AWS WAF Reviews

We are an AWS service provider and we use the solution for the cloud and to provide service to other users.

The stability of AWS WAF is valuable.

The cost management has room for improvement.

I have been using the solution for eight years.

I give the stability a ten out of ten.

I give the scalability a nine out of ten.

The technical support is helpful.

The price is average.

I give the solution a ten out of ten.

The solution is a public cloud platform and we have millions of users.

We use this solution to protect our web applications against common vulnerabilities. The CDN component is also quite powerful. We use this solution alongside Azure WAF.

The simple configuration and the scalability have been most valuable. We are able to scale across all of our different AWS instances.

This solution could be improved if the configuration steps were more specific to WAF, compared to other cloud services. 

I have been using this solution for two years. 

This is a stable solution. We rely on AWS's other cloud services and we've never experienced any stability issues. 

This is a scalable solution. 

Our support experience has been quite good. 

Neutral

The main reason we switched from using CloudFlare to AWS is to have a native offering because all of our cloud solutions are on AWS. This made it simpler compared to using a third party and easier to reroute traffic.

It depends on your AWS configuration, but what we've experienced is that the rule policy configuration is really straightforward. It took a couple of weeks. 

We had in-house expertise.

We have a medium amount of traffic per month and the cost is in the hundreds rather than in the thousands. I don't know the exact number.

I would advise others to ensure they understand what can be done internally and then what you need expertise for externally. If you have the expertise internally, it can be easily configured. Keep the SIEM configuration as simple as possible, rather than trying to modify and configure too many things.

I would rate this solution an eight out of ten. 

We use this product for our web application firewall. It is used for production services.

I am not a direct customer but I have installed it for one of my clients.

The most valuable feature is that it is integrated with other AWS services.

I would like to see it more tightly integrated with other AWS services.

I have been working intermittently with AWS WAF over the past two years.

AWS WAF is extremely scalable.

At this point, we don't have any plans to increase our usage of it.

Prior to AWS WAF, I was using a Cisco web application firewall. However, when I started using AWS, I switched.

This is not a product that you need to install. You just use it.

The only people that need to work with it are those who configure it.

You need an additional AWS subscription for this product if you are buying a managed tool.

Overall, this is a good product and I recommend it. My advice for anybody who is just getting started with it is to follow the instructions.

I would rate this solution an eight out of ten.

We use AWS WAF to prevent cyberattacks, such as SQL Injection attacks and cross-site scripting attacks. The end users' traffic has more threats and the web application gives good support.

The most valuable features of AWS WAF are its cloud-native and on-demand.

Any customer can leverage AWS WAF immediately, it has a basic set of rules that are available.

The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure.

I have been using AWS WAF for approximately four years.

This is a very stable solution.

AWS WAF is scalable.

We have approximately five customers using this solution.

The technical support is very good. They are responsive and knowledgeable, they have always come back with a resolution or a workaround to help us.

The initial setup took approximately 15 mins, it is easy.

We have a team that does the support for the solution.

AWS WAF is pay-as-you-go, I only pay for what I'm using. There is no subscription or any payment upfront, I can terminate use at any time. Which is an advantage.

The first version of AWS WAF was not mature but the second version is very mature.

I would recommend this solution to others because instead of choosing a third-party solution which will take time, and you will have to be in negotiations. It is good to start with AWS WAF for their minimal primary security firewall to save their workload. AWS WAF is available on-demand from day one.

I rate AWS WAF a seven out of ten.

I primarily use the solution as a gateway service and a transaction portal. 

We haven't had any issues with the solution so far.

The pricing of the product is very good. They make it very reasonable and it's very easy to afford.

Their technical support has been quite good.

The performance is excellent. It's reliable.

We've found the solution to be quite stable.

We haven't faced any problems with the solution. I can't speak to any missing features. Every aspect of it has been quite good.

I've been using the solution for a while.

The stability has been very good. We've enjoyed a very reliable performance. There are no bugs or glitches. It doesn't crash or freeze. It's been good.

Technical support has been quite good. We've found them helpful and responsive. We are quite satisfied with the level of support that is provided to us.

The solution is very reasonably priced. 

I'm just a customer and an end-user. I don't have a business relationship or partnership with AWS.

I have pretty good experience in AWS. I have a certificate in AWS.

I'd rate the solution at a ten out of ten. We've been extremely satisfied with the solution.

We use this solution for online web applications.

The most valuable features are the geo-restriction denials and the web ACL.

I enjoy using it because it is very easy.

Also, it's quite efficient.

The service itself is fine. On the UI side, I would like it if they could bring back the conditions view which had geo match, IP sets and etc. When using WAF classic you could see this option on the left side of the console. Currently IP sets and regex strings is there but geo match does not seem to be included, not sure if geo matching is still supported.

I have been using AWS WAF for almost three years.

We are using the newest version of AWS WAF, which is Version 2.

It's a stable solution. I have not experienced any issues.

There are approximately 1,000 people who are using this solution on a daily basis.

It is easy to scale. Just ensure that you cover the relevant resources within it. You can cover multiple resources such as CDN or use them in your AOD.

It's quite scalable.

I have not contacted technical support.

I have always used AWS. It's been the focus for the last three years.

The initial setup was simple.

It took less than an hour to deploy.

The implementation was completed internally.

It's quite affordable. It's in the middle.

Everything is included with the usage that you take up when you implement the service.

The product does not require any maintenance. You need to ensure how you consider your rules. You have to make sure that all of your considerations for your protection are done really well. Do regular updates to improve on the different threats and intrusion.

I would recommend the product because it is very flexible and you are able to use it with multiple services within AWS.

I would rate AWS WAF a solid ten out of ten.

The regular use case is basically for blocking or giving access to different vendors to different domains. We also use it for managing and identifying the attacks and new rules that we should implement for our public domains to tune up the application firewall or tool, whatever makes more sense for us.

We're using it through the web console and API. We're just using the managed service.

Our organization is launching a lot of betas. We are creating a lot of new different systems for different customers. AWS WAF helps us a lot to make sure that the right customer gets the right access to the system.

The access instruction feature is the most valuable. This is what we use the most.

It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful.

It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one.

Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right.

I have been using AWS WAF for about six months.

Stability-wise, it works as expected.

I definitely see places where it can be more designed to scale. In addition to amazon resources, there is some stuff from other vendors that we wanted to protect. WAF was not a solution for us because we don't have a way to integrate with those things. That was the biggest challenge that we faced. In terms of the number of users, our end users could be in the thousands.

It is okay.

It was okay. We went for the cloud formation, and our deployments happen probably every week.

Everything is managed through cloud formation. After implementation, three or four hours a week are required for maintenance.

We are kind of doing a POC comparison to see what works best. Pricing-wise, AWS is one of the most attractive ones. It is fairly cheap, and we like the pricing part. We're trying to see what makes more sense operation-wise, license-wise, and pricing-wise.

I won't recommend it at the moment because I don't have a full picture to recommend it or say that it is bad or good. I'll probably just keep testing and go with it for probably another six months or a year, and then I can probably recommend it or not. 

Other vendors are also providing solutions for D-DOS protection and WAF. It would be nice to see something outside the box for AWS WAF to make it compete with other vendors.

I would rate AWS WAF a seven out of ten. It does what it is supposed to do, probably not in the best way and not in the best UI, but it works. We like the pricing part, but management is the thing that we don't love the most. If things keep improving, we're definitely going to scale with AWS WAF.

My whole business is cloud cost management. What I do is help people manage expenses. That encompasses everything from cleaning up software as a service subscriptions to optimizing AWS. My use cases for AWS WAF have to do with cloud research only.  

The best part about it is that it is a cloud solution.  

The complexity of deploying turnkey solutions could be simplified.  

They actually have too many different things that you can tinker with and too many different ways to do the same thing. It may be helpful if the product were to be more directed and if it used best practices with technical and non-technical users in mind.  

We have been using WAF (Web Application Firewall) for six months.  

WAF is very stable.  

I believe WAF is very scalable.  

We have only two staff in our organization who are using AWS WAF.  

Technical support is more-or-less fair. That is where most technical support falls these days.  

The initial setup is really sorta complex. That is something which could probably be made easier.  

The licensing costs are variable. For me, it is under a hundred dollars a month.  

The range of your costs with Amazon Web Services is going to be different depending on a lot of factors. It can go as low as actually being free all the way up to millions of dollars. It depends on the organization and how the service is used.  

On a scale of one to ten where one is the worst and ten is the best, I would rate this product as a seven-out-of-ten. A change in the pricing structure that favors the client and simplification is something they would have to do to improve to make that score closer to a ten.