AWS WAF Reviews

The most valuable feature of AWS WAF is the extra layer of security that I have when connecting to my web applications.

AWS WAF could improve by making the overall management easier. Many people that have started working with AWS WAF do not have an easy time. They should make it easy to use. 

The AWS WAF documentation sometimes is not clear and could improve for all levels of people using the solution, such as developers. The interface could be easier to use.

I have been using AWS WAF for approximately three years.

AWS WAF is a highly stable solution.

We have approximately 35 applications that are using the AWS WAF.

The support from AWS WAF is good, I have used them often. 

I was previously using Cisco and I switched to AWS WAF because I was working mostly with cloud environments and needed more services. Additionally, I have used Microsoft Azure.

The initial setup is AWS WAF complex. The steps to complete the implementation could be easier, such as making the web traffic go through the WAF and then through the web service. The information for connectivity could be documented or done easier. The whole process can take approximately 20 minutes.

The price of AWS WAF is expensive if you do not know how to manage your software up or down. I price of the solution is average amongst the other competitors but it would be better if it was less expensive.

My advice to others is they should give AWS WAF a try. It works well, secures the applications, and it improves them against attacks.

Support for AWS WAF needs improvement.

I've been using AWS WAF for a very short period, e.g. just a few weeks.

I find AWS WAF to be a stable product.

AWS WAF is a scalable product.

Technical support for AWS WAF could still be improved, e.g. support could be faster, more knowledgeable, and friendlier.

The initial setup for AWS WAF was straightforward. It could take between two days to two weeks.

We implemented AWS WAF through our in-house team and a consultant.

I've been using a mix of AWS products, including AWS WAF.

I'm satisfied with AWS WAF, and I've had no issues with it. I can't really find fault in the product. It's a good product.

We have hundreds of AWS WAF users within our company. We also have plans of increasing the number of users of the product.

The advice I would give to people who want to start using AWS WAF is that it's a good option if they're migrating to the cloud. It can take up a lot of legacy systems, e.g. it's scalable. Most of my customers are on the cloud, and for anyone who's struggling, it would be good to start anytime. Start small and scale, rather than just going fully onto the cloud.

Users need to pay for the product license.

My rating for AWS WAF is eight out of ten.

The solution's price is affordable compared to Fastly.

They should make the solution's implementation process faster. Presently, we have to write code and work a lot more for integration. It doesn't provide any default logs. So, we need help getting logs, audio, and dashboard queries. Also, there should be technical documentation for the solution in case of errors. Every time we have to log a support case with AWS to obtain details to resolve it. Instead, it would be better if they provide a proper document for reference.

The solution is stable.

The solution is very scalable. We have 150 solution users in our organization.

The solution's technical support is good.

We have used Fastly before. It is easier to implement but is expensive compared to AWS.

The solution's initial setup process is very complex. We need to write code for image optimization. Overall, its implementation is time-consuming.

The solution's cost depends on the use cases.

I rate the solution a ten. It requires executives with technical knowledge to understand the use cases.

I use the solution for firewall protection. It can also be used for authentication and authorization.

AWS WAF is a great solution. We can host any DB or application on the solution.

The solution can improve its price.

I have been using the solution for five years.

The solution is very stable.

The solution is very scalable. Approximately 1000 people in our organization use the solution.

The initial setup is straightforward.

When we had set it up for a large insurance company, the deployment took us over six weeks. We deployed the solution with an in-house team. We need quite a bit of technical staff to maintain the solution.

I use the latest version of the solution. I have used Oracle and Azure too. Overall, I rate the solution a five out of ten.

We primarily use this solution for monitoring and blocking to ensure protection against application layer attacks. These include application-related core rules, database-specific attacks, Linux-based attacks and some custom rules deployed. These rules assist us in blocking specific attacks that come from the internet into our cloud infrastructure.

The customizable features are good. For example, we can write our own rules and match character and size limits.

The product could be improved by expanding the weightage units of rules we have when writing policy. Currently, our company uses WAF policy and Web ACL but is limited to only 1500 units of rules.

We have been using this solution for three years and are currently using version two. We deploy this solution on Amazon public cloud.

This solution is stable. 

This solution is scalable because it provides many features.

We have received good support from the customer service and support team. They identify our problems and assist in resolving any issues we have.

Our initial setup was straightforward, and deployment by automation only took a few minutes.

I cannot comment on licensing costs and pricing as I am unsure of the exact costs.

I rate AWS WAF an eight out of ten. I would advise new customers to choose custom policies because they provide more flexibility in guarding against attacks on cloud infrastructures. Additionally, it protects both regional and global servers.

We use the solution for publishing important applications. These sites are accessed by hundred to one million users every day.

We do not have to maintain the solution. Amazon maintains the product.

We have a lot of issues related to attacks on our cloud. There is a limitation on how to mitigate the issues in the solution. The product should improve the DDoS-related features.

The solution should provide an advanced tool for DDoS migration and a better reporting method. Compared to other solutions, we do not get all the information we need for reporting.

I am dealing with the solution right now.

The solution is stable. It does not depend on the data centre or browser consumption.

The product has high scalability. I can increase the resources without any effort.

The support team is very helpful.

Positive

The initial setup is too simple on the AWS. It is not complex at all. If we take certain courses and view a lot of videos on how to implement the solution, it is very easy. Support helps us with the deployment.

Our teams do not manage the product. The deployment process includes adding a new customer, reserving their information on the cloud, creating the nodes, publishing the service and testing it on the old security aspects. Then, the solution is deployed on the cloud. 

The time taken for deployment depends on the customer's requirements. Usually, there is a delay due to missing information from the customers. One or two engineers can handle the deployment. We do not need a big team for it.

We have decided to use Cloudflare to integrate with AWS, and most of our issues have been resolved. I would recommend the solution. However, it depends on the customer’s data confidentiality. If there are confidential data on the servers, they should not be on the cloud. They can use the cloud solution if the data is normal and not critical. Overall, I rate the product a seven out of ten.

The regular use case is basically for blocking or giving access to different vendors to different domains. We also use it for managing and identifying the attacks and new rules that we should implement for our public domains to tune up the application firewall or tool, whatever makes more sense for us.

We're using it through the web console and API. We're just using the managed service.

Our organization is launching a lot of betas. We are creating a lot of new different systems for different customers. AWS WAF helps us a lot to make sure that the right customer gets the right access to the system.

The access instruction feature is the most valuable. This is what we use the most.

It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful.

It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one.

Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right.

I have been using AWS WAF for about six months.

Stability-wise, it works as expected.

I definitely see places where it can be more designed to scale. In addition to amazon resources, there is some stuff from other vendors that we wanted to protect. WAF was not a solution for us because we don't have a way to integrate with those things. That was the biggest challenge that we faced. In terms of the number of users, our end users could be in the thousands.

It is okay.

It was okay. We went for the cloud formation, and our deployments happen probably every week.

Everything is managed through cloud formation. After implementation, three or four hours a week are required for maintenance.

We are kind of doing a POC comparison to see what works best. Pricing-wise, AWS is one of the most attractive ones. It is fairly cheap, and we like the pricing part. We're trying to see what makes more sense operation-wise, license-wise, and pricing-wise.

I won't recommend it at the moment because I don't have a full picture to recommend it or say that it is bad or good. I'll probably just keep testing and go with it for probably another six months or a year, and then I can probably recommend it or not. 

Other vendors are also providing solutions for D-DOS protection and WAF. It would be nice to see something outside the box for AWS WAF to make it compete with other vendors.

I would rate AWS WAF a seven out of ten. It does what it is supposed to do, probably not in the best way and not in the best UI, but it works. We like the pricing part, but management is the thing that we don't love the most. If things keep improving, we're definitely going to scale with AWS WAF.

We use the solution for filtering traffic. We do not want our developers to use unnecessary websites. So, we filter the websites using the tool.

All the features are good. AWS Lambda and S3 are valuable tools. We have to use these tools when we build applications.

The cost must be reduced.

I have been using the solution for a year. I use the latest version.

The tool’s stability is very good. It is better than GCP.

The tool’s scalability is good. We have almost 20 users.

The support is helpful.

Positive

We also use GCP.

The initial setup is very easy. Everything is on the cloud. The deployment takes one full day.

We deploy the product in-house. We need one senior solution architect and one junior solution architect to deploy the tool. We have a team of analysts for experiments. We need only one person to maintain the solution.

The product is expensive.

We use almost 40 services. Overall, I rate the product an eight out of ten.