Skip to main content
TrustRadius
AWS WAF

AWS WAF

Overview

What is AWS WAF?

Amazon Web Services offers AWS WAF (web application firewall) to protect web applications from malicious behavior that might impede the applications functioning and performance, with customizable rules to prevent known harmful behaviors and an API for creating and deploying web…

Read more
Recent Reviews
Read all reviews
Return to navigation

Pricing

View all pricing

Resource Type - Request

$0.60

Cloud
per 1 million requests

Resource Type - Rule

$1.00

Cloud
per month (prorated hourly)

Resource Type - Web ACL

$5.00

Cloud
per month (prorated hourly)

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services
Return to navigation

Product Details

What is AWS WAF?

AWS WAF Technical Details

Deployment TypesSoftware as a Service (SaaS), Cloud, or Web-Based
Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(28)

Attribute Ratings

Reviews

(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
September 12, 2022

Easiest implantation of Firewall out there

Zeel Pandya | TrustRadius Reviewer
Zeel Pandya
SAP ABAP Consultant
AeonX Digital Solutions (Computer Software, 51-200 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
We have several web applications running on AWS build on Laravel so we inherently have a need to secure it. DDOS attacks are common among them. as we mounted an AWS WAF before our load-Balancer. since then we have never faced any issue regarding web application security. Highly recommend it if you run critical e-commerce applications.
Pros and Cons
  • DDOs attack prevention
  • Cost saving if you have multiple web applications.
  • One stop solution so no further efforts needed. almost everything can be handle with AWS WAF.
  • AWS WAF is a bit costly if used for single applications.
  • they should provide attack-wise protection, like if my certain type of application is vulnerable to DDOS then I should be able to buy WAF, especially for that attack.
  • CLI tool to test in offline mode if possible.
Likelihood to Recommend
If your firm primarily focuses on web development, this should be a go-to solution. On top of that, if you're primarily working in the E-commerce sector, where frequent monetary transactions occur, you'll find your self needing that extra security because of increased risk of cyber attacks. Other than that, it should only be considered if client has good budget and is asking for extra security.
Most Important Features
  • DDOS protection
  • Ability to mount in front of Load balancer
  • AWS Managed service means hassle free installation
Return on Investment
  • Somewhat costly if specific needs are not there.
  • If security is concerned than comparatively is beneficial.
  • All those price that spent on AWS WAF in return gets saved in man hours.
Alternatives Considered
Comparatively, AWS WAF is far more prevalent in modern age web application as most of the High-Traffic E-commerce sites are moved on AWS. Due to this most developers are familiar with WAF, in addition its pretty easy comparatively as well. So other solutions may only come into the picture where some particular scenarios arise.
Other Software Used
June 19, 2019

Say goodbye to vulnerabilities in enterprise applications with AWS WAF!

maría jose gonzalez ortiz | TrustRadius Reviewer
maría jose gonzalez ortiz
Software Developer
KANA Software (Computer Software, 501-1000 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
AWS WAF is a really useful software when implemented at the departmental level. It allows the infrastructure of the applications that are being executed to be protected in a very simple way since the user can establish rules to stop the vulnerabilities that can cause a malfunction in such applications. This is why we have decided to implement it in the business applications development department to dismiss these vulnerabilities and thus be able to concentrate on the development of applications without that concern.
Pros and Cons
  • It allows custom rules to be established to stop attacks that may harm business applications.
  • Its cost is based only on what the user uses to establish rules that can protect applications from vulnerabilities.
  • The rules can be established by the user or those that the system already brings with it being able to be centralized to reuse them for the rest of the applications, which saves time.
  • The user can choose the traffic of their applications.
  • The cost depends on the number of rules assigned.
  • It deploys new rules fast and efficiently.
  • The documentation offered is somewhat confusing, so it would be ideal if it were much more direct and precise.
  • Your initial configuration may be confusing, so the best option is to use the rule templates provided by AWS.
  • Its configuration is not unified with AWS, so it must be done separately and it takes some time.
  • The number of rules to be established is somewhat limited.
Likelihood to Recommend
AWS is ideal for implementation in scenarios where business applications are consuming more resources than they should. When AWS WAF is used it prevents this from happening and in this way applications tend to run as they should. It is ideal to establish custom rules and centralize them to protect different applications without having to re-create the same rules which helps save time, as well as allowing the usual attack patterns to be blocked, such as cross-site scripts and SQL injection.
Return on Investment
  • Implementing this AWS service has been really favorable because when creating custom rules we give more specific protection to our applications against vulnerabilities that cause them to be consuming other resources or running with errors.
  • It allows us to control the traffic of our business applications, which is really favorable, given that in this way we can decide that you can access them and not.
  • It is extremely advantageous that we can establish rules in a centralized way since it saves time, as well as it allows us to protect several applications at the same time by reusing the rules established above.
  • It allows you to save time and money because we only pay for what is used.
Alternatives Considered
Unlike these other AWS tools, WAF provides real-time traffic control, rules that can be customized according to the needs of the user, and is based on an implementation in the cloud which avoids the use of memory on computers as well as an account with a very affordable cost for any user or company.
Other Software Used
February 13, 2019

A very efficient solution against web attacks

Hanna Bedoya | TrustRadius Reviewer
Hanna Bedoya
Software Developer
iModules (Computer Software, 51-200 employees)
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
We use AWS WAF in the Application Development department since it is useful to provide protection against the most common web attacks such as the injection of SQL code and site scripts, as well as to prevent these applications from consuming more resources than they should actually consume. For this, we develop custom rules that allow us to block such attacks and at the same time improve the visibility of web traffic.
Pros and Cons
  • Protect any application against the most common attacks.
  • Provides better visibility of web traffic.
  • It allows us to control the traffic in different ways in which it is enabled or blocked through the implementation of security rules developed personally according to our needs.
  • It is able to block common attacks such as SQL code injection.
  • It allows defining specific rules for applications, thus increasing web security as they are developed.
  • It is necessary to have knowledge about the software because otherwise inappropriate rules will be created.
  • Your configuration can be somewhat tedious.
  • Your support team takes a long time to answer the user's questions.
  • Its costs can be somewhat high, unlike other services since it is charged by the number of rules that are created.
Likelihood to Recommend
AWS WAF is highly appropriate to interrupt or prevent cyber attacks because when implementing rules, whether they are specific or centralized, so any application that has these vulnerabilities is protected.

Implementing managed rules creates greater security to protect both API and applications.

If implemented along with other AWS tools, the security is much better, so if you want to protect applications against more specific attacks, it is ideal to integrate with Amazon CloudFront, which is a great benefit because it warns when thresholds are exceeded or specific attacks occur.

AWS WAF is ideal to avoid common web attacks. For more specific attacks and scenarios, I don't recommend this.
Return on Investment
  • Our applications are less exposed to cyber attacks, which prevents them from getting out of control and consume much more resources than they should.
  • Saved us money by preventing attacks.
  • The traffic control is much more bearable.
  • App development is safer.
Alternatives Considered
The use of this software was decided on because it is much easier to manage since the rules that are implemented can be specific or centralized. We also like it because you only pay for what you used.

Imperva SecureSphere requires a much higher learning curve.
Other Software Used
Trello, Bitbucket, Lookout
Return to navigation