F5 Distributed Cloud WAF (Web Application Firewall) vs. NGINX

It helps our website to manage well during high traffic seasons and Holidays. This plaform manages the website overall performance and also protect it against DDoS attacks during these High demand period. It also protects transactions done on our website for the booking of services and products buying by our customers and keep their data safe.

Incentivized

Nginx is well-suited for any web server scenarios, such as web applications, backend or reverse proxy for both application and HTTP requests, and distribution. It is less appropriate for Windows-based applications that run directly on a Windows Server host. In any case, it is very easy to manage, through separate conf files for each application or site you want to host with it.

Incentivized

• Layer seven attacks are becoming far more common. Traditionally it was always layered three, layer four, where you get an additional firewall, but with the application layer attacks become more frequent, more popular, et cetera. So having the web application firewall protecting us, and then with the recent Log4j, that's the most recent use case when it gave us that instant level of protection whilst we remediated the Log4j that we had that and the F5 Distributed Cloud WAF was protecting us.
• I have a great relationship with the account manager, my account manager, and I think he drives the best price possible, um, for me, and I'm happy with that price.
• F5 Distributed Cloud WAF is always innovating and evolving.
• We run a very competitive proof value where we run numerous competitors against each other, and then we evaluate from that and then make the selection, and F5 Distributed Cloud WAF was the winner.

Incentivized

• Very low memory usage. Can handle many more connections than alternatives (like Apache HTTPD) due to low overhead. (event-based architecture).
• Great at serving static content.
• Scales very well. Easy to host multiple Nginx servers to promote high availability.
• Open-Source (no cost)!

Incentivized

• Lack of warnings, currently the console does not provide a warning when deleting key-value entry.
• The web GUI could use some tweaking, currently no undo option when removing exclusion rules.
• Configuration complexity, currently menus and options are hidden, making it hard to configure vs on prem.

• Customer support can be strangely condescending, perhaps it's a language issue?
• I find it a little weird how the release versions used for Nginx+ aren't the same as for open source version. It can be very confusing to determine the cross-compatibility of modules, etc., because of this.
• It seems like some (most?) modules on their own site are ancient and no longer supported, so their documentation in this area needs work.
• It's difficult to navigate between nginx.com commercial site and customer support. They need to be integrated together.
• I'd love to see more work done on nginx+ monitoring without requiring logging every request. I understand that many statistics can only be derived from logs, but plenty should work without that. Logging is not an option in many environments.

We gave it an 8 because it protects our web apps well and is reliable. The WAF is flexible and meets most of our needs. It could improve in user interface and make integrations easier, but overall, it’s a solid and effective security tool for us.

Incentivized

Great value for the product

Incentivized

I believe is a solution that was designed from the start to be simple and easy to use. Coming from Imperva, it simply eased the burden and complexity of managing and securing our apps on different environments (cloud and on-prem). It easy to scale and very quick to deploy (as a cloud waf should be), provide us with DevOps integrations, visibility and automatic insights from multiple events that guarantee peace of mind for us analysts and opp managers.

Incentivized

This tool is really easy to use and configure. Consumes very less system resources. It is highly modular and configurable. You can easily use it with other tools like certbot for SSLs. You can configure basic security with configuration and headers

Incentivized

Seems no issue

Incentivized

Unnoticed slowness

Incentivized

I never contacted support for this product.

Incentivized

Community support is great, and they've also had a presence at conferences. Overall, there is no shortage of documentation and community support. We're currently using it to serve up some WordPress sites, and configuring NGINX for this purpose is well documented.

Incentivized

Online training saves me lots of time

Incentivized

Just make sure you origin servers have F5 IPs allowed.

Incentivized

It provides fewer false positives and a more granular approach to eliminating them, allowing us to focus on threats. Also, with the need to secure both on-premise and cloud-based web applications, we can only use Azure on the cloud part, but we still need to cover on-premise apps with WAF, so we would need to double the time to deploy and manage. Also, its flexibility of deployment scenarios offers us a faster time to deploy WAF without adjusting the app delivery process to WAF's existence.

Incentivized

I have found that [NGINX] seems to perform better throughout the years with less issues although I've used Apache more. I would definitely recommend [NGINX] for any high volume site and I've seen this to usually be the case from most provided web hosts who will pick [NGINX] over alternatives

Incentivized

Dont see any issue so far

Incentivized

• The biggest gain for us was speed. Before F5 Distributed Cloud WAF, onboarding a new app to our WAF stack meant manual rule tuning, traffic sampling and regression testing. Right now, we spin up a service, tag it with the right policy and its ready (production ready) within hours

Incentivized

• By using Nginx, we can host multiple web services on a single server, keeping our infrastructure costs lower.
• Nginx maintains our HTTPS connections, allowing us to keep our promise to our customers that their data is safe in transit.
• Due to Nginx's extremely low failure rate, our web addresses always return something meaningful, even when individual services go down. In sense, this means we are "always online" and allows us to maintain brand and support our customers even in the face of catastrophe.

Incentivized