Cloudflare Web Application Firewall Reviews

Our use case of this solution is to secure our web applications hosted on Cloudflare. I'm a security operations analyst and we are customers of Cloudflare. 

This solution does a good job of preventing web application attacks, SQL injections, and cross-site scripting attacks. We know it's doing a good job because we've tested it. 

The reporting could be improved if it were more granular. Fortigate Firewall, for example, shows all the events at a glance with different fields on a table; you can scroll through for patterns and look at all events. That's not possible with CloudFlare where I need to analyze a report that summarizes all the data. It requires exporting the report as a CSV file, analyzing it in Excel, and then going into CloudFlare to carry out a deeper analysis. If I could do that high-level analysis from the web console and then drill down specific events, it would be a great feature that would improve this product. 

I've been using this solution for seven months. 

The solution is stable, we haven't had any downtime. 

The solution is easily scalable. 

I previously used Imperva Web Application Firewall. For tracking metrics, I think CloudFlare does a better job with its graphs and the user interface. Its web console presents those metrics in an easily readable manner and it does that better than Incapsula or Imperva. I think Imperva speaks more to security, and preventing attacks and is more focused on details about the attacks. CloudFlare does more because it shows your availability metrics, traffic metrics, and security metrics. In terms of the user interface, I'd say that CloudFlare does a better job in reporting.

There is some maintenance required when it comes to updates and we periodically have to review the rules sets which require going into the list of rules and finding those connected to that particular view and then enabling them in your environment. We have three admins working on this product. We use the solution on a daily basis. 

If you're going to be reporting heavily and want to leverage the reporting features to measure the performance of your websites, then CloudFlare does that very well.

I rate this solution eight out of 10. 

The primary use case of Cloudflare Web Application Firewall involves setting up DNS zones and implementing zero trust policies.

Cloudflare Web Application Firewall has enhanced security by effectively managing and cutting off unwanted traffic.

Some of the most valuable features of Cloudflare Web Application Firewall include its DNS zone setup and the zero trust policy.

The dashboard could be more user-friendly, and a console approach like Cloudflare CLI could enhance its usability.

We have been using Cloudflare Web Application Firewall for four years.

On a scale from one to ten, the stability of Cloudflare is a nine.

The scalability of Cloudflare is a ten out of ten.

I had to contact technical support twice, and both times, my issues were resolved satisfactorily. Therefore, I rate them a ten out of ten.

Positive

The initial setup was straightforward, taking only five minutes using Terraform.

From my perspective, the price of Cloudflare Web Application Firewall is quite affordable, rating around an eight or nine.

I highly recommend Cloudflare Web Application Firewall due to its extensive knowledge base and ease of integration with Terraform.

I'd rate the solution ten out of ten.

Cloudflare Web Application Firewall is used to protect the web servers.

The Cloudflare Web Application Firewall's most valuable feature is its ease of configuration.

The accuracy of the Cloudflare Web Application Firewall could be improved by reducing the number of false-negative alerts.

Signature-based detection and data loss prevention could also be improved.

I have been working with Cloudflare Web Application Firewall for one year.

Cloudflare Web Application Firewall is a stable solution.

I am not familiar with the scalability of this solution,

We have 20 people in our organization who are using this solution.

I have not had any issues with the technical support of the Cloudflare Web Application Firewall.

Local support is available.

The initial setup is straightforward, it is easy.

It took four hours to deploy this solution.

It is less expensive than its competitors.

The annual licensing fee is $10,000 USD.

I have not had any issues with this solution, and I would recommend it to others who are interested in using it.

I would rate Cloudflare Web Application Firewall a nine out of ten.

We are partners with Cisco.

As the name suggests, it's a web application firewall. You use it almost like a firewall in front of a web application. It helps filter out the bad traffic or the Layer 7 malicious traffic.

Cloudflare provides packaged OWASP rulesets and Cloudflared managed rulesets. Cloudflare provides weekly scheduled rule updates or emergency rule updates. Both rulesets seem very accurate, does not generate much false positives. Before the deployment, I was concerned about how many false positives I have to deal with daily. Very glad the WAF rulesets works out of box, and requires very little tuning or maintenance. 

Their documentation could be better. They don't have documentation that explains everything well. They have documentation for everything you're looking for, but they lack a single piece of documentation to tie everything together. As a new user or beginner, it took us a little bit of time to figure out how to put all these things in place. I wish they had easier introduction documents written to help us transition into it. It takes a little bit of effort for a new user to figure out how to do this.

I have asked them for some additional features. I want to be able to quickly find out the rules that I have modified because there are thousands of rules. It took a little bit of effort to figure out which rules I have modified. A feature like that will make it easier for me to track down the changes.

I have been using CloudFlare WAF for a few months.

CloudFlare WAF is a stable solution. Once you figure out how to set it up and get it running, it's beautiful. 

Scalability is wonderful. It's very easy to scale, and this is the primary reason for selecting it. After all, the software is a service. There's no problem when it comes to scaling.

Tech support is solid. No issues there.

The initial setup is a little bit tricky because of poor documentation. Their modeling steers you more towards the enterprise tier. When you pay for the enterprise tier, you can have engineers work directly with you to guide you and help you set it up. But if you just try to do it by yourself, that's when you'll face some difficulty.

We implemented this solution by ourselves.

We pay $210 per month for CloudFlare WAF.

I would tell potential users that once you figured out that initial part, it's straightforward. I would suggest that they look at what they need and compare the costs and management costs. There are various WAFs out there, but it really comes down to comparing the cost and how much effort it takes to deploy it and manage them.

On a scale from one to ten, I would give CloudFlare WAF a solid eight.

I use Cloudflare Web Application Firewall to stop attacks on web application firewalls.

The product has improved our security posture by blocking bad actors.

The blocked logs are difficult to read at times.

I rate the solution's stability a ten out of ten.

I rate the product's scalability a ten out of ten.

I have not used technical support.

Cloudflare Web Application Firewall's deployment was easy.

The tool's ROI is pretty immediate.

We evaluated the Amazon Web Application Firewall.

I rate the product a ten out of ten.

The primary use case for Cloudflare Web Application Firewall involves comprehensive security functionality across various access protocols. The system acts as a gateway, managing authentication, authorization pass-through, and traffic routing based on regional considerations. It encompasses web component modules and a reverse web application firewall, allowing secure authorization and authentication processes based on particular application sets.

The product has a valuable security control functionality. It monitors authorization processes to identify and address potential errors. We can view different components and prerequisites simultaneously, including time stamps, peak time, load time, etc. We only have to ensure that we have scaled all the authentication measures as per requirements.

The platform's control features related to real-time authentication and response time need improvement.

I rate Cloudflare Web Application Firewall a seven out of ten.

We use Cloudflare Web Application Firewall for verification of applications from various domains. Also protecting the server from exposure by implementing the Proxy Server feature on front end i.e. on client's side. Also implemented both hosts based & Cloud based WAF. 

We are required to follow a specific and separate set of rules for web applications for DDoS attacks while working with AWS and Azure. Instead, there could be an option to duplicate the cluster to maintain the consistency of rules.

We have been using Cloudflare Web Application Firewall for three to four years.

I rate Cloudflare Web Application Firewall's stability a nine out of ten.

It is a scalable platform. Although it lacks some features. We have two to three users for it. I rate its scalability an eight out of ten.

The initial setup process is simple.

I implemented the product myself.

Cloudflare Web Application Firewall has certain limitations for rules. I rate it a seven out of ten.

We use the solution to protect web applications.

The solution is easy to use.

Sometimes, it is challenging to access our applications using the solution. They should work on this particular area. Also, its availability needs improvement.

We have been using the solution for two years.

We encounter stability issues regarding the solution's availability to access applications.

We have 200 solution users in our organization. We use it extensively and plan to increase the usage.

We contact our service provider for any technical issues with the solution.

The solution's deployment takes two to three days to complete.

Our service provider helps us install the solution.

The solution is expensive. We purchase a yearly based license for it.

I recommend the solution to others and rate it a six out of ten.