We performed a comparison between AWS WAF and Microsoft Azure Application Gateway based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the parameters we compared, AWS WAF has a slight edge over Microsoft Azure Application Gateway. Our reviewers found Microsoft to have challenges with stability, scalability, and support.
"The ability to take multiple data sets and match those data sets together is the solution's most valuable feature. The data lake that comes with it is very useful because that allows us to match data sets with different configurations that we wouldn't normally be able to match."
"The most valuable feature is that it is very easy to configure. It just takes a couple of minutes."
"The product’s availability, ease of configuration, and documentation are valuable."
"The most valuable feature of AWS WAF is its highly configurable rules system."
"The most valuable feature of AWS WAF is the extra layer of security that I have when connecting to my web applications."
"The customized billing is the most valuable feature."
"The security firewall plus the features that protect against database injections or scripting,"
"The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats."
"The solution is easy to set up."
"I rate Microsoft Azure Application Gateway's scalability a ten out of ten. My company has more than 1000 users who use it daily."
"It has a filter available, although we are not currently using it because it is not part of our requirements. But it is a good option and when it becomes part of our requirements we will definitely use it."
"It does an excellent job of load balancing."
"I find Application Gateway’s WAF module valuable because it helps prevent layer 7 attacks."
"Using policies to link and manage these URL-based routing configurations is also valuable."
"I find Application Gateway’s WAF module valuable because it helps prevent layer 7 attacks."
"The security feature in all the layers of the application is the most valuable."
"We should be able to do proper whitelisting."
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"One area for improvement in AWS WAF could be the limitation on the number of rules, particularly those from third-party sources, within the free tier."
"For now, there is no feature to protect against attack of the bad bots"
"There is room for improvement in pricing."
"While the complexity of the installation can vary from one service to another, overall, I would say that it and the configuration and navigation are somewhat complex."
"The solution is cloud-based, and therefore the billing model that comes with it could be more intuitive, in my opinion. It's very easy to not fully understand how you tag things for billing and then you can quite easily run up a high bill without realizing it. The solution needs to be more intuitive around the tagging system, which enables the billing. Right now, I have a cloud architect that does that on our behalf and it isn't something that a business user could use because it still requires quite a lot of technical knowledge to do effectively."
"The product could be improved by expanding the weightage units of rules."
"It could be easier to change servicing."
"The solution is easy to use overall, but the dashboard could be updated with a better layout and graphical design so that we can see the data a bit easier. Microsoft could also add more documentation. The documentation Microsoft provides doesn't tell us about resource requirements. We found that the instances we had weren't sufficient to support the firewall, so we had to increase them."
"There is room for improvement in the pricing model."
"Application Gateway’s limitation is that the private and the public endpoint cannot use the same port."
"We faced some downtime while validating CNAME."
"The product's performance should be better."
"Implementing and standardizing the solution across the IT landscape in a heterogeneous environment is painful."
"The tool is a pain to deal with when it comes to the area of configuration."
More Microsoft Azure Application Gateway Pricing and Cost Advice →
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while Microsoft Azure Application Gateway is ranked 3rd in Web Application Firewall (WAF) with 43 reviews. AWS WAF is rated 8.0, while Microsoft Azure Application Gateway is rated 7.2. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of Microsoft Azure Application Gateway writes "High stability with built-in rules that reduce alerts and are easy to configure". AWS WAF is most compared with Azure Web Application Firewall, F5 Advanced WAF, Imperva Web Application Firewall, Fortinet FortiWeb and Cloudflare Web Application Firewall, whereas Microsoft Azure Application Gateway is most compared with F5 Advanced WAF, Citrix NetScaler, Cloudflare Web Application Firewall, Azure Front Door and HAProxy. See our AWS WAF vs. Microsoft Azure Application Gateway report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.