We compared AWS WAF and Azure Web Application Firewall based on our user's reviews in several parameters.
Both AWS WAF and Azure Web Application Firewall offer effective protection against web application attacks, with AWS WAF praised for its customizable rule sets, while Azure Web Application Firewall is commended for its ease of integration with existing infrastructures. AWS WAF's reliable performance and comprehensive logging capabilities stand out, while Azure Web Application Firewall is valued for its competitive pricing and efficient management features. Users appreciate AWS WAF's customer service, while Azure Web Application Firewall users highlight the instant updates and seamless integration process. Areas for improvement include better documentation and enhanced customization options for AWS WAF, and improved performance and configuration process for Azure Web Application Firewall.
Features: The valuable features of AWS WAF include effective protection against web application attacks, easy setup and configuration, comprehensive logging and monitoring, integration with other AWS services, flexible rules and policies, and efficient multi-website management. On the other hand, Azure Web Application Firewall offers strong attack protection, seamless integration, efficient management and monitoring, customizable firewall rules, instant updates, and comprehensive reporting.
Pricing and ROI: The setup cost of AWS WAF is reported to be minimal, with a smooth and straightforward process. Users mention that the licensing is flexible and customizable. On the other hand, Azure Web Application Firewall also has a straightforward setup with a user-friendly integration process. The pricing is considered competitive and the licensing structure offers flexibility to cater to different business needs., The ROI from AWS WAF has led to increased security, reduced risks, cost savings, and improved efficiency in managing the web application firewall. In comparison, Azure Web Application Firewall offers significant improvements in website security, streamlined management, extensive features, and efficient web traffic monitoring and control. Users have reported substantial returns and reliability with Azure.
Room for Improvement: In terms of room for improvement, AWS WAF users have expressed the need for better documentation, more detailed instructions, a user-friendly interface for rule setup and management, and increased customization options. On the other hand, Azure Web Application Firewall could enhance its performance, improve the configuration process for easier setup and customization, and optimize integration with other Azure services for better overall performance and efficiency.
Deployment and customer support: Based on user reviews, the implementation of AWS WAF seems to have varying durations for deployment and setup phases, while Azure Web Application Firewall had a longer deployment phase of three months but had a shorter setup phase of one week., AWS WAF's customer service and support have consistently been praised for their excellent and highly responsive approach. Users appreciate the knowledgeable and helpful support team. Azure Web Application Firewall also offers prompt, effective, and reliable customer service.
The summary above is based on 33 interviews we conducted recently with AWS WAF and Azure Web Application Firewall users. To access the review's full transcripts, download our report.
"The most valuable feature of AWS WAF is its highly configurable rules system."
"The most valuable feature of the solution is the ability to integrate central sets. It protects from intrusion attacks such as scripting and SQL injections."
"This is not a product that you need to install. You just use it."
"Rule groups are valuable."
"The most valuable feature is the way it blocks threats to external applications."
"We preferred the product based on its cost. AWS WAF is an out-of-the-box solution and integrates with the AWS services that we use. It's natively integrated with AWS."
"AWS WAF helps mitigate different kinds of bot attacks and SQL injection that happen within the retail industry."
"The most valuable feature is the capability to limit access based on geographical location by restricting specific IP addresses."
"The initial setup is easy and straightforward...Azure Web Application Firewall is a scalable product."
"We have found the most valuable features to be the web application, minimal skills required for management, control through policies, and automation."
"It's quite a stable product and works well with Microsoft products."
"The most valuable feature is that it allows us to publish our applications behind the firewall."
"Azure WAF is extremely stable."
"It has been a stable product in my experience."
"It's a good option if you want a solution that's ready to go and easy for your team to learn. It's cloud-based, so you don't need to buy or maintain any hardware infrastructure."
"The solution has good dashboards."
"While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex."
"One area for improvement in AWS WAF could be the limitation on the number of rules, particularly those from third-party sources, within the free tier."
"We must monitor and clean up the WAF manually."
"I believe there is a need to move towards real-time analysis with the help of AI and intelligent systems in the future. This would reduce the reliance on manual work and enhance the functionality of detection protection. By incorporating AI-driven data analysis and data science techniques, we can improve the solution's user-friendliness, security compatibility, and accuracy."
"For uniformity, AWS has a well-accepted framework. However, it'll be better for us if we could have some more documented guidelines on how the specific business should be structured and the roles that the cloud recommends."
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
"Deployment should be simplified so that a non-techie can handle it."
"Azure WAF should not be deployed in the middle of the traffic."
"From a reporting perspective, they could do more there."
"I would say that Azure's customer service is not that good...I am not very happy with the support offered."
"The documentation needs to be improved."
"The management can be improved."
"The support for proxy forwarding could improve."
"There is a need to be able to configure the solution more."
More Azure Web Application Firewall Pricing and Cost Advice →
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Azure Web Application Firewall is ranked 12th in Web Application Firewall (WAF) with 9 reviews. AWS WAF is rated 8.0, while Azure Web Application Firewall is rated 8.4. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Azure Web Application Firewall writes "It's a good option if you want a solution that's ready to go and easy for your team to learn". AWS WAF is most compared with Microsoft Azure Application Gateway, F5 Advanced WAF, Imperva Web Application Firewall, Cloudflare Web Application Firewall and Fortinet FortiWeb, whereas Azure Web Application Firewall is most compared with Fortinet FortiWeb, Azure Firewall, Azure Front Door, F5 Advanced WAF and Microsoft Defender for Endpoint. See our AWS WAF vs. Azure Web Application Firewall report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.