HAProxy vs Wallarm NG WAF comparison

HAProxy and Wallarm are both solutions in the Web Application Firewall (WAF) category. HAProxy is ranked #14 with an average rating of 8.2, while Wallarm is ranked #40. Additionally, 92% of HAProxy users are willing to recommend the solution, compared to 100% of Wallarm users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between HAProxy and Wallarm NG WAF based on real PeerSpot user reviews.

Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

To learn more, read our detailed HAProxy vs. Wallarm NG WAF Report (Updated: December 2025).

Buyer's Guide

HAProxy vs. Wallarm NG WAF

December 2025

Download the complete report

Helped 879,853 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Cloudflare

Featured Reviews

Herb Angle

Owner at Hga consulting

Has helped manage client domains with streamlined access control and threat visibility

I don't know what areas could be improved with Cloudflare WAF; Cloudflare is constantly improving and adding features to their feature set. They're doing a good job, and as far as DNS and support for any domains that I create or my clients create, it's mandatory for me to make sure that they have Cloudflare as their DNS provider. The Cloudflare load balancing capability hasn't really helped in enhancing my website's uptime and resiliency because we don't really get that much traffic; it's mostly remote users, and web hosting is done by a web hosting service. It doesn't pay to try to host your own website.

Read full review

Shrinivas Devarkonda

Head of DevOps at TripFactory

Handles high traffic efficiently and simplifies complex routing with rule-based logic

I think HAProxy is good as it stands now, but I believe there could be improvements. gRPC has recently been implemented, which is great, along with TLS 1.2 and 1.3 support, and HTTP 2.0 is also available. However, I'm unsure about the benchmark of those HTTP 2.0 requests on HAProxy. If there were any other protocol with better performance than HTTP 2.0, or perhaps mTLS and other similar features, including that in HAProxy would be really great. For improvements, I think that during setup and configuration, the steps provided are neat and clear. Anyone can easily install and configure it. There are many kernel tuning parameters also available, which is great. For specific improvement, in terms of logging, I think printing the full object of the request may help, or if there's a way to reference two requests, it would be beneficial to find a complete session history from a logged-in customer, as it would help analyze customer and user analytics.

Read full review

it_user796242

Information Security Engineer at a tech vendor with 51-200 employees

Helps us to monitor attacks to our sites and prevents a lot of them

Set up Wallarm as a reverse proxy. Do not replace your web server. Use Wallarm first in monitoring mode, then learn from Wallarm which type of request is false positive and which type of request is not. This process takes a couple of weeks for very highly-loaded web applications (few millions of unique visitors in one month). Then you can turn Wallarm into blocking mode and everything will be fine. Do not forget to build a monitoring system, the wave, and API for it. Before we started using Wallarm, I already knew Ivan (CEO) and Stepan (COO) from a couple of years before. Ivan had his own security company and Stepan was working on a Russian security magazine called Xakep. They told us that they wanted to create a new WAF and already had a working version of it. They asked me to test it. We did tests, and it was really good. After few month after testing, we signed an agreement. Our choice was made not because we knew these guys for a long time, but because the product was really cool and we were glad to start using it as one of the first on the market!

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"DDoS attacks target unprotected machines. Cloudflare detects and stops these attacks using internal systems. It identifies incoming DDoS attacks, issuing challenges or blocking them immediately."

"The technical support is good."

"Smaller businesses have seen great ROI due to the low investment and strong performance."

"From what I've seen so far, there are no negatives to report as of yet"

"The web application firewall brought us good security and a view of the accesses/blocks of the entire domain and subdomain that were accessed both by region (country) and IPs."

"The attacker won't have details since my public IP is anonymous. It offers us good privacy."

"It's a great product because it's scalable, has great coverage, and is mature with good defenses against DDoS attacks."

"When using services like Heroku, Cloudflare is very useful for CNAME flattening. I also use it for their end-to-end SSL with TLS authentication on nginx for securing servers."

More Cloudflare pros

"I can simplify configurations of many internal services (e.g. Web server configs) by moving some elements (like SSL) to HAProxy. I can also disable additional applications, like Varnish, by moving traffic shaping configurations to HAProxy."

"We have reduced a lot of servers, replacing them with one or two HAProxy servers which deliver better performance, accuracy, and an almost 100% success rate with requests coming from customers or other sources, and there are no loopholes, disconnects, or gaps in the entire data flow."

"The most important features would be the load-balancing of HTTP and TCP requests, according to multiple LB-algorithms (busyness, weighted-busyness, round robin, traffic, etc). Another important feature that we cannot live without is the username/passwd authentication for legacy systems that had none."

"The solution is effective in managing our traffic."

"It reduced the load on our main load balancers."

"We were able to use HAProxy for round robin with our databases, or for a centralized TCP connection in one host."

"The support for all major Linux distros makes running and testing a breeze."

"HAProxy's TCP load balancer is excellent and super stable."

More HAProxy pros

"Helps us to monitor situation in regards to attacks to our sites and prevents a lot of them."

Cons

"We're facing challenges due to an upgrade in the machine learning model. The problem arises from some users abusing the APIs, resulting in an influx of suspicious traffic. Cloudflare's learning model mistakenly identifies this traffic as human. Consequently, it assigns it a higher trust score, akin to legitimate human traffic, causing complications in our architecture. Previously, such traffic would have been categorized as suspicious, enabling us to apply appropriate blocking rules. However, we encounter difficulties distinguishing between genuine and suspicious traffic with the new categorization. Despite these challenges, overall, Cloudflare remains the preferred solution compared to Azure, AWS CloudFront, and Google Cloud Armor."

"For the free and Pro plans, Cloudflare could use a simple bot to provide information to users. This would improve support, especially for less advanced users who utilize the free components."

"It would be helpful if the solution could continue evolving to compete with the other solutions on the market."

"The Cloudflare load balancing capability hasn't really helped in enhancing my website's uptime and resiliency because we don't really get that much traffic; it's mostly remote users, and web hosting is done by a web hosting service."

"Support response time could be improved."

"The timing aspect can lead to it being considered overpriced. This is a particular concern we have with Cloudflare, as they may struggle with accurately detecting the client."

"I believe they currently have this feature, but there will most likely be integration with APIs so we can control some features through API."

"Areas like how assessment, discovery, and payload are dealt with and how it all comes into your organization can be considered when trying to make suggestions to Cloudflare for improvements."

More Cloudflare cons

"The solution can be improved by controlling TCP behavior better and mandating to clients what the expected outcome must be in order to avoid receiving contestant timeout logs."

"The reconfigurability in terms of the tooling could be improved and maybe an editor plugin can be added."

"There is no standardized document available. So, any individual has to work from scratch to work it out. If some standard deployment details are available, it would be helpful for people while deploying it. There should be more documentation on the standard deployment."

"The visibility could be improved."

"HAProxy could improve by making the dashboards easier to use, and better reports and administration tickets."

"Pricing, monitoring, and reports can be improved."

"There is room for improvement in HAProxy's dynamic configuration."

"Dynamic update API. More things should be possible to be configured during runtime."

More HAProxy cons

"The biggest problem for us was the stability and speed using the first version of Wallarm. Now, it is fine."

Pricing and Cost Advice

"The cost primarily depends on the size of the organization."

"The price is reasonable."

"A free version of the solution is available."

"The solution has many features but there are ones that you need to pay for. Sometimes you have to find out which is available for free and which you have to pay for."

"It's a premium model. You can start at zero and work your way up to the enterprise model, which has a very high pricing level."

"The tool is a premium product, so it is very expensive."

"That is one of the great features. I was able to access the majority of the features and services for free."

"I give the price a five out of ten."

More Cloudflare pricing and cost advice

"We are using HAProxy as an open-source."

"Test/lab virtual machines can be installed without a licence. They can't be used for performance testing but otherwise behave like production nodes."

"When it comes to pricing HAProxy is free."

"The price is well worth it. HAProxy Enterprise Edition paid for itself within months, simply due to the resiliency it brings. It was a bit more expensive than we were originally interested in paying, but we are thankful we chose to go with HAProxy."

"Very good value for the money. One of the simplest licensing schemes in this category of products."

"We use NGINX as well. However, because the health checks are a paid feature, I like to avoid it whenever possible."

"HAProxy is a free open-source solution."

"The only cost is for the image manager, who is responsible for uploading the image, and that is trivial."

More HAProxy pricing and cost advice

"Pricing must be cheaper than the competition and the licensing must be good."

See which vendors are best for you

Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.

See recommendations

879,853 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

12%

Financial Services Firm

10%

Comms Service Provider

10%

Manufacturing Company

Computer Software Company

17%

Financial Services Firm

11%

Comms Service Provider

Manufacturing Company

Computer Software Company

14%

Manufacturing Company

13%

Government

13%

Financial Services Firm

10%

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	46
Midsize Enterprise	8
Large Enterprise	25

By reviewers
Company Size	Count
Small Business	17
Midsize Enterprise	15
Large Enterprise	16

No data available

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?

Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GR...

See all answers

Which would you choose - Cloudflare DNS or Quad9?

Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service...

See all answers

What do you like most about Cloudflare?

Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.

See all answers

Do you recommend HAProxy?

I do recommend HAProxy for more simple applications or for companies with a low budget, since HAProxy is a free, open...

See all answers

What do you like most about HAProxy?

The solution is effective in managing our traffic.

See all answers

What is your experience regarding pricing and costs for HAProxy?

Since we used the open-source version, we were not concerned about pricing, setup cost, or licensing.

See all answers

Ask a question

Earn 20 points

Comparisons

Quad9 vs Cloudflare

Compared 50% of the time

Akamai vs Cloudflare

Compared 4% of the time

Imperva Application Security Platform vs Cloudflare

Compared 3% of the time

Myra Security DDoS Protection vs Cloudflare

Compared 2% of the time

Azure DNS vs Cloudflare

Compared 2% of the time

More Cloudflare Competitors

NetScaler vs HAProxy

Compared 11% of the time

F5 BIG-IP Local Traffic Manager (LTM) vs HAProxy

Compared 11% of the time

Envoy vs HAProxy

Compared 11% of the time

Microsoft Azure Application Gateway vs HAProxy

Compared 10% of the time

Kemp LoadMaster vs HAProxy

Compared 9% of the time

More HAProxy Competitors

Akamai API Security vs Wallarm NG WAF

Compared 20% of the time

Cequence Security vs Wallarm NG WAF

Compared 15% of the time

Imperva Application Security Platform vs Wallarm NG WAF

Compared 11% of the time

Salt Security vs Wallarm NG WAF

Compared 11% of the time

AWS WAF vs Wallarm NG WAF

Compared 7% of the time

More Wallarm NG WAF Competitors

Product Reports

Buyer's Guide

Cloudflare

January 2026

Download Cloudflare product report

Buyer's Guide

HAProxy

December 2025

Download HAProxy product report

Buyer's Guide

Web Application Firewall (WAF)

January 2026

Download Wallarm NG WAF product report

Also Known As

Cloudflare DNS

HAProxy Community Edition, HAProxy Enterprise Edition, HAPEE

Wallarm NG-WAF

Overview

Cloudflare enhances web performance and security with features like CDN caching and DDoS mitigation while providing easy DNS management and intuitive setup through its user-friendly dashboard.

Cloudflare is recognized for its comprehensive web security and performance solutions. Speed improvements are achieved through caching mechanisms and DDoS protection, combining ease of DNS management with flexible page rules. The robust analytics and threat insight tools provide valuable data, assisted by a user-friendly dashboard allowing quick setup and configuration. An API offers dynamic DNS settings ensuring low latency and high performance across the globe.

What are Cloudflare's key features?

CDN Caching: Enhances website speed through content delivery network caching.
Web Application Firewall: Protects websites from online threats.
DDoS Mitigation: Shields against distributed denial-of-service attacks.
DNS Management: Offers easy-to-use and flexible domain management.
SSL Certificates: Ensures secure connections between users and servers.
Analytics: Provides insights with robust analytics tools.

What benefits and ROI should users evaluate?

Enhanced Security: Strengthening web security with DDoS and firewall protection.
Speed Improvement: Faster content delivery with CDN caching.
Operational Simplicity: Simplifies website optimization through a user-friendly interface.
Scalable Solutions: Scales with global reach, lowering latency for improved performance.
Cost Efficiency: Offers layers of valuable functionality with pricing options.

Cloudflare finds utility across industries for DNS management and defense mechanisms. Its content delivery network assures fast content distribution and fortified security. Businesses integrate features like web application firewalls, load balancing, end-to-end SSL, and zero trust to protect websites from cyber threats while ensuring resilience and reliable performance.

Cloudflare

HAProxy is considered by many in the industry to be one of the fastest and most popular and trusted software load balancer products in the marketplace today. Organizations are able to immediately deploy HAProxy solutions to enable websites and applications to optimize performance, security, and observability. HAProxy solutions are available to scale to any environment.

HAProxy is an open-source product and has a robust, active, reliable community. The solutions are continually tested and improved on by the community. HAProxy offers a dynamic design to support the most modern architectures, microservices, and deployment environments (appliances, containers, virtual, and cloud).

HAProxy utilizes a cloud-native protocol, which makes it a complete solution for cloud services such as Red Hat OpenShift, OVH, Rackspace, Digital Ocean, Amazon Web Services (AWS), and more. It also can be used as the reference load balancer in OpenStack.

HAProxy Products

HAProxy One: This is a next-gen end-to-end application delivery platform created to secure and streamline modern application architectures. It offers a complete suite of solutions, such as application delivery software, turnkey, and appliance services observed and administered through a central control plane. The product supplies application acceleration, CDN, DDoS, bot management, WAF capabilities, and load balancing.

HAProxy Fusion Control Plane: This product enables organizations to streamline workflows, arrange traffic routing and security protocols, enhance the speed of delivery, and scale out of the organization’s applications. HAProxy Fusion Control Plane offers an intuitive user interface to observe and control the complete product lineup and API for administering numerous fleets of HAProxy Enterprise servers, either in the cloud or on premises.

HAProxy Edge: This product offering is an application delivery network (ADN) that provides a broad array of turnkey application services with amazing scale and complete visibility. Services include application and content acceleration, advanced security, and load balancing.

HAProxy ALOHA Hardware or Virtual Load Balancer: This product is a virtual load balancer or plug-and-play hardware constructed upon HAProxy Enterprise that is designed to support proxying at Layer 4 and Layer 7. It has a user-friendly GUI, simple deployment, and no limit on backend servers, making it a complete product for organizations desiring a reliable system to provide high-end load distribution for critical services.

HAProxy Enterprise Kubernetes Ingress Controller: This product is designed to facilitate smooth traffic flow into a Kubernetes cluster. It is able to automatically discover anomalies and changes in an organization's Kubernetes infrastructure and provide precise distribution of traffic to healthy pods, with no downtime caused by poor pod health or scaling changes. The product comes with an embedded WAF to optimize the security of an organization’s applications running in Kubernetes.

HAProxy Enterprise: This product is the enterprise-class edition of HAProxy offering a dynamic and sturdy code base with next-generation features, an enterprise suite of add-ons, professional services, and trusted support.
- Cluster-wide tracking and rate limiting
- Advanced DDoS and bot management
- Web application firewall
- Reliable expert support
- High performance modules
- Device detection and geolocation
- Real-time dashboard

Reviews from Real Users

“Having the right load balancing solution – which is what HAProxy is – and protection in place gives organizations peace of mind.” - Nathanel S., Platform Architect at SES

“I use HAProxy for individuals who can not buy low balancers. I built NFV in a box and send individuals a pathway into an HAProxy VM. The setup was not difficult; it usually takes a day to complete for a VPC. When it comes to pricing, HAProxy is free.” - Nasir O., Network & Cloud Architect at Koala Compute Inc.

HAProxy

Wallarm NG WAF provides advanced security by integrating machine learning, making it essential for modern web applications. It offers protection against sophisticated threats and automates many processes.

Wallarm NG WAF leverages AI-driven technology to deliver robust security measures. It helps in defending web applications from cybersecurity threats with enhanced threat detection and response capabilities. Beyond vulnerability insights, Wallarm enhances security protocols, scales with growing online demands, and ensures comprehensive threat coverage, fostering a safer web environment.

What are the key features of Wallarm NG WAF?

AI-Powered Threat Detection: Identifies and mitigates sophisticated attacks efficiently.
Automated Security Updates: Continuously updates defense strategies without manual intervention.
Flexible Deployment: Easily integrates across cloud, on-premise, and hybrid setups.
Scalability: Adapts to growing traffic volumes with consistent protection.
Detailed Reporting: Provides comprehensive analytics on web security posture.

What benefits can users expect from Wallarm NG WAF?

Increased Security: Enhances threat detection and reduces vulnerabilities.
Operational Efficiency: Reduces manual intervention with automated tasks.
Cost-Effectiveness: Optimizes security expenditure by preventing potential breaches.
Time Savings: Automates repetitive actions, saving valuable time for IT teams.

In industries like finance, e-commerce, and healthcare, Wallarm NG WAF is implemented to ensure data protection and compliance with stringent security standards. Its adaptability allows it to meet industry-specific requirements, offering specialized configurations tailored to each sector's unique demands.

Wallarm

Sample Customers

Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.

Booking.com, GitHub, Reddit, StackOverflow, Tumblr, Vimeo, Yelp

Panasonic. Miro. Rappi. Wargaming. Gannett. Omio. Acronis. Workforce Software. Tipalti. SEMRush.

Buyer's Guide

HAProxy vs. Wallarm NG WAF

December 2025

Free Report: HAProxy vs. Wallarm NG WAF

Find out what your peers are saying about HAProxy vs. Wallarm NG WAF and other solutions. Updated: December 2025.

DOWNLOAD NOW

879,853 professionals have used our research since 2012.

See our HAProxy vs. Wallarm NG WAF report.

See our list of best Web Application Firewall (WAF) vendors.

We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.