Our main use cases for AWS WAF involve restricting users who are not supposed to intend to use our application, such as potential hackers. We use it for blocking certain countries as well.
I use AWS WAF instead of our load balancers. I have custom rule sets that are customized, as well as managed rule sets provided by AWS. I do some customization and also use the out-of-the-box configuration in certain places.
My usual use case involves monitoring incoming calls and services deployed in AWS cloud. Security and privacy are primary concerns, so we use AWS WAF to monitor and ensure that only appropriate calls are allowed. AWS Shield is also used to protect against DDoS attacks, but I'm using the basic free version due to budget constraints.
AWS DevOps SRE/Infrastructure Engineer at Capgemini
Real User
Top 5
Oct 30, 2024
I am working on AWS Web Services to manage infrastructure as a platform. I use services like KMS, EBS, CloudFront, S3, and EC2. I also work on WAF version two.
AWS WAF is primarily used to prevent intrusion into web applications. You can also use it to protect virtual machines within the AWS cloud. The main process involves creating rules to block common threats like SQL injection and cross-site scripting. These rules can be selected from built-in options. After configuring the firewall settings, you create a target group and attach your web application to it. The firewall filters incoming traffic based on the selected rules, blocking any suspicious activity.
IT Project Manager at Rajiv Gandhi Cancer Institute In India
Real User
Top 20
Dec 27, 2023
If I have hosted your web applications or web services on AWS, and if you need a segregation in terms of different aspects, like at a country level or area level, especially when your website is not reachable for a particular country or a particular area, then you need to implement WAF on top of the public network. If WAF actually works on top of the network to manage each request at a global level, WAF is the first layer that handles the internet's every request, and depending on your choice, you can either accept or deny such requests. Currently, most organizations face security challenges, and with the rise in hacking in every sector, like healthcare, IT, manufacturing, or infrastructure sector that we're talking about. You have to at least implement WAF on top of your network as well as the local network so that it filters every network traffic that comes in from any country. In our company, Fortinet WAF is what we use on top of the network as an anonymous network, and within the network, we use F5.
AWS WAF is a tool we use in my company since we don't currently have a firewall. We can be safer if we have a firewall, and the receive protection side can avoid any vulnerability attacks.
We use the AWS platform to implement custom security rules based on our company's SOP. We apply custom rules to protect specific APIs and specific endpoint URLs. This allows us to tailor our security measures to our specific needs and requirements.
One common use case is using detection protection for enhancing security models in AWS. Another use case is implementing log analysis and response recovery procedures for email services.
Chief Technology Officer at GyFTR - Vouchagram India Pvt Ltd
Real User
Dec 21, 2022
Our company uses the solution with F5 to secure applications from the injection, the track, and vulnerabilities. We use the built-in solution provided by SGO for the web.
We partner with many banks in India, and many partners use our portals to access their credit card or debit card information. So we use AWS WAF to protect our web application servers, app servers, and API servers from any malicious attacks which arise from the public internet. We also use AWS WAF for virtual patching of our servers to prevent any malicious requests from reaching the gateway to our internal systems.
Regional Security Team Lead at a computer software company with 1,001-5,000 employees
Real User
Aug 23, 2022
We use this solution to protect our web applications against common vulnerabilities. The CDN component is also quite powerful. We use this solution alongside Azure WAF.
Senior security engeneer at a media company with 1,001-5,000 employees
Real User
Top 10
Jul 19, 2022
We primarily use this solution for monitoring and blocking to ensure protection against application layer attacks. These include application-related core rules, database-specific attacks, Linux-based attacks and some custom rules deployed. These rules assist us in blocking specific attacks that come from the internet into our cloud infrastructure.
Cloud architect at a tech vendor with 1-10 employees
Real User
Dec 29, 2021
We use this product for our web application firewall. It is used for production services. I am not a direct customer but I have installed it for one of my clients.
Principal Cloud Architect at a tech services company with 51-200 employees
Real User
Dec 28, 2021
We use AWS WAF to prevent cyberattacks, such as SQL Injection attacks and cross-site scripting attacks. The end users' traffic has more threats and the web application gives good support.
Engineer at a renewables & environment company with 501-1,000 employees
Real User
Dec 20, 2021
At the moment, it's just myself working with AWS WAF in my company, and our use case for it is normal, or what you would expect from a Web Application Firewall. That includes basic DoS blocking and malicious IP address blocking. It's not a big thing for us, and just takes care of our baseline security.
The regular use case is basically for blocking or giving access to different vendors to different domains. We also use it for managing and identifying the attacks and new rules that we should implement for our public domains to tune up the application firewall or tool, whatever makes more sense for us. We're using it through the web console and API. We're just using the managed service.
President at a tech services company with 1-10 employees
Real User
Sep 13, 2020
My whole business is cloud cost management. What I do is help people manage expenses. That encompasses everything from cleaning up software as a service subscriptions to optimizing AWS. My use cases for AWS WAF have to do with cloud research only.
Principal Engineer at a tech services company with 51-200 employees
Real User
Aug 5, 2020
There are two things that we primarily use AWS WAF (Amazon Web Services Web Application Firewall) for. One use is within the company. Within the company, the intended use is to deploy our applications. It is like working with the cloud. We can start an application in S3 (Simple Storage Service), and use profiles for access to data. The other use is that most of our clients use a similar infrastructure. They are either using AWS, Azure or maybe Google Cloud Platform (GCP). We deploy this solution for them. Both uses are different. One is for the cloud solutions like AWS, Azure and GCP, and one is for the local server access. That is how you want to secure a server. You are securing a server, database, app servers, and ATA gateways. The other one is for implementing security for the AWS. You want to have both running side-by-side. Let me give you an example. Suppose, most of the people working for your company are connected from external locations with company-provided laptops or systems. I want to check all devices to make sure that they are being used in a secure way and not creating any breach of security. Those checks cannot be taken care of reliably from the AWS perspective. This is why you need two solutions.
A primary use case example is when a customer from the cloud wants to expose his applications to the internet. We make sure that the clients, the applications, whatever they're trying to export, are public but that it's not going directly public. We make a backup, for instance, to protect the sellers and applications from security checks, etc.
Our primary use case is to protect our internal web solution. We use it to have an internal application for our customers. We are an SME worldwide company, so we have some internal website solutions architects that use this as an internal portal to the internet. We apply a WAF front to our web application.
Principal Consultant at a tech services company with 10,001+ employees
Real User
Feb 5, 2020
We are a technical services company and this is one of the solutions that we have helped implement for our clients. We stopped using AWS about six months ago and as such, we are not currently using the AWS Web Application Firewall.
Manager, IT Infrastructure & Information Security at flyadeal
Real User
Dec 5, 2019
I'm a manager and in charge of IT infrastructure and information security for an airline company. We're a customer of AWS WAF. We use the product to protect the websites that our customers access to book flights. It provides the sites with DDoS protection and OWASP top 10 application security.
AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security.
You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web...
Our main use cases for AWS WAF involve restricting users who are not supposed to intend to use our application, such as potential hackers. We use it for blocking certain countries as well.
AWS WAF ( /products/aws-waf-reviews ) is installed on our hosted websites as part of our marketing industry's data protection strategy.
I use AWS WAF instead of our load balancers. I have custom rule sets that are customized, as well as managed rule sets provided by AWS. I do some customization and also use the out-of-the-box configuration in certain places.
My usual use case involves monitoring incoming calls and services deployed in AWS cloud. Security and privacy are primary concerns, so we use AWS WAF to monitor and ensure that only appropriate calls are allowed. AWS Shield is also used to protect against DDoS attacks, but I'm using the basic free version due to budget constraints.
I am working on AWS Web Services to manage infrastructure as a platform. I use services like KMS, EBS, CloudFront, S3, and EC2. I also work on WAF version two.
I use AWS WAF to protect web applications and web traffic. It handles application input and throughput - typical web application firewall tasks.
AWS WAF is primarily used to prevent intrusion into web applications. You can also use it to protect virtual machines within the AWS cloud. The main process involves creating rules to block common threats like SQL injection and cross-site scripting. These rules can be selected from built-in options. After configuring the firewall settings, you create a target group and attach your web application to it. The firewall filters incoming traffic based on the selected rules, blocking any suspicious activity.
We use Managed Rules mostly.
We use AWS WAF to protect our application from different kinds of attacks. We use AWS WAF for retail customers.
If I have hosted your web applications or web services on AWS, and if you need a segregation in terms of different aspects, like at a country level or area level, especially when your website is not reachable for a particular country or a particular area, then you need to implement WAF on top of the public network. If WAF actually works on top of the network to manage each request at a global level, WAF is the first layer that handles the internet's every request, and depending on your choice, you can either accept or deny such requests. Currently, most organizations face security challenges, and with the rise in hacking in every sector, like healthcare, IT, manufacturing, or infrastructure sector that we're talking about. You have to at least implement WAF on top of your network as well as the local network so that it filters every network traffic that comes in from any country. In our company, Fortinet WAF is what we use on top of the network as an anonymous network, and within the network, we use F5.
When customers onboard a web application and want a WAF to protect it, they ask us to configure AWS WAF for them.
We use AWS WAF to protect internet system applications.
We use the product to protect the environment from DDoS and SQL injection attacks. We implement WAF in the public site.
We are using it to monitor the requests on our site, to block sudden surges of users on our website, and also to prevent DDoS attacks.
AWS WAF is a tool we use in my company since we don't currently have a firewall. We can be safer if we have a firewall, and the receive protection side can avoid any vulnerability attacks.
We use the AWS platform to implement custom security rules based on our company's SOP. We apply custom rules to protect specific APIs and specific endpoint URLs. This allows us to tailor our security measures to our specific needs and requirements.
We use the solution for publishing important applications. These sites are accessed by hundred to one million users every day.
One common use case is using detection protection for enhancing security models in AWS. Another use case is implementing log analysis and response recovery procedures for email services.
I use the solution for firewall protection. It can also be used for authentication and authorization.
We are an AWS service provider and we use the solution for the cloud and to provide service to other users.
It's more of an application security tool that we use to secure applications.
Our company uses the solution with F5 to secure applications from the injection, the track, and vulnerabilities. We use the built-in solution provided by SGO for the web.
We partner with many banks in India, and many partners use our portals to access their credit card or debit card information. So we use AWS WAF to protect our web application servers, app servers, and API servers from any malicious attacks which arise from the public internet. We also use AWS WAF for virtual patching of our servers to prevent any malicious requests from reaching the gateway to our internal systems.
We use this solution to protect our web applications against common vulnerabilities. The CDN component is also quite powerful. We use this solution alongside Azure WAF.
We primarily use this solution for monitoring and blocking to ensure protection against application layer attacks. These include application-related core rules, database-specific attacks, Linux-based attacks and some custom rules deployed. These rules assist us in blocking specific attacks that come from the internet into our cloud infrastructure.
We use this product for our web application firewall. It is used for production services. I am not a direct customer but I have installed it for one of my clients.
We use AWS WAF to prevent cyberattacks, such as SQL Injection attacks and cross-site scripting attacks. The end users' traffic has more threats and the web application gives good support.
At the moment, it's just myself working with AWS WAF in my company, and our use case for it is normal, or what you would expect from a Web Application Firewall. That includes basic DoS blocking and malicious IP address blocking. It's not a big thing for us, and just takes care of our baseline security.
While I cannot say for certain, I believe that we are using the latest version.
I primarily use the solution as a gateway service and a transaction portal.
We use this solution for online web applications.
The regular use case is basically for blocking or giving access to different vendors to different domains. We also use it for managing and identifying the attacks and new rules that we should implement for our public domains to tune up the application firewall or tool, whatever makes more sense for us. We're using it through the web console and API. We're just using the managed service.
My whole business is cloud cost management. What I do is help people manage expenses. That encompasses everything from cleaning up software as a service subscriptions to optimizing AWS. My use cases for AWS WAF have to do with cloud research only.
There are two things that we primarily use AWS WAF (Amazon Web Services Web Application Firewall) for. One use is within the company. Within the company, the intended use is to deploy our applications. It is like working with the cloud. We can start an application in S3 (Simple Storage Service), and use profiles for access to data. The other use is that most of our clients use a similar infrastructure. They are either using AWS, Azure or maybe Google Cloud Platform (GCP). We deploy this solution for them. Both uses are different. One is for the cloud solutions like AWS, Azure and GCP, and one is for the local server access. That is how you want to secure a server. You are securing a server, database, app servers, and ATA gateways. The other one is for implementing security for the AWS. You want to have both running side-by-side. Let me give you an example. Suppose, most of the people working for your company are connected from external locations with company-provided laptops or systems. I want to check all devices to make sure that they are being used in a secure way and not creating any breach of security. Those checks cannot be taken care of reliably from the AWS perspective. This is why you need two solutions.
A primary use case example is when a customer from the cloud wants to expose his applications to the internet. We make sure that the clients, the applications, whatever they're trying to export, are public but that it's not going directly public. We make a backup, for instance, to protect the sellers and applications from security checks, etc.
Our primary use case is to protect our internal web solution. We use it to have an internal application for our customers. We are an SME worldwide company, so we have some internal website solutions architects that use this as an internal portal to the internet. We apply a WAF front to our web application.
We are a technical services company and this is one of the solutions that we have helped implement for our clients. We stopped using AWS about six months ago and as such, we are not currently using the AWS Web Application Firewall.
I'm a manager and in charge of IT infrastructure and information security for an airline company. We're a customer of AWS WAF. We use the product to protect the websites that our customers access to book flights. It provides the sites with DDoS protection and OWASP top 10 application security.
We primarily use the solution for its rich insights to improve customer experience.
The primary use of the solution is for perimeter security. I use it to secure my application and infrastructure.
It is our web application firewall.
It's all about the security of the cloud system.
Application security is our primary use case.
We use it to protect our backend services.
The primary use case is application security. We are using the latest version.