Filter Ratings and Reviews
Filter 16 vetted AWS WAF reviews and ratings
Reviews (1-6 of 6)
Companies can't remove reviews or game the system. Here's why.
November 26, 2020
AWS WAF is basically implemented to secure the web applications. I have a positive experience using the AWS Web Application Firewall (WAF). It has many features to protect our applications and solutions. The good thing about AWS WAF is it has the most friendly APIs for developers to create firewall rules for the web application. That makes our applications secure.
- AWS WAF has the most developer-friendly API to create firewall rules.
- AWS WAF provides OWASP security controls, which reduces developers' burden (i.e., SQL injection and cross-site scripting).
- AWS WAF has customizable web security rules. The user can even push the rules through the API available, which is the great feature and helped me a lot.
- It protects applications at layer 7 (HTTP) of the OSI model and not just layer 4 (TCP).
- Need to enhance OWASP standards.
- We are limited to five rate-based rules per AWS account.
February 10, 2020
We use AWS WAF in our whole organization to help us protect all workloads we deploy using AWS CloudFront and AWS API Gateway. The mail problems we cover are layer seven attacks, but we also create whitelists and blacklists to allow or deny specific traffic. We also use Managed Rules for AWS WAF, to quickly get started and protect our web application or APIs against common threats.
- Great integration with AWS services.
- Easy configuration management via API.
- Reporting.
- Log visualization.
December 05, 2019
AWS WAF was one pilot proof of concept solution we used to mitigate exploits as they pertain to our internal applications. We saw an increase in attacks on our applications and we wanted to find something we could easily use to fight against that.
- Setup rules that allow you to filter web traffic.
- Mitigates against vulnerabilities out in the wild.
- Protects against several different attacks.
- Would like to see a better price point.
- Somewhat limited in the number of rules that can be set up.
June 19, 2019
AWS WAF is a really useful software when implemented at the departmental level. It allows the infrastructure of the applications that are being executed to be protected in a very simple way since the user can establish rules to stop the vulnerabilities that can cause a malfunction in such applications. This is why we have decided to implement it in the business applications development department to dismiss these vulnerabilities and thus be able to concentrate on the development of applications without that concern.
- It allows custom rules to be established to stop attacks that may harm business applications.
- Its cost is based only on what the user uses to establish rules that can protect applications from vulnerabilities.
- The rules can be established by the user or those that the system already brings with it being able to be centralized to reuse them for the rest of the applications, which saves time.
- The user can choose the traffic of their applications.
- The cost depends on the number of rules assigned.
- It deploys new rules fast and efficiently.
- The documentation offered is somewhat confusing, so it would be ideal if it were much more direct and precise.
- Your initial configuration may be confusing, so the best option is to use the rule templates provided by AWS.
- Its configuration is not unified with AWS, so it must be done separately and it takes some time.
- The number of rules to be established is somewhat limited.
February 12, 2019
We use AWS WAF in the Application Development department since it is useful to provide protection against the most common web attacks such as the injection of SQL code and site scripts, as well as to prevent these applications from consuming more resources than they should actually consume. For this, we develop custom rules that allow us to block such attacks and at the same time improve the visibility of web traffic.
- Protect any application against the most common attacks.
- Provides better visibility of web traffic.
- It allows us to control the traffic in different ways in which it is enabled or blocked through the implementation of security rules developed personally according to our needs.
- It is able to block common attacks such as SQL code injection.
- It allows defining specific rules for applications, thus increasing web security as they are developed.
- It is necessary to have knowledge about the software because otherwise inappropriate rules will be created.
- Your configuration can be somewhat tedious.
- Your support team takes a long time to answer the user's questions.
- Its costs can be somewhat high, unlike other services since it is charged by the number of rules that are created.
September 27, 2018

We were using WAF to protect our web application from cyber attacks by filtering the requests access to our web app. We created various rules and access control lists for blocking all the unwanted threats like SQL injections.
- The deployment was pretty easy on the AWS platform
- The cost of using AWF WAF is pretty low as you only have to pay for the rules that you are assigning and also, you can chose the traffic that you need for your application
- The technical support is great, they are very good in understanding your problem and really helpful in providing the best solution
- There is nothing much to dislike about this product
AWS WAF Scorecard Summary
What is AWS WAF?
Amazon Web Services offers AWS WAF (web application firewall) to protect web applications from malicious behavior that might impede the applications functioning and performance, with customizable rules to prevent known harmful behaviors and an API for creating and deploying web security rules.
Categories: Web Application Firewalls
AWS WAF Pricing
- Does not have featureFree Trial Available?No
- Does not have featureFree or Freemium Version Available?No
- Does not have featurePremium Consulting/Integration Services Available?No
- Entry-level set up fee?No
Edition | Pricing Details | Terms |
---|---|---|
Resource Type - Web ACL | $5.00 | per month (prorated hourly) |
Resource Type - Rule | $1.00 | per month (prorated hourly) |
Resource Type - Request | $0.60 | per 1 million requests |
AWS WAF Technical Details
Deployment Types: | SaaS |
---|---|
Operating Systems: | Unspecified |
Mobile Application: | No |