Cloudflare Web Application Firewall Reviews

We use the solution to protect web applications.

The solution is easy to use.

Sometimes, it is challenging to access our applications using the solution. They should work on this particular area. Also, its availability needs improvement.

We have been using the solution for two years.

We encounter stability issues regarding the solution's availability to access applications.

We have 200 solution users in our organization. We use it extensively and plan to increase the usage.

We contact our service provider for any technical issues with the solution.

The solution's deployment takes two to three days to complete.

Our service provider helps us install the solution.

The solution is expensive. We purchase a yearly based license for it.

I recommend the solution to others and rate it a six out of ten.

The primary use case for Cloudflare Web Application Firewall involves comprehensive security functionality across various access protocols. The system acts as a gateway, managing authentication, authorization pass-through, and traffic routing based on regional considerations. It encompasses web component modules and a reverse web application firewall, allowing secure authorization and authentication processes based on particular application sets.

The product has a valuable security control functionality. It monitors authorization processes to identify and address potential errors. We can view different components and prerequisites simultaneously, including time stamps, peak time, load time, etc. We only have to ensure that we have scaled all the authentication measures as per requirements.

The platform's control features related to real-time authentication and response time need improvement.

I rate Cloudflare Web Application Firewall a seven out of ten.

We have multiple customers using the solution for a WAF. It's also a firewall. Unlike others, where you have to purchase multiple solutions, Cloudflare has everything under one solution. It handles load balancing, CDN, order routing, DDoS protection, and more under one solution. 

We like that everything is covered under one solution instead of having to buy multiple solutions and put them together. 

We like that there's load balancing, firewall capabilities, DDoS protection, et cetera, all covered by Cloudflare. 

Cloudflare has multiple caller sites and many PoPs. Whenever a user tries to get a webpage or any application, all the pages will be scanned with the nearest location data center or on a near-based, performing locally in the data center only. Other vendors have different services in different data centers. In Cloudflare, every data center has all the services. 

Currently, Cloudflare is growing. They are exploding their data centers, which is great for clients. Previously it was 25, and now it's 28 or 30. 

They are good at managing rules. 

The WAF is working fine.

We find the reporting to be very granular. It's quite good. 

I'm happy with whatever features are currently on offer in Cloudflare.

The solution is stable.

It's scalable.

It is an easy-to-set-up solution. 

Technical support has been very good. 

We find the solution competitively priced. 

Finding vulnerabilities or attack patterns needs to evolve continuously. The landscape is changing. Accordingly, the rules have been changed. The Core Ruleset, is already managing that. It has been good at catching malicious activity so far. They just need to continue to invest in this aspect.

They have some limitations with third-party integrations. For example, we can't integrate with our site.  On-premises, we can't do that. You can on Azure storage, of Google Cloud, however. It works better on the cloud.

I've been using the solution for about one year. 

The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

The solution is scalable. It is very easy.

I'm the only person working on the solution. There's one or two of us directly on the system. 

Technical support is really good. I work on multiple products, and therefore getting a response from Cloudflare is very much appreciated. The only concern we have is with Indian support. There are some limitations to Indian support. Whenever we are planning for any deployment or PoC, the Indian customers say they're having some issues getting on a call or getting Cloudflare involved. However, support, in general, is good and usually you get a response within an hour or two. 

Positive

It's very straightforward to set up everything. In a firewall, you have to build some virtual IPs and all that stuff. However, with this, you have to just onboard your application. You have just to put out your CNAME or A records. After that, you just make some application proxies, and then you have to perform that local host testing. If you want downtime, you must make configuration changes over authority with DNS, and you can onboard your application. It's straightforward. There are not too many hurdles.

The deployment is quick. Once you do the setup, you just have to enter your records and automate the certification part and it is a half-hour process.

I'd rate it a five out of five in terms of ease of setup. 

We don't require any maintenance. We just have to monitor. Whenever we are performing the login process, we are providing logs to any CS log server or any AFIM solution. That part will be taken care of by the SOC team. 

The pricing is good. We find it to be competitive. There are add-on features available as well. 

I'd rate the affordability at 4.5 out of five. 

We are a system integrator for Cloudflare.

We are not on the latest update. Our last update was two or three months back. 

This is a good product. It's reliable and scales well. For new users, you don't require too much expertise on Cloudflare. You just have to understand a WAF. Beyond that, it is very easy to deploy and very fast to implement. 

I'd rate the solution eight out of ten. 

We primarily use the solution as an application firewall.

In general, it's a very good product.

The solution is very stable. The performance is great.

The product offers very good scalability.

The pricing is very reasonable.

The installation is very straightforward. It's quite simple.

Technical support has a very fast response time and they are helpful.

We never had any issues with the analytics, dashboards, or monitoring.

I can't recall dealing with features that were not sufficient. It's very good.

It would be ideal if the solution offered better log integration and more integration with different platforms.

I've been using the solution for about a year and a half at this point. It's been a while. 

The performance of the solution is very good. It's very stable. The product doesn't crash or freeze. There are no bugs or glitches. It's reliable. 

The solution can scale quite well. If a company needs to expand the product, it can do so with relative ease.

I am unsure as to if the company plans to increase usage, as I used it primarily at my previous organization. I've since moved on.

Technical support is very good. They are very helpful and responsive. We've been quite satisfied with the level of support they provide to our organization.

The initial setup is very straightforward. It's not complex or overly difficult. We found it quite simple to execute. A company should be able to handle the process easily.

We only required two individuals for deployment and maintenance. They were a manager and an admin.

I'm pretty satisfied with the solution in terms of the pricing. It's reasonable. I have no complaints.

Before the organizations chose this solution, it's my understanding that it did not evaluate any other options.

We always have the latest version of the solution. As a cloud deployment, it's always updating to the latest version. 

We're a Cloudflare partner.

I'd rate the product at a nine out of ten overall. We've been quite pleased with the overall capabilities of the solution.

I would recommend the solution to other users and companies.

Our primary use is as a SaaS-based firewall solution for web applications.  

The most valuable part of the solution for us overall is exactly that it is a Software-as-a-Service product. It fits our use needs because it is configurable via API.  

There is really only one area of the product that I think needs to be improved. That is that Cloudflare should update the version of the ModSecurity core rule set that they run on. They run a pretty old version of ModSecurity from 2013 and they need to update it. That is one thing I would very much like to see in a future release.  

The main issue that we have is really a decision about how the product fits our model. We use both AWS and Azure, and they have similar products. We are trying to determine whether or not we go for a cloud-native solution per the cloud provider we are using or stick with our current model and continue to use Cloudflare. Switching to AW or Azure as a lone solution means we would go with one or the other across all cloud providers to unify our WAF approach. It might simplify how we look at the maintenance of our web application firewall.  

We have been using Cloudflare's web application firewall for twelve months.  

I am one-hundred percent convinced of the stability of the product.  

I can say I am pretty confident in the scalability of Cloudflare WAF. I believe that they are the largest WAF provider on the internet at the moment. That is probably at least in part because they are pretty scalable. It is our primary WAF product at the moment.  

As far as technical support, we have not really had any issues that require contacting them.  

The initial setup of Cloudflare WAF was very easy. It is a SaaS service so it is just online and it is really only a few clicks away to get started with it. There is no physical infrastructure to bother with so that whole component of maintenance is removed.  

There is no upfront cost for infrastructure because it is a SaaS solution. You just pay per month for the product and usage.  

We have evaluated other WAF (Web Application Firewall) solutions. In fact, that is what we are investigating now in taking a deeper look at the advantages of AWS and Azure. That evaluation is really part of my current job.  

At this stage, we have not really considered replacing Cloudflare as a solution with either of those specific solutions or other WAF products. The thing that differentiates Cloudflare WAF is that is it Software-as-a-Service. It is integrated tightly with all of Cloudflare's other services. That is probably the better way to look at it: it is an integrated part of a product suite and not really a separate solution.  

My advice to people who are considering Cloudflare WAF is to check service limits of other providers. Cloudflare does not really have a lot of service limits and that makes a difference. Also, look at the pricing and the pricing models carefully as other products seem to me to become more complicated as your demand scales. It is more straightforward with Cloudflare — or at least it seems to be in comparison to other providers.  

Caching is the most valuable feature of Cloudflare Web Application Firewall.

Cloudflare Web Application Firewall should improve visibility for a customer.

I have been using Cloudflare Web Application Firewall for five years.

Cloudflare Web Application Firewall is a scalable solution. More than 10,000 retail solutions and more than 50,000 online customers are using the solution in our company.

The solution's customer support is really bad. When you have some issue, you will never get an answer from customer support.

Negative

We previously worked with F5 on-premises.

The solution's pricing option needs to be more transparent for enterprise clients.

I am using the latest version of Cloudflare Web Application Firewall. Cloudflare Web Application Firewall is deployed on the cloud in our organization.

Overall, I rate Cloudflare Web Application Firewall a nine out of ten.