AWS WAF Reviews & Product Details - Page 3

Earlier we used to get millions of requests on our APIs in few seconds that was not possible from users, it seems like DDOS attack, which was taking lots of CPU and memory, costing us a lot, then we added WAF in cloud front to block bot attacks and detect and block IPs. Review collected by and hosted on G2.com.

Overall it's good, but sometimes we do load testing it also block that IPs, it take that as bot attack. But this is also good but we want to whitelist some IPs that doesn't seems possible here, I guess.. Review collected by and hosted on G2.com.

One best thing about AWS WAF is that it allows you to customize requests and responses. For example, when AWS WAF blocks a request, the default response code sent back to the client is HTTP 403 (Forbidden). Review collected by and hosted on G2.com.

One shortcoming of AWS WAF is that it can only protect web applications built on AWS. Additionally, AWS WAF can be difficult to operate daily as it requires high rule-making knowledge. Review collected by and hosted on G2.com.

A lot of managed rules available, easy to setup and a lot of integrations available. Review collected by and hosted on G2.com.

The limitation for POST body check is well-known, about it not covering the entire request body (first 16kb by default), while other products are offering instead. Review collected by and hosted on G2.com.

AWS Web Application Firewall bot filtering Review collected by and hosted on G2.com.

AWS Web Application Firewall only attached to few resources like can't be attach in EC2 Review collected by and hosted on G2.com.

WAF is an essential tool by AWS that can provide an extra layer of security for DDOS Attacks and more that can harm your system at any moment, the rules and conditions to block countries and see logs is great. Review collected by and hosted on G2.com.

There should be a feature where we can see the logs in a more detailed manner and some more explanation on how priority works. Review collected by and hosted on G2.com.

Overall experience with AWS WAF is excellent. AWS WAF has various features to protect our applications & API against DDoS attacks, Unknown exploits & Bots. The real-time detection for HTTPS Monitoring helps us get the actual traffic to the application and its block traffic of Bots. Review collected by and hosted on G2.com.

No, we haven't faced any challenges with AWS WAF Review collected by and hosted on G2.com.

We have been recommending and leveraging WAF to multiple clients. WAF provides multiple managed protection policies managed by aws and integration of third-party services. The best thing is that it's easy to set up and integrate with CloudFront, load balancer, or API gateway. There is multiple customizations that can be performed like rate limiter rules, aws managed rules, or custom rules to make sure your system is protected from the external threat or major attacks. Review collected by and hosted on G2.com.

Though it's easier to set up it doesn't offer total security. For eg, companies that are in the payment gateway sector won't benefit from waf as in rate limit rule min threshold per source-based IP is 100,i.e., if a particular IP attempts 100 times in 5 mins then it will block that IP and with hackers coming with multi IP approach it becomes inefficient. The alternate is to use Shield advanced but there are major third party tools like Cloudflare which provides better DDoS protection and I would like aws should enhance their waf efficiency Review collected by and hosted on G2.com.

How easy it is to set up on an already existing environment, especially in the context of AWS EC2, you configure it, and your web application or API Backend is instantly secured. Review collected by and hosted on G2.com.

Exclusive to AWS would be one downside, in my opinion. This should have been a universal service, and some cost-effectiveness would have been significant. But overall its a hefty service to deal with internet security Review collected by and hosted on G2.com.

well documented and have a great environment of Review collected by and hosted on G2.com.

it is a little complex about the pricing costs Review collected by and hosted on G2.com.

It can be easily associated with any Cloud front or CDN and using web ACL we can define very condition easily and can be customized and highly scalable rules which will help web application hosting content can be secured from web attacks Review collected by and hosted on G2.com.

Once the rules are configured it takes time to get live and sometimes if you put more rules, it could also raise certain performance problems as well, which they can improve Review collected by and hosted on G2.com.