Try our new research platform with insights from 80,000+ expert users

Imperva Web Application Firewall vs NGINX App Protect comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 1, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cloudflare
Sponsored
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
76
Ranking in other categories
CDN (1st), Distributed Denial-of-Service (DDoS) Protection (1st), Managed DNS (1st), Cloud Security Posture Management (CSPM) (13th)
Imperva Web Application Fir...
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
52
Ranking in other categories
Web Application Firewall (WAF) (7th)
NGINX App Protect
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
24
Ranking in other categories
Web Application Firewall (WAF) (16th), Container Security (22nd), API Security (3rd)
 

Featured Reviews

Carlos Alam Hernandez Baruch - PeerSpot reviewer
Fast and secure deployments simplify operations for government and fintech clients
It is a fast and secure DNS. It is very easy to deploy, and my customers are happy with this tool. Additionally, the CDN performance in Mexico is excellent, providing fast service and tools. It offers reliability during high-traffic periods, ensuring no impact on the environment. It helps my clients avoid using on-premise boxes, simplifying operations as they only use the prices on Cloudflare.
Mitesh D Patel - PeerSpot reviewer
Effectively defends against threats like cross-site scripting (XSS), SQL injection, and others
It does bring value. For example, consider a BFSI customer. Their application is critical and represents their brand. Without a WAF, an attack could take their application down, harming their reputation. It leads to hampering the customer's workflow. With an Imperva WAF, they protect against attacks like DDoS or SQL injection, ensuring their application remains available and customers are happy. That's the main benefit for both the customer and the organization. The impact depends on the customer's use case. If their business primarily operates online, a CDN is beneficial for traffic optimization. Moreover, the integration options depend on the specific use case of our customers. Generally, integration capabilities are good with SIEM (Security Information and Event Management) parts.
Saurav Kumar - PeerSpot reviewer
Offers protection to users from external threats
NGINX App Protect secures our company's application, and it has helped me a lot, considering that we have critical infrastructure in India where we see how lots of attacks come onto our organization's servers. The tool offers protection against multiple threats present in India's IT ecosystem. The tool helps our company to make our payments secure, meaning it has the ability to provide a secure payment environment in India. Speaking about the improvements in our company's application performance since implementing NGINX App Protect, the gRPC support for the solution is very low. My company is not getting any proper documentation on how to deploy gRPC over NGINX App Protect. I recommend the product to those who plan to use it. People can use the product as their company's base server, WAF, or for its proxy manager, depending on the business requirements. My company follows PCI DSS compliance because we operate in a payment-related industry. Right now, my company follows all the standards, so we comply with all the requirements and policies. I rate the tool an eight out of ten.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Cloudflare consolidates various capabilities into one product, streamlining processes."
"The most valuable feature of Cloudflare DNS is its global reach and it is always evolving."
"What I like best about Cloudflare is that my company can use it to trace and manage applications and monitor traffic. The solution tells you if there's a spike in traffic. Cloudflare also sends you a link to check your equipment and deployment and track it through peering, so it's a valuable tool."
"There are key things that are used for our enterprise customers, such as Lambda and DNS."
"The solution automatically detects and responds to certain types of traffic based on geolocation."
"The solution is stable, and the DNS servers are simple to use."
"The UI is good."
"The most valuable feature is its usability."
"Imperva monitors all traffic, even customer access, to the web application. Then, Imperva uses features like signatures to identify attacks like cross-site scripting or SQL injection."
"The most valuable features of the Imperva Web Application Firewall are performance and flexibility. We can extend or customize the box itself."
"Learning mode and custom policies are helpful features."
"The solution can scale."
"It mitigates all of the availabilities of risks around web applications."
"It has threat intelligence and we are using Incapsula. With threat intelligence, we can separate HTTP and HTTPS traffic. We can use Incapsula to send all the threat intelligence to the WAF."
"It works right out of the box once you integrate the application."
"There are a number of features that are valuable such as the account takeover and various antivirus features."
"There's a cache, or it works like a proxy, so it can speed up applications."
"The most valuable feature is that I can establish different services from the firewall."
"WAF is useful to track mitigation, inclusion, prevention, and the parametric firewall."
"NGINX App Protect has complete control over the HTTP session."
"The initial setup was simple and took three to four days."
"The most valuable feature is that there is a link in the system that will help to analyze the security of an application when something abnormal is found."
"The most valuable feature of NGINX App Protect is its flexibility."
"I would say that the most valuable feature is the ability to operate in a DevOps environment and to be configured through API and pipeline by the developers themselves."
 

Cons

"It would be helpful if the solution could continue evolving to compete with the other solutions on the market."
"Even if I wanted to, I wouldn't be able to buy Cloudflare in my country."
"The solution could work at being less expensive. It costs a lot to use it."
"The tool needs to improve caching of servers. The product needs to include PFX certificate as well."
"It should have easier documentation for the configuration. It's very technical and people who aren't technical should also be able to do the configuration."
"The product support needs to be accessible from more places, a wider area of coverage."
"Latencies are always a problem."
"We have noticed multiple instances where Cloudflare falsely indicates that our servers are down, even when there is no actual load on them. This makes it challenging for us to identify the exact issue."
"I loved the approach of the cloud. The cloud has a lot of new features, like advanced web protection and DDoS protection. If those could also be on-boarded onto the on-prem versions, that would be ideal. They need to pay attention to both deployment options and not just favor one."
"Support is one thing I wish Imperva could improve."
"Some of the features should be included in the next release is a file integrating monitoring tool. This feature should be improved."
"I think that better bot protection is needed in this solution."
"In the past, I have bugs on the WAF. I've contacted Imperva about them. Future releases should be less buggy."
"The support for the on-premises version needs improvement."
"It's a complicated tool to keep."
"I am looking for more data enrichment. We should have the ability to add our own custom data to the system, to the live traffic."
"It doesn't have more advanced features like no false-positive security, which you can configure in Advanced WAF."
"Areas for improvement would be if NGINX could scan for vulnerabilities and learn and update the signatures of DoS attacks."
"It's challenging if you need to go for a high throughput."
"NGINX App Protect would be improved with integration with Shape and F5 WAF, which would make it easy for users to manage all their web application security with a single solution."
"The product's price is high, making it an area of concern where improvements are required. The tool's licensing model is also not good."
"The price of NGINX App Protect could improve."
"The product's user interface is an area with shortcomings as it can be quite confusing for users, making it an area where improvements are required."
"The dashboard could provide a more comprehensive view of the status of the connections."
 

Pricing and Cost Advice

"It's a premium model. You can start at zero and work your way up to the enterprise model, which has a very high pricing level."
"There are no additional costs beyond the standard licensing fees."
"The price is reasonable."
"A free version of the solution is available."
"The solution has many features but there are ones that you need to pay for. Sometimes you have to find out which is available for free and which you have to pay for."
"The tool is a premium product, so it is very expensive."
"That is one of the great features. I was able to access the majority of the features and services for free."
"I give the price a five out of ten."
"There are some licenses that you have to buy to use some features. Its price could be better. Price is always important because, at the end of the day, customers have a budget. If you can meet the budget, you can sell, and if you don't, you cannot sell."
"Licensing can range from one to twenty thousand dollars annually. Additionally, some features, including software support, require an annual subscription as well."
"There are a couple of different licensing models."
"It is a very affordable solution."
"The solution's pricing is an issue."
"It is very costly, but the return on investment is very high. Its cost was around $70,000, and we got it back in just six months."
"There is a license for this solution and we purchase the license annually with no additional fees."
"The cost of this solution depends on the platform."
"There are no additional fees."
"NGINX is not expensive."
"The product's price is high."
"Our licensing costs are about $40,000 a year."
"There is a license needed to use NGINX App Protect."
"NGINX App Protect is expensive."
"There are not any additional costs we had to pay to use NGINX App Protect."
"Really understand the licensing model, because we underestimated that."
report
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
863,901 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Comms Service Provider
11%
Financial Services Firm
10%
Manufacturing Company
7%
Financial Services Firm
16%
Computer Software Company
12%
Insurance Company
8%
Manufacturing Company
7%
Computer Software Company
15%
Financial Services Firm
14%
Comms Service Provider
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GR...
Which would you choose - Cloudflare DNS or Quad9?
Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service...
What do you like most about Cloudflare?
Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.
Is Citrix ADC (formerly Netscaler) the best ADC to use and if not why?
For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you hav...
DDoS solutions: Any other solutions to consider aside from Radware DDoS Protection Service and F5 Silverline DDoS Protection?
You can have a look to Imperva Cloud WAF, the anti-DDoS mitigation is under 1s and works very well. I observed a lot ...
What is your experience regarding pricing and costs for NGINX App Protect?
I don't know the pricing yet because in my other project, I was not part of the buying side and I was just starting t...
What needs improvement with NGINX App Protect?
It would be better if it were easier to implement and if there was more information from F5 regarding hardware requir...
 

Also Known As

Cloudflare DNS
No data available
NGINX WAF, NGINX Web Application Firewall
 

Overview

 

Sample Customers

Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens
Information Not Available
Find out what your peers are saying about Imperva Web Application Firewall vs. NGINX App Protect and other solutions. Updated: July 2025.
863,901 professionals have used our research since 2012.