AWS WAF Reviews

Our company uses the solution with F5 to secure applications from the injection, the track, and vulnerabilities. 

We use the built-in solution provided by SGO for the web. 

The web solution effectively protects from vulnerabilities and cyber attacks. 

The solution is menu driven and operates with no coding.

It is easy to manage and use the solution. 

The solution should identify why it blocks particular websites. The solution performs high-level blocks but doesn't provide very much detail. For example, a particular IT is blocked due to a vulnerability but we are not able to identify the reason for the block. Our developers or IT staff need to be able to identify vulnerabilities to fix applications. 

We would like output that tracks how many concurrent requests come through a particular application gateway, the response times for requests, and the latency parameters. 

I have been using the solution for two years. 

The solution is very stable so I rate stability a ten out of ten. 

The setup is easy so I rate it a nine out of ten. 

We implemented through a third party and it only took a few minutes. 

The pricing is good and manageable. I rate pricing a ten out of ten. 

I recommend the solution for protecting web applications. 

I rate the solution a ten out of ten. 

Support for AWS WAF needs improvement.

I've been using AWS WAF for a very short period, e.g. just a few weeks.

I find AWS WAF to be a stable product.

AWS WAF is a scalable product.

Technical support for AWS WAF could still be improved, e.g. support could be faster, more knowledgeable, and friendlier.

The initial setup for AWS WAF was straightforward. It could take between two days to two weeks.

We implemented AWS WAF through our in-house team and a consultant.

I've been using a mix of AWS products, including AWS WAF.

I'm satisfied with AWS WAF, and I've had no issues with it. I can't really find fault in the product. It's a good product.

We have hundreds of AWS WAF users within our company. We also have plans of increasing the number of users of the product.

The advice I would give to people who want to start using AWS WAF is that it's a good option if they're migrating to the cloud. It can take up a lot of legacy systems, e.g. it's scalable. Most of my customers are on the cloud, and for anyone who's struggling, it would be good to start anytime. Start small and scale, rather than just going fully onto the cloud.

Users need to pay for the product license.

My rating for AWS WAF is eight out of ten.

We use the AWS platform to implement custom security rules based on our company's SOP. We apply custom rules to protect specific APIs and specific endpoint URLs. This allows us to tailor our security measures to our specific needs and requirements.

AWS WAF has improved our organization by allowing us to restrict access to our services based on location, which means that only customers from specific locations can access our services. It helps protect against unauthorized access and data breaches.

The most valuable feature is the capability to limit access based on geographical location by restricting specific IP addresses.

In terms of improvement, AWS WAF works perfectly fine right now. I would like to see the addition of more advanced rate-limiting features in the next release. It would be beneficial to extend rate limiting beyond just web servers to the main node level.

I have been using AWS WAF for three years.

I would rate the stability of the solution an eight out of ten.

I would rate the scalability of AWS WAF an eight out of ten. All requests, about 100,000 per month, go through the AWS App, ensuring the entire infrastructure is compliant with it. We use it 24/7.

The technical support is slow to respond, and it's a paid service. I wouldn't recommend relying on it.

Negative

The initial setup was simple and I did it myself. I would rate it an eight out of ten in terms of easiness. The deployment was in-house and it took five to ten minutes. It is mostly automated so it did not require much manual assistance. If errors or failures occur, reports are generated and shared with the relevant team for resolution. The deployment process involved specifying endpoint URLs in the web test code to enable automatic integration and we had to wait a little due to cooling time on the web test board. 

The solution is really expensive. I would give it a ten out of ten in terms of costliness. You have to pay additionally for data transfer. 

I would advise someone considering AWS WAF to start with testing on AWS but be cautious of data transfer costs, especially if the project is longer than four months because that is when the additional cost appears. You should assess if it's suitable for your specific use case and make sure to test it before committing to avoid unexpected expenses when moving to the cloud. Overall, I would rate the solution a six out of ten.

We use the product for the protection of our public-facing web applications. 

We preferred the product based on its cost. AWS WAF is an out-of-the-box solution and integrates with the AWS services that we use. It's natively integrated with AWS. 

We have issues with reporting, troubleshooting, and analytics. AWS WAF needs to bring costs down. 

I have been working with the solution for 18 months. 

AWS WAF is stable. 

The solution is scalable. 

We use Amazon enterprise support. It is good but expensive. 

We used Cloudflare and Palo Alto before. We chose AWS WAF since it integrates with native services. 

The tool's setup is complex but it is easy after installation. 

I would rate AWS WAF's pricing a seven out of ten. 

I would rate AWS WAF a seven out of ten. 

AWS WAF is a tool we use in my company since we don't currently have a firewall. We can be safer if we have a firewall, and the receive protection side can avoid any vulnerability attacks.

AWS WAF is a firewall we use from time to time in my company.

I don't think any improvement is needed in AWS WAF.

As technology develops and grows, AWS WAF will have to improve as a product.

AWS WAF should provide better protection to its users, and the security features need to improve.

I have been using AWS WAF for six years. There is no specific version of the product since the vendor provides the services for the solution, and my company just uses it.

AWS WAF is a stable solution. The performance of the solution is very good.

Stability-wise, I rate the solution a ten out of ten.

My company doesn't rely on AWS WAF's scalability since it's a tool that is totally on the cloud. If the tool goes down by any chance, AWS provides the solution on the steps that need to be taken.

Around 30 employees in my company use AWS WAF.

The product is not extensively used in my company.

My company has no plans to increase the number of users of AWS WAF. If our client wants to increase the number of users, we need to act on the server.

The solution's technical support is good.

The product's setup phase was pretty easy.

Sharing the code files and database configurations are the two steps we follow for deploying the product.

The product's setup phase was carried out in-house.

There are no separate licensing costs we pay for since it is included in the plan we purchase.

AWS WAF has been releasing the product on a test-case basis.

It's always good to take precautionary methods for the production website. If everything goes fine, do work in your staging and UAT, not in the production part. The aforementioned details are the precautionary methods we have to follow.

Overall, I rate the solution a ten out of ten.

We use the solution as a firewall to protect the network from malicious requests.

The solution helps our organization to comply with our security standards.

The solution allows us to set up rules for blocking malicious requests. We can configure a pool of such sources and choose what to do (allow/block/count) when a request comes from them.

The solution can include provisions to block requests targeted at specific URIs (/.env) which are obviously malicious. Also, sometimes it blocks legitimate requests. We have to keep changing some of our rules in this case. It would be great if they maintained the AWS-managed rule sets properly.

We have been using the solution for the last eight months.

It is a stable solution. Although sometimes even legitimate requests fail.

I rate its stability an eight out of ten.

It is a scalable solution. We have two users in our organization.

The solution's initial setup process is easy.

I advise others to set their security principles while building the software itself, as WAF is not entirely reliable. I rate it an eight out of ten.

The solution's price is affordable compared to Fastly.

They should make the solution's implementation process faster. Presently, we have to write code and work a lot more for integration. It doesn't provide any default logs. So, we need help getting logs, audio, and dashboard queries. Also, there should be technical documentation for the solution in case of errors. Every time we have to log a support case with AWS to obtain details to resolve it. Instead, it would be better if they provide a proper document for reference.

The solution is stable.

The solution is very scalable. We have 150 solution users in our organization.

The solution's technical support is good.

We have used Fastly before. It is easier to implement but is expensive compared to AWS.

The solution's initial setup process is very complex. We need to write code for image optimization. Overall, its implementation is time-consuming.

The solution's cost depends on the use cases.

I rate the solution a ten. It requires executives with technical knowledge to understand the use cases.

I use the solution for firewall protection. It can also be used for authentication and authorization.

AWS WAF is a great solution. We can host any DB or application on the solution.

The solution can improve its price.

I have been using the solution for five years.

The solution is very stable.

The solution is very scalable. Approximately 1000 people in our organization use the solution.

The initial setup is straightforward.

When we had set it up for a large insurance company, the deployment took us over six weeks. We deployed the solution with an in-house team. We need quite a bit of technical staff to maintain the solution.

I use the latest version of the solution. I have used Oracle and Azure too. Overall, I rate the solution a five out of ten.