What is our primary use case?
Our primary use case is to protect our internal web solution. We use it to have an internal application for our customers. We are an SME worldwide company, so we have some internal website solutions architects that use this as an internal portal to the internet. We apply a WAF front to our web application.
What is most valuable?
The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats. It's important to protect the code against the threats on the internet. It redirects any threat, any attack, to a Fail2ban mechanism.
What needs improvement?
Sometimes it's a bit difficult to check the rules because when you apply a rule, sometimes it's too much and we need to rewrite the rules and make compromises on the rules because it will block too many things. It's a bit difficult to apply the right rules for the right security.
For how long have I used the solution?
We have used AWS WAF for around a year.
How are customer service and technical support?
Their support is very good. We have an enterprise agreement with Amazon.
How was the initial setup?
I don't remember there being any problems with the setup.
What other advice do I have?
I think AWS WAF is a great solution. You can define big and a bit smaller architectures and scale out architecture as you need, due to the edge location. Its features are very amazing.
I would definitely recommend AWS WAF. I asked my security director to move from our internal WAF to the AWS WAF because we can make global unique WAF services for our on-premise web servers and also our AWS web servers with one common rule and one common authority to manage these rules
I would rate AWS WAF an eight out of ten.