Name: AWS WAF
Price: 0.6 USD
Rating: 6.8 (29 reviews)
Author: Amazon AWS

Help Desk

Web and Video Conferencing

Customer Support

Augmented Reality Development

Development

School Management

Education

Board Management

Business Intelligence (BI)

Collaboration

Digital Rights Management (DRM)

Risk Management

Enterprise

Accounting

Accounts Receivable

Budgeting and Forecasting

Subscription Management

Finance and Accounting

Applicant Tracking

Corporate Learning Management

HR Management

Payroll

Talent Intelligence

Talent Management

Workforce Analytics

Workforce Management

Human Resources

Build Automation

Cloud Storage

Data Fabric

Email Verification

Firewall Security Management

Fraud Detection

IP Address Management (IPAM)

Infrastructure Capacity Planning

Integration Platform as a Service (iPaaS)

IoT Security

Network Performance Monitoring

Network Simulation

Network Traffic Analysis (NTA)

Output Management

Platform-as-a-Service (PaaS)

SOA Application Gateways

Software Components

Software-Defined WAN

Web Content Filtering

Web Portal

Information Technology

A/B Testing

AI Image Generation

Ad Serving & Retargeting

All-in-One Marketing

Audio Editing

Blogging

Content Management

Email Marketing

Gamification

Local Marketing

Marketing Automation

Mobile Analytics

Product Sampling

Search Engine Marketing (SEM)

Social Media Management

Survey & Forms Building

Video

Video Editing

Web Analytics

Website Builder

Marketing

Job Site Management

Project Management

Waste Management

Writing and Proofreading Tools

Professional Services

Customer Relationship Management (CRM)

Social Commerce

Sales

Security Orchestration, Automation and Response (SOAR)

Security

Architecture

Last Mile Delivery

Legal Case Management

Nonprofit CRM

Physical Therapy

Roofing

Vertical-Specific

Find top rated software and services based on in-depth reviews from verified users. 400+ software categories including PaaS, NoSQL, BI, HR, and more.

Cloudflare

Akamai CDN

Akamai

Amazon Route 53

Amazon AWS

NGINX

Azure Application Gateway

Microsoft

Imperva Web Application Firewall (WAF)

Imperva, a Thales company

Amazon CloudFront

Palo Alto Networks Next-Generation Firewalls - PA Series

Palo Alto Networks

F5 Distributed Cloud WAF (Web Application Firewall)

F5 Big-IP Advanced WAF

Barracuda Web Application Firewall

Barracuda Networks, Inc.

Akamai App & API Protector

FortiWeb

Fortinet

Oracle Dyn Web Application Security Platform

Oracle

SonicWall Web Application Firewall

SonicWall

Barracuda Application Protection

### Application Security
Users generally praise AWS WAF's robust application security features. Reviewers highlight the effectiveness of AWS WAF in protecting web applications from various threats, such as DDoS attacks and common vulnerabilities like SQL injection and cross-site scripting. The customizable web security rules and developer-friendly APIs make it easier for users to create and implement specific firewall rules tailored to their applications' needs. Additionally, the ability to protect applications at layer 7 of the OSI model adds an extra layer of security, ensuring comprehensive protection against potential threats. Despite some concerns about the cost, users appreciate the ease of deployment and the overall security benefits provided by AWS WAF for their applications running on the cloud. (Source Reviews: [1](https://www.trustradius.com/reviews/aws-waf-2022-08-04-05-27-33), [2](https://www.trustradius.com/reviews/aws-waf-2023-04-25-16-36-53), [3](https://www.trustradius.com/reviews/aws-waf-2021-08-14-13-26-45), [4](https://www.trustradius.com/reviews/aws-waf-2020-11-22-21-43-56), [5](https://www.trustradius.com/reviews/aws-waf-2020-02-07-15-29-00), [6](https://www.trustradius.com/reviews/aws-waf-2019-06-18-07-16-56))

### Cloud Security Solutions
Users generally praise AWS WAF's cloud security solutions capabilities, highlighting its effectiveness in securing web applications and servers deployed on the AWS Cloud platform. They appreciate features like encryption, Multi-Factor Authentication, and the ability to control allowable connections, which enhance the overall security posture of their cloud environments. Additionally, users find AWS WAF to be scalable, meeting performance requirements while effectively safeguarding against external attacks. The integration with other AWS services like CloudFront and API Gateway further enhances the platform's ability to address common threats and vulnerabilities, making it a valuable asset for organizations seeking robust cloud security solutions. (Source Reviews: [1](https://www.trustradius.com/reviews/aws-waf-2023-04-25-16-36-53), [2](https://www.trustradius.com/reviews/aws-waf-2021-08-14-13-26-45), [3](https://www.trustradius.com/reviews/aws-waf-2020-02-07-15-29-00), [4](https://www.trustradius.com/reviews/aws-waf-2020-11-22-21-43-56))

### OWASP Top 10 Vulnerabilities
Users generally appreciate AWS WAF's robust protection against OWASP top 10 vulnerabilities. Reviewers highlight the ease of creating custom rules to mitigate common threats like SQL injection and cross-site scripting. The ability to quickly deploy new rules and the option to establish centralized rules for multiple applications are seen as valuable features by users. Additionally, the cost-effectiveness of AWS WAF, where users only pay for the rules they use, is considered advantageous. Despite some limitations, such as the restriction on the number of rate-based rules per account, users find AWS WAF to be a reliable solution for addressing OWASP top 10 vulnerabilities in their applications. (Source Reviews: [1](https://www.trustradius.com/reviews/aws-waf-2020-11-22-21-43-56), [2](https://www.trustradius.com/reviews/aws-waf-2021-08-14-13-26-45), [3](https://www.trustradius.com/reviews/aws-waf-2020-02-07-15-29-00), [4](https://www.trustradius.com/reviews/aws-waf-2019-06-18-07-16-56))

### Security for Business Applications
Users consistently highlight AWS WAF's effectiveness in enhancing security for business applications, particularly in protecting against web attacks and providing visibility into web traffic. The customizable web security rules and developer-friendly API are praised for simplifying the process of creating and implementing firewall rules. Additionally, the scalability and ease of configuration make AWS WAF a preferred choice for mitigating vulnerabilities and ensuring a secure environment for critical e-commerce applications. (Source Reviews: [1](https://www.trustradius.com/reviews/aws-waf-2022-08-04-05-27-33), [2](https://www.trustradius.com/reviews/aws-waf-2023-04-25-16-36-53), [3](https://www.trustradius.com/reviews/aws-waf-2021-08-14-13-26-45), [4](https://www.trustradius.com/reviews/aws-waf-2020-11-22-21-43-56), [5](https://www.trustradius.com/reviews/aws-waf-2020-02-07-15-29-00))

Amazon Web Services offers AWS WAF (web application firewall) to protect web applications from malicious behavior that might impede the applications functioning and performance, with customizable rules to prevent known harmful behaviors and an API for creating and deploying web security rules.

Resource Type - Web ACL

Resource Type - Rule

Resource Type - Request

Cloudflare’s connectivity cloud is a unified platform of cloud-native services designed to help enterprises regain control over their IT environments. Powered by an intelligent, programmable global cloud network, it is built to offer security, performance, visibility, and reliability.

Free

Business

AWS WAF

Web Application Firewalls

Online Media

Likelihood to Recommend

Likelihood to Renew

Usability

Support Rating

Amazon strives to be Earth's most customer-centric company where people can find and discover virtually anything they want to buy online. By giving customers more of what they want - low prices, vast selection, and convenience - Amazon continues to grow and evolve as a world-class e-commerce platform.

Founded by Jeff Bezos, the Amazon.com website started in 1995 as a place to buy books because of the unique customer experience the Web could offer book lovers. Bezos believed that only the Internet could offer customers the convenience of browsing a selection of millions of book titles in a single sitting. During the first 30 days of business, Amazon fulfilled orders for customers in 50 states and 45 countries - all shipped from his Seattle-area garage.

Amazon's evolution from Web site to e-commerce partner to development platform is driven by the spirit of innovation that is part of the company's DNA. The world's brightest technology minds come to Amazon.com to research and develop technology that improves the lives of shoppers and sellers around the world.

AWS WAF 2024-12-22 22:41:24

Comodo Firewall

Azure Firewall

ThreatX

SAP ABAP Consultant

AWS WAF 2022-08-04 05:27:33

Check Point 4000 Appliances

Cisco 3504 WLAN Controller

Network Administrator

AWS WAF 2021-08-14 13:26:45

Head of Software & Services

AWS WAF 2020-11-22 21:43:56

Akamai API Gateway

AWS WAF 2023-04-25 16:36:53

TrustRadius is a technology and business research firm based in Austin, Texas. The company is known as a review platform for verified B2B technology and software reviews through a proprietary algorithm and human verification.

TrustRadius

Support team

Somewhat limited

Somewhat confusing

Somewhat complicated

False positives

Initial configuration

Take longer

Better price

Best option

Longer than expected

Web traffic

Custom rules

Sql code

Web security

Better visibility

Security rules

Aws services

Easy to monitor

Simple and fast

Layer 7

Home

We are using AWS WAF in front of all our CloudFront distributions and some API Gateways. We need AWS WAF to prevent DDOS attacks on our websites as it provides rules for rate limitation for requests, BOT control features, AWS Managed common rule set against dangerous IP addresses, and many more features. The introduction of AWS WAF in front of all our CloudFronts reduced many attacks and rate-limited bot requests to our websites. The WAF also provides features to send metrics to an OpenSearch distribution for all the requests based on certain criteria, allowing us to send custom alerts to Slack for imminent attacks and requests exceeding rate limitation. AWS WAF is certainly a state-of-the-art product introduced by AWS that easily integrates with most of the AWS products.

AWS WAF prevents DDOS attacks by providing a feature to rate limit the requests originating from a certain IP address. It has prevented a lot of attacks on our websites. It is quick in identifying heavy requests on our domains and alerting us for attacks.
AWS WAF has a BOT control feature that identifies certain BOTs attacking our frontend websites for crawling data. These BOTs just like ChatGPT try to steal our data and use it for Machine Learning purposes. AWS WAF has a ManagedRule to identify such bots that crawl the data or send bulk requests and stop the requests to reach our websites from these bots.
An amazing feature of AWS WAF is the precedence for the rules for blocking/allowing requests. We are using a lot of AWS managed rules and sometimes the requests from our backend or from our offices were being blocked because of AWS managed rules such as rate limitation when performing stress tests on our websites. AWS WAF allows adding custom rules before the managed rules which allow certain IP addresses to send unlimited traffic to our websites and do not block our day to day work.

AWS BOT protection is an amazing functionality but it is expensive. There are rooms for improvement in the BOT protection also to block Small Language Models. The SMLs are growing day by day and there should be some more restrictions added for these BOTs.
One feature where WAF can improve is the metrics shown on the AWS WAF console. Sometimes it is very hard to follow these metrics. There should be an easy UI for filtering BLOCK/ALLOW requests on the AWS WAF console so that it is easy to debug why certain requests were blocked.
The UI should not be the native cloudwatch but a separate UI can be developed that can have features to filter the requests based on the URI, path, host header, IP addresses, etc.
I know that this can be achieved from CloudWatch and OpenSearch, but I find using these 2 a bit expensive.
AWS WAF should expand the functionality to integrate with applications that are not hosted on AWS as well. Currently, there is no such functionality and to implement such functionality, we need to introduce an AWS managed resource infront of our current applications.

With the introduction of rate limitation using AWS WAF on our websites, we have filtered out a lot of requests that are originiating from the same IP address in a very small span of time. We identified that these are rival BOTs trying to crawl data from our websites. This reduced traffic on our websites by 20% but provided a positive impact because the rival organizations were not able to crawl data on our websites anymore.
We have forgotten to add one of our website behind AWS WAF. What we found later was a DDOS attack on our website again and again. When we realised our mistake, we added the AWS WAF and we never saw another DDOS attack on the same domain.
For a negative impact I can say that we are paying a lot of money for BOT protection and this disrupts the budget for DevOps team.

Preventing DDOS attacks
Rate Limiting Requests originating from same IP address
Preventing data crawling by LLMs

We added the AWS WAF infront of ALB that sends traffic to one of our website not hosted on AWS cloud

Infront of CloudFront
Infront of API Gateway

We have several web applications running on AWS build on Laravel so we inherently have a need to secure it. DDOS attacks are common among them. as we mounted an AWS WAF before our load-Balancer. since then we have never faced any issue regarding web application security. Highly recommend it if you run critical e-commerce applications.

DDOs attack prevention
Cost saving if you have multiple web applications.
One stop solution so no further efforts needed. almost everything can be handle with AWS WAF.

AWS WAF is a bit costly if used for single applications.
they should provide attack-wise protection, like if my certain type of application is vulnerable to DDOS then I should be able to buy WAF, especially for that attack.
CLI tool to test in offline mode if possible.

DDOS protection
Ability to mount in front of Load balancer
AWS Managed service means hassle free installation

Somewhat costly if specific needs are not there.
If security is concerned than comparatively is beneficial.
All those price that spent on AWS WAF in return gets saved in man hours.

Azure Firewall, Barracuda Web Application Firewall and ThreatX

Web applications are very vulnerable to attacks and deploying your applications from the cloud can expose them to even greater risk. To help secure their cloud web apps, administrators will use a Web Application Firewall. We deployed all the applications and servers on the AWS cloud, so we need more security. That is why we are using the AWS Web Application Firewall. WAF provides a lot of features that will secure your applications. We have been using cloud services for the last 3 years and most of the services are running on AWS. In our condition we need a lot of security.

Web traffic filtering
Bot Control
Real-time visibility
Easy to monitor web traffic
Prevent against any type of attack, like SQL code injection
Easy to create the rules
Easy to filter the packet as per your requirement

Less documentation available for help in configuration and maintenance
AWS should work on their technical support
High price

Protection against web attacks
Web traffic visibility
Easily monitor, block, or rate-limit bots
Security integrated

Very advanced features for protection against any type of attacks
Day-to-day updates for any type of cyber attacks

Check Point 4000 Appliances, Cisco 3504 WLAN Controller

AWS WAF is basically implemented to secure the web applications. I have a positive experience using the AWS Web Application Firewall (WAF). It has many features to protect our applications and solutions. The good thing about AWS WAF is it has the most friendly APIs for developers to create firewall rules for the web application. That makes our applications secure.

AWS WAF has the most developer-friendly API to create firewall rules.
AWS WAF provides OWASP security controls, which reduces developers' burden (i.e., SQL injection and cross-site scripting).
AWS WAF has customizable web security rules. The user can even push the rules through the API available, which is the great feature and helped me a lot.
It protects applications at layer 7 (HTTP) of the OSI model and not just layer 4 (TCP).

Need to enhance OWASP standards.
We are limited to five rate-based rules per AWS account.

It is a little expensive but helpful in many ways to secure applications.
Instant ability to update and change the WAF--easy to update and deploy changes and then review. Brilliant integration with other AWS services.
It is easy to deploy.

Edge Security Control from the outside. Used to allow legitimate secure connections to you web application servers. Encryption, Mutli Factor Authentication and allowable connections are key. One of the advantages is that it is a solution that is native to the AWS Cloud platform. It is a scaleable and can meet the performance requirements.

Need to provide improved dashboard metrics
Easy to navigate for troubleshooting purposes
Consolidated Reporting

Performance
Scalability
Protection
Availability

Performance has been relatively good
Need to implement more features
Quick and easy setup

AWS WAF

Overview

What is AWS WAF?