AWS WAF Reviews

Name: AWS WAF
Brand: Amazon Web Services (AWS)
Rating: 4.0 (56 reviews)

Vendor: Amazon Web Services (AWS)

4.0 out of 5

56 reviews
80% willing to recommend

641 followers

Post review

What is AWS WAF?

AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security.

Get the AWS WAF Buyer's Guide and find out what your peers are saying about AWS WAF, Prisma Cloud by Palo Alto Networks, Microsoft Azure Application Gateway and more!

AWS WAF is the #1 ranked solution in top Web Application Firewalls. PeerSpot users give AWS WAF an average rating of 8.0 out of 10. Based on the analysis of the 56 most recent AWS WAF reviews, the overall sentiment is positive, with a sentiment score of 8.0. (Among the highest in the category). AWS WAF is most commonly compared to Prisma Cloud by Palo Alto Networks: AWS WAF vs Prisma Cloud by Palo Alto Networks. AWS WAF is popular among the large enterprise segment, accounting for 63% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.

Helped 816,406 peers since 2012

Featured reviews

Rohit Kesharwani

Manager, Engineering at 7-Eleven.

Integrating AWS WAF with other AWS services in our infrastructure is fairly easy. There are different tools through which we can do it. AWS WAF is a fairly easy solution. Users need to build a few rules by themselves based on the vulnerability attack within the application. Overall, I rate the solution a nine out of ten.

Read full review

AshishGautam

IT Project Manager at Rajiv Gandhi Cancer Institute In India

The area of reporting in the product needs to have a proper format. If you want to find the event log for an event and IP address from another country, there is a need to do some rework after the reporting part is taken care of so that the management can easily read the reports. A technical person in the organization can always understand where a particular network traffic comes in or where traffic is blocked with the help of WAF, but those in the management department would never understand the concepts that a technical person can understand. The reporting part of AWS WAF needs to be improved.

Read full review

Abdul Qayyum

Software Architect at Vodworks

Before using AWS WAF for the first time, it is important to consider where your infrastructure is hosted and where you want to implement the firewall. If you are already on AWS, AWS WAF would naturally be a suitable choice. Determine the level of security required based on your application's domain, such as financial applications needing more stringent security measures. Select appropriate rules for your use case, considering both conventional web rules and AWS Shield for critical applications. Additionally, after setting up AWS WAF, conduct thorough testing using vulnerability scanners like ThoughtSpot, Acunetix, or Nessus to ensure the effectiveness of your setup. For beginners with around six months to a year of AWS experience, learning to use AWS WAF shouldn't be too difficult. However, integrating it with web applications across different cloud platforms might pose some challenges. Overall, experienced AWS users should find it manageable, while beginners may need some time to get used to it. Overall, I would rate AWS WAF as a seven out of ten.

Read full review

AWS WAF mindshare

As of November 2024, the mindshare of AWS WAF in the Web Application Firewall (WAF) category stands at 13.7%, down from 15.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Web Application Firewall (WAF)

Key learnings from peers

Last updated Nov 14, 2024

Valuable Features

"AWS WAF acts as a barrier, analyzing HTTP communications between external users and web applications."
"They filter a lot of attacks out."
"The automation of blocking for security attacks is valuable, with AWS applying rate limiting."

Room for Improvement

"There is a lot of innovation talk, however, implementation might be lacking."
"Rule exclusion could be a bit more transparent."
"Compatibility and integration functionalities, especially with services like Kafka for event-driven messaging, could be better."

Pricing

"For Kubernetes microservices, AWS is more expensive compared to OCI. AWS costs approximately 70 cents per hour, while OCI is 50% cheaper."
"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven or eight out of ten."
"The solution is affordable."

Popular Use Cases

Deployment

Stability

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our AWS WAF Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

14%

Manufacturing Company

Government

Insurance Company

Healthcare Company

Retailer

Comms Service Provider

Real Estate/Law Firm

Media Company

Energy/Utilities Company

Educational Organization

University

Construction Company

Hospitality Company

Non Profit

Legal Firm

Wholesaler/Distributor

Recreational Facilities/Services Company

Transportation Company

Pharma/Biotech Company

Logistics Company

Consumer Goods Company

Performing Arts

Outsourcing Company

Engineering Company

Compare AWS WAF with alternative products

Learn more about AWS WAF

You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web exploits, such as SQL injection or cross-site scripting. Once defined, new rules are deployed within seconds, and can easily be tracked so you can monitor their effectiveness via real-time insights. These saved metrics include URIs, IP addresses, and geo locations for each request.

AWS WAF Features

Some of the solution's top features include:

Web traffic filtering: Get an extra layer of security by creating a centralized set of rules, easily deployable across multiple websites. These rules filter out web traffic based on conditions like HTTP headers, URIs, and IP addresses. This is very helpful for protection against exploits such as SQL injection and cross-site scripting as well as attacks from third-party applications.

Bot control: Malicious bot traffic can consume excessive resources and cause downtime. Gain visibility and control over bot traffic with a managed rule group. You can easily block harmful bots, such as scrapers and crawlers, and you can allow common bots, like search engines and status monitors.

Fraud prevention: Effectively defend your application against bot attacks by monitoring your application’s login page with a managed rule group that prevents hackers from accessing user accounts using compromised credentials. The managed rule group helps protect against credential stuffing attacks, brute-force login attempts, and other harmful login activities.

API for AWS WAF Management: Automatically create and maintain rules and integrate them into your development process.

Metrics for real-time visibility: Receive real-time metrics and captures of raw requests with details about geo-locations, IP addresses, URIs, user agents, and referrers. Integrate seamlessly with Amazon CloudWatch to set up custom alarms when events or attacks occur. These metrics provide valuable data intelligence that can be used to create new rules that significantly improve your application protections.

Firewall management: AWS Firewall Manager automatically scans and notifies the security team when there is a policy violation, so they can swiftly take action. When new resources are created, your security team can guarantee that they comply with your organization’s security rules.

Reviews from Real Users

AWS WAF stands out among its competitors for a number of reasons. Two major ones are its user-friendly interface and its integration capabilities.

Kavin K., a security analyst at M2P Fintech, writes, “I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through.”

AWS WAF was previously known as AWS Web Application Firewall.