AWS WAF Overview

AWS WAF is the #3 ranked solution in our list of top Web Application Firewalls. It is most often compared to Microsoft Azure Application Gateway: AWS WAF vs Microsoft Azure Application Gateway

What is AWS WAF?

AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.

AWS WAF is also known as AWS Web Application Firewall.

AWS WAF Buyer's Guide

Download the AWS WAF Buyer's Guide including reviews and more. Updated: June 2021

AWS WAF Customers

eVitamins, 9Splay, Senao International


Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Developer at a tech services company with 1-10 employees
Real User
The customized billing is key for us

What is our primary use case?

Application security is our primary use case.

What is most valuable?

The customized billing is the most valuable feature.

What needs improvement?

In a future release of this solution, I would like to see additional management features to make things simpler.

What other advice do I have?

It's pretty good, as long as the pricing matches your budget. I would rate AWS WAF at eight out of ten. It does everything pretty well. I would just like additional management tools.
Founder at a consultancy with 1-10 employees
It is a one-click WAF with no effort needed, but we need more support as we go global

What is our primary use case?

The primary use case is application security. We are using the latest version.

How has it helped my organization?

It is a one-click WAF with no effort needed.

What is most valuable?

Protection and WAF.

What needs improvement?

We need more support as we go global. The UI could use improvement.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is Amazon. Everything is scalable. It is beyond what we need.

How are customer service and technical support?

We hardly received technical support on this product.

How was the initial setup?

It was super easy to set up. We did it with one click.

Which other solutions did I evaluate?

We chose this solution because…
Learn what your peers think about AWS WAF. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
509,820 professionals have used our research since 2012.
Engineer at a tech vendor with 501-1,000 employees
Real User
Integrates well with our existing AWS solution, but the UI is lacking

What is our primary use case?

We use it to protect our backend services.

Pros and Cons

  • "It's simple, easy to use."
  • "The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on."

What other advice do I have?

The integration with AWS is simple and can get you off the ground and going quickly. But you could, over time, outgrow it. We're working on having a more mature security portfolio. This allows us to have a different tool in the belt, to measure different issues that might pop up. I would rate the solution as a six out of ten because of its relative ease of use. However, it's not as configurable as a third-party option.
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees
Real User
Blocks threats to our external applications and has caught everything so far

What is our primary use case?

It is our web application firewall.

Pros and Cons

  • "The most valuable feature is the way it blocks threats to external applications."
  • "In a future release I would like to see automation. There's no interaction between the applications and that makes it tedious. We have to do the preparation all over again for each of our other applications."

What other advice do I have?

My advice is "go for it, use it." In terms of our security program's maturity, we're just beginning so we are still like a baby. But we are trying to get all the new stuff and improve altogether.
Network Analyst
Real User
Makes sure files are protected, but the solution should be more proactive in detecting threats

What is our primary use case?

It's all about the security of the cloud system.

Pros and Cons

  • "The most valuable feature is the security, making sure that files are protected, preventing unauthorized users from accessing the system."
  • "They have to do more to improve, to innovate more features. They need to increase the security. It has to be more active in detecting threats."

What other advice do I have?

Everybody handles their own platform differently. Some people love what they have but haven't necessarily experienced anything else. This platform is a good one. If you have your own platform and you think it's better, that's fine. But get a taste of this one, try it and see how it feels in terms of security. Security has always been a problem and it will always be a problem. There's no security platform or software that is 100 percent. We don't know when a Zero-day will happen. Hackers are everywhere, they are creating things and innovating every day. As far as I am concerned right now, the…