We compared AWS WAF and Cloudflare Web Application Firewall based on our user's reviews in several parameters.
AWS WAF is praised for its effective protection, comprehensive logging capabilities, and customizable rule sets. The customer service is highly responsive and contributes to a positive experience. The return on investment has been positive, but there are areas for improvement in documentation and user-friendliness. On the other hand, Cloudflare Web Application Firewall is commended for enhancing website security, user-friendly interface, and integration with other services. The customer service is efficient, and the pricing is competitive. However, users have noted a need for more customization options and improvements in response times and ease of use.
Features: AWS WAF stands out for its effective protection against web attacks, integration with other AWS services, and efficient management of multiple websites. In contrast, Cloudflare WAF is praised for its website security enhancement, user-friendly interface, and comprehensive reporting capabilities.
Pricing and ROI: The setup cost for AWS WAF was minimal and the process was smooth and straightforward. Users found the pricing affordable and the licensing flexible. Cloudflare Web Application Firewall also had competitive pricing with straightforward setup costs and flexible licensing options., AWS WAF users have reported increased security, reduced risks, and improved protection against web threats, with cost savings and enhanced firewall management. Cloudflare's Web Application Firewall has resulted in significant financial gains.
Room for Improvement: The AWS WAF product could improve its documentation and instructions for users with limited technical expertise. Users also find difficulties in setting up and managing rules and desire a more user-friendly interface. In contrast, Cloudflare Web Application Firewall would benefit from enhancements in customization options, response times, and ease of use. Users want more flexibility in tailoring firewall settings and quicker notifications and responses. The interface is also seen as complex and needing simplification for a better user experience.
Deployment and customer support: The user reviews for AWS WAF emphasize the importance of considering the duration for different phases of implementing a new tech solution. This includes both deployment and setup, which may vary in timeframes. On the other hand, the Cloudflare Web Application Firewall reviews highlight that the duration can vary among users, with some spending three months on deployment and a week on setup, while others only require a week for both. It is necessary to evaluate the context in which these terms are used and consider them collectively., AWS WAF's customer service and support have consistently been praised for their excellence and responsiveness. Users receive prompt assistance and solutions to queries, while the knowledgeable support team ensures overall customer satisfaction. In comparison, Cloudflare Web Application Firewall also has excellent customer service, with responsive and efficient assistance, addressing issues promptly and providing clear instructions. Users feel supported and confident with Cloudflare's customer service.
The summary above is based on 41 interviews we conducted recently with AWS WAF and Cloudflare Web Application Firewall users. To access the review's full transcripts, download our report.
"The agility is great for us in terms of cloud services in general."
"The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match."
"The simple configuration and the scalability have been most valuable. We are able to scale across all of our different AWS instances."
"If hackers try to insert bugs, the tool blocks it."
"The interface is good."
"We can host any DB or application on the solution."
"AWS WAF is a stable solution. The performance of the solution is very good."
"The most valuable feature is the addition of managed tools that help us create customizable rules. In case we want to block a particular request, we can make use of those rules."
"It protects web applications efficiently."
"Does a good job preventing web application attacks."
"It is a SaaS solution unlike much of the competition."
"The solution protects our application, which runs on the HTTP protocol, from DDoS attacks."
"We like that there's load balancing, firewall capabilities, DDoS protection, et cetera, all covered by Cloudflare."
"Caching is the most valuable feature of Cloudflare Web Application Firewall."
"The product has improved our security posture by blocking bad actors."
"The integration of Cloudflare with Cloud Suite is its most valuable feature."
"When users choose the free service, there isn't great support available to them."
"I would like to see the addition of more advanced rate-limiting features in the next release. It would be beneficial to extend rate limiting beyond just web servers to the main node level."
"They should work to define more threats, add more security, and make it more compliant with more security companies."
"It's a bit difficult to apply the right rules for the right security."
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"For uniformity, AWS has a well-accepted framework. However, it'll be better for us if we could have some more documented guidelines on how the specific business should be structured and the roles that the cloud recommends."
"AWS WAF could improve by making the overall management easier. Many people that have started working with AWS WAF do not have an easy time. They should make it easy to use."
"The product must provide more features."
"The accuracy of the Cloudflare Web Application Firewall could be improved by reducing the number of false-negative alerts."
"I have experienced some difficulties with Cloudflare's support as a customer based in India."
"The blocked logs are difficult to read at times."
"It would be ideal if the solution offered better log integration and more integration with different platforms."
"They have some limitations with third-party integrations."
"The platform's control features related to real-time authentication and response time need improvement."
"A key challenge arises when dealing with numerous integrations with HVAC systems. Depending on the specifics, there might be some configuration mismatches, which necessitate specific support."
"The notification part could be improved. It's very much connected to Web Application Firewall, rate-limiting, and DDoS protection."
More Cloudflare Web Application Firewall Pricing and Cost Advice →
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Cloudflare Web Application Firewall is ranked 7th in Web Application Firewall (WAF) with 16 reviews. AWS WAF is rated 8.0, while Cloudflare Web Application Firewall is rated 8.2. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Cloudflare Web Application Firewall writes "A cloud solution for web application firewall protection with rate-limiting, managed, and custom firewall rules". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF, Imperva Web Application Firewall and Prisma Cloud by Palo Alto Networks, whereas Cloudflare Web Application Firewall is most compared with Microsoft Azure Application Gateway, Akamai App and API Protector, Fortinet FortiWeb, Azure Front Door and NGINX App Protect. See our AWS WAF vs. Cloudflare Web Application Firewall report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.