#1 most frequent
United States of America
44.8%1,310 installations of 2,921
What is AWS WAF?
Amazon Web Services offers AWS WAF (web application firewall) to protect web applications from malicious behavior that might impede the applications functioning and performance, with customizable rules to prevent known harmful behaviors and an API for creating and deploying web security rules.
Categories & Use Cases
Who Buys & Uses AWS WAF
#2 most frequent
India
8.6%250 installations of 2,921
#3 most frequent
United Kingdom of Great Britain and Northern Ireland
6.7%196 installations of 2,921
Provide a Firewall to your AWS frontend using AWS WAF
Use Cases and Deployment Scope
We are using AWS WAF in front of all our CloudFront distributions and some API Gateways. We need AWS WAF to prevent DDOS attacks on our websites as it provides rules for rate limitation for requests, BOT control features, AWS Managed common rule set against dangerous IP addresses, and many more features. The introduction of AWS WAF in front of all our CloudFronts reduced many attacks and rate-limited bot requests to our websites. The WAF also provides features to send metrics to an OpenSearch distribution for all the requests based on certain criteria, allowing us to send custom alerts to Slack for imminent attacks and requests exceeding rate limitation. AWS WAF is certainly a state-of-the-art product introduced by AWS that easily integrates with most of the AWS products.
Pros
- AWS WAF prevents DDOS attacks by providing a feature to rate limit the requests originating from a certain IP address. It has prevented a lot of attacks on our websites. It is quick in identifying heavy requests on our domains and alerting us for attacks.
- AWS WAF has a BOT control feature that identifies certain BOTs attacking our frontend websites for crawling data. These BOTs just like ChatGPT try to steal our data and use it for Machine Learning purposes. AWS WAF has a ManagedRule to identify such bots that crawl the data or send bulk requests and stop the requests to reach our websites from these bots.
- An amazing feature of AWS WAF is the precedence for the rules for blocking/allowing requests. We are using a lot of AWS managed rules and sometimes the requests from our backend or from our offices were being blocked because of AWS managed rules such as rate limitation when performing stress tests on our websites. AWS WAF allows adding custom rules before the managed rules which allow certain IP addresses to send unlimited traffic to our websites and do not block our day to day work.
Cons
- AWS BOT protection is an amazing functionality but it is expensive. There are rooms for improvement in the BOT protection also to block Small Language Models. The SMLs are growing day by day and there should be some more restrictions added for these BOTs.
- One feature where WAF can improve is the metrics shown on the AWS WAF console. Sometimes it is very hard to follow these metrics. There should be an easy UI for filtering BLOCK/ALLOW requests on the AWS WAF console so that it is easy to debug why certain requests were blocked.
- The UI should not be the native cloudwatch but a separate UI can be developed that can have features to filter the requests based on the URI, path, host header, IP addresses, etc.
- I know that this can be achieved from CloudWatch and OpenSearch, but I find using these 2 a bit expensive.
- AWS WAF should expand the functionality to integrate with applications that are not hosted on AWS as well. Currently, there is no such functionality and to implement such functionality, we need to introduce an AWS managed resource infront of our current applications.
Return on Investment
- With the introduction of rate limitation using AWS WAF on our websites, we have filtered out a lot of requests that are originiating from the same IP address in a very small span of time. We identified that these are rival BOTs trying to crawl data from our websites. This reduced traffic on our websites by 20% but provided a positive impact because the rival organizations were not able to crawl data on our websites anymore.
- We have forgotten to add one of our website behind AWS WAF. What we found later was a DDOS attack on our website again and again. When we realised our mistake, we added the AWS WAF and we never saw another DDOS attack on the same domain.
- For a negative impact I can say that we are paying a lot of money for BOT protection and this disrupts the budget for DevOps team.
Usability
Alternatives Considered
Cloudflare and Akamai
Other Software Used
Cloudflare, Akamai, Amazon CloudFront
Easiest implantation of Firewall out there
Use Cases and Deployment Scope
We have several web applications running on AWS build on Laravel so we inherently have a need to secure it. DDOS attacks are common among them. as we mounted an AWS WAF before our load-Balancer. since then we have never faced any issue regarding web application security. Highly recommend it if you run critical e-commerce applications.
Pros
- DDOs attack prevention
- Cost saving if you have multiple web applications.
- One stop solution so no further efforts needed. almost everything can be handle with AWS WAF.
Cons
- AWS WAF is a bit costly if used for single applications.
- they should provide attack-wise protection, like if my certain type of application is vulnerable to DDOS then I should be able to buy WAF, especially for that attack.
- CLI tool to test in offline mode if possible.
Most Important Features
- DDOS protection
- Ability to mount in front of Load balancer
- AWS Managed service means hassle free installation
Return on Investment
- Somewhat costly if specific needs are not there.
- If security is concerned than comparatively is beneficial.
- All those price that spent on AWS WAF in return gets saved in man hours.
Alternatives Considered
Azure Firewall, Barracuda Web Application Firewall and ThreatX
Other Software Used
Azure Firewall, ThreatX, Comodo Firewall
My review on AWS Web Application Firewall
Pros
- Web traffic filtering
- Bot Control
- Real-time visibility
- Easy to monitor web traffic
- Prevent against any type of attack, like SQL code injection
- Easy to create the rules
- Easy to filter the packet as per your requirement
Cons
- Less documentation available for help in configuration and maintenance
- AWS should work on their technical support
- High price
Most Important Features
- Protection against web attacks
- Web traffic visibility
- Easily monitor, block, or rate-limit bots
- Security integrated
Return on Investment
- Very advanced features for protection against any type of attacks
- Day-to-day updates for any type of cyber attacks
Other Software Used
Check Point 4000 Appliances, Cisco 3504 WLAN Controller
Best Security Tool for Your Web Applications
Pros
- AWS WAF has the most developer-friendly API to create firewall rules.
- AWS WAF provides OWASP security controls, which reduces developers' burden (i.e., SQL injection and cross-site scripting).
- AWS WAF has customizable web security rules. The user can even push the rules through the API available, which is the great feature and helped me a lot.
- It protects applications at layer 7 (HTTP) of the OSI model and not just layer 4 (TCP).
Cons
- Need to enhance OWASP standards.
- We are limited to five rate-based rules per AWS account.
Return on Investment
- It is a little expensive but helpful in many ways to secure applications.
- Instant ability to update and change the WAF--easy to update and deploy changes and then review. Brilliant integration with other AWS services.
- It is easy to deploy.
Alternatives Considered
Barracuda Web Application Firewall
Usability
Using AWS WAF -- a native solution
Use Cases and Deployment Scope
Edge Security Control from the outside. Used to allow legitimate secure connections to you web application servers. Encryption, Mutli Factor Authentication and allowable connections are key. One of the advantages is that it is a solution that is native to the AWS Cloud platform. It is a scaleable and can meet the performance requirements.
Pros
- Perfomance
- Scalability
- Uptime
Cons
- Need to provide improved dashboard metrics
- Easy to navigate for troubleshooting purposes
- Consolidated Reporting
Most Important Features
- Performance
- Scalability
- Protection
- Availability
Return on Investment
- Performance has been relatively good
- Need to implement more features
- Quick and easy setup
Alternatives Considered
Akamai API Gateway
Other Software Used
Akamai API Gateway