Name: AWS WAF
Rating: 4.4 (376 reviews)

Overview

Product Information on AWS WAF

Updated 13th October 2025

What is AWS WAF?

AWS WAF is a web application firewall software designed to help organizations protect their web applications from common internet threats. The software enables users to create security rules that allow, block, or monitor web requests based on specific criteria such as IP addresses, HTTP headers, and body data. AWS WAF provides features for filtering traffic, preventing attacks including SQL injection and cross site scripting, and managing bot traffic. It integrates with other AWS services to enhance security posture, offers real time visibility into web traffic, and automates responses to detected threats. The software addresses the challenge of securing web applications against evolving cyber risks and helps organizations maintain compliance with security standards.

Overall experience with AWS WAF

Manager

Gov't/PS/ED <5,000 Employees, Education

FAVORABLE

“Centralized Dashboard Simplifies Metrics, Logs, and Trace Management for Teams”

5.0

Mar 24, 2026

The WAF provides cloud native capabilities without the need to introduce 3rd party devices which can increase complexity, overheads of administration and management.

Operations Associate

<50M USD, Transportation

CRITICAL

“Product Offers Real-Time Streaming but Struggles with False Positive Detections”

3.0

Apr 21, 2026

Strong first layer defense and lot of out of the box rules but there are lot of false positives detections

About Company

Company Description

Amazon Web Services (AWS), established in 2006, is focused on providing essential infrastructure services to businesses globally in the form of cloud computing. The key advantage offered through cloud computing, particularly via AWS, is its capacity to shift fixed infrastructure expenses into flexible costs. Businesses have been able to forgo extensive planning and procurement of servers and other Information Technology (IT) resources, owing to AWS. AWS seeks to provide businesses with prompt and cost-effective access to resources using Amazon's expertise and economies of scale, as and when their business requires. Currently, AWS offers a robust, scalable, economic infrastructure platform on the cloud powering an extensive array of businesses worldwide. It operates across numerous industries with data center locations in various parts of the globe including U.S., Europe, Singapore, and Japan.

Company Details

Company type

Public

Year Founded

2006

Head office location

Seattle, United States

Number of employees

10001+

Website

http://aws.amazon.com

Do You Manage Peer Insights at Amazon Web Services (AWS)?

Access Vendor Portal to update and manage your profile.

Key Insights

A Snapshot of What Matters - Based on Validated User Reviews

User Sentiment About AWS WAF

Reviewer Insights for: AWS WAF

Deciding Factors: AWS WAF Vs. Market Average

Performance of AWS WAF Across Market Features

AWS WAF Likes & Dislikes

It provides a rich feature set between targeted protection, the ability to configure Web ACLs, manage rule sets, including the integration with application load balancers (ALBs), AWS API gateways and others. Using AWS native tools also makes for easier support since the whole 'chain' is AWS end to end.

good range of out of the box detection rules, near real time streaming to S3 and CloudWatch

Native AWS integrations are a breeze. Managed rule groups and the ability to scope rules per resource.

None, since the tool does deliver on the capabilities and features described in their whitepapers. Since AWS has a rich set of features and capabilities, there are always new updates to stay across.

lot of false positive detections and it is not full IDS/IPS so can't detect malware payloads.

Pricing model is opaque and we've been caught by surprise on scaling before. Per-rule and per-request costs add up. Console UX can be a little painful for complex rule logic.

Top AWS WAF Alternatives

4.7

(544 Ratings)

4.8

(535 Ratings)

4.8

(480 Ratings)

View All Alternatives

Peer Discussions

AWS WAF Reviews and Ratings

Filter Reviews

Sort By:

Most helpful

Last 12 Months

Star Rating

Reviewer Type

Reviewer's Company Size

Reviewer's Industry

Reviewer's Region

Reviewer's Job Function

Manager
Gov't/PS/Ed
Education
Review Source
Centralized Dashboard Simplifies Metrics, Logs, and Trace Management for Teams
5.0
Mar 24, 2026
The WAF provides cloud native capabilities without the need to introduce 3rd party devices which can increase complexity, overheads of administration and management.
Engineer
50M-1B USD
Energy and Utilities
Review Source
Powerful AWS-native WAF taht rewards infrastructure-as-code discipline
4.0
Mar 6, 2026
AWS WAF delivers reliable, scalable web app protection that integrates well with CloudFront, Load Balancers, and API Gateway. Rule management and managed rule groups reduce operational overhead significantly, a great boon for our DevOps team.
SENIOR SECURITY ENGINEER
50M-1B USD
IT Services
Review Source
Effective Protection for Web Applications With Smooth AWS Integration Experience
5.0
Jan 30, 2026
Overall a good experience. Provides good protection against our inhouse web applications. Plus the integration with other aws services is smooth as well .Works well for small & large applications
Devops Engineer
<50M USD
IT Services
Review Source
Protecting Applications with Amazon WAF
5.0
Mar 26, 2026
I have experience working with AWS WAF to protect web applications from common web exploits and APIs from common threats like SQL injection, XSS and bot traffic. I configured custom rules and integrated WAF with CloudFront and application load balancer to control incoming traffic effectively. Used AWS Managed rules for common vulnerabilities, combined with our custom rules for application specific threats.
Operations Associate
50M-1B USD
IT Services
Review Source
WAF Delivers Reliable Security and Flexible Rules Despite Challenging UI Navigation
4.0
Feb 10, 2026
WAF provides a strong and reliable security experience. Configuration takes time to learn but overall it is effective and dependable.

...

Showing Result 1-5 of 490

Recommended Gartner Insights

Market Guide for Cloud Web Application and API Protection