2019-03-11T07:21:00Z

What needs improvement with AWS WAF?

Julia Miller - PeerSpot reviewer
  • 0
  • 26
PeerSpot user
Get the report
Helped 765,234 peers since 2012
38

38 Answers

Rohit Kesharwani - PeerSpot reviewer
Real User
Top 5
2024-01-24T07:14:42Z
Jan 24, 2024

The solution's pricing could be improved. You cannot add multiple rules within AWS WAF's CPU.

Search for a product comparison
AshishGautam - PeerSpot reviewer
Real User
Top 5
2023-12-27T03:59:21Z
Dec 27, 2023

The area of reporting in the product needs to have a proper format. If you want to find the event log for an event and IP address from another country, there is a need to do some rework after the reporting part is taken care of so that the management can easily read the reports. A technical person in the organization can always understand where a particular network traffic comes in or where traffic is blocked with the help of WAF, but those in the management department would never understand the concepts that a technical person can understand. The reporting part of AWS WAF needs to be improved.

Aditya Mehta - PeerSpot reviewer
Real User
Top 5
2023-11-24T04:02:33Z
Nov 24, 2023

AWS WAF provides only basic protection, and they should provide more features like other third-party competitors. The world is now moving towards managed services. It would be good if the solution provided managed WAF services. If AWS WAF could detect that some attack is about to happen and alert the user, we can write some rules and stop that from happening.

TM
Real User
Top 20
2023-10-11T10:03:36Z
Oct 11, 2023

We should be able to do proper whitelisting.

Aravind D - PeerSpot reviewer
Real User
Top 5
2023-10-09T08:37:14Z
Oct 9, 2023

Google uses an AI tool to provide insights about rules. It will be helpful if the product recommends rules that we can implement.

Akshit Malik - PeerSpot reviewer
Real User
Top 5Leaderboard
2023-07-28T10:43:29Z
Jul 28, 2023

One area that could be improved is the DDoS protection. We had a DDoS attack recently, and even though we had set a limit of 1,000 requests per five minutes, AWS WAF was not able to block all of the requests. AWS wasn't able to clarify all the DDoS attacks. It may have been due to a wrong configuration in the rules, but AWS didn't block all the requests.

Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
KU
MSP
Top 5Leaderboard
2023-07-17T08:52:07Z
Jul 17, 2023

I don't think any improvement is needed in AWS WAF. As technology develops and grows, AWS WAF will have to improve as a product. AWS WAF should provide better protection to its users, and the security features need to improve.

CK
Real User
Top 20
2023-07-11T09:18:00Z
Jul 11, 2023

In terms of improvement, AWS WAF works perfectly fine right now. I would like to see the addition of more advanced rate-limiting features in the next release. It would be beneficial to extend rate limiting beyond just web servers to the main node level.

AK
Real User
Top 5
2023-06-20T14:18:00Z
Jun 20, 2023

We have a lot of issues related to attacks on our cloud. There is a limitation on how to mitigate the issues in the solution. The product should improve the DDoS-related features. The solution should provide an advanced tool for DDoS migration and a better reporting method. Compared to other solutions, we do not get all the information we need for reporting.

HM
Real User
Top 5
2023-06-20T08:40:51Z
Jun 20, 2023

I believe there is a need to move towards real-time analysis with the help of AI and intelligent systems in the future. This would reduce the reliance on manual work and enhance the functionality of detection protection. By incorporating AI-driven data analysis and data science techniques, we can improve the solution's user-friendliness, security compatibility, and accuracy.

PC
Real User
Top 5
2023-05-08T09:42:00Z
May 8, 2023

The solution can improve its price.

Prakash-Kumar - PeerSpot reviewer
Real User
Top 10
2023-04-06T07:08:47Z
Apr 6, 2023

The cost management has room for improvement.

Venkatesh VRH - PeerSpot reviewer
MSP
Top 10
2023-01-31T16:59:15Z
Jan 31, 2023

It's pretty much an AWS native service, so it's something that they improve year after year. They do continuous improvements on a year-by-year basis, so the product is really good. An improvement area would be that it's more of a manual effort when you have to enable rules. That's one of the downsides. If that can be done in an automated way, it would be great. That's a lagging feature currently. It could also support multi-cloud integration where you can integrate with applications other than AWS applications. It would be a good feature or use case for this solution.

RG
Real User
Top 20
2022-12-21T11:53:18Z
Dec 21, 2022

The solution should identify why it blocks particular websites. The solution performs high-level blocks but doesn't provide very much detail. For example, a particular IT is blocked due to a vulnerability but we are not able to identify the reason for the block. Our developers or IT staff need to be able to identify vulnerabilities to fix applications. We would like output that tracks how many concurrent requests come through a particular application gateway, the response times for requests, and the latency parameters.

Kavin Kalaiarasu - PeerSpot reviewer
Real User
Top 10
2022-10-13T12:08:01Z
Oct 13, 2022

It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation.

Adrian Milea - PeerSpot reviewer
Real User
Top 20
2022-08-03T12:17:48Z
Aug 3, 2022

As of now, regarding WAF, I'm not sure what the minuses or pluses are. You have the native WAF, which you can deploy directly on the load balancer. However, you also have that store where you can actually deploy some other vendors' specifics. At this point, feature-wise, I don't see anything lacking, more or less. Obviously, if we want to migrate, which is not yet the case, there might be a significant impact. For uniformity, AWS has a well-accepted framework. However, it'll be better for us if we could have some more documented guidelines on how the specific business should be structured and the roles that the cloud recommends. If every company is building its own framework based on their experience or their past experience, this might be subjective, and it'll end up with each company having its own framework, which can be good. However, it'll be better to have a standardized baseline that every company could build on.

AF
Real User
Top 5
2022-08-03T11:24:15Z
Aug 3, 2022

AWS WAF could improve by making the overall management easier. Many people that have started working with AWS WAF do not have an easy time. They should make it easy to use. The AWS WAF documentation sometimes is not clear and could improve for all levels of people using the solution, such as developers. The interface could be easier to use.

Harkamal-Singh - PeerSpot reviewer
Real User
Top 5
2022-04-01T01:40:52Z
Apr 1, 2022

Support for AWS WAF needs improvement.

ZF
Real User
2021-12-29T19:02:00Z
Dec 29, 2021

I would like to see it more tightly integrated with other AWS services.

MK
Real User
2021-12-28T09:57:00Z
Dec 28, 2021

The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure.

RB
Real User
Top 5
2021-12-20T10:49:00Z
Dec 20, 2021

I think there's a lot wrong with AWS WAF. Here are the two main areas where I think it could be improved: Blocking: We don't have much control over blocking, because the WAF is managed by AWS. What happens is that they will put down the rules on their side and we don't have proper visibility on that. So we'll have to track down the issues and see what is wrong or not. For example, with IP address blocking, it's difficult to find out which IPs are getting blocked. If we managed our own WAF completely, we wouldn't have this kind of problem. Right now, this aspect is half managed by us, and half managed by AWS. Because of this, I think it would be far more helpful to us if we went for our own tool instead. Automation: As in, a lot of separate blocks if something goes wrong. For example, every company will have their own rules for automation, in terms of their goals for the product. Like, "I want my WAF to do this. I want my WAF to do that." But that's the kind of thing that I think we will only see when we do some POCs with our clients.

AB
Real User
2021-08-11T08:17:07Z
Aug 11, 2021

The pricing should be more affordable, especially as it pertains to small clients. While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex. These could stand improvement and bring down my rating of the product. Customer support should also be improved.

DS
Real User
2021-04-17T22:54:27Z
Apr 17, 2021

We haven't faced any problems with the solution. I can't speak to any missing features. Every aspect of it has been quite good.

TM
Real User
2021-03-09T19:44:53Z
Mar 9, 2021

The service itself is fine. On the UI side, I would like it if they could bring back the conditions view which had geo match, IP sets and etc. When using WAF classic you could see this option on the left side of the console. Currently IP sets and regex strings is there but geo match does not seem to be included, not sure if geo matching is still supported.

RG
Real User
2020-11-11T00:41:20Z
Nov 11, 2020

It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right.

RH
Real User
2020-09-13T07:02:26Z
Sep 13, 2020

The complexity of deploying turnkey solutions could be simplified. They actually have too many different things that you can tinker with and too many different ways to do the same thing. It may be helpful if the product were to be more directed and if it used best practices with technical and non-technical users in mind.

VS
Real User
2020-08-05T06:59:31Z
Aug 5, 2020

We have not implemented WAF completely. We are working around that issue right now in the AWS. We are creating log files and then we are using Kibana for analysis. Out WAF deployment is not perfected yet so it is not implemented as our long-term solution. It will take another month to complete the setup. I do not have the big picture on it yet in a live environment, so my view of what will need to be improved under load is limited. I think one thing that should be available is that if there are technical problems in the AWS, then there should be automated alerts to AWS. Calling support is not that easy. It would be better to automatically send emails to them to report that there is a bug in their programming. I have an idea for a new feature to consider. I think the security area and other things that they provide are good, and I know there are third-party integrations. It provides a lot of value. The problem is that the 'value' of the solution makes it very costly. That is a big thing. $20,000 for this solution seems like a lot. Right now we are limited to only MySQL and PostgreSQL databases. There should be other options and also a way to check the security of it. I think AWS should develop and make available some kind of a management screen so we can see the logs, which servers are using the service, and how the security is performing. All we can see right now is if there are any security breaches. This is not enough information to evaluate the performance of the system. For example, there are a lot of people using MongoDB databases. Over the last two years, a lot of them got hacked. Mongo should have had a way to alert end users if its facilities get hacked. A manager or some administrator should receive an email saying that this or that account got hacked and there was a security breach. This would be enough notification to prompt taking other appropriate actions. There should also be a report or alerts which tell us that the configuration is having security issues. I think there is something called PVE security rules which might be implemented. Of course, Cisco's security rules could also be implemented. Once the rules are implemented, we know for certain if they are providing a secure connection or not. We need some type of check on the configuration that can create alerts for potential security issues and to have proper notifications.

it_user1376373 - PeerSpot reviewer
MSP
2020-07-05T09:38:02Z
Jul 5, 2020

There isn't room for improvement per se. the cloud is constantly evolving and changing however, so we'll see what the future brings. When users choose the free service, there isn't great support available to them. This is because, when it comes to any issues, due to the fact that it says that when the rules are defined by the users, it becomes their responsibility. When there are any problems or threats, which don't get mitigated or the threat is not being properly managed, since the rules are owned by the user, they take responsibility for everything. It would be helpful if AWS could take a bit of responsibility here and help users understand where things went wrong. Support wise, I don't think they are that good compared to individual vendors. When it comes to vendors, it becomes their product, and being a product owner, they take more responsibility and ownership of issues. AWS doesn't do that at all.

it_user753234 - PeerSpot reviewer
Real User
2020-03-22T06:49:00Z
Mar 22, 2020

Sometimes it's a bit difficult to check the rules because when you apply a rule, sometimes it's too much and we need to rewrite the rules and make compromises on the rules because it will block too many things. It's a bit difficult to apply the right rules for the right security.

JP
Consultant
2020-02-05T08:05:09Z
Feb 5, 2020

I would like to be able to view a graphical deployment map in the user interface that will give me an overview of the configuration and help to determine whether I have missed any steps.

MA
Real User
2019-12-05T11:14:00Z
Dec 5, 2019

A significant improvement would be built in bots protection enhancement, or seamless integration with other products. For now, there are limited feature to protect against an attack from the bad bots so users go to third party solutions, which just complicates integration and operation. A helpful additional feature would be to have a fully unified unique product, including the DDoS, with sophisticated attack capabilities including anti bot management. They should also take a look at reviewing the complexity of the integration with other third-party vendor solutions.

ND
Real User
2019-09-08T09:50:00Z
Sep 8, 2019

The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively.

AF
Real User
Top 5
2019-09-05T16:30:00Z
Sep 5, 2019

The solution could be faster in detecting threats. They should work to define more threats, add more security, and make it more compliant with more security companies. The solution could always be more automated.

CL
Real User
2019-03-11T07:21:00Z
Mar 11, 2019

In a future release I would like to see automation. There's no interaction between the applications and that makes it tedious. We have to do the preparation all over again for each of our other applications.

AS
Real User
2019-03-11T07:21:00Z
Mar 11, 2019

I would like them to fortify the system more. In every software platform there are issues or bugs, even though presently, there aren't many known and it is running without problems. They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats. It's better for the system if the platform is more proactive in detecting threats immediately, so that technicians or people on the security team will know that a threat is coming in.

FP
Real User
2019-03-11T07:21:00Z
Mar 11, 2019

In a future release of this solution, I would like to see additional management features to make things simpler.

BM
Real User
2019-03-11T07:21:00Z
Mar 11, 2019

The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on. Also, more fine-tuning would be convenient.

VU
Consultant
2019-03-11T07:21:00Z
Mar 11, 2019

We need more support as we go global. The UI could use improvement.

AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security. You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web...
Download AWS WAF ReportRead more