AWS WAF Reviews

Support for AWS WAF needs improvement.

I've been using AWS WAF for a very short period, e.g. just a few weeks.

I find AWS WAF to be a stable product.

AWS WAF is a scalable product.

Technical support for AWS WAF could still be improved, e.g. support could be faster, more knowledgeable, and friendlier.

The initial setup for AWS WAF was straightforward. It could take between two days to two weeks.

We implemented AWS WAF through our in-house team and a consultant.

I've been using a mix of AWS products, including AWS WAF.

I'm satisfied with AWS WAF, and I've had no issues with it. I can't really find fault in the product. It's a good product.

We have hundreds of AWS WAF users within our company. We also have plans of increasing the number of users of the product.

The advice I would give to people who want to start using AWS WAF is that it's a good option if they're migrating to the cloud. It can take up a lot of legacy systems, e.g. it's scalable. Most of my customers are on the cloud, and for anyone who's struggling, it would be good to start anytime. Start small and scale, rather than just going fully onto the cloud.

Users need to pay for the product license.

My rating for AWS WAF is eight out of ten.

We use AWS WAF to protect internet system applications. 

The most valuable feature of the solution is the ability to integrate central sets. It protects from intrusion attacks such as scripting and SQL injections. 

We should be able to do proper whitelisting. 

I have been working with the solution for four years. 

AWS WAF is stable. 

My company has more than 10,000 users. The tool is scalable. 

AWS WAF's tech support is not complicated. 

Positive

AWS WAF's deployment is easy. 

We have seen ROI with the tool's use.

AWS WAF has reasonable pricing. 

You need to consider the use cases before implementing the solution. I rate it a ten out of ten. 

We use the AWS platform to implement custom security rules based on our company's SOP. We apply custom rules to protect specific APIs and specific endpoint URLs. This allows us to tailor our security measures to our specific needs and requirements.

AWS WAF has improved our organization by allowing us to restrict access to our services based on location, which means that only customers from specific locations can access our services. It helps protect against unauthorized access and data breaches.

The most valuable feature is the capability to limit access based on geographical location by restricting specific IP addresses.

In terms of improvement, AWS WAF works perfectly fine right now. I would like to see the addition of more advanced rate-limiting features in the next release. It would be beneficial to extend rate limiting beyond just web servers to the main node level.

I have been using AWS WAF for three years.

I would rate the stability of the solution an eight out of ten.

I would rate the scalability of AWS WAF an eight out of ten. All requests, about 100,000 per month, go through the AWS App, ensuring the entire infrastructure is compliant with it. We use it 24/7.

The technical support is slow to respond, and it's a paid service. I wouldn't recommend relying on it.

Negative

The initial setup was simple and I did it myself. I would rate it an eight out of ten in terms of easiness. The deployment was in-house and it took five to ten minutes. It is mostly automated so it did not require much manual assistance. If errors or failures occur, reports are generated and shared with the relevant team for resolution. The deployment process involved specifying endpoint URLs in the web test code to enable automatic integration and we had to wait a little due to cooling time on the web test board. 

The solution is really expensive. I would give it a ten out of ten in terms of costliness. You have to pay additionally for data transfer. 

I would advise someone considering AWS WAF to start with testing on AWS but be cautious of data transfer costs, especially if the project is longer than four months because that is when the additional cost appears. You should assess if it's suitable for your specific use case and make sure to test it before committing to avoid unexpected expenses when moving to the cloud. Overall, I would rate the solution a six out of ten.

The solution's price is affordable compared to Fastly.

They should make the solution's implementation process faster. Presently, we have to write code and work a lot more for integration. It doesn't provide any default logs. So, we need help getting logs, audio, and dashboard queries. Also, there should be technical documentation for the solution in case of errors. Every time we have to log a support case with AWS to obtain details to resolve it. Instead, it would be better if they provide a proper document for reference.

The solution is stable.

The solution is very scalable. We have 150 solution users in our organization.

The solution's technical support is good.

We have used Fastly before. It is easier to implement but is expensive compared to AWS.

The solution's initial setup process is very complex. We need to write code for image optimization. Overall, its implementation is time-consuming.

The solution's cost depends on the use cases.

I rate the solution a ten. It requires executives with technical knowledge to understand the use cases.

I use the solution for firewall protection. It can also be used for authentication and authorization.

AWS WAF is a great solution. We can host any DB or application on the solution.

The solution can improve its price.

I have been using the solution for five years.

The solution is very stable.

The solution is very scalable. Approximately 1000 people in our organization use the solution.

The initial setup is straightforward.

When we had set it up for a large insurance company, the deployment took us over six weeks. We deployed the solution with an in-house team. We need quite a bit of technical staff to maintain the solution.

I use the latest version of the solution. I have used Oracle and Azure too. Overall, I rate the solution a five out of ten.

We primarily use this solution for monitoring and blocking to ensure protection against application layer attacks. These include application-related core rules, database-specific attacks, Linux-based attacks and some custom rules deployed. These rules assist us in blocking specific attacks that come from the internet into our cloud infrastructure.

The customizable features are good. For example, we can write our own rules and match character and size limits.

The product could be improved by expanding the weightage units of rules we have when writing policy. Currently, our company uses WAF policy and Web ACL but is limited to only 1500 units of rules.

We have been using this solution for three years and are currently using version two. We deploy this solution on Amazon public cloud.

This solution is stable. 

This solution is scalable because it provides many features.

We have received good support from the customer service and support team. They identify our problems and assist in resolving any issues we have.

Our initial setup was straightforward, and deployment by automation only took a few minutes.

I cannot comment on licensing costs and pricing as I am unsure of the exact costs.

I rate AWS WAF an eight out of ten. I would advise new customers to choose custom policies because they provide more flexibility in guarding against attacks on cloud infrastructures. Additionally, it protects both regional and global servers.

While I cannot say for certain, I believe that we are using the latest version. 

I like the scalability, as it provides platform, infrastructure and software as a service. These are the best features. When it comes to the API Gateway, such as Amazon Web Application Framework, the web application will be protected by all industry standard security aspects. We are talking about encryption, firewalls, SSL and TLS. Basically, all web exploit policies and rules will be applied, so that one's web or mobile app can be highly secured.

In terms of hosting the instances, the solution takes care of all necessary scaling to ensure that the application load is balanced. The horizontal or vertical scaling can be automatically removed. As such, AWS provides many services and features. 

The pricing should be more affordable, especially as it pertains to small clients. 

While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex. These could stand improvement and bring down my rating of the product. 

Customer support should also be improved. 

I have been using AWS WAF for around two years. 

The solution is stable. 

The solution is scalable. 

While it can vary according to the service involved, installation, configuration and navigation are, broadly speaking, complex. 

The solution could be more cost-efficient for small customers. 

The solution may be expensive for smaller customers and vendors, although it would be recommended for large ones who can afford it. 

Our organization has only a few years, consisting of the internal team, who are making use of the solution. 

I rate AWS WAF as a six out of ten. 

We use the solution for publishing important applications. These sites are accessed by hundred to one million users every day.

We do not have to maintain the solution. Amazon maintains the product.

We have a lot of issues related to attacks on our cloud. There is a limitation on how to mitigate the issues in the solution. The product should improve the DDoS-related features.

The solution should provide an advanced tool for DDoS migration and a better reporting method. Compared to other solutions, we do not get all the information we need for reporting.

I am dealing with the solution right now.

The solution is stable. It does not depend on the data centre or browser consumption.

The product has high scalability. I can increase the resources without any effort.

The support team is very helpful.

Positive

The initial setup is too simple on the AWS. It is not complex at all. If we take certain courses and view a lot of videos on how to implement the solution, it is very easy. Support helps us with the deployment.

Our teams do not manage the product. The deployment process includes adding a new customer, reserving their information on the cloud, creating the nodes, publishing the service and testing it on the old security aspects. Then, the solution is deployed on the cloud. 

The time taken for deployment depends on the customer's requirements. Usually, there is a delay due to missing information from the customers. One or two engineers can handle the deployment. We do not need a big team for it.

We have decided to use Cloudflare to integrate with AWS, and most of our issues have been resolved. I would recommend the solution. However, it depends on the customer’s data confidentiality. If there are confidential data on the servers, they should not be on the cloud. They can use the cloud solution if the data is normal and not critical. Overall, I rate the product a seven out of ten.