AWS WAF vs. Cloudflare

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
AWS WAF
Score 7.0 out of 10
N/A
Amazon Web Services offers AWS WAF (web application firewall) to protect web applications from malicious behavior that might impede the applications functioning and performance, with customizable rules to prevent known harmful behaviors and an API for creating and deploying web security rules.
$0.60
per 1 million requests
Cloudflare
Score 8.5 out of 10
N/A
Cloudflare’s connectivity cloud is a unified platform of cloud-native services designed to help enterprises regain control over their IT environments. Powered by an intelligent, programmable global cloud network, it is built to offer security, performance, visibility, and reliability.
$20
per month
Pricing
AWS WAFCloudflare
Editions & Modules
Resource Type - Request
$0.60
per 1 million requests
Resource Type - Rule
$1.00
per month (prorated hourly)
Resource Type - Web ACL
$5.00
per month (prorated hourly)
Pro
$20
per month
Business
$200
per month
Free
Free
Enterprise
Contact sales team
Offerings
Pricing Offerings
AWS WAFCloudflare
Free Trial
NoNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
AWS WAFCloudflare
Considered Both Products
AWS WAF
Chose AWS WAF
When it comes to integration with AWS resources, we found that AWS WAF can easily integrate with CloudFront, API gateway, ALB, etc. When we analyzed other products, we found that the integration can be a little more difficult than just a click of a button. However, the pricing …
Chose AWS WAF
Unlike these other AWS tools, WAF provides real-time traffic control, rules that can be customized according to the needs of the user, and is based on an implementation in the cloud which avoids the use of memory on computers as well as an account with a very affordable cost …
Cloudflare
Chose Cloudflare
Cloudflare has more anti-threat features and is very easy to manage. AWS WAF is more complex to manage and does not contribute much against new threats. Furthermore, AWS WAF is not flexible when it comes to rules.
Chose Cloudflare
Overall we are using Cloudflare as well as AWS cloud across various domains in our organization. To some extent such as DNS management on Route53, CloudFront takes advantage of Cloudflare as it provides a straightforward UI for DNS management. But when it comes to traffic …
Chose Cloudflare
Its more of having a protection from various threats under the same umbrella
Top Pros
Top Cons
Best Alternatives
AWS WAFCloudflare
Small Businesses
Cloudflare
Cloudflare
Score 8.5 out of 10

No answers on this topic

Medium-sized Companies
Cloudflare
Cloudflare
Score 8.5 out of 10
BIG-IP
BIG-IP
Score 9.1 out of 10
Enterprises
F5 Advanced WAF
F5 Advanced WAF
Score 9.3 out of 10
BIG-IP
BIG-IP
Score 9.1 out of 10
All AlternativesView all alternativesView all alternatives
User Ratings
AWS WAFCloudflare
Likelihood to Recommend
8.8
(9 ratings)
7.9
(173 ratings)
Likelihood to Renew
9.0
(1 ratings)
8.3
(4 ratings)
Usability
9.0
(2 ratings)
8.5
(8 ratings)
Availability
-
(0 ratings)
9.2
(2 ratings)
Performance
-
(0 ratings)
9.2
(2 ratings)
Support Rating
9.0
(2 ratings)
7.9
(141 ratings)
Implementation Rating
-
(0 ratings)
8.6
(2 ratings)
Configurability
-
(0 ratings)
9.0
(1 ratings)
Ease of integration
-
(0 ratings)
8.9
(2 ratings)
Product Scalability
-
(0 ratings)
9.2
(2 ratings)
Vendor post-sale
-
(0 ratings)
7.0
(1 ratings)
Vendor pre-sale
-
(0 ratings)
8.0
(1 ratings)
User Testimonials
AWS WAFCloudflare
Likelihood to Recommend
Amazon AWS
Well Suited: 1. To prevent DDOS attacks: AWS WAF has a lot of managed rules to prevent DDOS attacks based on traffic origination from a particular IP or IP reputation etc. 2. To rate-limit requests: Well it sounds familiar like preventing DDOS attacks, but it can also be used to rate-limit requests originating from the same IP address. We have used this feature so that we can test multiple failure scenarios for our application. 3. To prevent Data crawling: The BOT control feature allows us to prevent BOTs from crawling data on our websites. Not Suited: 1. To integrate applications outside of AWS Cloud: As I mentioned in my previous comments, this type of integration requires a custom implementation of another AWS resource.
Read full review
Cloudflare
Based on my experience, Cloudflare is well-suited for high-traffic websites and probably e-commerce platforms. Cloudflare can mitigate the risk of attacks on these websites using WAF and DNS protection mechanisms and provide cached content to the end-users quickly. The websites where it is not suitable are those that need high security and compliance requirements as Cloudflare might not meet all those criteria.
Read full review
Pros
Amazon AWS
  • Protect any application against the most common attacks.
  • Provides better visibility of web traffic.
  • It allows us to control the traffic in different ways in which it is enabled or blocked through the implementation of security rules developed personally according to our needs.
  • It is able to block common attacks such as SQL code injection.
  • It allows defining specific rules for applications, thus increasing web security as they are developed.
Read full review
Cloudflare
  • Registrar and DNS services are impeccable, with registrations done at cost and without ADs. DNS services setting standards for speed of resolution.
  • DDOS protection. With their content distribution network to back them they have the bandwidth and tools to be both proactive and reactive to bad actors.
  • WAF - Their Web Application Firewall helps mitigate common site vulnerabilities and has active zero-day protection running for breaking exploits
Read full review
Cons
Amazon AWS
  • AWS WAF is a bit costly if used for single applications.
  • they should provide attack-wise protection, like if my certain type of application is vulnerable to DDOS then I should be able to buy WAF, especially for that attack.
  • CLI tool to test in offline mode if possible.
Read full review
Cloudflare
  • In some cases, using Cloudflare can actually lead to slower website speeds if the network is congested or if the website's traffic is particularly heavy.
  • Some website owners may find that the level of customization offered by Cloudflare is limited, especially in comparison to other solutions.
  • While Cloudflare is easy to set up and manage, it may be too complex for users who are not familiar with web technologies.
Read full review
Likelihood to Renew
Amazon AWS
We have been using AWS WAF for the past 3 years in front of our websites. We find it useful in preventing data crawling, DDOS attacks, etc on our websites, and hence we are going to use it in the future as well. AWS WAF is one of the best Firewalls in business.
Read full review
Cloudflare
lower cost
Read full review
Usability
Amazon AWS
The product is highly scalable. It is easy to configure the rules and thereby helps us to mitigate many vulnerabilities. The interface and programming of the firewall provisions were easy to setup. Amazon clearly spent a lot of time figuring this out and perfecting it. It allows users to do customized configurations based on their needs. It provides protection against a number of security issues like XSS, SQL injection, etc. I would definitely recommend this for protecting your infra as you scale, since this basically protects and filters all requests hitting your application server.
Read full review
Cloudflare
Everything is extremely concise and all settings apply immediately and take effect globally. There is no reason to explicitly plan/think in terms of individual regions as one would have to traditional cloud offerings (AWS, OCI, Azure). All Cloudflare products integrate seamless as part of a single pipeline that executes from request to response.
Read full review
Reliability and Availability
Amazon AWS
No answers on this topic
Cloudflare
In 6+ years of relying on Cloudflare, I think we experienced one or two brief outages that were Cloudflare's fault.
Read full review
Performance
Amazon AWS
No answers on this topic
Cloudflare
Their Argo for the global network is the core feature we love.
Read full review
Support Rating
Amazon AWS
If you're intending to use AWS WAF, I would say that you absolutely should sign up for support. AWS Support is excellent and they can help you in a really good way to solve your issues.
Read full review
Cloudflare
I have only used their support a few times, and most times, they are responsive and able to resolve my issue with a minimal amount of time and effort. However, there was one instance where I simply asked about how to purchase some more resources (redirect rules), and I received some type of automated/AI response that was very unhelpful and gave me no opportunity to escalate to a person.
Read full review
Implementation Rating
Amazon AWS
No answers on this topic
Cloudflare
Very well executed implementation where our team was able to handle the implementation with guidance.
Read full review
Alternatives Considered
Amazon AWS
Easy of use. Setup and configuration is fairly quick. There are the usual advantages of it being a cloud solution where you can buy into the solution, configure it and set it up and get it up and running. If you are already a subscriber to AWS, having a native service has its advantages.
Read full review
Cloudflare
They have the most generous free offering, and after the free offering limit is reached - you're still getting plenty of value for the buck.
They have very good reputation.
They have an ever expanding list of tools that can support multiple scenarios under one roof.
Read full review
Scalability
Amazon AWS
No answers on this topic
Cloudflare
They are built for scale and have the capacity to handle all the traffic we could ever expect to get.
Read full review
Return on Investment
Amazon AWS
  • Implementing this AWS service has been really favorable because when creating custom rules we give more specific protection to our applications against vulnerabilities that cause them to be consuming other resources or running with errors.
  • It allows us to control the traffic of our business applications, which is really favorable, given that in this way we can decide that you can access them and not.
  • It is extremely advantageous that we can establish rules in a centralized way since it saves time, as well as it allows us to protect several applications at the same time by reusing the rules established above.
  • It allows you to save time and money because we only pay for what is used.
Read full review
Cloudflare
  • A lot of requests are cached and so egress costs from downstream providers are mitigated.
  • DDoS protection has also managed to keep our site up and our cloud computing bill down.
  • Setting up a proxy with a worker made putting various Google Cloud Functions running behind a single URL very easy and performant. Plus they offer API Shield on top of this.
Read full review
ScreenShots