Try our new research platform with insights from 80,000+ expert users

AWS WAF vs Cloudflare comparison

The compared Amazon Web Services (AWS) and Cloudflare solutions aren't in the same category. Amazon Web Services (AWS) is ranked #1 in WAF , with an average rating of 8.4, and holds a 13.7% mindshare in the category. Cloudflare is ranked #1 in DDOS , with an average rating of 8.4, and holds a 19.8% mindshare. Additionally, 80% of Amazon Web Services (AWS) users are willing to recommend the solution, compared to 95% of Cloudflare users who would recommend it.
AWS WAF
Read 56 AWS WAF reviews
  • 13,118 Views
  • 10,599 Comparison Views
80% willing to recommend
Cloudflare
Read 71 Cloudflare reviews
  • 9,101 Views
  • 6,604 Comparison Views
95% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between AWS WAF and Cloudflare based on real PeerSpot user reviews.

Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed AWS WAF vs. Cloudflare Report (Updated: February 2023).
Buyer's Guide
AWS WAF vs. Cloudflare
February 2023
Download the complete report
Helped 815,854 peers since 2012
 

Categories and Ranking

AWS WAF
Average Rating
8.0
Reviews Sentiment
8.0
Number of Reviews
56
Ranking in other categories
Web Application Firewall (WAF) (1st)
Cloudflare
Average Rating
8.4
Number of Reviews
71
Ranking in other categories
CDN (1st), Distributed Denial of Service (DDOS) Protection (1st), Managed DNS (1st), Cloud Security Posture Management (CSPM) (11th)
 

Mindshare comparison

While both are Security Services solutions, they serve different purposes. AWS WAF is designed for Web Application Firewall (WAF) and holds a mindshare of 13.7%, down 15.4% compared to last year.
Cloudflare, on the other hand, focuses on Distributed Denial of Service (DDOS) Protection, holds 19.8% mindshare, down 20.6% since last year.
Web Application Firewall (WAF)
Distributed Denial of Service (DDOS) Protection
 

Featured Reviews

Rohit Kesharwani - PeerSpot reviewer
Jan 24, 2024
A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks
We use AWS WAF to protect our application from different kinds of attacks. We use AWS WAF for retail customers Our retail application is vulnerable to a lot of bot attacks. AWS WAF helps mitigate different kinds of bot attacks and SQL injection that happen within the retail industry. The…
Read full review
Spencer Malmad - PeerSpot reviewer
Dec 1, 2022
It's easy to set up because you point the DNS to it, and it's working in under 15 minutes
Cloudflare is highly scalable. Cloudflare is a system with a web portal that the end users like me see. It's a console where we can adjust the DNS, caching, and security features all in that console. Cloudflare owns thousands of servers across the world that cache the data. It's a powerful solution. When clients sign up for Cloudflare, they're getting this monster content delivery network, security, and a web application firewall in one. It's all rolled into one, and it's massive. Unless you have your website hosted on a massive hosting provider, there's no way that you can deliver the amount of data that Cloudflare can provide to the end users. If you have static content, there's no way that you can ever match what Cloudflare can do. Obviously, there are competitors to Cloudflare that do the same, but I'm saying other types of solutions. Let's say you go with F5. Great, that's on-prem. That's in your colo. You can't deliver as much data to the internet as you can with a CDN. You don't have to spend $20,000 on a net scaler, F5, or whatever Cisco's selling now. You don't have to buy that. You pay them $50 a month or $150 a month. It's totally worth it because even in five years, you'll never get the performance value, not just the actual ROI. You have to consider how much throughput you can get with Cloudflare.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The solution is stable."
"The initial setup was very straightforward. Deployment took about ten minutes or less."
"The access instruction feature is the most valuable. This is what we use the most."
"What I like best about AWS WAF is that it's a simple tool, so I could understand the basics of AWS WAF in two to three hours."
"They filter a lot of attacks out."
"It is Amazon. Everything is scalable. It is beyond what we need."
"Rule groups are valuable."
"The ease of deployment of the product is valuable to me."
More AWS WAF pros
"Its most significant benefit to date is the speed with which it refreshes DNS records on the internet once you change it. If you are changing a website or registering a new record, it is very quick."
"Cloudflare allows us to self-host services such as Rocket.Chat and Node-RED, in high-availability mode, thanks to round robin DNS which allows us to share one hostname between our two locations."
"I get a lot of value from Cloudflare's API because it enables you to build a separate environment inside the solution. You can create a domain for performing test requests before you move to the production environment and connect various domains."
"Cloudflare DNS is widely used, and it's good for websites. If we use Cloudflare DNS and update one record, it updates in their office instantly."
"Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications."
"Generally, I am satisfied with this product."
"The technical support is good."
"The most valuable feature of Cloudflare is the GUI. You are able to control the solution very well through the interface. There is a lot of functionality that is embedded in the service."
More Cloudflare pros
 

Cons

"The technical support does not respond to bugs in the coding of the product."
"They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats."
"I believe there is a need to move towards real-time analysis with the help of AI and intelligent systems in the future. This would reduce the reliance on manual work and enhance the functionality of detection protection. By incorporating AI-driven data analysis and data science techniques, we can improve the solution's user-friendliness, security compatibility, and accuracy."
"The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively."
"An improvement area would be that it's more of a manual effort when you have to enable rules. That's one of the downsides. If that can be done in an automated way, it would be great. That's a lagging feature currently."
"I would like to see the addition of more advanced rate-limiting features in the next release. It would be beneficial to extend rate limiting beyond just web servers to the main node level."
"I'd like to see improvements in its usability and functionality. I'm also concerned about being too dependent on the cloud provider's WAF version. For security, using multiple vendors and not putting all our eggs in one basket is better."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
More AWS WAF cons
"Although I think it's quite good, it doesn't provide me with all the features I would expect to have if I were using Imperva."
"The solution could use more analytics on the backend to give us more insights into everything. More reports would be helpful."
"Support response time could be improved."
"We are a product integrator and reseller, and we would like to have a better partner relationship, similar to a channel sales relationship. Sometimes we are on our own or get diverted by Cloudflare because they have direct sales, which competes with us and makes it difficult to build a relationship with this company since we want to be an MSP or a managed service provider for the solution."
"The integration of LLMs on the dashboard is something that is needed in the tool."
"If they improve on the placement of their data centers, it would be better. I'm living in a remote area. I would like to connect to them without any kind of lag."
"The solution could work at being less expensive. It costs a lot to use it."
"An integrated SSO feature would be useful for Cloudflare DNS."
More Cloudflare cons
 

Pricing and Cost Advice

"The pricing is good and manageable."
"The pricing should be more affordable, especially as it pertains to small clients."
"The product is moderately priced."
"AWS WAF has reasonable pricing."
"Its price is fair. There is a very fair amount that they charge. It has a pay-as-you-go model, so it pretty much depends on how much a user uses it. As per the cloud norms, the more you use, the more you pay. I would rate it a five out of ten in terms of pricing."
"It's an annual subscription."
"For Kubernetes microservices, AWS is more expensive compared to OCI. AWS costs approximately 70 cents per hour, while OCI is 50% cheaper."
"There are no separate licensing costs we pay for since it is included in the plan we purchase."
More AWS WAF pricing and cost advice
"It's a premium model. You can start at zero and work your way up to the enterprise model, which has a very high pricing level."
"The pricing for the service is reasonable, neither excessively cheap nor prohibitively expensive. It aligns well with the value of their solution."
"I think the pricing is competitive. I think as far as licensing is concerned it's pretty straightforward because it's based on domain. It's just that sometimes domains could be tricky with some customers."
"In terms of licensing costs, we don't pay for licensing for Cloudflare. We only establish communication, then for peering, Cloudflare takes care of the cross-connection in different data centers."
"We are using the free version."
"The solution is expensive when compared to other products but offers unlimited bandwidth."
"We don't have any issues with the price."
"The tool is a premium product, so it is very expensive."
More Cloudflare pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
See recommendations
815,854 professionals have used our research since 2012.
 

Comparison Review

it_user68487 - PeerSpot reviewer
Nov 6, 2013
CloudFlare vs Incapsula: Web Application Firewall
CloudFlare vs Incapsula: Round 2 Web Application Firewall Comparative Penetration Testing Analysis Report v1.0 Summary This document contains the results of a second comparative penetration test conducted by a team of security specialists at Zero Science Lab against two cloud-based Web…
Read full review
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
14%
Manufacturing Company
8%
Government
5%
Educational Organization
25%
Computer Software Company
13%
Comms Service Provider
7%
Financial Services Firm
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What are the limitations of AWS WAF vs alternative WAFs?
Hi Varun, I have had experienced with several WAF deployments and deep technical assessments of the following: 1. Imperva WAF 2. F5 WAF 3. Polarisec Cloud WAF Typical limitations on cloud WAF is t...
See all answers
How does AWS WAF compare to Microsoft Azure Application Gateway?
Our organization ran comparison tests to determine whether Amazon’s Web Service Web Application Firewall or Microsoft Azure Application Gateway web application firewall software was the better fit ...
See all answers
What do you like most about AWS WAF?
The most valuable feature of AWS WAF is its highly configurable rules system.
See all answers
Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
Cloudflare. We are moving from Akamai prolexic to Cloudflare. Cloudflare anycast network outperforms Akamai static GRE tunnels. We have decreased site load times on Mobile 3G from 8 to 1,6 seconds ...
See all answers
Which would you choose - Cloudflare DNS or Quad9?
Cloudflare DNS is a very fast, very reliable public DNS resolver. It is an enterprise-grade authoritative DNS service that offers great redundancy and advanced security with built-in unmetered and ...
See all answers
What do you like most about Cloudflare?
Cloudflare offers CDN and DDoS protection. We have the front end, API, and database in how you structure applications.
See all answers
 

Comparisons

Azure Web Application Firewall vs AWS WAF Logo
Azure Web Application Firewall vs AWS WAF
Compared 19% of the time
F5 Advanced WAF vs AWS WAF Logo
F5 Advanced WAF vs AWS WAF
Compared 14% of the time
Microsoft Azure Application Gateway vs AWS WAF Logo
Microsoft Azure Application Gateway vs AWS WAF
Compared 12% of the time
Cloudflare Web Application Firewall vs AWS WAF Logo
Cloudflare Web Application Firewall vs AWS WAF
Compared 8% of the time
Radware Cloud WAF Service vs AWS WAF Logo
Radware Cloud WAF Service vs AWS WAF
Compared 3% of the time
More AWS WAF Competitors
Quad9 vs Cloudflare Logo
Quad9 vs Cloudflare
Compared 49% of the time
Azure DNS vs Cloudflare Logo
Azure DNS vs Cloudflare
Compared 4% of the time
Azure Front Door vs Cloudflare Logo
Azure Front Door vs Cloudflare
Compared 4% of the time
Akamai vs Cloudflare Logo
Akamai vs Cloudflare
Compared 4% of the time
Amazon Route 53 vs Cloudflare Logo
Amazon Route 53 vs Cloudflare
Compared 3% of the time
More Cloudflare Competitors
 

Product Reports

Buyer's Guide
AWS WAF
November 2024
AWS WAF reportDownload AWS WAF product report
Buyer's Guide
Cloudflare
November 2024
Cloudflare reportDownload Cloudflare product report
 

Also Known As

AWS Web Application Firewall
Cloudflare DNS
 

Learn More

Amazon Web Services (AWS)
Cloudflare
 

Overview

AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security.

You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web exploits, such as SQL injection or cross-site scripting. Once defined, new rules are deployed within seconds, and can easily be tracked so you can monitor their effectiveness via real-time insights. These saved metrics include URIs, IP addresses, and geo locations for each request.

AWS WAF Features

Some of the solution's top features include:

  • Web traffic filtering: Get an extra layer of security by creating a centralized set of rules, easily deployable across multiple websites. These rules filter out web traffic based on conditions like HTTP headers, URIs, and IP addresses. This is very helpful for protection against exploits such as SQL injection and cross-site scripting as well as attacks from third-party applications.
  • Bot control: Malicious bot traffic can consume excessive resources and cause downtime. Gain visibility and control over bot traffic with a managed rule group. You can easily block harmful bots, such as scrapers and crawlers, and you can allow common bots, like search engines and status monitors.
  • Fraud prevention: Effectively defend your application against bot attacks by monitoring your application’s login page with a managed rule group that prevents hackers from accessing user accounts using compromised credentials. The managed rule group helps protect against credential stuffing attacks, brute-force login attempts, and other harmful login activities.
  • API for AWS WAF Management: Automatically create and maintain rules and integrate them into your development process.
  • Metrics for real-time visibility: Receive real-time metrics and captures of raw requests with details about geo-locations, IP addresses, URIs, user agents, and referrers. Integrate seamlessly with Amazon CloudWatch to set up custom alarms when events or attacks occur. These metrics provide valuable data intelligence that can be used to create new rules that significantly improve your application protections.
  • Firewall management: AWS Firewall Manager automatically scans and notifies the security team when there is a policy violation, so they can swiftly take action. When new resources are created, your security team can guarantee that they comply with your organization’s security rules.

Reviews from Real Users

AWS WAF stands out among its competitors for a number of reasons. Two major ones are its user-friendly interface and its integration capabilities.

Kavin K., a security analyst at M2P Fintech, writes, “I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through.”

Cloudflare is a highly-regarded Content Delivery Network (CDN) and a Distribution Denial of Service (DDoS) protection solution. The robust global cloud platform that is Cloudflare ensures users are able to connect to the internet quickly, securely, and reliably. Cloudflare is one of the world's largest networks in the marketplace today. Using Cloudflare, businesses, educational entities, NGOs, vloggers, bloggers, and anyone else with an internet presence can use the solution and experience more secure, faster websites and applications.

Currently, there are millions of internet locations on Cloudflare, and the Cloudflare network continues to grow every day by the thousands. The solution is able to fulfill the requests for millions of websites seamlessly and serves on average 45 million HTTP requests per second.

Cloudflare has safe, secure data centers in close to 300 cities worldwide to ensure every client request is filled as quickly as possible. It is Cloudflare’s edge network that makes this possible by keeping content and other services as close to each client as possible, so the information requests are always only seconds away.

Many organizations that work in democracy, civil society, human rights, or the arts are able to access Cloudflare highest levels of protection for free via Project Galileo. Additionally, official election websites can be secured from hacking and fraud through Cloudflare’s Project Athenian, also at no additional cost.

Cloudflare can also help organizations of all sizes develop a robust zero-trust strategy to ensure the highest levels of productivity and profitability. Employees, stakeholders, and end-users have a greater level of satisfaction and overall improved user experience, which can, in turn, result in higher revenues and overall ROI. Zero-trust and BYOD ( bring your own device) access ensure end-users and employees always have the best resources and technology available to them at all times.



Cloudflare Benefits

Cloudflare has many benefits. Some of its most valuable benefits include:

  • Faster load times
  • Robust DNS security
  • Intuitive cloud Web Application Firewall (WAF)
  • Free universal SSL
  • Image Enhancement
  • Automatic Browser Caching
  • Next-generation cloud load balancer
  • Accelerated Mobile Pages (AMP)
  • Rate Limiting
  • Minification
  • Zero-trust capabilities 
  • Cost-effective
  • Reduced carbon footprint

Reviews from Real Users

“Many websites require an SSL certificate because they sell stuff and want SSL. Cloudflare comes with an SSL certificate built in. It's automatic. You sign yourself up for Cloudflare, and an SSL certificate automatically protects your website. If you have a connection between your website and your host, the server, Cloudflare, and the host, you don't necessarily need a certificate.”  Spencer M., Owner at Tech Exchange

“What I like best about Cloudflare is that my company can use it to trace and manage applications and monitor traffic. The solution tells you if there's a spike in traffic. Cloudflare also sends you a link to check your equipment and deployment and track it through peering, so it's a valuable tool.” Daniel P., Network engineer at Ufinet

The most valuable feature of Cloudflare is the GUI. You are able to control the solution very well through the interface. There is a lot of functionality that is embedded in the service.” A PeerSpot user who is a Competence Center Manager at a tech services company. 

 

Sample Customers

eVitamins, 9Splay, Senao International
Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
Buyer's Guide
AWS WAF vs. Cloudflare
February 2023
Free Report: AWS WAF vs. Cloudflare
Find out what your peers are saying about AWS WAF vs. Cloudflare and other solutions. Updated: February 2023.
DOWNLOAD NOW
815,854 professionals have used our research since 2012.
See our AWS WAF vs. Cloudflare report.

We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.