We performed a comparison between AWS WAF and NGINX App Protect based on real PeerSpot user reviews.
Find out in this report how the two Web Application Firewall (WAF) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The stability of AWS WAF is valuable."
"The most valuable aspect is that it protects our code. It's a bit difficult to overwrite code in our application. It also protects against threats."
"Its best feature is that it is on the cloud and does not require local hardware resources."
"The web solution effectively protects from vulnerabilities and cyber attacks."
"This is not a product that you need to install. You just use it."
"AWS WAF is a stable solution. The performance of the solution is very good."
"The most valuable feature of AWS WAF is its highly configurable rules system."
"The interface is good."
"We were looking for a product that is capable of complete automation and a container based solution. It's working."
"The most valuable feature of NGINX App Protect is its open source."
"The most valuable feature is that I can establish different services from the firewall."
"NGINX App Protect has complete control over the HTTP session."
"It is a very good tool for load balancing."
"NGINX App Protect's best features are auto-learning, which creates a profile of applications that are deployed, bot protection, and force protection, which lets you configure your brute force policy and alert for and prevent brute force attacks."
"It has the best documentation features."
"The most valuable feature of NGINX App Protect is the reverse proxy."
"They should work to define more threats, add more security, and make it more compliant with more security companies."
"The solution could improve by having better rules, they are very basic at the moment. There are more attacks coming and we have to use third-party solutions, such as FIA. The features are not sufficient to prevent all the attacks, such as DDoS. Overall the solution should be more secure."
"We haven't faced any problems with the solution."
"In a future release of this solution, I would like to see additional management features to make things simpler."
"The setup is complicated."
"It would be good if the solution provided managed WAF services."
"It is sometimes a lot of work going through the rules and making sure you have everything covered for a use case. It is just the way rules are set and maintained in this solution. Some UI changes will probably be helpful. It is not easy to find the documentation of new features. Documentation not being updated is a common problem with all services, including this one. You have different versions of the console, and the options shown in the documentation are not there. For a new feature, there is probably an announcement about being released, but when it comes out, there is no actual documentation about how to use it. This makes you either go to technical support or community, which probably doesn't have an idea either. The documentation on the cloud should be the latest one. Finding information about a specific event can be a bit challenging. For this solution, not much documentation is available in the community. It could be because it is a new tool. Whenever there is an issue, it is just not that simple to resolve, especially if you don't have premium support. You have pretty much nowhere to look around, and you just need to poke around to try and make it work right."
"It would be better if AWS WAF were more flexible. For example, if you take a third-party WAF like Imperva, they maintain the rule set, and these rule sets are constantly updated. They push security insights or new rules into the firewall. However, when it comes to AWS, it has a standard set of rules, and only those sets of rules in the application firewalls trigger alerts, block, and manage traffic. Alternative WAFs have something like bot mitigation or bot control within the WAF, but you don't have such things in AWS WAF. I will say there could have been better bot mitigation plans, there could have been better dealer mitigation plans, and there could be better-updated rule sets for every security issue which arises in web applications. In the next release, I would like to see if AWS WAF could take on DDoS protection within itself rather than being in a stand-alone solution like AWS Shield. I would also like a solution like a bot mitigation."
"NGINX App Protect could improve security."
"The dashboard could provide a more comprehensive view of the status of the connections."
"Currently, the policies have to be handled manually, and you have to create from scratch, which can be a bit time-consuming, in a large environment."
"They could provide a better user interface."
"The price of NGINX App Protect could improve."
"The setup of NGINX App Protect is complex. The full process took one week to complete. Additionally, we had to change the network infrastructure platform which took one month."
"Areas for improvement would be if NGINX could scan for vulnerabilities and learn and update the signatures of DoS attacks."
"The product's user interface is an area with shortcomings as it can be quite confusing for users, making it an area where improvements are required."
AWS WAF is ranked 1st in Web Application Firewall (WAF) with 52 reviews while NGINX App Protect is ranked 15th in Web Application Firewall (WAF) with 19 reviews. AWS WAF is rated 8.0, while NGINX App Protect is rated 8.2. The top reviewer of AWS WAF writes "A highly stable solution that helps mitigate different kinds of bot attacks and SQL injection attacks". On the other hand, the top reviewer of NGINX App Protect writes "Capable of complete automation but is costly ". AWS WAF is most compared with Azure Web Application Firewall, Microsoft Azure Application Gateway, F5 Advanced WAF, Imperva Web Application Firewall and Radware Cloud WAF Service, whereas NGINX App Protect is most compared with Microsoft Azure Application Gateway, F5 Advanced WAF, Fortinet FortiWeb, Cloudflare Web Application Firewall and Noname Security. See our AWS WAF vs. NGINX App Protect report.
See our list of best Web Application Firewall (WAF) vendors.
We monitor all Web Application Firewall (WAF) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.