TrustRadius: an HG Insights company
Back to Overview

AWS WAF Reviews and Ratings

Rating: 7 out of 10
Score
7 out of 10

Reviews

9 Reviews

Provide a Firewall to your AWS frontend using AWS WAF

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

We are using AWS WAF in front of all our CloudFront distributions and some API Gateways. We need AWS WAF to prevent DDOS attacks on our websites as it provides rules for rate limitation for requests, BOT control features, AWS Managed common rule set against dangerous IP addresses, and many more features. The introduction of AWS WAF in front of all our CloudFronts reduced many attacks and rate-limited bot requests to our websites. The WAF also provides features to send metrics to an OpenSearch distribution for all the requests based on certain criteria, allowing us to send custom alerts to Slack for imminent attacks and requests exceeding rate limitation. AWS WAF is certainly a state-of-the-art product introduced by AWS that easily integrates with most of the AWS products.

Pros

  • AWS WAF prevents DDOS attacks by providing a feature to rate limit the requests originating from a certain IP address. It has prevented a lot of attacks on our websites. It is quick in identifying heavy requests on our domains and alerting us for attacks.
  • AWS WAF has a BOT control feature that identifies certain BOTs attacking our frontend websites for crawling data. These BOTs just like ChatGPT try to steal our data and use it for Machine Learning purposes. AWS WAF has a ManagedRule to identify such bots that crawl the data or send bulk requests and stop the requests to reach our websites from these bots.
  • An amazing feature of AWS WAF is the precedence for the rules for blocking/allowing requests. We are using a lot of AWS managed rules and sometimes the requests from our backend or from our offices were being blocked because of AWS managed rules such as rate limitation when performing stress tests on our websites. AWS WAF allows adding custom rules before the managed rules which allow certain IP addresses to send unlimited traffic to our websites and do not block our day to day work.

Cons

  • AWS BOT protection is an amazing functionality but it is expensive. There are rooms for improvement in the BOT protection also to block Small Language Models. The SMLs are growing day by day and there should be some more restrictions added for these BOTs.
  • One feature where WAF can improve is the metrics shown on the AWS WAF console. Sometimes it is very hard to follow these metrics. There should be an easy UI for filtering BLOCK/ALLOW requests on the AWS WAF console so that it is easy to debug why certain requests were blocked.
  • The UI should not be the native cloudwatch but a separate UI can be developed that can have features to filter the requests based on the URI, path, host header, IP addresses, etc.
  • I know that this can be achieved from CloudWatch and OpenSearch, but I find using these 2 a bit expensive.
  • AWS WAF should expand the functionality to integrate with applications that are not hosted on AWS as well. Currently, there is no such functionality and to implement such functionality, we need to introduce an AWS managed resource infront of our current applications.

Likelihood to Recommend

Well Suited:

1. To prevent DDOS attacks: AWS WAF has a lot of managed rules to prevent DDOS attacks based on traffic origination from a particular IP or IP reputation etc.

2. To rate-limit requests: Well it sounds familiar like preventing DDOS attacks, but it can also be used to rate-limit requests originating from the same IP address. We have used this feature so that we can test multiple failure scenarios for our application.

3. To prevent Data crawling: The BOT control feature allows us to prevent BOTs from crawling data on our websites.

Not Suited:

1. To integrate applications outside of AWS Cloud: As I mentioned in my previous comments, this type of integration requires a custom implementation of another AWS resource.

VU
Verified User
Employee (1001-5000 employees)
Vetted Review
AWS WAF
4 years of experience

Using AWS WAF -- a native solution

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

Edge Security Control from the outside. Used to allow legitimate secure connections to you web application servers. Encryption, Mutli Factor Authentication and allowable connections are key. One of the advantages is that it is a solution that is native to the AWS Cloud platform. It is a scaleable and can meet the performance requirements.

Pros

  • Perfomance
  • Scalability
  • Uptime

Cons

  • Need to provide improved dashboard metrics
  • Easy to navigate for troubleshooting purposes
  • Consolidated Reporting

Likelihood to Recommend

Most suited if you have a very strong presence in AWS. It is natively available as an add on service. You can also track the costs overtime based on usage. There is still a lot of improvement on the features and the user interface that can be implemented over time.

VU
Verified User
Engineer in Information Technology (501-1000 employees)
Vetted Review
AWS WAF
2 years of experience

Easiest implantation of Firewall out there

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

We have several web applications running on AWS build on Laravel so we inherently have a need to secure it. DDOS attacks are common among them. as we mounted an AWS WAF before our load-Balancer. since then we have never faced any issue regarding web application security. Highly recommend it if you run critical e-commerce applications.

Pros

  • DDOs attack prevention
  • Cost saving if you have multiple web applications.
  • One stop solution so no further efforts needed. almost everything can be handle with AWS WAF.

Cons

  • AWS WAF is a bit costly if used for single applications.
  • they should provide attack-wise protection, like if my certain type of application is vulnerable to DDOS then I should be able to buy WAF, especially for that attack.
  • CLI tool to test in offline mode if possible.

Likelihood to Recommend

If your firm primarily focuses on web development, this should be a go-to solution. On top of that, if you're primarily working in the E-commerce sector, where frequent monetary transactions occur, you'll find your self needing that extra security because of increased risk of cyber attacks. Other than that, it should only be considered if client has good budget and is asking for extra security.

ZP
Zeel Pandya
SAP ABAP Consultant in Information Technology at AeonX Digital Solutions (51-200 employees)
Vetted Review
AWS WAF
1 year of experience
View profile

My review on AWS Web Application Firewall

Rating: 10 out of 10

Use Cases and Deployment Scope

Web applications are very vulnerable to attacks and deploying your applications from the cloud can expose them to even greater risk. To help secure their cloud web apps, administrators will use a Web Application Firewall. We deployed all the applications and servers on the AWS cloud, so we need more security. That is why we are using the AWS Web Application Firewall. WAF provides a lot of features that will secure your applications. We have been using cloud services for the last 3 years and most of the services are running on AWS. In our condition we need a lot of security.

Pros

  • Web traffic filtering
  • Bot Control
  • Real-time visibility
  • Easy to monitor web traffic
  • Prevent against any type of attack, like SQL code injection
  • Easy to create the rules
  • Easy to filter the packet as per your requirement

Cons

  • Less documentation available for help in configuration and maintenance
  • AWS should work on their technical support
  • High price

Likelihood to Recommend

If you have deployed your servers and application and have them running through the cloud, then you should choose the AWS WAF for security. This is very good cloud firewall which will protect your application and servers from any type of attacks. On the cloud, everyone can easily reach your server, so you need to add more security. AWS WAF provides you a lot of features, which will help you to protect your cloud servers and applications from external attacks.

VS
Vinit Sharma
Network Administrator in Information Technology at Infosys (10,001+ employees)
Vetted Review
AWS WAF
2 years of experience
View profile

Best Security Tool for Your Web Applications

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

AWS WAF is basically implemented to secure the web applications. I have a positive experience using the AWS Web Application Firewall (WAF). It has many features to protect our applications and solutions. The good thing about AWS WAF is it has the most friendly APIs for developers to create firewall rules for the web application. That makes our applications secure.

Pros

  • AWS WAF has the most developer-friendly API to create firewall rules.
  • AWS WAF provides OWASP security controls, which reduces developers' burden (i.e., SQL injection and cross-site scripting).
  • AWS WAF has customizable web security rules. The user can even push the rules through the API available, which is the great feature and helped me a lot.
  • It protects applications at layer 7 (HTTP) of the OSI model and not just layer 4 (TCP).

Cons

  • Need to enhance OWASP standards.
  • We are limited to five rate-based rules per AWS account.

Likelihood to Recommend

AWS WAF is perhaps one of the best web application firewalls out there to date. Thankfully we have had no issues and we have been commended for using reputable vendors like AWS for security and privacy matters as part of our GDPR and ISO certifications. I would suggest that prospective customers use the CloudFormation templates provided by Amazon for creating the WAF.

SJ
Saim Jamali
Head of Software & Services in Information Technology at SamiPharma (10,001+ employees)
Vetted Review
AWS WAF
1 year of experience
View profile

AWS WAF, a really good alternative

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

We use AWS WAF in our whole organization to help us protect all workloads we deploy using AWS CloudFront and AWS API Gateway. The mail problems we cover are layer seven attacks, but we also create whitelists and blacklists to allow or deny specific traffic. We also use Managed Rules for AWS WAF, to quickly get started and protect our web application or APIs against common threats.

Pros

  • Great integration with AWS services.
  • Easy configuration management via API.

Cons

  • Reporting.
  • Log visualization.

Likelihood to Recommend

AWS WAF is well suited for securing HTTP/HTTPS and API services deployed in AWS as it is easily integrated with services like CloudFront and API Gateway. AWS WAF can be used to to address some application security flaws such as the ones named by the Open Web Application Security Project (OWASP).

OM
Oscar Martinez
DevOps in Information Technology at Aval Digital Labs (201-500 employees)
Vetted Review
AWS WAF
3 years of experience

Say goodbye to vulnerabilities in enterprise applications with AWS WAF!

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

AWS WAF is a really useful software when implemented at the departmental level. It allows the infrastructure of the applications that are being executed to be protected in a very simple way since the user can establish rules to stop the vulnerabilities that can cause a malfunction in such applications. This is why we have decided to implement it in the business applications development department to dismiss these vulnerabilities and thus be able to concentrate on the development of applications without that concern.

Pros

  • It allows custom rules to be established to stop attacks that may harm business applications.
  • Its cost is based only on what the user uses to establish rules that can protect applications from vulnerabilities.
  • The rules can be established by the user or those that the system already brings with it being able to be centralized to reuse them for the rest of the applications, which saves time.
  • The user can choose the traffic of their applications.
  • The cost depends on the number of rules assigned.
  • It deploys new rules fast and efficiently.

Cons

  • The documentation offered is somewhat confusing, so it would be ideal if it were much more direct and precise.
  • Your initial configuration may be confusing, so the best option is to use the rule templates provided by AWS.
  • Its configuration is not unified with AWS, so it must be done separately and it takes some time.
  • The number of rules to be established is somewhat limited.

Likelihood to Recommend

AWS is ideal for implementation in scenarios where business applications are consuming more resources than they should. When AWS WAF is used it prevents this from happening and in this way applications tend to run as they should. It is ideal to establish custom rules and centralize them to protect different applications without having to re-create the same rules which helps save time, as well as allowing the usual attack patterns to be blocked, such as cross-site scripts and SQL injection.

mj
maría jose gonzalez ortiz
Software Developer in Information Technology at KANA Software (501-1000 employees)
Vetted Review
AWS WAF
1 year of experience
View profile

A very efficient solution against web attacks

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

We use AWS WAF in the Application Development department since it is useful to provide protection against the most common web attacks such as the injection of SQL code and site scripts, as well as to prevent these applications from consuming more resources than they should actually consume. For this, we develop custom rules that allow us to block such attacks and at the same time improve the visibility of web traffic.

Pros

  • Protect any application against the most common attacks.
  • Provides better visibility of web traffic.
  • It allows us to control the traffic in different ways in which it is enabled or blocked through the implementation of security rules developed personally according to our needs.
  • It is able to block common attacks such as SQL code injection.
  • It allows defining specific rules for applications, thus increasing web security as they are developed.

Cons

  • It is necessary to have knowledge about the software because otherwise inappropriate rules will be created.
  • Your configuration can be somewhat tedious.
  • Your support team takes a long time to answer the user's questions.
  • Its costs can be somewhat high, unlike other services since it is charged by the number of rules that are created.

Likelihood to Recommend

AWS WAF is highly appropriate to interrupt or prevent cyber attacks because when implementing rules, whether they are specific or centralized, so any application that has these vulnerabilities is protected.

<div>Implementing managed rules creates greater security to protect both API and applications.

If implemented along with other AWS tools, the security is much better, so if you want to protect applications against more specific attacks, it is ideal to integrate with Amazon CloudFront, which is a great benefit because it warns when thresholds are exceeded or specific attacks occur.

AWS WAF is ideal to avoid common web attacks. For more specific attacks and scenarios, I don't recommend this.

</div>

HB
Hanna Bedoya
Software Developer in Research & Development at iModules (51-200 employees)
Vetted Review
AWS WAF
2 years of experience
View profile

Best solution to protect your Web App from Cyber Attacks

Rating: 9 out of 10
Incentivized

Use Cases and Deployment Scope

We were using WAF to protect our web application from cyber attacks by filtering the requests access to our web app. We created various rules and access control lists for blocking all the unwanted threats like SQL injections.

Pros

  • The deployment was pretty easy on the AWS platform
  • The cost of using AWF WAF is pretty low as you only have to pay for the rules that you are assigning and also, you can chose the traffic that you need for your application
  • The technical support is great, they are very good in understanding your problem and really helpful in providing the best solution

Cons

  • There is nothing much to dislike about this product

Likelihood to Recommend

It is a pretty useful product if your web application is deployed on Amazon Web Service platform, else it could be a little complicated and pricey. It's useful if you want to lay down your own rules for security and traffic management of your web app. Having AWS WAF can assure you that the application that you are creating have integrated security features which can be maintained easily for future use. It does has some flaws, but it is backed up by Amazon which is doing a great job in everything that they are doing, so it surely has a great future.

VU
Verified User
Engineer in Professional Services (501-1000 employees)
Vetted Review
AWS WAF
1 year of experience