What needs improvement with AWS WAF?

In future improvements, I plan to add security testing inside my pipeline and create new dashboards for observability. Compatibility and integration functionalities, especially with services like Kafka for event-driven messaging, could be better.

We're considering replacing it shortly, so I've looked at alternatives like Aqua and others. I'd like to see improvements in its usability and functionality. I'm also concerned about being too dependent on the cloud provider's WAF version. For security, using multiple vendors and not putting all our eggs in one basket is better. The functionality I'd like to see improved is mainly around the applications and cloud integration elements.

One area for improvement in AWS WAF could be the limitation on the number of rules, particularly those from third-party sources, within the free tier. Users may face budget constraints when trying to implement additional rules beyond the free tier limit.

There are some limitations. We can add a maximum of four rate-based rules to the rule group. We must monitor and clean up the WAF manually. We cannot create rules if it goes above four. It requires manual intervention. We have to check, clean, and maintain it regularly. We do not want to do it. We are willing to pay extra if it can be improved. We need additional features so we do not have to do manual interventions.

The solution's pricing could be improved. You cannot add multiple rules within AWS WAF's CPU.

The area of reporting in the product needs to have a proper format. If you want to find the event log for an event and IP address from another country, there is a need to do some rework after the reporting part is taken care of so that the management can easily read the reports. A technical person in the organization can always understand where a particular network traffic comes in or where traffic is blocked with the help of WAF, but those in the management department would never understand the concepts that a technical person can understand. The reporting part of AWS WAF needs to be improved.

AWS WAF provides only basic protection, and they should provide more features like other third-party competitors. The world is now moving towards managed services. It would be good if the solution provided managed WAF services. If AWS WAF could detect that some attack is about to happen and alert the user, we can write some rules and stop that from happening.

We should be able to do proper whitelisting.

Google uses an AI tool to provide insights about rules. It will be helpful if the product recommends rules that we can implement.

One area that could be improved is the DDoS protection. We had a DDoS attack recently, and even though we had set a limit of 1,000 requests per five minutes, AWS WAF was not able to block all of the requests. AWS wasn't able to clarify all the DDoS attacks. It may have been due to a wrong configuration in the rules, but AWS didn't block all the requests.

I don't think any improvement is needed in AWS WAF. As technology develops and grows, AWS WAF will have to improve as a product. AWS WAF should provide better protection to its users, and the security features need to improve.

In terms of improvement, AWS WAF works perfectly fine right now. I would like to see the addition of more advanced rate-limiting features in the next release. It would be beneficial to extend rate limiting beyond just web servers to the main node level.

We have a lot of issues related to attacks on our cloud. There is a limitation on how to mitigate the issues in the solution. The product should improve the DDoS-related features. The solution should provide an advanced tool for DDoS migration and a better reporting method. Compared to other solutions, we do not get all the information we need for reporting.

I believe there is a need to move towards real-time analysis with the help of AI and intelligent systems in the future. This would reduce the reliance on manual work and enhance the functionality of detection protection. By incorporating AI-driven data analysis and data science techniques, we can improve the solution's user-friendliness, security compatibility, and accuracy.

The solution can improve its price.

The cost management has room for improvement.

It's pretty much an AWS native service, so it's something that they improve year after year. They do continuous improvements on a year-by-year basis, so the product is really good. An improvement area would be that it's more of a manual effort when you have to enable rules. That's one of the downsides. If that can be done in an automated way, it would be great. That's a lagging feature currently. It could also support multi-cloud integration where you can integrate with applications other than AWS applications. It would be a good feature or use case for this solution.

The solution should identify why it blocks particular websites. The solution performs high-level blocks but doesn't provide very much detail. For example, a particular IT is blocked due to a vulnerability but we are not able to identify the reason for the block. Our developers or IT staff need to be able to identify vulnerabilities to fix applications. We would like output that tracks how many concurrent requests come through a particular application gateway, the response times for requests, and the latency parameters.

It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation.

As of now, regarding WAF, I'm not sure what the minuses or pluses are. You have the native WAF, which you can deploy directly on the load balancer. However, you also have that store where you can actually deploy some other vendors' specifics. At this point, feature-wise, I don't see anything lacking, more or less. Obviously, if we want to migrate, which is not yet the case, there might be a significant impact. For uniformity, AWS has a well-accepted framework. However, it'll be better for us if we could have some more documented guidelines on how the specific business should be structured and the roles that the cloud recommends. If every company is building its own framework based on their experience or their past experience, this might be subjective, and it'll end up with each company having its own framework, which can be good. However, it'll be better to have a standardized baseline that every company could build on.

AWS WAF could improve by making the overall management easier. Many people that have started working with AWS WAF do not have an easy time. They should make it easy to use. The AWS WAF documentation sometimes is not clear and could improve for all levels of people using the solution, such as developers. The interface could be easier to use.

Support for AWS WAF needs improvement.

I would like to see it more tightly integrated with other AWS services.

The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure.

I think there's a lot wrong with AWS WAF. Here are the two main areas where I think it could be improved: Blocking: We don't have much control over blocking, because the WAF is managed by AWS. What happens is that they will put down the rules on their side and we don't have proper visibility on that. So we'll have to track down the issues and see what is wrong or not. For example, with IP address blocking, it's difficult to find out which IPs are getting blocked. If we managed our own WAF completely, we wouldn't have this kind of problem. Right now, this aspect is half managed by us, and half managed by AWS. Because of this, I think it would be far more helpful to us if we went for our own tool instead. Automation: As in, a lot of separate blocks if something goes wrong. For example, every company will have their own rules for automation, in terms of their goals for the product. Like, "I want my WAF to do this. I want my WAF to do that." But that's the kind of thing that I think we will only see when we do some POCs with our clients.

The pricing should be more affordable, especially as it pertains to small clients. While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex. These could stand improvement and bring down my rating of the product. Customer support should also be improved.

We haven't faced any problems with the solution. I can't speak to any missing features. Every aspect of it has been quite good.

The service itself is fine. On the UI side, I would like it if they could bring back the conditions view which had geo match, IP sets and etc. When using WAF classic you could see this option on the left side of the console. Currently IP sets and regex strings is there but geo match does not seem to be included, not sure if geo matching is still supported.

It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right.

The complexity of deploying turnkey solutions could be simplified. They actually have too many different things that you can tinker with and too many different ways to do the same thing. It may be helpful if the product were to be more directed and if it used best practices with technical and non-technical users in mind.

We have not implemented WAF completely. We are working around that issue right now in the AWS. We are creating log files and then we are using Kibana for analysis. Out WAF deployment is not perfected yet so it is not implemented as our long-term solution. It will take another month to complete the setup. I do not have the big picture on it yet in a live environment, so my view of what will need to be improved under load is limited. I think one thing that should be available is that if there are technical problems in the AWS, then there should be automated alerts to AWS. Calling support is not that easy. It would be better to automatically send emails to them to report that there is a bug in their programming. I have an idea for a new feature to consider. I think the security area and other things that they provide are good, and I know there are third-party integrations. It provides a lot of value. The problem is that the 'value' of the solution makes it very costly. That is a big thing. $20,000 for this solution seems like a lot. Right now we are limited to only MySQL and PostgreSQL databases. There should be other options and also a way to check the security of it. I think AWS should develop and make available some kind of a management screen so we can see the logs, which servers are using the service, and how the security is performing. All we can see right now is if there are any security breaches. This is not enough information to evaluate the performance of the system. For example, there are a lot of people using MongoDB databases. Over the last two years, a lot of them got hacked. Mongo should have had a way to alert end users if its facilities get hacked. A manager or some administrator should receive an email saying that this or that account got hacked and there was a security breach. This would be enough notification to prompt taking other appropriate actions. There should also be a report or alerts which tell us that the configuration is having security issues. I think there is something called PVE security rules which might be implemented. Of course, Cisco's security rules could also be implemented. Once the rules are implemented, we know for certain if they are providing a secure connection or not. We need some type of check on the configuration that can create alerts for potential security issues and to have proper notifications.

There isn't room for improvement per se. the cloud is constantly evolving and changing however, so we'll see what the future brings. When users choose the free service, there isn't great support available to them. This is because, when it comes to any issues, due to the fact that it says that when the rules are defined by the users, it becomes their responsibility. When there are any problems or threats, which don't get mitigated or the threat is not being properly managed, since the rules are owned by the user, they take responsibility for everything. It would be helpful if AWS could take a bit of responsibility here and help users understand where things went wrong. Support wise, I don't think they are that good compared to individual vendors. When it comes to vendors, it becomes their product, and being a product owner, they take more responsibility and ownership of issues. AWS doesn't do that at all.

Sometimes it's a bit difficult to check the rules because when you apply a rule, sometimes it's too much and we need to rewrite the rules and make compromises on the rules because it will block too many things. It's a bit difficult to apply the right rules for the right security.

I would like to be able to view a graphical deployment map in the user interface that will give me an overview of the configuration and help to determine whether I have missed any steps.

A significant improvement would be built in bots protection enhancement, or seamless integration with other products. For now, there are limited feature to protect against an attack from the bad bots so users go to third party solutions, which just complicates integration and operation. A helpful additional feature would be to have a fully unified unique product, including the DDoS, with sophisticated attack capabilities including anti bot management. They should also take a look at reviewing the complexity of the integration with other third-party vendor solutions.

The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively.

The solution could be faster in detecting threats. They should work to define more threats, add more security, and make it more compliant with more security companies. The solution could always be more automated.

In a future release I would like to see automation. There's no interaction between the applications and that makes it tedious. We have to do the preparation all over again for each of our other applications.

I would like them to fortify the system more. In every software platform there are issues or bugs, even though presently, there aren't many known and it is running without problems. They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats. It's better for the system if the platform is more proactive in detecting threats immediately, so that technicians or people on the security team will know that a threat is coming in.

In a future release of this solution, I would like to see additional management features to make things simpler.

The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on. Also, more fine-tuning would be convenient.

We need more support as we go global. The UI could use improvement.