F5 Distributed Cloud WAF leverages F5's Advanced WAF technology, delivering WAF-as-a-Service and combining signature- and behavior-based protection for web applications. It acts as an intermediate proxy to inspect application requests and responses to block and mitigate a broad spectrum of risks stemming from the OW ASP Top 10, persistent and coordinated threat campaigns, bots, and layer 7 DoS.
As I mentioned earlier, the Apache HTTP Server has a small disadvantage compared to the competition (NGINX) in terms of performance. If you run websites that really have a lot of visitors, NGINX might be the better alternative.
On the other hand, the Apache HTTP Server is open source and free. Further functionalities can be activated via modules. The documentation is really excellent.
It helps our website to manage well during high traffic seasons and Holidays. This plaform manages the website overall performance and also protect it against DDoS attacks during these High demand period. It also protects transactions done on our website for the booking of services and products buying by our customers and keep their data safe.
Street Cred: Apache Web Server is the Founder for all of Apache Foundation's other projects. Without the Web Server, Apache Foundation would look very different. That being said, they have done a good job of maintaining the code base, and keeping a lot of what makes Apache so special
Stability: Apache is rock-solid. While no software is perfect, Apache can parse your web sources quickly and cleanly.
Flexibility: Need to startup your own Webpage? Done. Wordpress? Yup. REST Endpoint? Check. Honeypot? Absolutely.
Layer seven attacks are becoming far more common. Traditionally it was always layered three, layer four, where you get an additional firewall, but with the application layer attacks become more frequent, more popular, et cetera. So having the web application firewall protecting us, and then with the recent Log4j, that's the most recent use case when it gave us that instant level of protection whilst we remediated the Log4j that we had that and the F5 Distributed Cloud WAF was protecting us.
I have a great relationship with the account manager, my account manager, and I think he drives the best price possible, um, for me, and I'm happy with that price.
F5 Distributed Cloud WAF is always innovating and evolving.
We run a very competitive proof value where we run numerous competitors against each other, and then we evaluate from that and then make the selection, and F5 Distributed Cloud WAF was the winner.
The default configurations which comes with Apache server needs to get optimized for performance and security with every new installation as these defaults are not recommended to push on the production environment directly.
Security options and advanced configurations are not easy to set up and require an additional level of expertise.
Admin frontend GUI could be improved to a great extent to match with other enterprise tools available to serve similar requirements.
Fail over between devices feels unstable if there are thousands of objects attached to the traffic-group. Needs to be more simpler.
We have seen issues with malicious user detection where we have used open protocols due to legacy applications, and have been caught with legitimate traffic being blocked.
We gave it an 8 because it protects our web apps well and is reliable. The WAF is flexible and meets most of our needs. It could improve in user interface and make integrations easier, but overall, it’s a solid and effective security tool for us.
I believe is a solution that was designed from the start to be simple and easy to use. Coming from Imperva, it simply eased the burden and complexity of managing and securing our apps on different environments (cloud and on-prem). It easy to scale and very quick to deploy (as a cloud waf should be), provide us with DevOps integrations, visibility and automatic insights from multiple events that guarantee peace of mind for us analysts and opp managers.
I give this rating because there is so much Apache documentation and information on the web that you can literally do anything. This has to do with the fact that there is a huge Open Source community that is beyond mature and perhaps one of the most helpful to be found. The only thing that should hold anyone back from anything is that they can not read. RTFM, my friend. And I must say that the manual is excellent.
I has a lot more features, except that IIS is more integrated in a Windows environment. But now with .net core also possible from Apache it would work anywhere really. Only in a full Windows environment where full integration is needed I would chose to go for IIS. Otherwise Apache it is.
It provides fewer false positives and a more granular approach to eliminating them, allowing us to focus on threats. Also, with the need to secure both on-premise and cloud-based web applications, we can only use Azure on the cloud part, but we still need to cover on-premise apps with WAF, so we would need to double the time to deploy and manage. Also, its flexibility of deployment scenarios offers us a faster time to deploy WAF without adjusting the app delivery process to WAF's existence.
The biggest gain for us was speed. Before F5 Distributed Cloud WAF, onboarding a new app to our WAF stack meant manual rule tuning, traffic sampling and regression testing. Right now, we spin up a service, tag it with the right policy and its ready (production ready) within hours
