AWS WAF

4.1
(34)

AWS WAF is a web application firewall that helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.

Work for AWS WAF?

Learning about AWS WAF?

We can help you find the solution that fits you best.

AWS WAF Reviews

Chat with a G2 Advisor
Write a Review
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • Industry
Ratings
Company Size
User Role
Industry
Showing 34 AWS WAF reviews
LinkedIn Connections
Hanna B.
Validated Reviewer
Verified Current User
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"A goodbye to the vulnerabilities that affect our business applications."

What do you like best?

AWS WAF is a very versatile and useful tool when it comes to protecting the infrastructures of our applications and this is because it allows users to establish rules according to their needs and vulnerabilities that they wish to stop, their costs are applied according to the number of rules that are established and the severity of them, that is why I consider it a great solution to protect any environment of web applications at the enterprise level.

What do you dislike?

You must know how to manage, because if you do not do it, you can generate a very excessive and unnecessary amount of expenses.

Recommendations to others considering the product:

WAF is ideal for mitigating the most common web attacks, which is why I recommend it because it is very versatile and easy to use.

What problems are you solving with the product? What benefits have you realized?

We use WAF to provide protection to our applications through different specific or centralized rules, which allows us to be free or to support the same ones of very common attacks like SQL injection and the best thing is that the managed rules are updated by the team of AWS which is a great advantage because we can focus on improving our applications and leaving this tool in the hands of its security and therefore better impossible because we only pay for what is used.

Sign in to G2 to see what your connections have to say about AWS WAF
Catherine A.
Validated Reviewer
Verified Current User
Review Source
content

"AWS WAF The best solution to stop attacks on our web applications."

What do you like best?

I like AWS WAF because it is simply a powerful protector against web attacks, for it allows developers or users to establish personalized security rules with which you can control the traffic of all applications, as well as attacks on these, since today one of the worst enemies are such attacks that tend to damage the infrastructure of the applications that is why WAF is ideal to avoid this and the best thing is that although it offers many advantages does not mean that its costs are very high, because we only have to pay only for what we use.

What do you dislike?

Establishing rules tends to be somewhat limited because the more rules are established the more costs will rise, however it is worth it because it is really useful for the protection of web applications.

Recommendations to others considering the product:

Great AWS service ideal to protect as many websites as corporate web applications, since there is no doubt that every day we are exposed to infinite vulnerabilities that is why I recommend using this firewall.

What problems are you solving with the product? What benefits have you realized?

We use AWS WAF to help us protect our web applications from the most common attacks that exist today, for that we created a list that indicates that it can be a threat and that it is not so that we take control of this form. that must be blocked, what resources should be restricted and in the event that these rules do not work we have associated this service with Amazon CloudFront so that we may be informed of more specific attacks and thus be able to relieve the old rules by others.

What Web Application Firewall (WAF) solution do you use?

Thanks for letting us know!
Mairina V.
Validated Reviewer
Verified Current User
Review Source
content

"Excellent solution to secure your web applications!"

What do you like best?

It is a great solution that allows protecting the environment of web applications of different types of attacks such as xss scripting, injection sql and the entire vulnerability map defined in the owasp project (Open Web Application Security Project).

With this solution you can define a set of rules that allow you to filter web traffic in order to mitigate the exposure gap when exploiting vulnerabilities in web applications.

What do you dislike?

In this case, I do not have articles that I do not like about this solution, the embargo to be able to configure the rules is important to have knowledge about the vulnerabilities that extend the web applications in order to determine which is the package of rules that adapts, of otherwise, false positives would be generated once the service is enabled.

Recommendations to others considering the product:

It is very useful to protect the entire web environment of companies and even more so in the face of the constant impact of web applications due to different vulnerabilities to which they are exposed.

I recommend it 100%

What problems are you solving with the product? What benefits have you realized?

I currently use waf to protect my entire web environment, host servers up to the web services that run on them, we have closed the exposure gap to known attacks, and we can then analyze the results of the attack attempt. Additionally, it is very useful to include with this solution the mitigation of distributed denial of service DDoS attacks in the application environment.

Minesh S.
Validated Reviewer
Verified Current User
Review Source
content

"must required service for web application running on AWS !!"

What do you like best?

i have been working with WAF for 1 year , it protects web sites from Application and server OS vulnerabilities securely , it protects from uploading malicious content it also protects from sophisticated and targeted attacks , based on my own experience it becomes the most useful service while growing the web infrastructure because as you grow your infrastructure your website becomes more venerable for cyber attacks , it basically filters all the request coming towards web server and protects it from cyber attacks!!

What do you dislike?

it's pricing are very higher than other services , quality of support provided is not so good other than this there is nothing to dislike about AWS WAF!!

Recommendations to others considering the product:

AWS WAF(Web Application Firewall) is the most reliable and useful service while deploying your Web Aplication on AWS platform , but i would say it's really a costly service comparatively !!

What problems are you solving with the product? What benefits have you realized?

we use AWS WAF for protecting our web applications from cyber attacks !!!

Niniveth Jose M.
Validated Reviewer
Verified Current User
Review Source
content

"AWS WAF : Protection of web applications. "

What do you like best?

I like this firewall because it allows me to protect my web applications for a very low cost ie I pay for the rules I assign, with AWS WAF I can choose the traffic that I want for my applications, I can choose my own rules so that I block attacks like injection SQL etc and all this I can do it very easily since I can use my rules centrally and reuse them in all the web applications that I need to protect.

What do you dislike?

From my point of view I do not find something that I do not like about this firewall, I consider it very complete and accessible.

Recommendations to others considering the product:

It is very profitable and the best they can do is include their own rules and the more rules they include the better.

What problems are you solving with the product? What benefits have you realized?

It allows me to protect my web pages and I can implement AWS WAF in Amazon CloudFront which is a great benefit because it warns me when the thresholds are exceeded or particular attacks occur and in this way ì implement new rules if necessary.

ryan s.
Validated Reviewer
Review Source
content

"Quick, repeatable, and cheap WAF"

What do you like best?

It's WAF as code when implemetned with cloudformation, making it a quick and repeatable WAF implementation. One of the biggest issues with typical WAF products is that they're placed inline and costly, or are host based and are a suck on the instance resources. Being able to apply your WAF rule at the edge (cloudfront) is vastly better than letting malicious traffic travel deep into the environment.

What do you dislike?

Almost impossible to setup without using the AWS provided cloudformation template. However, once the template is used it's rather trivial to add in your own custom rules. My biggest dislike would be -> I honestly dont think the 3rd party tie-ins do anything. I would also like to see lower rate based options, 2k is rather high for a minimum.

Recommendations to others considering the product:

Start with the AWS provided template, run it in monitor mode, and tune accordingly.

What problems are you solving with the product? What benefits have you realized?

Edge protection, general complaince, and it's simply a best practice. The biggest benefit is that it can be applied via cloudforamtion in a repeatable fasion, and it's very low cost when compared to many other options.

Fernanda S.
Validated Reviewer
Review Source
content

"AWS WAF is my choice number one"

What do you like best?

Pricing model, control, ease of change, technical support, pace of innovation are all outstanding. AWS WAF offers an API (by the way, a full-featured one) that automates security rules' creating, deploying, and maintaining. We like that the deployment of new rules can last just a few minutes. Apart from other reasons, this allows quickly responding to alterations in traffic patterns. Besides, AWS WAF allows monitoring Internet traffic in a mode close to real time, so we can quickly create new rules or warnings in Amazon CloudWatch.

What do you dislike?

I think that documentation could be better but after all, this service is our choice number one. It provides various documentation which is helpful at the outset and also they have videos and other kinds of documentation as well.

Recommendations to others considering the product:

We should note that you can deploy AWS WAF on the Amazon CloudFront (the CDN solution component), and on the Application Load Balancer (for servers on EC2, for example) as well. But all things considered, we can absolutely recommend this service.

What problems are you solving with the product? What benefits have you realized?

AWS WAF suits our needs as best one can. WAF can be implemented as a cloud service, an agent on a web server, or a specialized hardware or virtual device. To start working with AWS WAF, there is a need for creating an access control list which determines which network requests have to be blocked and which should be skipped.

Haripriya B.
Validated Reviewer
Verified Current User
Review Source
content

"Experience in using AWS WAF"

What do you like best?

Basically amazon is most trusted organization worldwide. And the firewall for web services enables the user to filter web requests and work accordingly. one can anytime restrict or accept request from any unknown client.

What do you dislike?

There is nothing to dislike but one thing is that we need to configure it separately. It doesnt come along with the cloud web service.

Recommendations to others considering the product:

Those who use Amazon cloud can use this AWS WAF to keep the instances protected from any malfunction or protect the instances by what to restrict and what not to.

What problems are you solving with the product? What benefits have you realized?

I protect my web instances with WAF because it is a better way to filter request to my website.

Siddharth W.
Validated Reviewer
Review Source
content

"A very flexible and low cost basic extandable WAF with a few limitations"

What do you like best?

The functionality could be extended via lambda functions and the rules could be distributed across the whole system.

Easy to set up and really east to get started

What do you dislike?

Limitations on the number of rules and also the price seems to be a little high

Recommendations to others considering the product:

It does have some flaws, but it does the job well, the API is good and pretty fast. Do give it a try

What problems are you solving with the product? What benefits have you realized?

Monitored how the client application using AWS responded to different web requests, We created different rules and access control lists to block the existing attack threats like SQL injections or cross-site scriptings

Utkarsh S.
Validated Reviewer
Review Source
content

"AWS - WAF: Nice and easy firewall for your apps"

What do you like best?

The setup procedure is pretty straightforward and fast. Get up and running in minutes, the wizard like format is very easy to work with.

What do you dislike?

It's still not available in all regions, that's the only minus point I can think of.

What problems are you solving with the product? What benefits have you realized?

Business wise the AWS WAF allows the developers to focus on building a feature rich app with really rock solid security using just some clicks. The security layer is pretty robust too.

Jonathan H.
Validated Reviewer
Review Source
content

"The WAF has been a great addition to the ALB"

What do you like best?

One feature I enjoy is being able to dynamically alter WAF rules based. We use traffic analysis tools to feed back into our WAF to dynamically respond to threats.

What do you dislike?

It'd be great if there was a better interface or clarity of the WAF. We usually set it up through the CLI but the UI for WAF could be better.

What problems are you solving with the product? What benefits have you realized?

Security response

EI
Executive Sponsor in Information Technology and Services
Validated Reviewer
Review Source
content

"WAF Review"

What do you like best?

Easy setup when compared to other systems providing firewall services for web services. Single click enablement versus infrastructure deployment. Can be deployed for all LBs in the VPC without additional configuration.

What do you dislike?

ONly able to set-up a single subscription per WAF. Example: F5 provides three separate subscriptions each addressing s specific need but only one can be added. Other rule sets need to be manually written.

Recommendations to others considering the product:

Requires some experience with existing WAF like services to fully understand and properly implement.

What problems are you solving with the product? What benefits have you realized?

Additional layers of protection for externally exposed resources.

jomin v.
Validated Reviewer
Verified Current User
Review Source
content

"A very nice web application"

What do you like best?

It is so easy to access this via Remote Desktop.

What do you dislike?

Personally I don't have any dislikes so far. I always recommend this product.

Recommendations to others considering the product:

I would strongly recommend this product to anybody those who look for Web application firewall.

What problems are you solving with the product? What benefits have you realized?

Currently we access the Informatica, MSTR applications through the Amazon Web application.

I
Internal Consultant
Validated Reviewer
Review Source
content

"About AWS WAF"

What do you like best?

100% the best thing about it is the pricing, especially compared with other commercial options. You can protect multiple workloads with a simple, affordable, AWS-api and console interface.There are commercial rulesets availalbe for very little money and that is super attactive.

What do you dislike?

The one big drawbacks (curretnly) are the inability to link more than one commercial ruleset and the lack of control for where to redirect rejected traffic.

Recommendations to others considering the product:

See if the commercial rulesets meet your needs.

What problems are you solving with the product? What benefits have you realized?

Oh, what a WAF does: protect web sites and web-based services.

Brian L.
Validated Reviewer
Review Source
content

"Great WAF and Shield experience"

What do you like best?

Highly scalable and automate able. Able to automate rolling out across all accounts and add as part of new account creation.

What do you dislike?

Somewhat limited in functionality. Had ability to add custom automation to resolve shortcomings.

What problems are you solving with the product? What benefits have you realized?

Able to move away from third party solution for great cost savings.

Adde A.
Validated Reviewer
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"AWS WAF is slowly but on the rise! "

What do you like best?

The ease and simplicity of adding new firewalls for your web apps hosted in Route 53

What do you dislike?

The product is fairly new and does not offer extensive fairwalls compared to the likes of Cloudflare.

What problems are you solving with the product? What benefits have you realized?

Configure web apps firewalls for apps hosted using AWS Route 53

ayman r.
Validated Reviewer
Review Source
content

"Great tool "

What do you like best?

very simple and greate tool to use; highly recommend it

What do you dislike?

nothing; can find online docs that will help setup and quickly deploy.

What problems are you solving with the product? What benefits have you realized?

helping prevent attacks from hackers and others trying to take down our online applicaiton.

amanda c.
Validated Reviewer
Review Source
content

"Easy to use - Also managed by IoC"

What do you like best?

I like that there is terraform integration for WAF, we easily created a module that is scalable

What do you dislike?

The WAF interface is pretty old, it could definitely be looked at.

Recommendations to others considering the product:

New interface

What problems are you solving with the product? What benefits have you realized?

Security benefits

Ramdoyal V.
Validated Reviewer
Review Source
content

"Plug and PLay WAF Service"

What do you like best?

The way we can easily create and assign web ACL to multiple application.

What do you dislike?

Some features that are in advanced shield that can be move to general

What problems are you solving with the product? What benefits have you realized?

Securing the applications exposed publicly.

A
Administrator
Validated Reviewer
Review Source
content

"Great service - some way to go to be a mature service"

What do you like best?

Compared to a traditional WAF, having a WAF as a managed service means I don't have to worry about running infrastructure.

What do you dislike?

AWS WAF can be a little bare bones requiring you to stand up other AWS infra for more advanced use cases other more established products would include out of the box.

What problems are you solving with the product? What benefits have you realized?

Protecting the main web site

Dante M.
Validated Reviewer
Review Source
content

"Easy setup and effective"

What do you like best?

Simple setup and direct integration. Quick deploy.

What do you dislike?

Limited rulesets to begin with and documentation hard to search.

What problems are you solving with the product? What benefits have you realized?

Ddos

U
User
Validated Reviewer
Review Source
content

"Amazing AWS service"

What do you like best?

Can do what all modern WAF solutions can do without paying thousands of dollars extra.

What do you dislike?

Compared to other WAF's it does not have a detailed console output of the events.

What problems are you solving with the product? What benefits have you realized?

Automation was smooth. Problem lies in automating it for proactive black listing of Ip's using Guard Duty

A
Administrator
Validated Reviewer
Review Source
content

"I wish it did more out of the box"

What do you like best?

I like how easy it is to setup and integrate with the rest of my assets

What do you dislike?

While setup is easy, doing non trivial things with it still requires too much work, and often feels brittle. I'm directly comparing this against cloudflare.

What problems are you solving with the product? What benefits have you realized?

Standard owasp, bot protection, etc.

A
Administrator
Validated Reviewer
Review Source
content

"SImple firewall aplication"

What do you like best?

The fact that I can combine rules base on differents components like Http headers, methods, origins and more

What do you dislike?

Some time it is hard to find the way to link one component to another

What problems are you solving with the product? What benefits have you realized?

Seguring a Digital Signage application. WAF prevent different attacks to our EC2 infrastructure

AI
Administrator in Information Technology and Services
Validated Reviewer
Review Source
content

"Easy and intuitive way to implement a WAF"

What do you like best?

Organization and progression of key elements needed to build your WAF. The rules engine is easy to implement.

What do you dislike?

I dislike that I have to do this, but its a necessary evil

Recommendations to others considering the product:

great if you use cloudfront

What problems are you solving with the product? What benefits have you realized?

securing multiple cloudfront sites for internal use over the Internets

I
Internal Consultant
Validated Reviewer
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"Easy to implement secure web security"

What do you like best?

Simple web security for legacy a web applications that are not currently part of a development cycle.

What do you dislike?

None. This product did what we needed. No issues.

What problems are you solving with the product? What benefits have you realized?

Needed to solve security concern about web application that is not currently being developed.

CI
Consultant in Information Technology and Services
Validated Reviewer
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"Secure your web apps"

What do you like best?

Everyone should be using AWS WAF to secure their production websites and API's and mitigate the risk of SQL injections, DDoS attacks etc.

What do you dislike?

It can get fairly expensive if you are not using it right.

What problems are you solving with the product? What benefits have you realized?

Web Application Firewalls

UR
User in Retail
Validated Reviewer
Review Source
content

"Too tedious "

What do you like best?

Nothing really! It was too tedious to use at first so I ended up going with a different software

What do you dislike?

I didn’t like how un-simplified it was. Far too difficult

What problems are you solving with the product? What benefits have you realized?

I tried it but ended up going with another software

UH
User in Hospital & Health Care
Validated Reviewer
Review Source
content

"I love WAF my security team does not"

What do you like best?

I love that I have native integration into AWS resources

What do you dislike?

No ability to execute any kind of learning mode to understand traffic before I implement securty rules. Rules creation is a bit ackward sometimes.

What problems are you solving with the product? What benefits have you realized?

Security on ALBs

E
Executive Sponsor
Validated Reviewer
Review Source
content

"Useful but expensive"

What do you like best?

All at one place,ease of use and implementation.

Support and of course credibility.

What do you dislike?

Any thing above basic is expensive.

So it is not cost efficient to use for the applications on cheaper markets.

Recommendations to others considering the product:

Lower cost

What problems are you solving with the product? What benefits have you realized?

Security

I
Internal Consultant
Validated Reviewer
Review Source
content

"WAF integration"

What do you like best?

The ease of integration with cloud front

What do you dislike?

Occasionly i need detailed configuration

What problems are you solving with the product? What benefits have you realized?

API, web site and WS security on the permiter

AP
Administrator in Pharmaceuticals
Validated Reviewer
Review Source
content

"Easy Setup, Could be better"

What do you like best?

It's pretty easy to get started using the tutorials.

What do you dislike?

Easier to understand background information would be helpful.

What problems are you solving with the product? What benefits have you realized?

Security requirements

A
Administrator
Validated Reviewer
Review Source
content

"WAF review"

What do you like best?

Its easy setup, easy to use and instant benefits

What do you dislike?

Nothing really

What problems are you solving with the product? What benefits have you realized?

DDoS attack and filter of unwanted requests

E
Executive Sponsor
Validated Reviewer
Review Source
content
Business partner of the vendor or vendor's competitor, not included in G2 scores.

"Guardduty and WAF are just the tools for the security posteure"

What do you like best?

ability to integrate in monitoring and remediation

What do you dislike?

interface. and lack of inherent integration with KIBANA

What problems are you solving with the product? What benefits have you realized?

Cloud/Edge Security

Kate from G2

Learning about AWS WAF?

I can help.
* We monitor all AWS WAF reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.