2020-08-11T06:17:31Z

What needs improvement with Cloudflare Web Application Firewall?

Julia Miller - PeerSpot reviewer
  • 0
  • 41
PeerSpot user
11

11 Answers

DW
Real User
Top 5
2024-01-18T02:48:28Z
Jan 18, 2024

The platform's control features related to real-time authentication and response time need improvement.

Search for a product comparison
DB
Real User
Top 5
2023-12-13T11:52:45Z
Dec 13, 2023

Cloudflare Web Application Firewall should improve visibility for a customer.

KornthawatPhichitoakkhanit - PeerSpot reviewer
Real User
Top 10
2023-10-13T07:59:00Z
Oct 13, 2023

Improvements should be done according to our customer's requirements.

JA
Real User
Top 5
2023-08-09T13:57:00Z
Aug 9, 2023

Cloudflare is evolving so quickly that we can't even keep up. In the past two years, they have released two major upgrades to their Web Application Firewall. However, the notification part could be improved. It's very much connected to Web Application Firewall, rate-limiting, and DDoS protection. The notification could be better configurable. Sometimes it makes too much noise. It should have better threshold handling or some setup features, which could set some thresholds because it tries to do it automatically. So, sometimes it just notifies about things that are not worth noticing and vice versa.

Animesh.Kumar - PeerSpot reviewer
Real User
Top 10
2023-07-21T04:37:05Z
Jul 21, 2023

We are required to follow a specific and separate set of rules for web applications for DDoS attacks while working with AWS and Azure. Instead, there could be an option to duplicate the cluster to maintain the consistency of rules.

Arsene Koffi - PeerSpot reviewer
Real User
Top 10
2023-06-14T09:38:37Z
Jun 14, 2023

Sometimes, it is challenging to access our applications using the solution. They should work on this particular area. Also, its availability needs improvement.

Learn what your peers think about Cloudflare Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
Hitesh R - PeerSpot reviewer
Reseller
Top 5
2023-02-07T09:50:00Z
Feb 7, 2023

The additional features I wish to see in the next release include rate limiting on Cloudflare Web Application Firewall and advanced DDoS protection. The current product is highly explorable and does not have many limitations. However, there are some limitations in terms of administrative privileges and the way it manages auto-alerts. Cloudflare needs to improve its customer support for Indian customers and work on the monitoring and reporting features.

Hitesh R - PeerSpot reviewer
Reseller
Top 5
2022-09-16T14:33:36Z
Sep 16, 2022

Finding vulnerabilities or attack patterns needs to evolve continuously. The landscape is changing. Accordingly, the rules have been changed. The Core Ruleset, is already managing that. It has been good at catching malicious activity so far. They just need to continue to invest in this aspect. They have some limitations with third-party integrations. For example, we can't integrate with our site. On-premises, we can't do that. You can on Azure storage, of Google Cloud, however. It works better on the cloud.

NB
Real User
Top 5
2022-05-31T13:24:33Z
May 31, 2022

The accuracy of the Cloudflare Web Application Firewall could be improved by reducing the number of false-negative alerts. Signature-based detection and data loss prevention could also be improved.

BW
Real User
2021-04-01T08:50:55Z
Apr 1, 2021

Their documentation could be better. They don't have documentation that explains everything well. They have documentation for everything you're looking for, but they lack a single piece of documentation to tie everything together. As a new user or beginner, it took us a little bit of time to figure out how to put all these things in place. I wish they had easier introduction documents written to help us transition into it. It takes a little bit of effort for a new user to figure out how to do this. I have asked them for some additional features. I want to be able to quickly find out the rules that I have modified because there are thousands of rules. It took a little bit of effort to figure out which rules I have modified. A feature like that will make it easier for me to track down the changes.

SA
Real User
2020-08-11T06:17:31Z
Aug 11, 2020

There is really only one area of the product that I think needs to be improved. That is that Cloudflare should update the version of the ModSecurity core rule set that they run on. They run a pretty old version of ModSecurity from 2013 and they need to update it. That is one thing I would very much like to see in a future release. The main issue that we have is really a decision about how the product fits our model. We use both AWS and Azure, and they have similar products. We are trying to determine whether or not we go for a cloud-native solution per the cloud provider we are using or stick with our current model and continue to use Cloudflare. Switching to AW or Azure as a lone solution means we would go with one or the other across all cloud providers to unify our WAF approach. It might simplify how we look at the maintenance of our web application firewall.

Cloudflare Web Application Firewall's intuitive dashboard enables users to build powerful rules through easy clicks and also provides Terraform integration. Every request to the WAF is inspected against the rule engine and the threat intelligence curated from protecting over 27 Million websites. Suspicious requests can be blocked, challenged or logged as per the needs of the user while legitimate requests are routed to the destination, agnostic of whether it lives on-premise or in the cloud....
Download Cloudflare Web Application Firewall ReportRead more