Amazon Web Services offers AWS WAF (web application firewall) to protect web applications from malicious behavior that might impede the applications functioning and performance, with customizable rules to prevent known harmful behaviors and an API for creating and deploying web security rules.
$0.60
per 1 million requests
Cloudflare
Score 9.0 out of 10
N/A
Cloudflare’s connectivity cloud is a unified platform of cloud-native services designed to help enterprises regain control over their IT environments. Powered by an intelligent, programmable global cloud network, it is built to offer security, performance, visibility, and reliability.
$20
per month
NGINX
Score 9.1 out of 10
Mid-Size Companies (51-1,000 employees)
NGINX, a business unit of F5 Networks, powers over 65% of the world's busiest websites and web applications. NGINX started out as an open source web server and reverse proxy, built to be faster and more efficient than Apache. Over the years, NGINX has built a suite of infrastructure software products o tackle some of the biggest challenges in managing high-transaction applications. NGINX offers a suite of products to form the core of what organizations need to create…
When it comes to integration with AWS resources, we found that AWS WAF can easily integrate with CloudFront, API gateway, ALB, etc. When we analyzed other products, we found that the integration can be a little more difficult than just a click of a button. However, the pricing …
Unlike these other AWS tools, WAF provides real-time traffic control, rules that can be customized according to the needs of the user, and is based on an implementation in the cloud which avoids the use of memory on computers as well as an account with a very affordable cost …
Cloudflare has more anti-threat features and is very easy to manage. AWS WAF is more complex to manage and does not contribute much against new threats. Furthermore, AWS WAF is not flexible when it comes to rules.
Overall we are using Cloudflare as well as AWS cloud across various domains in our organization. To some extent such as DNS management on Route53, CloudFront takes advantage of Cloudflare as it provides a straightforward UI for DNS management. But when it comes to traffic …
Akamai and Edgecast/Verizon are way over-priced, and also require hassling sales people to negotiate prices, and cloudflare just has their prices posted, and don't require a multi-year contract, etc. StackPath is a regular CDN provider, and is probably cheaper than Cloudflare …
Well Suited: 1. To prevent DDOS attacks: AWS WAF has a lot of managed rules to prevent DDOS attacks based on traffic origination from a particular IP or IP reputation etc. 2. To rate-limit requests: Well it sounds familiar like preventing DDOS attacks, but it can also be used to rate-limit requests originating from the same IP address. We have used this feature so that we can test multiple failure scenarios for our application. 3. To prevent Data crawling: The BOT control feature allows us to prevent BOTs from crawling data on our websites. Not Suited: 1. To integrate applications outside of AWS Cloud: As I mentioned in my previous comments, this type of integration requires a custom implementation of another AWS resource.
Cloudflare works well as security measure that gives peace of mind without needing to work too hard to get it functioning well. It provides great tools to customize the security experience as well. This is all the same for the caching tools as well. They have a lot of built in tools that make using the caching easy right out of the box, but they provide the customization options to get things just right for your site.
Nginx is well-suited for any web server scenarios, such as web applications, backend or reverse proxy for both application and HTTP requests, and distribution. It is less appropriate for Windows-based applications that run directly on a Windows Server host. In any case, it is very easy to manage, through separate conf files for each application or site you want to host with it.
Protect any application against the most common attacks.
Provides better visibility of web traffic.
It allows us to control the traffic in different ways in which it is enabled or blocked through the implementation of security rules developed personally according to our needs.
It is able to block common attacks such as SQL code injection.
It allows defining specific rules for applications, thus increasing web security as they are developed.
The best part is the content delivery network. Cloudflare has a large network of data centres around the world that helps cache and delivers content quickly to our customers.
Cloudflare offers us with a fast and reliable DNS service and with the world class features such as Cloudflare workers, SSL verification, certificate management and web application firewall. When all of these are combined together, it provides very strict security for our organization.
One of the most important feature that we use is the analytics and threat detection. It provides us with the real time insights of all the threats originating from multiple locations and landing on our websites.
AWS WAF is a bit costly if used for single applications.
they should provide attack-wise protection, like if my certain type of application is vulnerable to DDOS then I should be able to buy WAF, especially for that attack.
In some cases, using Cloudflare can actually lead to slower website speeds if the network is congested or if the website's traffic is particularly heavy.
Some website owners may find that the level of customization offered by Cloudflare is limited, especially in comparison to other solutions.
While Cloudflare is easy to set up and manage, it may be too complex for users who are not familiar with web technologies.
Customer support can be strangely condescending, perhaps it's a language issue?
I find it a little weird how the release versions used for Nginx+ aren't the same as for open source version. It can be very confusing to determine the cross-compatibility of modules, etc., because of this.
It seems like some (most?) modules on their own site are ancient and no longer supported, so their documentation in this area needs work.
It's difficult to navigate between nginx.com commercial site and customer support. They need to be integrated together.
I'd love to see more work done on nginx+ monitoring without requiring logging every request. I understand that many statistics can only be derived from logs, but plenty should work without that. Logging is not an option in many environments.
We have been using AWS WAF for the past 3 years in front of our websites. We find it useful in preventing data crawling, DDOS attacks, etc on our websites, and hence we are going to use it in the future as well. AWS WAF is one of the best Firewalls in business.
The product is highly scalable. It is easy to configure the rules and thereby helps us to mitigate many vulnerabilities. The interface and programming of the firewall provisions were easy to setup. Amazon clearly spent a lot of time figuring this out and perfecting it. It allows users to do customized configurations based on their needs. It provides protection against a number of security issues like XSS, SQL injection, etc. I would definitely recommend this for protecting your infra as you scale, since this basically protects and filters all requests hitting your application server.
Everything is extremely concise and all settings apply immediately and take effect globally. There is no reason to explicitly plan/think in terms of individual regions as one would have to traditional cloud offerings (AWS, OCI, Azure). All Cloudflare products integrate seamless as part of a single pipeline that executes from request to response.
This tool is really easy to use and configure. Consumes very less system resources. It is highly modular and configurable. You can easily use it with other tools like certbot for SSLs. You can configure basic security with configuration and headers
If you're intending to use AWS WAF, I would say that you absolutely should sign up for support. AWS Support is excellent and they can help you in a really good way to solve your issues.
Excellent product, Cloudflare is a true pioneer of the modern Internet, providing tools, services, and expertise that vastly improve the performance and security of web services. Any issues are resolved quickly with detailed RCA and follow-ups published publicly. I'm thankful to Cloudflare and use their services both at work and at home.
Community support is great, and they've also had a presence at conferences. Overall, there is no shortage of documentation and community support. We're currently using it to serve up some WordPress sites, and configuring NGINX for this purpose is well documented.
Easy of use. Setup and configuration is fairly quick. There are the usual advantages of it being a cloud solution where you can buy into the solution, configure it and set it up and get it up and running. If you are already a subscriber to AWS, having a native service has its advantages.
I have found that [NGINX] seems to perform better throughout the years with less issues although I've used Apache more. I would definitely recommend [NGINX] for any high volume site and I've seen this to usually be the case from most provided web hosts who will pick [NGINX] over alternatives
Implementing this AWS service has been really favorable because when creating custom rules we give more specific protection to our applications against vulnerabilities that cause them to be consuming other resources or running with errors.
It allows us to control the traffic of our business applications, which is really favorable, given that in this way we can decide that you can access them and not.
It is extremely advantageous that we can establish rules in a centralized way since it saves time, as well as it allows us to protect several applications at the same time by reusing the rules established above.
It allows you to save time and money because we only pay for what is used.
Immediate ROI on Registrar and DNS hosting while giving a single plane of glass to managing both with domain registrations at cost, and no cost DNS hosting
WAF helped us move at risk servers/applications into a protected state allowing us to perform remediations at a measured pace and get them done right instead of band aide solutions.
CDN proxying increase the speed of our website while simultaneously reducing server load.
DMARC management and report interpretation allow use to identify weak points in our email systems, remediate and move to stricter policies without significantly increasing staff time spent managing it.
By using Nginx, we can host multiple web services on a single server, keeping our infrastructure costs lower.
Nginx maintains our HTTPS connections, allowing us to keep our promise to our customers that their data is safe in transit.
Due to Nginx's extremely low failure rate, our web addresses always return something meaningful, even when individual services go down. In sense, this means we are "always online" and allows us to maintain brand and support our customers even in the face of catastrophe.
