We performed a comparison between AWS WAF and Cloudflare based on real PeerSpot user reviews.
Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements."
"If hackers try to insert bugs, the tool blocks it."
"The ease of deployment of the product is valuable to me."
"It is Amazon. Everything is scalable. It is beyond what we need."
"Rule groups are valuable."
"Stable and scalable web application firewall. Setting it up is straightforward."
"One common use case is using detection protection for enhancing security models in AWS. Another use case is implementing log analysis and response recovery procedures for email services."
"The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats."
"It is easier to configure and develop documentation to see how we have configured firewalls."
"When using services like Heroku, Cloudflare is very useful for CNAME flattening. I also use it for their end-to-end SSL with TLS authentication on nginx for securing servers."
"New and innovative way to protect the client's data."
"The most valuable feature of Cloudflare is that it has a free version. They give us the free version with the anti-DDoS features and also the load balancing solution."
"The technical support is good."
"The UI is good."
"The most valuable feature of Cloudflare is the GUI. You are able to control the solution very well through the interface. There is a lot of functionality that is embedded in the service."
"There are key things that are used for our enterprise customers, such as Lambda and DNS."
"AWS WAF would be better if it uses AI or machine learning to detect a potential attack or a potential IP that creates an attack even before it happens. I want AWS WAF to capture the IP and automatically write the rule to automate the entire process."
"While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex."
"The product should improve the DDoS-related features."
"The cost must be reduced."
"I would like to see the addition of more advanced rate-limiting features in the next release. It would be beneficial to extend rate limiting beyond just web servers to the main node level."
"An improvement area would be that it's more of a manual effort when you have to enable rules. That's one of the downsides. If that can be done in an automated way, it would be great. That's a lagging feature currently."
"The product must provide more features."
"The solution can improve its price."
"The product support needs to be accessible from more places, a wider area of coverage."
"There should be a specific price list for enterprise-level customers."
"It should have easier documentation for the configuration. It's very technical and people who aren't technical should also be able to do the configuration."
"I think the APIs are a little bit hard for us to work with. The APIs could be more open so that we could integrate better with our SolarWinds or our monitoring solution."
"It would be beneficial for us if Cloudflare could offer a scrubbing solution. This would involve taking a snapshot of my website and keeping it live during a DDoS attack, ensuring uninterrupted service for our users. DDoS attacks are typically short in duration, and having Cloudflare maintain the site's availability from its secure network would enhance the overall user experience. I would appreciate it if Cloudflare could consider implementing this feature. Many organizations already utilize similar capabilities in their CDN platforms, where a static snapshot of the web page is displayed during DDoS attacks. In terms of features, Cloudflare needs to enhance its resilience and stay more focused on adopting new technologies. For instance, solutions like F5 XC Box, Access Solution, and Distributed Cloud Solution have impressive features, and Cloudflare should strive to match and exceed those capabilities. There's a need for improvement in areas like AI-based DDoS attacks and Layer 7 WAF features. Cloudflare should prioritize enhancements in areas such as behavioral DDoS and protection against SQL injection attacks, considering the prevalent trend of public exposure to the internet for business reasons. Overall, Cloudflare needs to invest more in advancing its feature set."
"They lack a good way to manage DNS as a company, since everything is relegated to single account logins until you get to the higher levels. They have come out with a paid feature to remedy this, but I have not had a chance to fully review it yet to know if it fixes the access problem."
"The solution could work at being less expensive. It costs a lot to use it."
"Although I think it's quite good, it doesn't provide me with all the features I would expect to have if I were using Imperva."
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Cloudflare is ranked 1st in Distributed Denial of Service (DDOS) Protection with 57 reviews. AWS WAF is rated 8.0, while Cloudflare is rated 8.4. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Cloudflare writes "It's easy to set up because you point the DNS to it, and it's working in under 15 minutes". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF, Imperva Web Application Firewall and NGINX App Protect, whereas Cloudflare is most compared with Akamai, Azure Front Door, Imperva DDoS, AWS Shield and G-Core Labs CDN. See our AWS WAF vs. Cloudflare report.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.