Try our new research platform with insights from 80,000+ expert users
AWS WAF Logo

AWS WAF Reviews

Vendor: Amazon Web Services (AWS)
4.0 out of 5
Badge Leader
Leave a review

What is AWS WAF?

AWS Web Application Firewall (WAF) is a firewall security system that monitors incoming and outgoing traffic for applications and websites based on your pre-defined web security rules. AWS WAF defends applications and websites from common Web attacks that could otherwise damage application performance and availability and compromise security.

Get the AWS WAF Buyer's Guide and find out what your peers are saying about AWS WAF, Prisma Cloud by Palo Alto Networks, Microsoft Azure Application Gateway and more!
AWS WAF is the #2 ranked solution in top Web Application Firewalls. PeerSpot users give AWS WAF an average rating of 8.0 out of 10. AWS WAF is most commonly compared to Prisma Cloud by Palo Alto Networks: AWS WAF vs Prisma Cloud by Palo Alto Networks. AWS WAF is popular among the large enterprise segment, accounting for 62% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 16% of all views.
Buyer's Guide
AWS WAF
August 2025
Get the report
Helped 866,218 peers since 2012

Featured AWS WAF reviews

Read more reviews

AWS WAF mindshare

As of August 2025, the mindshare of AWS WAF in the Web Application Firewall (WAF) category stands at 8.7%, down from 12.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Web Application Firewall (WAF) Market Share Distribution
ProductMarket Share (%)
AWS WAF8.7%
F5 Advanced WAF10.0%
Microsoft Azure Application Gateway7.9%
Other73.4%
Web Application Firewall (WAF)

PeerResearch reports based on AWS WAF reviews

TypeTitleDate
CategoryWeb Application Firewall (WAF)Aug 29, 2025Download
ProductReviews, tips, and advice from real usersAug 29, 2025Download
ComparisonAWS WAF vs F5 Advanced WAFAug 29, 2025Download
ComparisonAWS WAF vs Microsoft Azure Application GatewayAug 29, 2025Download
ComparisonAWS WAF vs Fortinet FortiWebAug 29, 2025Download
Suggested products
TitleRatingMindshareRecommending
Prisma Cloud by Palo Alto Networks4.21.9%98%111 interviewsAdd to research
Microsoft Azure Application Gateway3.77.9%79%48 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

AWS WAF users highlight aspects like efficient threat blocking, seamless AWS integration, and robust rule-based security features. Its flexibility allows customization for enhanced protection against web threats like SQL injections and DDoS attacks. The scalable architecture and ease of deployment are praised, making it an appealing choice for cloud-native applications. Users appreciate the cost-effectiveness and automation features, which enhance the protection of web applications and simplify security management.
  • "Some valuable features of AWS WAF include its seamless integration and ease of orchestration within the AWS platform."
  • "The cloud-native nature of AWS is crucial since most of our workload is in AWS, making AWS WAF native to Amazon Web Services."
  • "The cloud-native nature of AWS is crucial since most of our workload is in AWS, making AWS WAF native to Amazon Web Services."

Room for Improvement

AWS WAF users seek automation and improved UI for simpler management and global support. Security enhancements, advanced threat detection, and proactive measures are desired. Integration with third-party solutions, simplified billing, and enhanced bot protection are necessary. Users want real-time alerts and reduced pricing. The documentation needs clarity and updates to match new features, with better DDoS protection and explanation of block reasons. Users require more advanced rate limiting and standardized configuration guidelines.
  • "AWS WAF's signature sets have room for improvement due to false positives."
  • "The rate at which AWS updates their managed rule sets could be better. Features like bot protection or DDoS mitigation, available with other WAF vendors, do not come natively with AWS WAF."
  • "The dashboarding could be improved, and the default metrics provided by AWS WAF could be upgraded."

ROI

AWS WAF delivers a significant return on investment through enhanced security and cost savings for organizations. Users find it essential for security, despite it being potentially costly. Successful prevention of hacks signifies an immediate return on investment. As AWS WAF is part of the AWS ecosystem, it saves time and resources, boosting customer satisfaction, particularly for organizations focused on AWS services. Managers have not expressed concerns regarding its expenses.

Pricing

Enterprise buyers evaluating AWS WAF find its pricing as pay-as-you-go, with costs depending on usage. Many appreciate its affordability and flexibility, with monthly expenses ranging from $5 for basic use to potentially higher amounts with increased traffic. Some users rate pricing as moderate, while others find it expensive compared to alternative solutions. AWS WAF's pricing varies based on factors like the number of requests, server count, and organizational needs, often offering value within AWS ecosystems.
  • "For Kubernetes microservices, AWS is more expensive compared to OCI. AWS costs approximately 70 cents per hour, while OCI is 50% cheaper."
  • "On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven or eight out of ten."
  • "The solution is affordable."

Popular Use Cases

AWS WAF is primarily used for web application security, protecting backend services and preventing common cyberattacks like SQL Injection and DDoS. It offers perimeter protection, secures infrastructure, provides threat insights, and allows deployment across cloud platforms like AWS, Azure, and GCP. Organizations use it for traffic filtering, application-specific protection, virtual machine security, and creating custom security rules. It's often integrated with tools like CloudFront, S3, EBS, F5, and Azure WAF for comprehensive security.

Service and Support

AWS WAF customers express mixed experiences with support. Many find the team knowledgeable and responsive, particularly with enterprise agreements. However, some report slow response times and challenges in contacting support without additional fees. While some appreciate the technical expertise and resolution capabilities, others feel improvements in flexibility and speed are necessary. Users mention both prompt issue identification and delays due to a lack of product understanding among support personnel.

Deployment

AWS WAF's initial setup varies in complexity. Some find it straightforward and quick, requiring minimal effort and time, with deployment often completed in under an hour. Others experience a more complex setup due to unique environments or additional integrations, sometimes taking weeks or months. Experience levels vary, with some utilizing extensive AWS resources and automation tools. While many report ease on maintenance, complexities arise in large or multi-tenant environments, often involving additional teams for cloud, security, and deployment tasks.

Scalability

AWS WAF receives high marks for scalability, being described as highly scalable and easily managed within the cloud environment. It accommodates various business sizes, with automatic scaling handling traffic efficiently. Many users praise its performance, though some prefer additional feature integration. Generally rated eight to nine out of ten, AWS WAF handles significant user numbers, highlighting its efficiency for different infrastructures without common scaling challenges.

Stability

AWS WAF is considered to have strong stability by users, with many rating it highly. The platform is regarded as reliable, handling operations without bugs or glitches. It provides robust performance, even though some believe improvements can be made. Users appreciate its reliability, with multiple availability zones ensuring dependability. While a few mention minor issues with request handling, the majority experience a stable and secure environment, contributing to seamless functionality and minimal security concerns.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our AWS WAF Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business23
Midsize Enterprise10
Large Enterprise18
By reviewers
By visitors reading reviews
Company SizeCount
Small Business332
Midsize Enterprise172
Large Enterprise814
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
14%
Manufacturing Company
9%
Government
6%
Comms Service Provider
5%
Healthcare Company
5%
Insurance Company
4%
Retailer
4%
Real Estate/Law Firm
3%
Media Company
3%
University
3%
Educational Organization
3%
Hospitality Company
2%
Energy/Utilities Company
2%
Construction Company
2%
Performing Arts
2%
Legal Firm
2%
Non Profit
2%
Wholesaler/Distributor
2%
Pharma/Biotech Company
1%
Recreational Facilities/Services Company
1%
Transportation Company
1%
Consumer Goods Company
1%
Outsourcing Company
1%
Engineering Company
1%
Renewables & Environment Company
1%

Compare AWS WAF with alternative products

Go!

Learn more about AWS WAF

You can create rules in AWS WAF that can include blocking specific HTTP headers, IP addresses, and URI strings. These rules prevent common web exploits, such as SQL injection or cross-site scripting. Once defined, new rules are deployed within seconds, and can easily be tracked so you can monitor their effectiveness via real-time insights. These saved metrics include URIs, IP addresses, and geo locations for each request.

AWS WAF Features

Some of the solution's top features include:

  • Web traffic filtering: Get an extra layer of security by creating a centralized set of rules, easily deployable across multiple websites. These rules filter out web traffic based on conditions like HTTP headers, URIs, and IP addresses. This is very helpful for protection against exploits such as SQL injection and cross-site scripting as well as attacks from third-party applications.
  • Bot control: Malicious bot traffic can consume excessive resources and cause downtime. Gain visibility and control over bot traffic with a managed rule group. You can easily block harmful bots, such as scrapers and crawlers, and you can allow common bots, like search engines and status monitors.
  • Fraud prevention: Effectively defend your application against bot attacks by monitoring your application’s login page with a managed rule group that prevents hackers from accessing user accounts using compromised credentials. The managed rule group helps protect against credential stuffing attacks, brute-force login attempts, and other harmful login activities.
  • API for AWS WAF Management: Automatically create and maintain rules and integrate them into your development process.
  • Metrics for real-time visibility: Receive real-time metrics and captures of raw requests with details about geo-locations, IP addresses, URIs, user agents, and referrers. Integrate seamlessly with Amazon CloudWatch to set up custom alarms when events or attacks occur. These metrics provide valuable data intelligence that can be used to create new rules that significantly improve your application protections.
  • Firewall management: AWS Firewall Manager automatically scans and notifies the security team when there is a policy violation, so they can swiftly take action. When new resources are created, your security team can guarantee that they comply with your organization’s security rules.

Reviews from Real Users

AWS WAF stands out among its competitors for a number of reasons. Two major ones are its user-friendly interface and its integration capabilities.

Kavin K., a security analyst at M2P Fintech, writes, “I believe the most impressive features are integration and ease of use. The best part of AWS WAF is the cloud-native WAF integration. There aren't any hidden deployments or hidden infrastructure which we have to maintain to have AWS WAF. AWS maintains everything; all we have to do is click the button, and WAF will be activated. Any packet coming through the internet will be filtered through.”

AWS WAF was previously known as AWS Web Application Firewall.

AWS WAF customers

eVitamins, 9Splay, Senao International

Related questions

  • 134
What are the limitations of AWS WAF vs alternative WAFs?
  • 67
Can you share your experience on migration from Akamai Kona Site to Amazon CloudFront and AWS WAF?
  • 34
How does AWS WAF compare to Microsoft Azure Application Gateway?
  • 55
Which lesser known firewall product has the best chance at unseating the market leaders?
  • 54
Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
  • 78
What do you recommend for a securing Web Application?
  • 35
Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
  • 40
Imperva WAF vs. Barracuda: Which One is Better?
  • 168
F5 vs. Imperva WAF?
  • 221
When should companies use SSL Inspection?

Product Categories

Product Categories
Web Application Firewall (WAF)

Popular Comparisons

Popular Comparisons
Prisma Cloud by Palo Alto Networks vs AWS WAF Logo
Prisma Cloud by Palo Alto Networks vs AWS WAF
Microsoft Azure Application Gateway vs AWS WAF Logo
Microsoft Azure Application Gateway vs AWS WAF
Azure Front Door vs AWS WAF Logo
Azure Front Door vs AWS WAF
F5 Advanced WAF vs AWS WAF Logo
F5 Advanced WAF vs AWS WAF
Fortinet FortiWeb vs AWS WAF Logo
Fortinet FortiWeb vs AWS WAF
NetScaler vs AWS WAF Logo
NetScaler vs AWS WAF
Cloudflare Web Application Firewall vs AWS WAF Logo
Cloudflare Web Application Firewall vs AWS WAF
Imperva Web Application Firewall vs AWS WAF Logo
Imperva Web Application Firewall vs AWS WAF
Imperva DDoS vs AWS WAF Logo
Imperva DDoS vs AWS WAF
Akamai App and API Protector vs AWS WAF Logo
Akamai App and API Protector vs AWS WAF
Azure Web Application Firewall vs AWS WAF Logo
Azure Web Application Firewall vs AWS WAF
Radware Alteon vs AWS WAF Logo
Radware Alteon vs AWS WAF
Fastly vs AWS WAF Logo
Fastly vs AWS WAF
NGINX App Protect vs AWS WAF Logo
NGINX App Protect vs AWS WAF
Barracuda Web Application Firewall vs AWS WAF Logo
Barracuda Web Application Firewall vs AWS WAF
See all alternatives
 
AWS WAF Reviews Summary
Author infoRatingReview Summary
Security Engineer at a computer software company with 1,001-5,000 employees4.0We use AWS WAF on our websites as part of our data protection strategy due to its seamless integration and ease within the AWS platform. Despite improvements needed in signature sets and limited stateful capabilities, it effectively enhances security and saves resources.
Security Analyst at M2P Fintech3.5I use AWS WAF for its cloud-native functionality, ease of rule management, and better control within AWS infrastructure, though its dashboarding and metric functionalities need improvement. Previously, we switched from Imperva to AWS for cost optimization.
OCI/AWS Consultant at a government with 11-50 employees2.0I use AWS WAF to safeguard sensitive data by filtering HTTP traffic for web applications. While Oracle Cloud Infrastructure offered cost benefits, AWS was chosen for compliance. I appreciate its flexibility but see room for improvement in other AWS services.
Associate Vice President - Engineering at Fedo.ai4.5I use AWS WAF for monitoring incoming calls and enhancing security by filtering web app traffic. Its ability to prevent attacks like SQL injection is valuable, though documentation could be simpler. AWS enhances customer satisfaction and security.
AWS DevOps SRE/Infrastructure Engineer at YES!Delft4.0I manage infrastructure on AWS using services like KMS, EBS, and WAF version two. AWS WAF's automation in blocking security threats is valuable, though integrating with services like Kafka could be improved. While it can be costly, its security benefits are worth it.
Manager, Engineering at 7-Eleven4.5I use AWS WAF to protect our retail application from various attacks, including bot attacks and SQL injection. While it's effective, the pricing could be better, and it doesn't support adding multiple rules within its CPU.
IT Project Manager at Rajiv Gandhi Cancer Institute In India5.0I implemented AWS WAF to manage global web traffic and enhance security against hacking. While it effectively filters requests, the reporting needs improvement for easier management understanding. Despite AWS WAF's capabilities, I prefer Fortinet for its ease of use and deployment.
Director of Security Architecture at a healthcare company with 10,001+ employees3.0I use AWS WAF to protect web applications, appreciating its integration and ease of deployment within AWS. However, I'm seeking alternatives due to concerns about dependency on AWS and the need for improved usability and functionality in multi-cloud environments.