We performed a comparison between AWS WAF and Citrix Web App and API Protection based on real PeerSpot user reviews.
Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We can host any DB or application on the solution."
"AWS WAF helps mitigate different kinds of bot attacks and SQL injection that happen within the retail industry."
"Its best feature is that it is on the cloud and does not require local hardware resources."
"The customized billing is the most valuable feature."
"It is a one-click WAF with no effort needed."
"The solution's initial setup process is easy."
"Stable and scalable web application firewall. Setting it up is straightforward."
"The tool’s stability is very good."
"I like the solution's simplicity compared to Citrix's on-prem solutions."
"Citrix Web App API Protection allows you to enable a blocking mode"
"When our primary link goes down I can still get to my Cisco devices and the NetScaler devices on-prem because of the SDN solution. If the internet connection at one of the branches goes down, we can still route them, they still get internet based on the SDN solution through one of the other sites. They can carry on working."
"I prefer this solution because of its user-friendly interface. I find it simple and close to what I am currently using, which is Citrix Fortiva Access for Multi-Factor Authentication. I appreciate the familiar user interface and troubleshooting tools it offers."
"The advantage of Citrix Web App and API Protection is just its graphic user interface for beginners. The solution is nothing special, but we have to use it for the corporation. Another advantage of Citrix Web App and API Protection is that we have our copy to test things and get the know-how of it."
"The stability is good. If there is a problem, the load will be shifted to other sites automatically, which has been a good experience for us."
"We have good customer support."
"The work balancing applications are the most valuable feature."
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"We need more support as we go global."
"The pricing model is complicated."
"For uniformity, AWS has a well-accepted framework. However, it'll be better for us if we could have some more documented guidelines on how the specific business should be structured and the roles that the cloud recommends."
"This solution could be improved if the configuration steps were more specific to WAF, compared to other cloud services."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
"The cost management has room for improvement."
"We don't have much control over blocking, because the WAF is managed by AWS."
"An area for improvement in Citrix Web App and API Protection is for it to give real-time notifications and alerts. It would be practical if the solution warns you if there's an attack or if the load or traffic volume increases or decreases. An additional feature I'd like to see in Citrix Web App and API Protection is a prediction or artificial intelligence on what is happening, for example, attacks."
"Their upgrades are not very backward compatible, and sometimes they mess up."
"I am not an expert in this solution, but simplicity and user-friendly interfaces are crucial for me. I would appreciate advice from Citrix, particularly in the form of an interactive guide for API protection. It would be helpful if they could provide specific points and recommendations for cybersecurity, indicating areas that need attention or improvement. I find such interactive guidance valuable."
"The setup was not simple."
"The reporting is not so good. They don't have an application to connect the logs."
"The user interface could be more friendly. Some wizards and other documentation for administrators, as well as some use cases, helps us to understand the solution."
"Security could be improved because then I can get rid of my Cisco firewalls. If they improve the security then I could run my security, my proxy, my firewalling and my SDN solution on one device instead of having to have multiple devices."
"Citrix Web App and API Protection could improve in the area of licensing"
More Citrix Web App and API Protection Pricing and Cost Advice →
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Citrix Web App and API Protection is ranked 18th in Web Application Firewall (WAF) with 11 reviews. AWS WAF is rated 8.0, while Citrix Web App and API Protection is rated 8.0. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Citrix Web App and API Protection writes "Affordable, provides advanced features, and protects applications". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF, Imperva Web Application Firewall and Fortinet FortiWeb, whereas Citrix Web App and API Protection is most compared with F5 Advanced WAF, Azure Front Door, Fortinet FortiWeb, Akamai App and API Protector and Imperva DDoS. See our AWS WAF vs. Citrix Web App and API Protection report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.