Compare AWS WAF vs. Cloudflare
AWS WAF is ranked 4th in Web Application Firewall (WAF) with 10 reviews while Cloudflare is ranked 2nd in Web Application Firewall (WAF) with 7 reviews. AWS WAF is rated 7.8, while Cloudflare is rated 8.6. The top reviewer of AWS WAF writes "Makes sure files are protected, but the solution should be more proactive in detecting threats". On the other hand, the top reviewer of Cloudflare writes "The dashboard is very well thought out, giving useful information". AWS WAF is most compared with Microsoft Azure Application Gateway, Imperva Incapsula and Akamai Kona Site Defender, whereas Cloudflare is most compared with Imperva Incapsula, Akamai and F5 BIG-IP. See our AWS WAF vs. Cloudflare report.
Most Helpful Review | |||
| |||
 Find out what your peers are saying about AWS WAF vs. Cloudflare and other solutions. Updated: March 2020. 408,726 professionals have used our research since 2012. | |||
Quotes From Members
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
Pros | |
The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats. The most valuable feature is the scalability because it automatically scales up or scales down as per our requirements. The security firewall plus the features that protect against database injections or scripting, The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match. The initial setup was very straightforward. Deployment took about ten minutes or less. The customized billing is the most valuable feature. It is a one-click WAF with no effort needed. It is Amazon. Everything is scalable. It is beyond what we need. | The technical support is good. The most valuable feature of Cloudflare is that it has a free version. They give us the free version with the anti-DDoS features and also the load balancing solution. Cloudflare allows us to self-host services such as Rocket.Chat and Node-RED, in high-availability mode, thanks to round robin DNS which allows us to share one hostname between our two locations. When using services like Heroku, Cloudflare is very useful for CNAME flattening. I also use it for their end-to-end SSL with TLS authentication on nginx for securing servers. Centralized, full-featured DNS. The simplicity of the overall dashboard makes it a great product for a user like me who has less understanding of the internet than a developer or other more technical people. It gives me peace of mind. I also love the easy customization of the Page Rules. |
Cons | |
It's a bit difficult to apply the right rules for the right security. I would like to be able to view a graphical deployment map in the user interface that will give me an overview of the configuration and help to determine whether I have missed any steps. For now, there is no feature to protect against attack of the bad bots The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively. They should work to define more threats, add more security, and make it more compliant with more security companies. In a future release of this solution, I would like to see additional management features to make things simpler. We need more support as we go global. The user experience, the interface, is lacking. Sometimes it's hard to find certain areas that it has alerted on. | The product support needs to be accessible from more places, a wider area of coverage. If they improve on the placement of their data centers, it would be better. I'm living in a remote area. I would like to connect to them without any kind of lag. Sometimes their more advanced caching tools can cause higher first-byte times and problems with JavaScript. They lack a good way to manage DNS as a company, since everything is relegated to single account logins until you get to the higher levels. They have come out with a paid feature to remedy this, but I have not had a chance to fully review it yet to know if it fixes the access problem. One area of improvement is in the Access Rules. Hypothetically, if we wanted to block or challenge traffic outside of the United States, the only way to currently do that (as far as I know) is to enter every single country outside of the United States. That could be a labor intensive job. A solution could be to enable users to create a rule where traffic is only allowed within a certain country. I think the APIs are a little bit hard for us to work with. The APIs could be more open so that we could integrate better with our SolarWinds or our monitoring solution. The reporting can definitely be improved to offer a lot more explanation on something that may have happened or has actually happened. |
Pricing and Cost Advice | |
There are different scale options available for WAF. There are no costs in addition to the standard licensing fees. It's an annual subscription. | There are no additional costs beyond the standard licensing fees. I think the pricing is competitive. I think as far as licensing is concerned it's pretty straightforward because it's based on domain. It's just that sometimes domains could be tricky with some customers. |
 Use our free recommendation engine to learn which Web Application Firewall (WAF) solutions are best for your needs. 408,726 professionals have used our research since 2012. | |
Ranking  | |
Views 4,851 Comparisons 3,932 Reviews 10 Average Words per Review 376 Avg. Rating 7.7 | Views 17,210 Comparisons 14,649 Reviews 7 Average Words per Review 392 Avg. Rating 8.6 |
Top Comparisons | |
 Compared 14% of the time.  Compared 13% of the time.  Compared 13% of the time. | Compared 19% of the time. Compared 7% of the time.  Compared 6% of the time. |
Also Known As | |
| AWS Web Application Firewall | |
Learn | |
| Amazon Video Not Available | Cloudflare |
Overview | |
AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules. | Cloudflare is the leading performance and security company helping to build a better Internet. Today the company runs one of the world’s largest networks that powers more than 9 million Internet applications. More than 10 trillion Internet requests flow through Cloudflare’s network each month, accounting for nearly 10% of all Internet requests globally. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with each new site added. As a result, they see significant improvement in performance and a decrease in spam and other attacks. |
Offer | |
Learn more about AWS WAF | Learn more about Cloudflare |
Sample Customers | |
| eVitamins, 9Splay, Senao International | Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more. |
Top Industries | |
Software R&D Company37% Media Company16% Comms Service Provider12% Retailer6% | Energy/Utilities Company18% Marketing Services Firm18% Financial Services Firm18% Engineering Company18% Software R&D Company32% Comms Service Provider12% Media Company9% Insurance Company6% |
Find out what your peers are saying about AWS WAF vs. Cloudflare and other solutions. Updated: March 2020.
408,726 professionals have used our research since 2012.
See also AWS WAF Reviews, Cloudflare Reviews, and our list of Best Web Application Firewall (WAF) Companies.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post
reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference
with LinkedIn, and personal follow-up with the reviewer when necessary.