AWS WAF Reviews

Name: AWS WAF
Brand: Amazon Web Services (AWS)
Rating: 4 (54 reviews)

Vendor: Amazon Web Services (AWS)

4.0 out of 5

54 reviews
81% willing to recommend

639 followers

Post review

What is AWS WAF?

AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security.

Get the AWS WAF Buyer's Guide and find out what your peers are saying about AWS WAF, Cloudflare, Prisma Cloud by Palo Alto Networks and more!

AWS WAF is the #1 ranked solution in top Web Application Firewalls. PeerSpot users give AWS WAF an average rating of 8.0 out of 10. Based on the analysis of the 54 most recent AWS WAF reviews, the overall sentiment is positive, with a sentiment score of 8.0. (The highest in the category). AWS WAF is most commonly compared to Cloudflare: AWS WAF vs Cloudflare. AWS WAF is popular among the large enterprise segment, accounting for 64% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.

Helped 814,763 peers since 2012

Featured reviews

Rohit Kesharwani

Manager, Engineering at 7-Eleven.

We use AWS WAF to protect our application from different kinds of attacks. We use AWS WAF for retail customers Our retail application is vulnerable to a lot of bot attacks. AWS WAF helps mitigate different kinds of bot attacks and SQL injection that happen within the retail industry. The…

Read full review

AshishGautam

IT Project Manager at Rajiv Gandhi Cancer Institute In India

The area of reporting in the product needs to have a proper format. If you want to find the event log for an event and IP address from another country, there is a need to do some rework after the reporting part is taken care of so that the management can easily read the reports. A technical person in the organization can always understand where a particular network traffic comes in or where traffic is blocked with the help of WAF, but those in the management department would never understand the concepts that a technical person can understand. The reporting part of AWS WAF needs to be improved.

Read full review

Abdul Qayyum

Software Architect at Vodworks

Before using AWS WAF for the first time, it is important to consider where your infrastructure is hosted and where you want to implement the firewall. If you are already on AWS, AWS WAF would naturally be a suitable choice. Determine the level of security required based on your application's domain, such as financial applications needing more stringent security measures. Select appropriate rules for your use case, considering both conventional web rules and AWS Shield for critical applications. Additionally, after setting up AWS WAF, conduct thorough testing using vulnerability scanners like ThoughtSpot, Acunetix, or Nessus to ensure the effectiveness of your setup. For beginners with around six months to a year of AWS experience, learning to use AWS WAF shouldn't be too difficult. However, integrating it with web applications across different cloud platforms might pose some challenges. Overall, experienced AWS users should find it manageable, while beginners may need some time to get used to it. Overall, I would rate AWS WAF as a seven out of ten.

Read full review

AWS WAF mindshare

As of November 2024, the mindshare of AWS WAF in the Web Application Firewall (WAF) category stands at 13.7%, down from 15.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Web Application Firewall (WAF)

Key learnings from peers

Last updated Nov 1, 2024

Valuable Features

"The automation of blocking for security attacks is valuable, with AWS applying rate limiting."
"We integrate AWS WAF with several platforms within cloud hosting and other security solutions and provisions in our business. Regarding AI, it's been around for about 20 years, so it's not new. It's just a new buzzword. I've been in security for 30 years and remember using AI when I started 25-30 years ago. We have multiple forms of AI within our business."
"The most valuable feature of AWS WAF is its highly configurable rules system."

Room for Improvement

"Compatibility and integration functionalities, especially with services like Kafka for event-driven messaging, could be better."
"I'd like to see improvements in its usability and functionality. I'm also concerned about being too dependent on the cloud provider's WAF version. For security, using multiple vendors and not putting all our eggs in one basket is better."
"One area for improvement in AWS WAF could be the limitation on the number of rules, particularly those from third-party sources, within the free tier."

Pricing

"On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven or eight out of ten."
"The solution is affordable."
"I rate the product price a five on a scale of one to ten, where one is high price, and ten is low price"

Popular Use Cases

Deployment

Stability

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our AWS WAF Buyer's Guide for additional reliable information.

Review data by company size

By reviewers

By visitors reading reviews

Top industries

By visitors reading reviews

Computer Software Company

17%

Financial Services Firm

14%

Manufacturing Company

Government

Insurance Company

Healthcare Company

Retailer

Real Estate/Law Firm

Comms Service Provider

Media Company

Energy/Utilities Company

Educational Organization

University

Construction Company

Hospitality Company

Non Profit

Legal Firm

Wholesaler/Distributor

Recreational Facilities/Services Company

Transportation Company

Pharma/Biotech Company

Logistics Company

Outsourcing Company

Consumer Goods Company

Performing Arts

Engineering Company

Compare AWS WAF with alternative products

Learn more about AWS WAF

You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web exploits, such as SQL injection or cross-site scripting. Once defined, new rules are deployed within seconds, and can easily be tracked so you can monitor their effectiveness via real-time insights. These saved metrics include URIs, IP addresses, and geo locations for each request.

AWS WAF Features

Some of the solution's top features include:

Web traffic filtering: Get an extra layer of security by creating a centralized set of rules, easily deployable across multiple websites. These rules filter out web traffic based on conditions like HTTP headers, URIs, and IP addresses. This is very helpful for protection against exploits such as SQL injection and cross-site scripting as well as attacks from third-party applications.

Bot control: Malicious bot traffic can consume excessive resources and cause downtime. Gain visibility and control over bot traffic with a managed rule group. You can easily block harmful bots, such as scrapers and crawlers, and you can allow common bots, like search engines and status monitors.

Fraud prevention: Effectively defend your application against bot attacks by monitoring your application’s login page with a managed rule group that prevents hackers from accessing user accounts using compromised credentials. The managed rule group helps protect against credential stuffing attacks, brute-force login attempts, and other harmful login activities.

API for AWS WAF Management: Automatically create and maintain rules and integrate them into your development process.

Metrics for real-time visibility: Receive real-time metrics and captures of raw requests with details about geo-locations, IP addresses, URIs, user agents, and referrers. Integrate seamlessly with Amazon CloudWatch to set up custom alarms when events or attacks occur. These metrics provide valuable data intelligence that can be used to create new rules that significantly improve your application protections.

Firewall management: AWS Firewall Manager automatically scans and notifies the security team when there is a policy violation, so they can swiftly take action. When new resources are created, your security team can guarantee that they comply with your organization’s security rules.

Reviews from Real Users

AWS WAF stands out among its competitors for a number of reasons. Two major ones are its user-friendly interface and its integration capabilities.

Kavin K., a security analyst at M2P Fintech, writes, “I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through.”

AWS WAF was previously known as AWS Web Application Firewall.