Using AWS WAF -- a native solution
Edge Security Control from the outside. Used to allow legitimate secure connections to you web application servers. Encryption, Mutli …
Starting at $0.60 per 1 million requests
View PricingOverview
What is AWS WAF?
Amazon Web Services offers AWS WAF (web application firewall) to protect web applications from malicious behavior that might impede the applications functioning and performance, with customizable rules to prevent known harmful behaviors and an API for creating and deploying web…
Recent Reviews
Pricing
Resource Type - Request
$0.60
Cloud
per 1 million requests
Resource Type - Rule
$1.00
Cloud
per month (prorated hourly)
Resource Type - Web ACL
$5.00
Cloud
per month (prorated hourly)
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Product Details
- About
- Tech Details
What is AWS WAF?
AWS WAF Technical Details
| Deployment Types | Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Unspecified |
| Mobile Application | No |
Comparisons
Compare with
Reviews and Ratings
(28)Attribute Ratings
Reviews
(1-5 of 5)Companies can't remove reviews or game the system. Here's why
August 27, 2021
My review on AWS Web Application Firewall
Score 10 out of 10
Vetted Review
Verified User
Web applications are very vulnerable to attacks and deploying your applications from the cloud can expose them to even greater risk. To help secure their cloud web apps, administrators will use a Web Application Firewall. We deployed all the applications and servers on the AWS cloud, so we need more security. That is why we are using the AWS Web Application Firewall. WAF provides a lot of features that will secure your applications. We have been using cloud services for the last 3 years and most of the services are running on AWS. In our condition we need a lot of security.
- Web traffic filtering
- Bot Control
- Real-time visibility
- Easy to monitor web traffic
- Prevent against any type of attack, like SQL code injection
- Easy to create the rules
- Easy to filter the packet as per your requirement
- Less documentation available for help in configuration and maintenance
- AWS should work on their technical support
- High price
- Protection against web attacks
- Web traffic visibility
- Easily monitor, block, or rate-limit bots
- Security integrated
- Very advanced features for protection against any type of attacks
- Day-to-day updates for any type of cyber attacks
We have never used any other web application firewall.
November 26, 2020
Best Security Tool for Your Web Applications
AWS WAF is basically implemented to secure the web applications. I have a positive experience using the AWS Web Application Firewall (WAF). It has many features to protect our applications and solutions. The good thing about AWS WAF is it has the most friendly APIs for developers to create firewall rules for the web application. That makes our applications secure.
- AWS WAF has the most developer-friendly API to create firewall rules.
- AWS WAF provides OWASP security controls, which reduces developers' burden (i.e., SQL injection and cross-site scripting).
- AWS WAF has customizable web security rules. The user can even push the rules through the API available, which is the great feature and helped me a lot.
- It protects applications at layer 7 (HTTP) of the OSI model and not just layer 4 (TCP).
- Need to enhance OWASP standards.
- We are limited to five rate-based rules per AWS account.
- It is a little expensive but helpful in many ways to secure applications.
- Instant ability to update and change the WAF--easy to update and deploy changes and then review. Brilliant integration with other AWS services.
- It is easy to deploy.
There are a number of reasons to select AWS WAF. Most importantly, it easy to deploy. It helps programmers to protect against a wide range of vulnerabilities like injection attacks, DDoS, and many others from OWASP top 10. It allows us to set up rules and blocks any threats based on the configured rules. Based on the pattern of attacks, it is always easy to add another rule.
AWS WAF is a really useful software when implemented at the departmental level. It allows the infrastructure of the applications that are being executed to be protected in a very simple way since the user can establish rules to stop the vulnerabilities that can cause a malfunction in such applications. This is why we have decided to implement it in the business applications development department to dismiss these vulnerabilities and thus be able to concentrate on the development of applications without that concern.
- It allows custom rules to be established to stop attacks that may harm business applications.
- Its cost is based only on what the user uses to establish rules that can protect applications from vulnerabilities.
- The rules can be established by the user or those that the system already brings with it being able to be centralized to reuse them for the rest of the applications, which saves time.
- The user can choose the traffic of their applications.
- The cost depends on the number of rules assigned.
- It deploys new rules fast and efficiently.
- The documentation offered is somewhat confusing, so it would be ideal if it were much more direct and precise.
- Your initial configuration may be confusing, so the best option is to use the rule templates provided by AWS.
- Its configuration is not unified with AWS, so it must be done separately and it takes some time.
- The number of rules to be established is somewhat limited.
- Implementing this AWS service has been really favorable because when creating custom rules we give more specific protection to our applications against vulnerabilities that cause them to be consuming other resources or running with errors.
- It allows us to control the traffic of our business applications, which is really favorable, given that in this way we can decide that you can access them and not.
- It is extremely advantageous that we can establish rules in a centralized way since it saves time, as well as it allows us to protect several applications at the same time by reusing the rules established above.
- It allows you to save time and money because we only pay for what is used.
Unlike these other AWS tools, WAF provides real-time traffic control, rules that can be customized according to the needs of the user, and is based on an implementation in the cloud which avoids the use of memory on computers as well as an account with a very affordable cost for any user or company.
February 13, 2019
A very efficient solution against web attacks
We use AWS WAF in the Application Development department since it is useful to provide protection against the most common web attacks such as the injection of SQL code and site scripts, as well as to prevent these applications from consuming more resources than they should actually consume. For this, we develop custom rules that allow us to block such attacks and at the same time improve the visibility of web traffic.
- Protect any application against the most common attacks.
- Provides better visibility of web traffic.
- It allows us to control the traffic in different ways in which it is enabled or blocked through the implementation of security rules developed personally according to our needs.
- It is able to block common attacks such as SQL code injection.
- It allows defining specific rules for applications, thus increasing web security as they are developed.
- It is necessary to have knowledge about the software because otherwise inappropriate rules will be created.
- Your configuration can be somewhat tedious.
- Your support team takes a long time to answer the user's questions.
- Its costs can be somewhat high, unlike other services since it is charged by the number of rules that are created.
- Our applications are less exposed to cyber attacks, which prevents them from getting out of control and consume much more resources than they should.
- Saved us money by preventing attacks.
- The traffic control is much more bearable.
- App development is safer.
The use of this software was decided on because it is much easier to manage since the rules that are implemented can be specific or centralized. We also like it because you only pay for what you used.
Imperva SecureSphere requires a much higher learning curve.
Imperva SecureSphere requires a much higher learning curve.
September 27, 2018
Best solution to protect your Web App from Cyber Attacks
We were using WAF to protect our web application from cyber attacks by filtering the requests access to our web app. We created various rules and access control lists for blocking all the unwanted threats like SQL injections.
- The deployment was pretty easy on the AWS platform
- The cost of using AWF WAF is pretty low as you only have to pay for the rules that you are assigning and also, you can chose the traffic that you need for your application
- The technical support is great, they are very good in understanding your problem and really helpful in providing the best solution
- There is nothing much to dislike about this product
- The overall security of the web application increased effectively after deploying AWS WAF
- No negative impacts were seen in the business
- The developers were more confident in the overall security model of the web application being developed and it was easy to integrate WAF into the existing system as the application was also using AWS platform
We evaluated Imperva, but we were more convinced with AWS WAF because of the better pricing model, ease of deployment as we were already using the AWS platform which helping in ease of integration. The technical support for AWS WAF seemed to be better as they had better understanding of the overall system and architecture of the product, which helped us in getting a problem solved that was encountered while using AWS WAF. The amount of documentation and helpful material available online for AWS WAF made it the first choice for us to select this product over Imperva.