF can be improved is in simplifying the tuning process."
"There are potential false positives in F5 Rules for AWS WAF that sometimes require tuning."
"F5 Rules for AWS WAF can be improved by simplifying the tuning process to reduce false positives and providing more built-in dashboards for better visibility and further customization."
"I think F5 Rules for AWS WAF could be improved mainly around visibility, specifically having more actionable recommendations for false positives."
"The additional costs for F5 Rules for AWS WAF are quite high, as F5 managed rules require a separate subscription on top of the standard AWS WAF charges; it would be great if it would be pre-integrated."
"F5 Rules for AWS WAF could be improved with deeper integration with Infrastructure as Code tools like Terraform for simplification, as well as more AI-driven recommendations for rules tuning to reduce false positives and better dashboards for visibility at the CXO level."
"It's too early to talk about a return on investment with F5 Rules for AWS WAF."
"An area for improvement I see is that while everything is in good shape, I demand continuous improvisation of these rule sets."
"The areas that could be improved in Signal Sciences include the effectiveness of rules, as many didn't function optimally and required custom rule-writing to address bypasses for WAF."
"Even if we create some custom rules, Signal Sciences cannot capture some of the malicious traffic."
"The UI is not very intuitive and could be better."
"Fastly don't support caching for China users. That's the only feature lacking compared to Akamai."
 

Pricing and Cost Advice

"The pricing model is very straightforward compared to the competition. You just pay per month for the product and usage."
"It starts at $20 and can easily go up to $200 monthly"
"It is not too pricey."
"Cloudflare offers different types of subscriptions for businesses, enterprises, and personal users, and the pricing is negotiable."
"What's my experience with pricing, setup cost, and licensing? I believe the pricing is not the best, but it's reasonable and acceptable. We also use the McAfee system in parallel. In terms of pricing, its okay - not great, but not bad either. It falls in the middle, which is acceptable. In terms of support licensing, last time, we were searching for a solution, and we considered products from resellers rather than directly from the cloud provider. However, the pricing we encountered was exceptionally high. As a result, we are inclined to select support from the reseller."
"Cloudflare Web Application Firewall is more affordable than other solutions."
"The annual licensing fee is $10,000 USD."
"We pay $210 per month for CloudFlare WAF."
Information not available
"Signal Sciences is pretty cheap compared to other solutions."
"The product has an affordable cost."
"The pricing is 50% less than Akamai."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
17%
Financial Services Firm
9%
Comms Service Provider
9%
Manufacturing Company
7%
Construction Company
33%
Comms Service Provider
16%
Computer Software Company
6%
Energy/Utilities Company
5%
Manufacturing Company
12%
Retailer
10%
Financial Services Firm
9%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business16
Midsize Enterprise6
Large Enterprise6
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise1
Large Enterprise6
No data available
 

Questions from the Community

What needs improvement with Cloudflare Web Application Firewall?
I don't see room for improvement to Cloudflare Web Application Firewall. One thing I don't know much about because we...
What is your primary use case for Cloudflare Web Application Firewall?
We are using Cloudflare Web Application Firewall's advanced reporting and analytics tools with their Zero Trust, so e...
What is your experience regarding pricing and costs for F5 Rules for AWS WAF?
My experience with the pricing, setup cost, and licensing for F5 Rules for AWS WAF was good with purchasing and the s...
What needs improvement with F5 Rules for AWS WAF?
From an improvement standpoint, one area where F5 Rules for AWS WAF could improve is in simplifying policy management...
What is your primary use case for F5 Rules for AWS WAF?
My main use case for F5 Rules for AWS WAF is strengthening web application security for internet-facing applications ...
What is your experience regarding pricing and costs for Signal Sciences?
The pricing is very competitive compared to other providers. The pricing is definitely a factor in our decision-makin...
What needs improvement with Signal Sciences?
We do use it, but the UI can be improved as we mostly work through the CI/CD. It provides support, but sometimes it i...
What is your primary use case for Signal Sciences?
The CDN is for caching and The Fastly Next-Gen WAF (powered by Signal Sciences) is for protecting the servers from ma...
 

Also Known As

Cloudflare WAF
No data available
Signal Sciences Next-Gen WAF, Signal Sciences RASP
 

Overview

 

Sample Customers

crunchbase, udacity, marketo, okcupid, zendesk
Information Not Available
Chef, Adobe, Datadog, Etsy, GrubHub, Vimeo, SendGrid, Under Armour, Duo, AppNexus
Find out what your peers are saying about F5 Rules for AWS WAF vs. The Fastly Next-Gen WAF (powered by Signal Sciences) and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.