Try our new research platform with insights from 80,000+ expert users

Imperva Web Application Firewall vs NGINX App Protect comparison

Imperva and F5 are both solutions in the Web Application Firewall (WAF) category. Imperva is ranked #7 with an average rating of 8.8, while F5 is ranked #16 with an average rating of 8.4. Imperva holds a 5.6% mindshare in WAF, compared to F5’s 1.8% mindshare. Additionally, 97% of Imperva users are willing to recommend the solution, compared to 95% of F5 users who would recommend it.
Imperva Web Application Fir...
Read 52 Imperva Web Application Firewall reviews
  • 4,495 Views
  • 2,154 Comparison Views
97% willing to recommend
NGINX App Protect
Read 24 NGINX App Protect reviews
  • 1,661 Views
  • 786 Comparison Views
95% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Jan 1, 2025

Imperva Web Application Firewall and NGINX App Protect are competitors in the web application security market. Imperva holds an edge with its advanced features and ease of deployment, while NGINX is favored for its flexibility and open-source nature.

Features: Imperva Web Application Firewall includes advanced attack validation, threat radar, and virtual patching, which enhance day-to-day operations. Its profiling capabilities reduce false positives by tailoring to specific web applications. Additionally, its scalable security offers seamless integration. NGINX App Protect provides flexibility with command-line control, auto-learning, bot protection, and force protection for HTTP session management. Its reverse proxy capability and open-source nature make it appealing to environments requiring robust traffic management.

Room for Improvement: Imperva needs to simplify policy management and improve the user interface. Users find policy differentiation challenging, and there's a need for better bot protection and support documentation. NGINX App Protect requires a user-friendly interface and support improvements. Users also find its license model complex and expensive, with a need for better signature updates and policy automation.

Ease of Deployment and Customer Service: Imperva offers diverse deployment models, including on-premises, public cloud, and hybrid cloud, with generally positive customer support. However, users suggest enhanced response time and technical expertise. NGINX App Protect also offers varied deployment options but faces criticism for high complexity in diverse infrastructures. Its technical support is considered less responsive, complicating deployments.

Pricing and ROI: Imperva is considered expensive but delivers high ROI, particularly in critical sectors. Users cite licensing complexity and costs as barriers but view it as a valuable investment. NGINX App Protect is also seen as costly, with prices comparable to leading solutions. Its instance-based approach offers some flexibility, though overall costs can increase rapidly. It is often considered a cheaper alternative to advanced WAFs, providing essential security features.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Imperva Web Application Firewall vs. NGINX App Protect Report (Updated: June 2025).
Buyer's Guide
Imperva Web Application Firewall vs. NGINX App Protect
June 2025
Download the complete report
Helped 860,592 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Imperva Web Application Fir...
Ranking in Web Application Firewall (WAF)
7th
Average Rating
8.6
Reviews Sentiment
7.1
Number of Reviews
52
Ranking in other categories
No ranking in other categories
NGINX App Protect
Ranking in Web Application Firewall (WAF)
16th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
24
Ranking in other categories
Container Security (22nd), API Security (3rd)
 

Mindshare comparison

As of July 2025, in the Web Application Firewall (WAF) category, the mindshare of Imperva Web Application Firewall is 5.6%, down from 6.6% compared to the previous year. The mindshare of NGINX App Protect is 1.8%, down from 2.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Web Application Firewall (WAF)
 

Featured Reviews

Mitesh D Patel - PeerSpot reviewer
Effectively defends against threats like cross-site scripting (XSS), SQL injection, and others
It does bring value. For example, consider a BFSI customer. Their application is critical and represents their brand. Without a WAF, an attack could take their application down, harming their reputation. It leads to hampering the customer's workflow. With an Imperva WAF, they protect against attacks like DDoS or SQL injection, ensuring their application remains available and customers are happy. That's the main benefit for both the customer and the organization. The impact depends on the customer's use case. If their business primarily operates online, a CDN is beneficial for traffic optimization. Moreover, the integration options depend on the specific use case of our customers. Generally, integration capabilities are good with SIEM (Security Information and Event Management) parts.
Read full review
Tomaz Sobczak - PeerSpot reviewer
Signature-based detection, DOS protection, and bot protection
NGINX App Protect is easier to automate and configure, or manage from an API. This is good for securing applications. However, it's not suitable for more complex tasks. NGINX App Protect positively impacted performance changes. There's a cache or it works like a proxy, so it can speed up applications. It can also offload some functions from servers, which NGINX can handle faster.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most important feature I have found to be the ease in how to do the backup and restores."
"The solution is stable."
"Very scalable and very stable firewall for web applications, with a good interface in its cloud version. Mitigation is its most valuable feature. The technical support for this product is also good."
"We can prevent attacks or issues even before they happen."
"The solution is cloud-based and offers us good uptime. It has combined web and API security. Therefore, with one license, you access both application security and also API security."
"Imperva WAF's strongest features are the detection of web application threats and vulnerabilities in the source code."
"The most valuable features of the Imperva Web Application Firewall are DDoS, malware, and the other malicious threat prevention it provides. Additionally, third-party integration is available. You can forward the log for further analysis."
"One good thing about Imperva Web Application Firewall is it can be on the cloud and also it can be on-premise."
More Imperva Web Application Firewall pros
"It is a very good tool for load balancing."
"The most valuable feature is that I can establish different services from the firewall."
"The most valuable feature of NGINX App Protect is the reverse proxy."
"NGINX App Protect's best features are auto-learning, which creates a profile of applications that are deployed, bot protection, and force protection, which lets you configure your brute force policy and alert for and prevent brute force attacks."
"It's very easy to deploy."
"The stability of the product is very impressive since it handles 60,000 to 70,000 requests or transactions per second."
"There's a cache, or it works like a proxy, so it can speed up applications."
"The tool is not complex and is very user-friendly."
More NGINX App Protect pros
 

Cons

"It would be useful if the solution used more intelligence in attack protection. For example, firewalls are to be dependent on the configuration, but if they could have some data science around it the solution would be even better. The profiling of the traffic, and making decisions surrounding that should be intelligence-based, instead of being based on the configuration of the firewall itself."
"I'd like the option to pick your bot protection."
"The support for the on-premises version needs improvement."
"They can provide an option to create reports, automatically import the entire report, and create rules again. In a real-life crisis, it would be helpful to be able to import a report and generate security rules from that report. I should be able to create a simple query and import the reports automatically. It can maybe also tell us the format of the report."
"I would like the solution to improve its support response time."
"Imperva Web Application Firewall can improve by adding more features to the dashboard. increasing the visibility of the real-time events, besides configuring the administration itself."
"I don't really use it and therefore can't speak to areas of improvement."
"It should be more user-friendly. Like other web solutions, it would be helpful to be able to easily do policy configuration and identification inside the application. Understanding the in-depth configuration of a policy is somewhat difficult for an engineer, and they can improve that."
More Imperva Web Application Firewall cons
"The product's user interface is an area with shortcomings as it can be quite confusing for users, making it an area where improvements are required."
"It doesn't have more advanced features like no false-positive security, which you can configure in Advanced WAF."
"The configuration needs to be more flexible because it is difficult to do things that are outside of the ordinary."
"The dashboard could provide a more comprehensive view of the status of the connections."
"The product's price is high, making it an area of concern where improvements are required. The tool's licensing model is also not good."
"The price of NGINX App Protect could improve."
"NGINX App Protect could improve security."
"The setup of NGINX App Protect is complex. The full process took one week to complete. Additionally, we had to change the network infrastructure platform which took one month."
More NGINX App Protect cons
 

Pricing and Cost Advice

"We sell three-year licenses for Imperva Web Application Firewall to our customers. The price is a little expensive."
"Imperva’s pricing is a bit higher in the market since it offers a full-blown WAF."
"The cost of this solution depends on the platform."
"The price of Imperva Web Application Firewalls is expensive compared to others."
"It's an excellent product, but it can be very costly."
"Everybody complains about the price of this solution."
"There are a couple of different licensing models."
"It is a very affordable solution."
More Imperva Web Application Firewall pricing and cost advice
"The product's price is high."
"Really understand the licensing model, because we underestimated that."
"The solution's price is reasonable."
"NGINX is not expensive."
"The price of NGINX App Protect is approximately $3,000 annually. All of our licenses are observed by a managed service partner."
"There are not any additional costs we had to pay to use NGINX App Protect."
"There are no additional fees."
"The licensing fees for this solution are pretty expensive for what it does, but there is no alternative."
More NGINX App Protect pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs.
See recommendations
860,592 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Computer Software Company
12%
Insurance Company
8%
Manufacturing Company
6%
Computer Software Company
17%
Financial Services Firm
14%
Comms Service Provider
9%
Retailer
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
My recommendation is Imperva.
See all answers
Is Citrix ADC (formerly Netscaler) the best ADC to use and if not why?
For ADC, any ADC can do a good job. But in case if you want to add WAF functionality to the same ADC hardware you have to look for other ADC's like F5, Imperva, Radware, Fortinet, etc.
See all answers
DDoS solutions: Any other solutions to consider aside from Radware DDoS Protection Service and F5 Silverline DDoS Protection?
You can have a look to Imperva Cloud WAF, the anti-DDoS mitigation is under 1s and works very well. I observed a lot of DDoS attacks that were well managed (even not seen by the customer) by Imperv...
See all answers
What do you like most about NGINX App Protect?
It's very easy to deploy.
See all answers
What is your experience regarding pricing and costs for NGINX App Protect?
I don't know the pricing yet because in my other project, I was not part of the buying side and I was just starting to look at options.
See all answers
What needs improvement with NGINX App Protect?
It would be better if it were easier to implement and if there was more information from F5 regarding hardware requirements and specifications to deploy the service, to avoid disruptions after impl...
See all answers
 

Comparisons

Microsoft Azure Application Gateway vs Imperva Web Application Firewall Logo
Microsoft Azure Application Gateway vs Imperva Web Application Firewall
Compared 15% of the time
F5 Advanced WAF vs Imperva Web Application Firewall Logo
F5 Advanced WAF vs Imperva Web Application Firewall
Compared 12% of the time
Azure Front Door vs Imperva Web Application Firewall Logo
Azure Front Door vs Imperva Web Application Firewall
Compared 9% of the time
AWS WAF vs Imperva Web Application Firewall Logo
AWS WAF vs Imperva Web Application Firewall
Compared 8% of the time
Fortinet FortiWeb vs Imperva Web Application Firewall Logo
Fortinet FortiWeb vs Imperva Web Application Firewall
Compared 6% of the time
More Imperva Web Application Firewall Competitors
Azure Front Door vs NGINX App Protect Logo
Azure Front Door vs NGINX App Protect
Compared 19% of the time
Microsoft Azure Application Gateway vs NGINX App Protect Logo
Microsoft Azure Application Gateway vs NGINX App Protect
Compared 18% of the time
Fortinet FortiWeb vs NGINX App Protect Logo
Fortinet FortiWeb vs NGINX App Protect
Compared 12% of the time
F5 Advanced WAF vs NGINX App Protect Logo
F5 Advanced WAF vs NGINX App Protect
Compared 8% of the time
The Fastly Next-Gen WAF (powered by Signal Sciences) vs NGINX App Protect Logo
The Fastly Next-Gen WAF (powered by Signal Sciences) vs NGINX App Protect
Compared 3% of the time
More NGINX App Protect Competitors
 

Product Reports

Buyer's Guide
Imperva Web Application Firewall
June 2025
Imperva Web Application Firewall reportDownload Imperva Web Application Firewall product report
Buyer's Guide
NGINX App Protect
June 2025
NGINX App Protect reportDownload NGINX App Protect product report
 

Also Known As

No data available
NGINX WAF, NGINX Web Application Firewall
 

Overview

Imperva Web Application Firewall is a versatile solution that protects web applications and databases from various attacks, including DDoS, cross-site scripting, and SQL injection attacks. It offers data security, availability, and access control and can be deployed on-premises or on the cloud. 

The solution has good security against web attacks and offers advanced bot protection, API security, and mitigation features. Imperva WAF is easy to configure and deploy; it has good customer service and an excellent user interface.

Imperva

NGINX App Protect application security solution combines the efficacy of advanced F5 web application firewall (WAF) technology with the agility and performance of NGINX Plus. The solution runs natively on NGINX Plus and addresses some of the most difficult challenges facing modern DevOps environments:

  • Integrating security controls directly into the development automation pipeline
  • Applying and managing security for modern and distributed application environments such as containers and microservices
  • Providing the right level of security controls without impacting release and go-to-market velocity
  • Complying with security and regulatory requirements

NGINX App Protect offers:

  • Expanded security beyond basic signatures to ensure adequate controls
  • F5 app‑security technology for efficacy superior to ModSecurity and other WAFs
  • Confidently run in “blocking” mode in production with proven F5 expertise
  • High‑confidence signatures for extremely low false positives
  • Increases visibility, integrating with third‑party analytics solutions
  • Integrates security and WAF natively into the CI/CD pipeline
  • Deploys as a lightweight software package that is agnostic of underlying infrastructure
  • Facilitates declarative policies for “security as code” and integration with DevOps tools
  • Decreases developer burden and provides feedback loop for quick security remediation
  • Accelerates time to market and reduces costs with DevSecOps‑automated security
F5
 

Sample Customers

BlueCross BlueShield, eHarmony, EMF Broadcasting, GE Healthcare, Metro Bank, The Motley Fool, Siemens
Information Not Available
Buyer's Guide
Imperva Web Application Firewall vs. NGINX App Protect
June 2025
Free Report: Imperva Web Application Firewall vs. NGINX App Protect
Find out what your peers are saying about Imperva Web Application Firewall vs. NGINX App Protect and other solutions. Updated: June 2025.
DOWNLOAD NOW
860,592 professionals have used our research since 2012.
See our Imperva Web Application Firewall vs. NGINX App Protect report.
See our list of best Web Application Firewall (WAF) vendors.

We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.