NGINX App Protect and Cloudflare Web Application Firewall compete in the web application security category. Cloudflare appears to have the upper hand due to its user-friendly setup and comprehensive security features.
Features: NGINX App Protect excels in traffic management, security, and offers OWASP certification. It includes auto-learning, bot protection, and detailed HTTP session control. Cloudflare Web Application Firewall provides robust security with OWASP rulesets, DDoS protection, and IP hiding. It is known for easy configuration and scalability.
Room for Improvement: NGINX App Protect could improve integration with F5 products and enhance bot and API security. It faces challenges in complex configurations and needs better documentation. Cloudflare requires a ModSecurity version update and improved beginner documentation. Its reporting and log integration could be refined.
Ease of Deployment and Customer Service: NGINX App Protect is deployed across diverse environments but requires technical expertise, with occasionally delayed support. Cloudflare is easier to deploy in public clouds with less technical demand and generally effective support, though there are areas for improvement globally.
Pricing and ROI: NGINX App Protect is expensive but offers a good ROI for those needing detailed security features, though costs can escalate. Cloudflare Web Application Firewall is more affordable with competitive pricing, seen as cost-effective, and offers flexibility with various subscription tiers.
My experience with the pricing or licensing of Cloudflare Web Application Firewall is that many features can be accessed for free, so the pricing is definitely reasonable.
I would rate the technical support with Cloudflare as excellent every time I've had to contact them.
The technical support of Cloudflare Web Application Firewall rates between five and seven at maximum.
They were quick and efficient when we had issues.
The scalability of Cloudflare Web Application Firewall rates between 8 to 9, as it depends upon the use cases and what exactly the client needs.
The stability of Cloudflare Web Application Firewall deserves a perfect 10 out of 10.
It is a quality solution, and I would rate its stability as eight out of ten.
The product can improve by having more multitenancy capability, which is currently not available.
I think they're doing a good job with DNS and as support for any domains that I create or that my clients create, it's mandatory for me to ensure they have Cloudflare as their DNS provider.
They need to improve their support because getting a response for basic requests took around 48 hours, which is too long.
There was more information from F5 regarding hardware requirements and specifications to deploy the service.
The custom rules and the geo-redundant geographical rule feature, which allows me to implement geographical rules for customers, add significant value.
All the DNS and everything is routed through Cloudflare, so anybody coming to any of the sites has to go through Cloudflare first, making them the first wall of defense.
The best features of Cloudflare Web Application Firewall are multiple, including the WAF, rate limiter, and bot attack protection.
The most valuable feature is the ability to operate in a DevOps environment and to be configured through API and pipeline by the developers themselves.
Detecting bots and blocking IPs have proven effective for securing applications.
| Product | Market Share (%) |
|---|---|
| Cloudflare Web Application Firewall | 5.8% |
| NGINX App Protect | 2.0% |
| Other | 92.2% |
| Company Size | Count |
|---|---|
| Small Business | 15 |
| Midsize Enterprise | 6 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 5 |
| Large Enterprise | 11 |
Cloudflare Web Application Firewall's intuitive dashboard enables users to build powerful rules through easy clicks and also provides Terraform integration. Every request to the WAF is inspected against the rule engine and the threat intelligence curated from protecting over 27 Million websites. Suspicious requests can be blocked, challenged or logged as per the needs of the user while legitimate requests are routed to the destination, agnostic of whether it lives on-premise or in the cloud. Analytics and Cloudflare Logs enable visibility into actionable metrics for the user.
NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:
NGINX App Protect offers:
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
