Cloudflare Web Application Firewall Reviews

Cloudflare Web Application Firewall is used to protect the web servers.

The Cloudflare Web Application Firewall's most valuable feature is its ease of configuration.

The accuracy of the Cloudflare Web Application Firewall could be improved by reducing the number of false-negative alerts.

Signature-based detection and data loss prevention could also be improved.

I have been working with Cloudflare Web Application Firewall for one year.

Cloudflare Web Application Firewall is a stable solution.

I am not familiar with the scalability of this solution,

We have 20 people in our organization who are using this solution.

I have not had any issues with the technical support of the Cloudflare Web Application Firewall.

Local support is available.

The initial setup is straightforward, it is easy.

It took four hours to deploy this solution.

It is less expensive than its competitors.

The annual licensing fee is $10,000 USD.

I have not had any issues with this solution, and I would recommend it to others who are interested in using it.

I would rate Cloudflare Web Application Firewall a nine out of ten.

We are partners with Cisco.

I use Cloudflare as a reverse proxy in front of our web part. It is crucial for hiding all traffic with Cloudflare's standard WAF.

For us, the key feature of Cloudflare is DDoS protection and IP hiding, especially since we are a crypto company. We also use rate limiting, particularly for our APIs. Furthermore, we utilize Cloudflare's CDN (cache) functionality, which is not related to security, so I initially skipped mentioning it.

The rate limiting functionality could be enhanced, as we find it somewhat limited.

I have used Cloudflare for approximately two years across different companies.

I have not engaged Cloudflare's technical support, so I cannot comment on it. However, their documentation is comprehensive and reliable.

Neutral

I previously experimented with Azure WAF. In comparison, I find Cloudflare to be easier to implement and more affordable.

The learning curve was steep initially, however, the actual implementation only took about half a day. I first conducted trials with unimportant domains, which took two to three days, before finalizing the setup for our real domain in half a day.

We were a team of three: one responsible for development, another for DevOps, and the third for security.

Cloudflare is cheaper compared to Azure WAF, which I have considered before.

I have previously experimented with Azure WAF.

On a scale from one to ten, I would rate Cloudflare WAF as an eight. I would suggest making the rate limiter functionality better.

The primary use case of Cloudflare Web Application Firewall involves setting up DNS zones and implementing zero trust policies.

Cloudflare Web Application Firewall has enhanced security by effectively managing and cutting off unwanted traffic.

Some of the most valuable features of Cloudflare Web Application Firewall include its DNS zone setup and the zero trust policy.

The dashboard could be more user-friendly, and a console approach like Cloudflare CLI could enhance its usability.

We have been using Cloudflare Web Application Firewall for four years.

On a scale from one to ten, the stability of Cloudflare is a nine.

The scalability of Cloudflare is a ten out of ten.

I had to contact technical support twice, and both times, my issues were resolved satisfactorily. Therefore, I rate them a ten out of ten.

Positive

The initial setup was straightforward, taking only five minutes using Terraform.

From my perspective, the price of Cloudflare Web Application Firewall is quite affordable, rating around an eight or nine.

I highly recommend Cloudflare Web Application Firewall due to its extensive knowledge base and ease of integration with Terraform.

I'd rate the solution ten out of ten.

It is used in the banking sector.

Cloudflare WAF provides protection through rules and functionalities like Cloudflare's SDRAP. Machine learning enables numerous policies that protect traffic flowing through Cloudflare's CDN and endpoints of the application. Additionally, specific protections are implemented against DDoS attacks and to block suspicious IP addresses attempting to access the sites.

Cloudflare provides numerous ready-to-use policies that can be easily enabled with minimal configuration. One such policy is WAF, which includes predefined rulesets for common threats like DDoS attacks. These policies are pre-configured for immediate use, making tuning straightforward. Adjustments may be needed for specific configurations, but the majority are ready to be deployed directly.

Support can be challenging at times. Personally, I recently had an issue with costs and contacted support—they promptly resolved my problem. However, understanding features can be more complex. While much information is freely available, for specific needs, professional support might be necessary and could pose difficulties, if there isn't an in-house engineering team. Despite this, Cloudflare facilitates easy development of custom functionalities. Alternatively, engaging with dedicated communities can also yield valuable insights with the right investment of time.

I have been using Cloudflare Web Application Firewall as an integrator for one year.

Sometimes, as a software vendor, Cloudflare needs to upgrade their software, which can encounter faults but resolve such issues.

I rate the solution's stability an eight out of ten.

The solution is scalable. I rate the solution's scalability a nine out of ten. 

It's challenging to find technical expertise, for technical issues. While there is a network for sales, finding knowledgeable technical support can be difficult.

Neutral

This level of protection is essential, whether the website is an e-commerce platform or simply a gateway for customers accessing banking services. Maintaining visibility and ensuring the site is consistently up and running are critical requirements for such services.

Integration is quite easy when migrating DNS to Cloudflare, as they manage DNS implementation. Once DNS is set up, traffic redirection to their platform is straightforward. However, it's important to manage your IP addresses carefully, possibly using additional tools or configurations to ensure they are properly protected and directed.

Cloudflare leverages AI-driven solutions, with policies set using machine learning, which forms the foundation of their AI capabilities. They offer AI functionalities for developers looking to optimize or distribute their applications, such as Workers, a serverless solution enabling application deployment without the need for dedicated machines. This setup is also AI-enabled, enhancing its capabilities

Overall, I rate the solution a nine out of ten.

Our use case of this solution is to secure our web applications hosted on Cloudflare. I'm a security operations analyst and we are customers of Cloudflare. 

This solution does a good job of preventing web application attacks, SQL injections, and cross-site scripting attacks. We know it's doing a good job because we've tested it. 

The reporting could be improved if it were more granular. Fortigate Firewall, for example, shows all the events at a glance with different fields on a table; you can scroll through for patterns and look at all events. That's not possible with CloudFlare where I need to analyze a report that summarizes all the data. It requires exporting the report as a CSV file, analyzing it in Excel, and then going into CloudFlare to carry out a deeper analysis. If I could do that high-level analysis from the web console and then drill down specific events, it would be a great feature that would improve this product. 

I've been using this solution for seven months. 

The solution is stable, we haven't had any downtime. 

The solution is easily scalable. 

I previously used Imperva Web Application Firewall. For tracking metrics, I think CloudFlare does a better job with its graphs and the user interface. Its web console presents those metrics in an easily readable manner and it does that better than Incapsula or Imperva. I think Imperva speaks more to security, and preventing attacks and is more focused on details about the attacks. CloudFlare does more because it shows your availability metrics, traffic metrics, and security metrics. In terms of the user interface, I'd say that CloudFlare does a better job in reporting.

There is some maintenance required when it comes to updates and we periodically have to review the rules sets which require going into the list of rules and finding those connected to that particular view and then enabling them in your environment. We have three admins working on this product. We use the solution on a daily basis. 

If you're going to be reporting heavily and want to leverage the reporting features to measure the performance of your websites, then CloudFlare does that very well.

I rate this solution eight out of 10. 

As the name suggests, it's a web application firewall. You use it almost like a firewall in front of a web application. It helps filter out the bad traffic or the Layer 7 malicious traffic.

Cloudflare provides packaged OWASP rulesets and Cloudflared managed rulesets. Cloudflare provides weekly scheduled rule updates or emergency rule updates. Both rulesets seem very accurate, does not generate much false positives. Before the deployment, I was concerned about how many false positives I have to deal with daily. Very glad the WAF rulesets works out of box, and requires very little tuning or maintenance. 

Their documentation could be better. They don't have documentation that explains everything well. They have documentation for everything you're looking for, but they lack a single piece of documentation to tie everything together. As a new user or beginner, it took us a little bit of time to figure out how to put all these things in place. I wish they had easier introduction documents written to help us transition into it. It takes a little bit of effort for a new user to figure out how to do this.

I have asked them for some additional features. I want to be able to quickly find out the rules that I have modified because there are thousands of rules. It took a little bit of effort to figure out which rules I have modified. A feature like that will make it easier for me to track down the changes.

I have been using CloudFlare WAF for a few months.

CloudFlare WAF is a stable solution. Once you figure out how to set it up and get it running, it's beautiful. 

Scalability is wonderful. It's very easy to scale, and this is the primary reason for selecting it. After all, the software is a service. There's no problem when it comes to scaling.

Tech support is solid. No issues there.

The initial setup is a little bit tricky because of poor documentation. Their modeling steers you more towards the enterprise tier. When you pay for the enterprise tier, you can have engineers work directly with you to guide you and help you set it up. But if you just try to do it by yourself, that's when you'll face some difficulty.

We implemented this solution by ourselves.

We pay $210 per month for CloudFlare WAF.

I would tell potential users that once you figured out that initial part, it's straightforward. I would suggest that they look at what they need and compare the costs and management costs. There are various WAFs out there, but it really comes down to comparing the cost and how much effort it takes to deploy it and manage them.

On a scale from one to ten, I would give CloudFlare WAF a solid eight.

We use Cloudflare Web Application Firewall for verification of applications from various domains. Also protecting the server from exposure by implementing the Proxy Server feature on front end i.e. on client's side. Also implemented both hosts based & Cloud based WAF. 

We are required to follow a specific and separate set of rules for web applications for DDoS attacks while working with AWS and Azure. Instead, there could be an option to duplicate the cluster to maintain the consistency of rules.

We have been using Cloudflare Web Application Firewall for three to four years.

I rate Cloudflare Web Application Firewall's stability a nine out of ten.

It is a scalable platform. Although it lacks some features. We have two to three users for it. I rate its scalability an eight out of ten.

The initial setup process is simple.

I implemented the product myself.

Cloudflare Web Application Firewall has certain limitations for rules. I rate it a seven out of ten.

I use Cloudflare Web Application Firewall to stop attacks on web application firewalls.

The product has improved our security posture by blocking bad actors.

The blocked logs are difficult to read at times.

I rate the solution's stability a ten out of ten.

I rate the product's scalability a ten out of ten.

I have not used technical support.

Cloudflare Web Application Firewall's deployment was easy.

The tool's ROI is pretty immediate.

We evaluated the Amazon Web Application Firewall.

I rate the product a ten out of ten.