AWS WAF Reviews

We use the solution for our applications. We have deployed multiple applications on the AWS platform. We use the tool to provide additional security to our applications.

The product’s availability, ease of configuration, and documentation are valuable.

The product has fewer features. It didn’t fulfill all our requirements when we installed it. It is getting better now, though. The product must provide more features.

I have been using the solution for a few years.

I rate the product’s stability a nine out of ten.

The product is highly scalable and highly available. I rate the scalability a nine out of ten. We have deployed three applications. We have two administrators for our infrastructure. The number of users varies according to our customers. We provide the user interface to our customers.

The technical support team is good. The support persons provide prompt responses. They are always available and provide solutions to our queries.

Positive

The setup is very easy. We have proper documentation, so we have no issues. We have deployed the tool for additional security. It is a cloud solution. We need two members from the cloud infrastructure team and eight from the application support team for the deployment and maintenance of the tool.

We deploy the tool ourselves.

The solution provides an additional layer of security.

The solution is affordable.

If a company needs an additional layer of security, it can use AWS WAF. I recommend the product to others. Overall, I rate the product a ten out of ten.

We use AWS WAF to protect internet system applications. 

The most valuable feature of the solution is the ability to integrate central sets. It protects from intrusion attacks such as scripting and SQL injections. 

We should be able to do proper whitelisting. 

I have been working with the solution for four years. 

AWS WAF is stable. 

My company has more than 10,000 users. The tool is scalable. 

AWS WAF's tech support is not complicated. 

Positive

AWS WAF's deployment is easy. 

We have seen ROI with the tool's use.

AWS WAF has reasonable pricing. 

You need to consider the use cases before implementing the solution. I rate it a ten out of ten. 

I'm a manager and in charge of IT infrastructure and information security for an airline company. We're a customer of AWS WAF. We use the product to protect the websites that our customers access to book flights. It provides the sites with DDoS protection and OWASP top 10 application security.

The best features are the security firewall and the features that protect against database injections or scripting, and against overall OWASP top 10, but I have concerns about the cloud front which doesn't handle bot attacks properly, so it's not as effective as I would like it to be.

A significant improvement would be built in bots protection enhancement, or seamless integration with other products. For now, there are limited feature to protect against an attack from the bad bots so users go to third party solutions, which just complicates integration and operation.

A helpful additional feature would be to have a fully unified unique product, including the DDoS, with sophisticated attack capabilities including anti bot management. They should also take a look at reviewing the complexity of the integration with other third-party vendor solutions.

I've been using the product for the last two years. We upgraded recently and I'm using the latest version. 

Technical support is good. 

Deployment is easy, it's not complex.The complexity is when you need it for integration with other third-party products. We also use CDN, part of the web solution from Amazon. 

The price of the product is fair enough and one of the product's advantages. Their price is good compared to other vendors. 

The main difference with other similar products is the security efficiency against the type of attacks because normally Amazon works with certain types of attacks and is unable to deal with most of the more sophisticated new attacks that are now the market. So if you compare AWS WAF to the leaders in the field like Imperva, Akamai or radware, they are still beyond these products.

I would recommend that if you don't have a critical heavy use website, and you have a simple business that doesn't require high protection or high-security efficiency, go with this product, but if you have something where security is critical you should go with the leaders in the market, companies like Akamai, Radware, PerimeterX or Imperva.

I would rate this product a seven out of 10. 

We use the solution as a firewall to protect the network from malicious requests.

The solution helps our organization to comply with our security standards.

The solution allows us to set up rules for blocking malicious requests. We can configure a pool of such sources and choose what to do (allow/block/count) when a request comes from them.

The solution can include provisions to block requests targeted at specific URIs (/.env) which are obviously malicious. Also, sometimes it blocks legitimate requests. We have to keep changing some of our rules in this case. It would be great if they maintained the AWS-managed rule sets properly.

We have been using the solution for the last eight months.

It is a stable solution. Although sometimes even legitimate requests fail.

I rate its stability an eight out of ten.

It is a scalable solution. We have two users in our organization.

The solution's initial setup process is easy.

I advise others to set their security principles while building the software itself, as WAF is not entirely reliable. I rate it an eight out of ten.

We use the solution for publishing important applications. These sites are accessed by hundred to one million users every day.

We do not have to maintain the solution. Amazon maintains the product.

We have a lot of issues related to attacks on our cloud. There is a limitation on how to mitigate the issues in the solution. The product should improve the DDoS-related features.

The solution should provide an advanced tool for DDoS migration and a better reporting method. Compared to other solutions, we do not get all the information we need for reporting.

I am dealing with the solution right now.

The solution is stable. It does not depend on the data centre or browser consumption.

The product has high scalability. I can increase the resources without any effort.

The support team is very helpful.

Positive

The initial setup is too simple on the AWS. It is not complex at all. If we take certain courses and view a lot of videos on how to implement the solution, it is very easy. Support helps us with the deployment.

Our teams do not manage the product. The deployment process includes adding a new customer, reserving their information on the cloud, creating the nodes, publishing the service and testing it on the old security aspects. Then, the solution is deployed on the cloud. 

The time taken for deployment depends on the customer's requirements. Usually, there is a delay due to missing information from the customers. One or two engineers can handle the deployment. We do not need a big team for it.

We have decided to use Cloudflare to integrate with AWS, and most of our issues have been resolved. I would recommend the solution. However, it depends on the customer’s data confidentiality. If there are confidential data on the servers, they should not be on the cloud. They can use the cloud solution if the data is normal and not critical. Overall, I rate the product a seven out of ten.

We are an AWS service provider and we use the solution for the cloud and to provide service to other users.

The stability of AWS WAF is valuable.

The cost management has room for improvement.

I have been using the solution for eight years.

I give the stability a ten out of ten.

I give the scalability a nine out of ten.

The technical support is helpful.

The price is average.

I give the solution a ten out of ten.

The solution is a public cloud platform and we have millions of users.

While I cannot say for certain, I believe that we are using the latest version. 

I like the scalability, as it provides platform, infrastructure and software as a service. These are the best features. When it comes to the API Gateway, such as Amazon Web Application Framework, the web application will be protected by all industry standard security aspects. We are talking about encryption, firewalls, SSL and TLS. Basically, all web exploit policies and rules will be applied, so that one's web or mobile app can be highly secured.

In terms of hosting the instances, the solution takes care of all necessary scaling to ensure that the application load is balanced. The horizontal or vertical scaling can be automatically removed. As such, AWS provides many services and features. 

The pricing should be more affordable, especially as it pertains to small clients. 

While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex. These could stand improvement and bring down my rating of the product. 

Customer support should also be improved. 

I have been using AWS WAF for around two years. 

The solution is stable. 

The solution is scalable. 

While it can vary according to the service involved, installation, configuration and navigation are, broadly speaking, complex. 

The solution could be more cost-efficient for small customers. 

The solution may be expensive for smaller customers and vendors, although it would be recommended for large ones who can afford it. 

Our organization has only a few years, consisting of the internal team, who are making use of the solution. 

I rate AWS WAF as a six out of ten. 

We use the solution for filtering traffic. We do not want our developers to use unnecessary websites. So, we filter the websites using the tool.

All the features are good. AWS Lambda and S3 are valuable tools. We have to use these tools when we build applications.

The cost must be reduced.

I have been using the solution for a year. I use the latest version.

The tool’s stability is very good. It is better than GCP.

The tool’s scalability is good. We have almost 20 users.

The support is helpful.

Positive

We also use GCP.

The initial setup is very easy. Everything is on the cloud. The deployment takes one full day.

We deploy the product in-house. We need one senior solution architect and one junior solution architect to deploy the tool. We have a team of analysts for experiments. We need only one person to maintain the solution.

The product is expensive.

We use almost 40 services. Overall, I rate the product an eight out of ten.