I am using Cloudflare Web Application Firewall to develop web applications and mobile applications for a business belonging to the manufacturing industry which wishes to migrate its entire applications from its existing AWS system to Cloudflare.
Solutions Architect at Amazure Technologies Private Limited
With just the basic understanding of networking and security, one can use this solution easily
Pros and Cons
- "Someone with a basic understanding of networking and security will be able to implement the firewall's basic features within 15 minutes."
- "I have experienced some difficulties with Cloudflare's support as a customer based in India."
What is our primary use case?
What is most valuable?
The enterprise bundle includes a variety of features, such as a Web Application Firewall, rate limiting, CDN, DDoS protection, remote management, performance monitoring, and more. It is a really nice product.
What needs improvement?
The additional features I wish to see in the next release include rate limiting on Cloudflare Web Application Firewall and advanced DDoS protection. The current product is highly explorable and does not have many limitations. However, there are some limitations in terms of administrative privileges and the way it manages auto-alerts.
Cloudflare needs to improve its customer support for Indian customers and work on the monitoring and reporting features.
For how long have I used the solution?
I am a reseller and a direct user. I have been working on the enterprise version of Cloudflare Web Application Firewall for the past year.
Buyer's Guide
Cloudflare Web Application Firewall
December 2024
Learn what your peers think about Cloudflare Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What do I think about the stability of the solution?
The product is stable, and we have been working with a customer who uses it for their manufacturing and connecting car applications, as well as some API-related systems. The customer was previously using AWS Web Application Firewall. However, they have now decided to switch to Cloudflare. In Cloudflare, the rate-limiting feature helps protect against attacks and mitigates brute-force attacks. The DDoS mechanism automatically defends against DDoS attacks. Cloudflare's Web Application Firewall also has 700 signatures and provides intelligence on 10 vulnerabilities. It offers IP, URI, and domain-based filtering options.
What do I think about the scalability of the solution?
The solution is not deployed in my company, but it is used in the company of one of my customers. The customer I mentioned has around 12,000 users working on this solution. I rate the scalability a 10 out of 10.
How are customer service and support?
I have experienced some difficulties with Cloudflare's support as a customer based in India. Despite the company offering 24/7 support, I feel that administrative support does not meet the expectations of its customers.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I previously worked with an on-premise version of the F5 tool more than five years ago, and at that time, the concept of SaaS was not prevalent. Currently, the Cloudflare product is considered to be a SaaS-based product since they have CDN, which is different from my previous experience with the F5 tool. Since it has been a long time since I worked with the on-premises version, I am unable to provide a relevant comparison between the two.
How was the initial setup?
I find the deployment process for Cloudflare's firewall to be very smooth. Someone with a basic understanding of networking and security will be able to implement the firewall's basic features within 15 minutes. The deployment of a new domain on Cloudflare can be completed within 15 minutes if the necessary administrative authority and support from the DNS team are available during the process. It also includes the time needed for domain registration. We are working for an ITSM organization and have multiple administrators. During the deployment phase of the solution in the organization, we have limited the number of administrators to just five to ten individuals. We also arranged a few KT sessions to help the company employees who are involved in working with this solution. As of now, they have started working on the tool.
What's my experience with pricing, setup cost, and licensing?
In terms of the licensing cost perspective, it is a subscription-based pricing model. Usually, customers opt for a yearly subscription. However, I don't have a specific or exact figure on the actual cost. Cloudflare offers different types of subscriptions for businesses, enterprises, and personal users, and the pricing is negotiable. The enterprise-level subscription provides multiple options, such as the ability to enable advanced Web Application Firewall and DDoS protection. This means that customers have multiple subscription options.
What other advice do I have?
To effectively use Cloudflare Web Application Firewall, it is important for a person to have an internet connection, an understanding of the internet, how the DNS works, and how websites and their administration domains function. I rate this solution a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Chief Information Officer at F.P. eSafe Solutions LTD
Reasonably priced with a straightforward setup and the ability to scale
Pros and Cons
- "Technical support has a very fast response time and they are helpful."
- "It would be ideal if the solution offered better log integration and more integration with different platforms."
What is our primary use case?
We primarily use the solution as an application firewall.
What is most valuable?
In general, it's a very good product.
The solution is very stable. The performance is great.
The product offers very good scalability.
The pricing is very reasonable.
The installation is very straightforward. It's quite simple.
Technical support has a very fast response time and they are helpful.
We never had any issues with the analytics, dashboards, or monitoring.
What needs improvement?
I can't recall dealing with features that were not sufficient. It's very good.
It would be ideal if the solution offered better log integration and more integration with different platforms.
For how long have I used the solution?
I've been using the solution for about a year and a half at this point. It's been a while.
What do I think about the stability of the solution?
The performance of the solution is very good. It's very stable. The product doesn't crash or freeze. There are no bugs or glitches. It's reliable.
What do I think about the scalability of the solution?
The solution can scale quite well. If a company needs to expand the product, it can do so with relative ease.
I am unsure as to if the company plans to increase usage, as I used it primarily at my previous organization. I've since moved on.
How are customer service and technical support?
Technical support is very good. They are very helpful and responsive. We've been quite satisfied with the level of support they provide to our organization.
How was the initial setup?
The initial setup is very straightforward. It's not complex or overly difficult. We found it quite simple to execute. A company should be able to handle the process easily.
We only required two individuals for deployment and maintenance. They were a manager and an admin.
What's my experience with pricing, setup cost, and licensing?
I'm pretty satisfied with the solution in terms of the pricing. It's reasonable. I have no complaints.
Which other solutions did I evaluate?
Before the organizations chose this solution, it's my understanding that it did not evaluate any other options.
What other advice do I have?
We always have the latest version of the solution. As a cloud deployment, it's always updating to the latest version.
We're a Cloudflare partner.
I'd rate the product at a nine out of ten overall. We've been quite pleased with the overall capabilities of the solution.
I would recommend the solution to other users and companies.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Cloudflare Web Application Firewall
December 2024
Learn what your peers think about Cloudflare Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Solutions Architect at Amazure Technologies Private Limited
Competitively priced with good support and very good reliability
Pros and Cons
- "We like that there's load balancing, firewall capabilities, DDoS protection, et cetera, all covered by Cloudflare."
- "They have some limitations with third-party integrations."
What is our primary use case?
We have multiple customers using the solution for a WAF. It's also a firewall. Unlike others, where you have to purchase multiple solutions, Cloudflare has everything under one solution. It handles load balancing, CDN, order routing, DDoS protection, and more under one solution.
What is most valuable?
We like that everything is covered under one solution instead of having to buy multiple solutions and put them together.
We like that there's load balancing, firewall capabilities, DDoS protection, et cetera, all covered by Cloudflare.
Cloudflare has multiple caller sites and many PoPs. Whenever a user tries to get a webpage or any application, all the pages will be scanned with the nearest location data center or on a near-based, performing locally in the data center only. Other vendors have different services in different data centers. In Cloudflare, every data center has all the services.
Currently, Cloudflare is growing. They are exploding their data centers, which is great for clients. Previously it was 25, and now it's 28 or 30.
They are good at managing rules.
The WAF is working fine.
We find the reporting to be very granular. It's quite good.
I'm happy with whatever features are currently on offer in Cloudflare.
The solution is stable.
It's scalable.
It is an easy-to-set-up solution.
Technical support has been very good.
We find the solution competitively priced.
What needs improvement?
Finding vulnerabilities or attack patterns needs to evolve continuously. The landscape is changing. Accordingly, the rules have been changed. The Core Ruleset, is already managing that. It has been good at catching malicious activity so far. They just need to continue to invest in this aspect.
They have some limitations with third-party integrations. For example, we can't integrate with our site. On-premises, we can't do that. You can on Azure storage, of Google Cloud, however. It works better on the cloud.
For how long have I used the solution?
I've been using the solution for about one year.
What do I think about the stability of the solution?
The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
The solution is scalable. It is very easy.
I'm the only person working on the solution. There's one or two of us directly on the system.
How are customer service and support?
Technical support is really good. I work on multiple products, and therefore getting a response from Cloudflare is very much appreciated. The only concern we have is with Indian support. There are some limitations to Indian support. Whenever we are planning for any deployment or PoC, the Indian customers say they're having some issues getting on a call or getting Cloudflare involved. However, support, in general, is good and usually you get a response within an hour or two.
How would you rate customer service and support?
Positive
How was the initial setup?
It's very straightforward to set up everything. In a firewall, you have to build some virtual IPs and all that stuff. However, with this, you have to just onboard your application. You have just to put out your CNAME or A records. After that, you just make some application proxies, and then you have to perform that local host testing. If you want downtime, you must make configuration changes over authority with DNS, and you can onboard your application. It's straightforward. There are not too many hurdles.
The deployment is quick. Once you do the setup, you just have to enter your records and automate the certification part and it is a half-hour process.
I'd rate it a five out of five in terms of ease of setup.
We don't require any maintenance. We just have to monitor. Whenever we are performing the login process, we are providing logs to any CS log server or any AFIM solution. That part will be taken care of by the SOC team.
What's my experience with pricing, setup cost, and licensing?
The pricing is good. We find it to be competitive. There are add-on features available as well.
I'd rate the affordability at 4.5 out of five.
What other advice do I have?
We are a system integrator for Cloudflare.
We are not on the latest update. Our last update was two or three months back.
This is a good product. It's reliable and scales well. For new users, you don't require too much expertise on Cloudflare. You just have to understand a WAF. Beyond that, it is very easy to deploy and very fast to implement.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
CTO at a tech services company with 51-200 employees
A highly scalable solution that has good caching feature
Pros and Cons
- "Caching is the most valuable feature of Cloudflare Web Application Firewall."
- "Cloudflare Web Application Firewall should improve visibility for a customer."
What is most valuable?
Caching is the most valuable feature of Cloudflare Web Application Firewall.
What needs improvement?
Cloudflare Web Application Firewall should improve visibility for a customer.
For how long have I used the solution?
I have been using Cloudflare Web Application Firewall for five years.
What do I think about the scalability of the solution?
Cloudflare Web Application Firewall is a scalable solution. More than 10,000 retail solutions and more than 50,000 online customers are using the solution in our company.
How are customer service and support?
The solution's customer support is really bad. When you have some issue, you will never get an answer from customer support.
How would you rate customer service and support?
Negative
Which solution did I use previously and why did I switch?
We previously worked with F5 on-premises.
What's my experience with pricing, setup cost, and licensing?
The solution's pricing option needs to be more transparent for enterprise clients.
What other advice do I have?
I am using the latest version of Cloudflare Web Application Firewall. Cloudflare Web Application Firewall is deployed on the cloud in our organization.
Overall, I rate Cloudflare Web Application Firewall a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Superintendent of Cloud Platforms at a manufacturing company with 1,001-5,000 employees
A SaaS solution that is API configurable and a convenient part of a suite but needs updating of core rules
Pros and Cons
- "It is configurable via API."
- "It is a SaaS solution unlike much of the competition."
- "The ModSecurity core rules need to be updated."
What is our primary use case?
Our primary use is as a SaaS-based firewall solution for web applications.
What is most valuable?
The most valuable part of the solution for us overall is exactly that it is a Software-as-a-Service product. It fits our use needs because it is configurable via API.
What needs improvement?
There is really only one area of the product that I think needs to be improved. That is that Cloudflare should update the version of the ModSecurity core rule set that they run on. They run a pretty old version of ModSecurity from 2013 and they need to update it. That is one thing I would very much like to see in a future release.
The main issue that we have is really a decision about how the product fits our model. We use both AWS and Azure, and they have similar products. We are trying to determine whether or not we go for a cloud-native solution per the cloud provider we are using or stick with our current model and continue to use Cloudflare. Switching to AW or Azure as a lone solution means we would go with one or the other across all cloud providers to unify our WAF approach. It might simplify how we look at the maintenance of our web application firewall.
For how long have I used the solution?
We have been using Cloudflare's web application firewall for twelve months.
What do I think about the stability of the solution?
I am one-hundred percent convinced of the stability of the product.
What do I think about the scalability of the solution?
I can say I am pretty confident in the scalability of Cloudflare WAF. I believe that they are the largest WAF provider on the internet at the moment. That is probably at least in part because they are pretty scalable. It is our primary WAF product at the moment.
How are customer service and technical support?
As far as technical support, we have not really had any issues that require contacting them.
How was the initial setup?
The initial setup of Cloudflare WAF was very easy. It is a SaaS service so it is just online and it is really only a few clicks away to get started with it. There is no physical infrastructure to bother with so that whole component of maintenance is removed.
What's my experience with pricing, setup cost, and licensing?
There is no upfront cost for infrastructure because it is a SaaS solution. You just pay per month for the product and usage.
Which other solutions did I evaluate?
We have evaluated other WAF (Web Application Firewall) solutions. In fact, that is what we are investigating now in taking a deeper look at the advantages of AWS and Azure. That evaluation is really part of my current job.
At this stage, we have not really considered replacing Cloudflare as a solution with either of those specific solutions or other WAF products. The thing that differentiates Cloudflare WAF is that is it Software-as-a-Service. It is integrated tightly with all of Cloudflare's other services. That is probably the better way to look at it: it is an integrated part of a product suite and not really a separate solution.
What other advice do I have?
My advice to people who are considering Cloudflare WAF is to check service limits of other providers. Cloudflare does not really have a lot of service limits and that makes a difference. Also, look at the pricing and the pricing models carefully as other products seem to me to become more complicated as your demand scales. It is more straightforward with Cloudflare — or at least it seems to be in comparison to other providers.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cloudflare Web Application Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Web Application Firewall (WAF)Popular Comparisons
Prisma Cloud by Palo Alto Networks
Microsoft Azure Application Gateway
Azure Front Door
F5 Advanced WAF
Fortinet FortiWeb
Imperva Web Application Firewall
Akamai App and API Protector
Azure Web Application Firewall
Radware Alteon
NGINX App Protect
Radware Cloud WAF Service
Buyer's Guide
Download our free Cloudflare Web Application Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
- What do you recommend for a securing Web Application?
- Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
- Imperva WAF vs. Barracuda: Which One is Better?
- F5 vs. Imperva WAF?
- When should companies use SSL Inspection?
- NGFW with URL Filtering vs Web Proxy
- How does a WAF help to protect against DDoS attacks?
- What's right for me? Fortinet or Citrix?
- When evaluating Web Application Security, what aspect do you think is the most important to look for?