Try our new research platform with insights from 80,000+ expert users
Olawale Komolafe - PeerSpot reviewer
SOC Analyst at Paystack Inc
Real User
Successfully prevents web application attacks, SQL injections, and cross-site scripting attacks
Pros and Cons
  • "Does a good job preventing web application attacks."
  • "The reporting could be more granular."

What is our primary use case?

Our use case of this solution is to secure our web applications hosted on Cloudflare. I'm a security operations analyst and we are customers of Cloudflare. 

What is most valuable?

This solution does a good job of preventing web application attacks, SQL injections, and cross-site scripting attacks. We know it's doing a good job because we've tested it. 

What needs improvement?

The reporting could be improved if it were more granular. Fortigate Firewall, for example, shows all the events at a glance with different fields on a table; you can scroll through for patterns and look at all events. That's not possible with CloudFlare where I need to analyze a report that summarizes all the data. It requires exporting the report as a CSV file, analyzing it in Excel, and then going into CloudFlare to carry out a deeper analysis. If I could do that high-level analysis from the web console and then drill down specific events, it would be a great feature that would improve this product. 

For how long have I used the solution?

I've been using this solution for seven months. 

Buyer's Guide
Cloudflare Web Application Firewall
December 2024
Learn what your peers think about Cloudflare Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.

What do I think about the stability of the solution?

The solution is stable, we haven't had any downtime. 

What do I think about the scalability of the solution?

The solution is easily scalable. 

Which solution did I use previously and why did I switch?

I previously used Imperva Web Application Firewall. For tracking metrics, I think CloudFlare does a better job with its graphs and the user interface. Its web console presents those metrics in an easily readable manner and it does that better than Incapsula or Imperva. I think Imperva speaks more to security, and preventing attacks and is more focused on details about the attacks. CloudFlare does more because it shows your availability metrics, traffic metrics, and security metrics. In terms of the user interface, I'd say that CloudFlare does a better job in reporting.

How was the initial setup?

There is some maintenance required when it comes to updates and we periodically have to review the rules sets which require going into the list of rules and finding those connected to that particular view and then enabling them in your environment. We have three admins working on this product. We use the solution on a daily basis. 

What other advice do I have?

If you're going to be reporting heavily and want to leverage the reporting features to measure the performance of your websites, then CloudFlare does that very well.

I rate this solution eight out of 10. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
General Manager at Centralschweizerische Kraftwerke AG
Real User
Top 20
Enhanced security with seamless DNS and zero trust integration
Pros and Cons
  • "Some of the most valuable features of Cloudflare Web Application Firewall include its DNS zone setup and the zero trust policy."
  • "The dashboard could be more user-friendly."

What is our primary use case?

The primary use case of Cloudflare Web Application Firewall involves setting up DNS zones and implementing zero trust policies.

How has it helped my organization?

Cloudflare Web Application Firewall has enhanced security by effectively managing and cutting off unwanted traffic.

What is most valuable?

Some of the most valuable features of Cloudflare Web Application Firewall include its DNS zone setup and the zero trust policy.

What needs improvement?

The dashboard could be more user-friendly, and a console approach like Cloudflare CLI could enhance its usability.

For how long have I used the solution?

We have been using Cloudflare Web Application Firewall for four years.

What do I think about the stability of the solution?

On a scale from one to ten, the stability of Cloudflare is a nine.

What do I think about the scalability of the solution?

The scalability of Cloudflare is a ten out of ten.

How are customer service and support?

I had to contact technical support twice, and both times, my issues were resolved satisfactorily. Therefore, I rate them a ten out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup was straightforward, taking only five minutes using Terraform.

What's my experience with pricing, setup cost, and licensing?

From my perspective, the price of Cloudflare Web Application Firewall is quite affordable, rating around an eight or nine.

What other advice do I have?

I highly recommend Cloudflare Web Application Firewall due to its extensive knowledge base and ease of integration with Terraform.

I'd rate the solution ten out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Cloudflare Web Application Firewall
December 2024
Learn what your peers think about Cloudflare Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Senior Security Consultant at Reliance Industries Ltd
Real User
Secure, reliable, reasonably priced, and has helpful technical support
Pros and Cons
  • "The Cloudflare Web Application Firewall's most valuable feature is its ease of configuration."
  • "The accuracy of the Cloudflare Web Application Firewall could be improved by reducing the number of false-negative alerts."

What is our primary use case?

Cloudflare Web Application Firewall is used to protect the web servers.

What is most valuable?

The Cloudflare Web Application Firewall's most valuable feature is its ease of configuration.

What needs improvement?

The accuracy of the Cloudflare Web Application Firewall could be improved by reducing the number of false-negative alerts.

Signature-based detection and data loss prevention could also be improved.

For how long have I used the solution?

I have been working with Cloudflare Web Application Firewall for one year.

What do I think about the stability of the solution?

Cloudflare Web Application Firewall is a stable solution.

What do I think about the scalability of the solution?

I am not familiar with the scalability of this solution,

We have 20 people in our organization who are using this solution.

How are customer service and support?

I have not had any issues with the technical support of the Cloudflare Web Application Firewall.

Local support is available.

How was the initial setup?

The initial setup is straightforward, it is easy.

It took four hours to deploy this solution.

What's my experience with pricing, setup cost, and licensing?

It is less expensive than its competitors.

The annual licensing fee is $10,000 USD.

What other advice do I have?

I have not had any issues with this solution, and I would recommend it to others who are interested in using it.

I would rate Cloudflare Web Application Firewall a nine out of ten.

We are partners with Cisco.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
Director of Platform and Information Security at Brace Software
Real User
A scalable multi-cloud holistic security solution with a valuable OWASP security feature
Pros and Cons
  • "The security features are valuable. The particular feature we use is called OWASP."
  • "Their documentation could be better. They don't have documentation that explains everything well. They have documentation for everything you're looking for, but they lack a single piece of documentation to tie everything together. As a new user or beginner, it took us a little bit of time to figure out how to put all these things in place."

What is our primary use case?

As the name suggests, it's a web application firewall. You use it almost like a firewall in front of a web application. It helps filter out the bad traffic or the Layer 7 malicious traffic.

What is most valuable?

Cloudflare provides packaged OWASP rulesets and Cloudflared managed rulesets. Cloudflare provides weekly scheduled rule updates or emergency rule updates. Both rulesets seem very accurate, does not generate much false positives. Before the deployment, I was concerned about how many false positives I have to deal with daily. Very glad the WAF rulesets works out of box, and requires very little tuning or maintenance. 

What needs improvement?

Their documentation could be better. They don't have documentation that explains everything well. They have documentation for everything you're looking for, but they lack a single piece of documentation to tie everything together. As a new user or beginner, it took us a little bit of time to figure out how to put all these things in place. I wish they had easier introduction documents written to help us transition into it. It takes a little bit of effort for a new user to figure out how to do this.

I have asked them for some additional features. I want to be able to quickly find out the rules that I have modified because there are thousands of rules. It took a little bit of effort to figure out which rules I have modified. A feature like that will make it easier for me to track down the changes.

For how long have I used the solution?

I have been using CloudFlare WAF for a few months.

What do I think about the stability of the solution?

CloudFlare WAF is a stable solution. Once you figure out how to set it up and get it running, it's beautiful. 

What do I think about the scalability of the solution?

Scalability is wonderful. It's very easy to scale, and this is the primary reason for selecting it. After all, the software is a service. There's no problem when it comes to scaling.

How are customer service and technical support?

Tech support is solid. No issues there.

How was the initial setup?

The initial setup is a little bit tricky because of poor documentation. Their modeling steers you more towards the enterprise tier. When you pay for the enterprise tier, you can have engineers work directly with you to guide you and help you set it up. But if you just try to do it by yourself, that's when you'll face some difficulty.

What about the implementation team?

We implemented this solution by ourselves.

What's my experience with pricing, setup cost, and licensing?

We pay $210 per month for CloudFlare WAF.

What other advice do I have?

I would tell potential users that once you figured out that initial part, it's straightforward. I would suggest that they look at what they need and compare the costs and management costs. There are various WAFs out there, but it really comes down to comparing the cost and how much effort it takes to deploy it and manage them.

On a scale from one to ten, I would give CloudFlare WAF a solid eight.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Stefan Rusu - PeerSpot reviewer
Senior DevOps Engineer at a tech vendor with 11-50 employees
Real User
Top 5Leaderboard
Improves security posture by blocking bad actors
Pros and Cons
  • "The product has improved our security posture by blocking bad actors."
  • "The blocked logs are difficult to read at times."

What is our primary use case?

I use Cloudflare Web Application Firewall to stop attacks on web application firewalls.

How has it helped my organization?

The product has improved our security posture by blocking bad actors.

What needs improvement?

The blocked logs are difficult to read at times.

What do I think about the stability of the solution?

I rate the solution's stability a ten out of ten.

What do I think about the scalability of the solution?

I rate the product's scalability a ten out of ten.

How are customer service and support?

I have not used technical support.

How was the initial setup?

Cloudflare Web Application Firewall's deployment was easy.

What was our ROI?

The tool's ROI is pretty immediate.

Which other solutions did I evaluate?

We evaluated the Amazon Web Application Firewall.

What other advice do I have?

I rate the product a ten out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Cloud Solution Architect at Integrated Technology Solution Group (ITSG)
Real User
Top 5
Has a valuable security control functionality, but real-time authentication and response time need improvement
Pros and Cons
  • "The product has a valuable security control functionality."
  • "The platform's control features related to real-time authentication and response time need improvement."

What is our primary use case?

The primary use case for Cloudflare Web Application Firewall involves comprehensive security functionality across various access protocols. The system acts as a gateway, managing authentication, authorization pass-through, and traffic routing based on regional considerations. It encompasses web component modules and a reverse web application firewall, allowing secure authorization and authentication processes based on particular application sets.

What is most valuable?

The product has a valuable security control functionality. It monitors authorization processes to identify and address potential errors. We can view different components and prerequisites simultaneously, including time stamps, peak time, load time, etc. We only have to ensure that we have scaled all the authentication measures as per requirements.

What needs improvement?

The platform's control features related to real-time authentication and response time need improvement.

What other advice do I have?

I rate Cloudflare Web Application Firewall a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Animesh.Kumar - PeerSpot reviewer
Senior Solutions Architect at Think Power Solutions
Real User
Top 5Leaderboard
Creates shield between a web app and the Internet & this shield can help mitigate many common attacks as CSF, XSS & SQL Injection. Provides good scalability but has certain limitations on rule define.
Pros and Cons
  • "The initial setup process is simple."
  • "There could be an option to duplicate the cluster to maintain the consistency of rules."

What is our primary use case?

We use Cloudflare Web Application Firewall for verification of applications from various domains. Also protecting the server from exposure by implementing the Proxy Server feature on front end i.e. on client's side. Also implemented both hosts based & Cloud based WAF

What needs improvement?

We are required to follow a specific and separate set of rules for web applications for DDoS attacks while working with AWS and Azure. Instead, there could be an option to duplicate the cluster to maintain the consistency of rules.

For how long have I used the solution?

We have been using Cloudflare Web Application Firewall for three to four years.

What do I think about the stability of the solution?

I rate Cloudflare Web Application Firewall's stability a nine out of ten.

What do I think about the scalability of the solution?

It is a scalable platform. Although it lacks some features. We have two to three users for it. I rate its scalability an eight out of ten.

How was the initial setup?

The initial setup process is simple.

What about the implementation team?

I implemented the product myself.

What other advice do I have?

Cloudflare Web Application Firewall has certain limitations for rules. I rate it a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Arsene Koffi - PeerSpot reviewer
Head of Digital Transformation Department at MERUTE
Real User
Top 10
An easy-to-use solution but its feature for application accessibility need improvement
Pros and Cons
  • "It protects web applications efficiently."
  • "Its stability could be better."

What is our primary use case?

We use the solution to protect web applications.

What is most valuable?

The solution is easy to use.

What needs improvement?

Sometimes, it is challenging to access our applications using the solution. They should work on this particular area. Also, its availability needs improvement.

For how long have I used the solution?

We have been using the solution for two years.

What do I think about the stability of the solution?

We encounter stability issues regarding the solution's availability to access applications.

What do I think about the scalability of the solution?

We have 200 solution users in our organization. We use it extensively and plan to increase the usage.

How are customer service and support?

We contact our service provider for any technical issues with the solution.

How was the initial setup?

The solution's deployment takes two to three days to complete.

What about the implementation team?

Our service provider helps us install the solution.

What's my experience with pricing, setup cost, and licensing?

The solution is expensive. We purchase a yearly based license for it.

What other advice do I have?

I recommend the solution to others and rate it a six out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Cloudflare Web Application Firewall Report and get advice and tips from experienced pros sharing their opinions.
Updated: December 2024
Buyer's Guide
Download our free Cloudflare Web Application Firewall Report and get advice and tips from experienced pros sharing their opinions.