We performed a comparison between Citrix Web App and API Protection and Cloudflare based on real PeerSpot user reviews.
Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The work balancing applications are the most valuable feature."
"I like the solution's simplicity compared to Citrix's on-prem solutions."
"Citrix is good for application protection."
"The advantage of Citrix Web App and API Protection is just its graphic user interface for beginners. The solution is nothing special, but we have to use it for the corporation. Another advantage of Citrix Web App and API Protection is that we have our copy to test things and get the know-how of it."
"The stability is good. If there is a problem, the load will be shifted to other sites automatically, which has been a good experience for us."
"I prefer this solution because of its user-friendly interface. I find it simple and close to what I am currently using, which is Citrix Fortiva Access for Multi-Factor Authentication. I appreciate the familiar user interface and troubleshooting tools it offers."
"We have good customer support."
"When our primary link goes down I can still get to my Cisco devices and the NetScaler devices on-prem because of the SDN solution. If the internet connection at one of the branches goes down, we can still route them, they still get internet based on the SDN solution through one of the other sites. They can carry on working."
"What I like best about Cloudflare is that my company can use it to trace and manage applications and monitor traffic. The solution tells you if there's a spike in traffic. Cloudflare also sends you a link to check your equipment and deployment and track it through peering, so it's a valuable tool."
"The DDoS protection is the most valuable aspect of the solution."
"From what I've seen so far, there are no negatives to report as of yet"
"I rate its stability a ten out of ten."
"The UI is good."
"Cloudflare has many features."
"The most valuable feature of Cloudflare is the GUI. You are able to control the solution very well through the interface. There is a lot of functionality that is embedded in the service."
"There are key things that are used for our enterprise customers, such as Lambda and DNS."
"The configuration for its web application firewall is complicated."
"The reporting is not so good. They don't have an application to connect the logs."
"Their upgrades are not very backward compatible, and sometimes they mess up."
"The solution's pricing is a big concern and should be improved."
"The setup was not simple."
"An area for improvement in Citrix Web App and API Protection is for it to give real-time notifications and alerts. It would be practical if the solution warns you if there's an attack or if the load or traffic volume increases or decreases. An additional feature I'd like to see in Citrix Web App and API Protection is a prediction or artificial intelligence on what is happening, for example, attacks."
"I am not an expert in this solution, but simplicity and user-friendly interfaces are crucial for me. I would appreciate advice from Citrix, particularly in the form of an interactive guide for API protection. It would be helpful if they could provide specific points and recommendations for cybersecurity, indicating areas that need attention or improvement. I find such interactive guidance valuable."
"The user interface could be more friendly. Some wizards and other documentation for administrators, as well as some use cases, helps us to understand the solution."
"It should confirm audit findings of the assigned area with auditees to ensure that the audit conclusions are based on an accurate understanding of the issues."
"Cloudflare does not have an on-premise solution. If they had different approaches they could be better suited to accommodate more customers, such as on-premise and hybrid deployments. For example, hybrid deployments would be useful where you could move the traffic from the enterprise to the cloud."
"For the free and Pro plans, Cloudflare could use a simple bot to provide information to users. This would improve support, especially for less advanced users who utilize the free components."
"DNS Management."
"The timing aspect can lead to it being considered overpriced. This is a particular concern we have with Cloudflare, as they may struggle with accurately detecting the client."
"We are a product integrator and reseller, and we would like to have a better partner relationship, similar to a channel sales relationship. Sometimes we are on our own or get diverted by Cloudflare because they have direct sales, which competes with us and makes it difficult to build a relationship with this company since we want to be an MSP or a managed service provider for the solution."
"It would be beneficial for us if Cloudflare could offer a scrubbing solution. This would involve taking a snapshot of my website and keeping it live during a DDoS attack, ensuring uninterrupted service for our users. DDoS attacks are typically short in duration, and having Cloudflare maintain the site's availability from its secure network would enhance the overall user experience. I would appreciate it if Cloudflare could consider implementing this feature. Many organizations already utilize similar capabilities in their CDN platforms, where a static snapshot of the web page is displayed during DDoS attacks. In terms of features, Cloudflare needs to enhance its resilience and stay more focused on adopting new technologies. For instance, solutions like F5 XC Box, Access Solution, and Distributed Cloud Solution have impressive features, and Cloudflare should strive to match and exceed those capabilities. There's a need for improvement in areas like AI-based DDoS attacks and Layer 7 WAF features. Cloudflare should prioritize enhancements in areas such as behavioral DDoS and protection against SQL injection attacks, considering the prevalent trend of public exposure to the internet for business reasons. Overall, Cloudflare needs to invest more in advancing its feature set."
"We're facing challenges due to an upgrade in the machine learning model. The problem arises from some users abusing the APIs, resulting in an influx of suspicious traffic. Cloudflare's learning model mistakenly identifies this traffic as human. Consequently, it assigns it a higher trust score, akin to legitimate human traffic, causing complications in our architecture. Previously, such traffic would have been categorized as suspicious, enabling us to apply appropriate blocking rules. However, we encounter difficulties distinguishing between genuine and suspicious traffic with the new categorization. Despite these challenges, overall, Cloudflare remains the preferred solution compared to Azure, AWS CloudFront, and Google Cloud Armor."
More Citrix Web App and API Protection Pricing and Cost Advice →
Citrix Web App and API Protection is ranked 18th in Web Application Firewall (WAF) with 11 reviews while Cloudflare is ranked 1st in Distributed Denial of Service (DDOS) Protection with 57 reviews. Citrix Web App and API Protection is rated 8.0, while Cloudflare is rated 8.4. The top reviewer of Citrix Web App and API Protection writes "Affordable, provides advanced features, and protects applications". On the other hand, the top reviewer of Cloudflare writes "It's easy to set up because you point the DNS to it, and it's working in under 15 minutes". Citrix Web App and API Protection is most compared with F5 Advanced WAF, Azure Front Door, Fortinet FortiWeb, AWS WAF and Akamai App and API Protector, whereas Cloudflare is most compared with Akamai, Azure Front Door, Imperva DDoS, AWS Shield and Microsoft Azure Application Gateway. See our Citrix Web App and API Protection vs. Cloudflare report.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.