AWS WAF Reviews

We use the AWS platform to implement custom security rules based on our company's SOP. We apply custom rules to protect specific APIs and specific endpoint URLs. This allows us to tailor our security measures to our specific needs and requirements.

AWS WAF has improved our organization by allowing us to restrict access to our services based on location, which means that only customers from specific locations can access our services. It helps protect against unauthorized access and data breaches.

The most valuable feature is the capability to limit access based on geographical location by restricting specific IP addresses.

In terms of improvement, AWS WAF works perfectly fine right now. I would like to see the addition of more advanced rate-limiting features in the next release. It would be beneficial to extend rate limiting beyond just web servers to the main node level.

I have been using AWS WAF for three years.

I would rate the stability of the solution an eight out of ten.

I would rate the scalability of AWS WAF an eight out of ten. All requests, about 100,000 per month, go through the AWS App, ensuring the entire infrastructure is compliant with it. We use it 24/7.

The technical support is slow to respond, and it's a paid service. I wouldn't recommend relying on it.

Negative

The initial setup was simple and I did it myself. I would rate it an eight out of ten in terms of easiness. The deployment was in-house and it took five to ten minutes. It is mostly automated so it did not require much manual assistance. If errors or failures occur, reports are generated and shared with the relevant team for resolution. The deployment process involved specifying endpoint URLs in the web test code to enable automatic integration and we had to wait a little due to cooling time on the web test board. 

The solution is really expensive. I would give it a ten out of ten in terms of costliness. You have to pay additionally for data transfer. 

I would advise someone considering AWS WAF to start with testing on AWS but be cautious of data transfer costs, especially if the project is longer than four months because that is when the additional cost appears. You should assess if it's suitable for your specific use case and make sure to test it before committing to avoid unexpected expenses when moving to the cloud. Overall, I would rate the solution a six out of ten.

We use the product for the protection of our public-facing web applications. 

We preferred the product based on its cost. AWS WAF is an out-of-the-box solution and integrates with the AWS services that we use. It's natively integrated with AWS. 

We have issues with reporting, troubleshooting, and analytics. AWS WAF needs to bring costs down. 

I have been working with the solution for 18 months. 

AWS WAF is stable. 

The solution is scalable. 

We use Amazon enterprise support. It is good but expensive. 

We used Cloudflare and Palo Alto before. We chose AWS WAF since it integrates with native services. 

The tool's setup is complex but it is easy after installation. 

I would rate AWS WAF's pricing a seven out of ten. 

I would rate AWS WAF a seven out of ten. 

AWS WAF is a tool we use in my company since we don't currently have a firewall. We can be safer if we have a firewall, and the receive protection side can avoid any vulnerability attacks.

AWS WAF is a firewall we use from time to time in my company.

I don't think any improvement is needed in AWS WAF.

As technology develops and grows, AWS WAF will have to improve as a product.

AWS WAF should provide better protection to its users, and the security features need to improve.

I have been using AWS WAF for six years. There is no specific version of the product since the vendor provides the services for the solution, and my company just uses it.

AWS WAF is a stable solution. The performance of the solution is very good.

Stability-wise, I rate the solution a ten out of ten.

My company doesn't rely on AWS WAF's scalability since it's a tool that is totally on the cloud. If the tool goes down by any chance, AWS provides the solution on the steps that need to be taken.

Around 30 employees in my company use AWS WAF.

The product is not extensively used in my company.

My company has no plans to increase the number of users of AWS WAF. If our client wants to increase the number of users, we need to act on the server.

The solution's technical support is good.

The product's setup phase was pretty easy.

Sharing the code files and database configurations are the two steps we follow for deploying the product.

The product's setup phase was carried out in-house.

There are no separate licensing costs we pay for since it is included in the plan we purchase.

AWS WAF has been releasing the product on a test-case basis.

It's always good to take precautionary methods for the production website. If everything goes fine, do work in your staging and UAT, not in the production part. The aforementioned details are the precautionary methods we have to follow.

Overall, I rate the solution a ten out of ten.

We use the solution as a firewall to protect the network from malicious requests.

The solution helps our organization to comply with our security standards.

The solution allows us to set up rules for blocking malicious requests. We can configure a pool of such sources and choose what to do (allow/block/count) when a request comes from them.

The solution can include provisions to block requests targeted at specific URIs (/.env) which are obviously malicious. Also, sometimes it blocks legitimate requests. We have to keep changing some of our rules in this case. It would be great if they maintained the AWS-managed rule sets properly.

We have been using the solution for the last eight months.

It is a stable solution. Although sometimes even legitimate requests fail.

I rate its stability an eight out of ten.

It is a scalable solution. We have two users in our organization.

The solution's initial setup process is easy.

I advise others to set their security principles while building the software itself, as WAF is not entirely reliable. I rate it an eight out of ten.

The solution's price is affordable compared to Fastly.

They should make the solution's implementation process faster. Presently, we have to write code and work a lot more for integration. It doesn't provide any default logs. So, we need help getting logs, audio, and dashboard queries. Also, there should be technical documentation for the solution in case of errors. Every time we have to log a support case with AWS to obtain details to resolve it. Instead, it would be better if they provide a proper document for reference.

The solution is stable.

The solution is very scalable. We have 150 solution users in our organization.

The solution's technical support is good.

We have used Fastly before. It is easier to implement but is expensive compared to AWS.

The solution's initial setup process is very complex. We need to write code for image optimization. Overall, its implementation is time-consuming.

The solution's cost depends on the use cases.

I rate the solution a ten. It requires executives with technical knowledge to understand the use cases.

I use the solution for firewall protection. It can also be used for authentication and authorization.

AWS WAF is a great solution. We can host any DB or application on the solution.

The solution can improve its price.

I have been using the solution for five years.

The solution is very stable.

The solution is very scalable. Approximately 1000 people in our organization use the solution.

The initial setup is straightforward.

When we had set it up for a large insurance company, the deployment took us over six weeks. We deployed the solution with an in-house team. We need quite a bit of technical staff to maintain the solution.

I use the latest version of the solution. I have used Oracle and Azure too. Overall, I rate the solution a five out of ten.

We faced many potential threats, such as hackers flooding in the requests, so we started using AWS WAF to block those IPs and stop those attacks. If multiple IPs are trying to attack our product, we'll also use AWS WAF by selecting the endpoints the hackers were attacking and then blocking those endpoints. Our cybersecurity team primarily uses AWS WAF.

What I like best about AWS WAF is that it's a simple tool, so I could understand the basics of AWS WAF in two to three hours. From the start, I know its purpose and its use case.

AWS WAF also has documentation. It's a user-friendly tool, and it's easy to know how to block the IPs and endpoints.

AWS WAF would be better if it uses AI or machine learning to detect a potential attack or a potential IP that creates an attack even before it happens. I want AWS WAF to capture the IP and automatically write the rule to automate the entire process. I want an AI feature in AWS WAF in the future.

I only saw how AWS WAF works for seven months when the cybersecurity team used it, so my knowledge of the tool is basic. I'm not an expert on AWS WAF.

AWS WAF is a stable product.

I have yet to contact the AWS WAF technical support.

As the company is an Amazon customer, the company looked into what other Amazon services could prevent the attack and came across AWS WAF when the attack happened. The tool was also easy to use and could prevent attacks and safeguard the company's product, so the company decided to use AWS WAF.

The initial setup for AWS WAF was simple. It was a basic setup process, though I have no idea about deployment time.

AWS WAF costs $5 monthly plus $1 for the rule. It's cheap, cost-wise. It's worth the money.

AWS WAF has three users within the company.

If I were to advise you on using AWS WAF, I'd tell you first to understand how the attack is happening. For example, is it a single server attack or multiple servers or regions? It would be best to find out which target is being attacked. You need to know the basics before using AWS WAF. You also need to know the rules. You need to understand how to secure your endpoints. Users should have a basic understanding of AWS WAF and its purposes before using it. You need basic cybersecurity knowledge.

I'm new to cybersecurity, so AWS WAF is the first cybersecurity product I used and based on my experience and usage, it's a ten out of ten. AWS WAF is a user-friendly, on-point tool, and I could understand it easily.

My company is an Amazon customer.

It's more of an application security tool that we use to secure applications. 

AWS WAF is something that someone from a cloud background or cloud security background leverages. If they want to natively use a solution in the cloud, AWS WAF comes in handy. It's very useful for that, and the way we can fine-tune the WAF rules is also nice.

It's pretty much an AWS native service, so it's something that they improve year after year. They do continuous improvements on a year-by-year basis, so the product is really good. An improvement area would be that it's more of a manual effort when you have to enable rules. That's one of the downsides. If that can be done in an automated way, it would be great. That's a lagging feature currently.

It could also support multi-cloud integration where you can integrate with applications other than AWS applications. It would be a good feature or use case for this solution.

I've been using this solution for almost three to four years.

It's stable. I'd rate it an eight out of ten in terms of stability.

It's scalable. We probably have more than a hundred users. It's pretty much being used by everyone, such as engineers, managers, etc. Everyone is into it.

We get good support. I'd rate them a nine out of ten.

Positive

We didn't use any similar solution previously. In the future, we might use another solution, but for now, we are more into AWS WAF.

It's neither complex nor simple. It's somewhere in the middle. I'd rate it a six out of ten in terms of the ease of the setup.

It's a cloud solution, and we have a multi-cloud scenario. We are pretty much using all four clouds: Amazon, Azure, AWS, and Oracle. It's a mix-and-match or hybrid.

In terms of maintenance, there would be a team of engineers to maintain it.

Its price is fair. There is a very fair amount that they charge.

It has a pay-as-you-go model, so it pretty much depends on how much a user uses it. As per the cloud norms, the more you use, the more you pay. I would rate it a five out of ten in terms of pricing.

Overall, I'd rate it a seven out of ten because it's not automated and it's a bit complicated to implement or deploy the solution.