Sold by: F5, Inc.
Deployed on AWS
Protect against web exploits. F5 Web Exploits Rules for AWS WAF, provides protection against web attacks that are part of the OWASP Top 10, such as: SQLi, XSS, command injection, No-SQLi injection, path traversal, and predictable resource.
3.7
Overview
F5's Managed Rules for AWS WAF offer an additional layer of protection that can be easily applied to your AWS WAF. F5's Web Exploits OWASP rules help mitigate attacks seeking to exploit vulnerabilities that are part of the OWASP Top 10, such as: SQL injection, cross-site scripting (XSS), command injection, No-SQL injection, path traversal, predictable resource and more. All rules are written, managed and regularly updated by F5's security specialists to ensure protection against evolving threats without the need for intervention on your part. The rules are licensed on a pay-as-you-go basis so you will only pay for what you use. Deployment guidance can be found at https://pages.awscloud.com/rs/112-TZM-766/images/F5_OWASP_Getting%20Started%20Guide.pdf
Alternatively, if you require more sophisticated protection then F5's Advanced WAF may be a more appropriate solution. Leveraging behavioral analytics, machine learning and deep app expertise to thwart complex attacks such as L7 DoS, simple automated bot threats and API protocol attacks, F5 Advanced WAF affords apps and data unrivaled protection. Learn more about F5 Advanced WAF here (https://aws.amazon.com/marketplace/pp/prodview-cs4qijwjf3ijs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa ) or contact our sales organizationhttps://www.f5.com/products/get-f5?ls=meta#contactsales
Highlights
- Easily Enhance Security - No security expertise needed, simply attach rules to your AWS WAF instances to immediately bolster protection.
- Continuously Updated - Rulesets are monitored, maintained and update by F5's security experts to ensure protection against evolving threats.
- Fast & Simple Deployment - Attach F5's WAF rules to your AWS WAF instance in a matter of minutes following three simple deployment steps.
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
Charge per month in each available region (pro-rated by the hour) | $20.00 |
Charge per million requests in each available region | $1.20 |
Dimensions summary
F5 Rules for AWS WAF follows a two-part pricing model on AWS Marketplace. The monthly regional charge covers the base subscription for maintaining and updating the WAF rules in each AWS region you deploy, with the flexibility of hourly prorating. The per-million requests pricing applies to the actual traffic processed through the WAF rules in each region, ensuring you only pay for the protection you use. This straightforward model combines fixed and variable costs to align with your security needs and usage patterns.
Top-of-mind questions for buyers like you
How does the monthly regional charge work for F5 Rules for AWS WAF?
The monthly regional charge is a base fee applied for each AWS region where you deploy F5's WAF rules. This charge covers continuous rule updates, maintenance, and access to F5's security expertise, while being prorated hourly to provide deployment flexibility and cost optimization.
What defines a billable request in the per-million requests pricing?
A billable request is any web traffic that passes through your AWS WAF using F5's rule sets. This includes API calls, web page requests, and any other HTTP/HTTPS traffic that is evaluated against the F5 security rules, with charges calculated based on the total volume of requests processed in each region.
Are there any prerequisites or additional AWS costs to consider?
While F5's pricing covers the rules and updates, you need an active AWS WAF deployment which incurs separate AWS charges. The AWS WAF costs include web ACL capacity units (WCU) and per-request charges that are billed directly by AWS, independent of F5's pricing.
Vendor refund policy
For this offering, F5 does not offer refund, you may cancel at anytime.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
F5 Rules for AWS WAF are supported via F5 DevCentral - F5's extensive community of experts, developers and users addressing technical issues related to F5 products. If you have any questions or need assistance with any aspect of F5's rulesets please submit a question with the tag 'F5 rules for AWS WAF' (http://devcentral.f5.com/s/questions?tag=F5+Rules+for+AWS+WAF ). Response times may be up to 2 days. For online information regarding F5 Rules for AWS WAF, please refer to https://support.f5.com/csp/article/K21015971 . For any infrastructure and WAF related questions please contact AWS Support (https://aws.amazon.com/contact-us ) for AWS WAF related assistance.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Fortinet Inc.
By Cyber Security Cloud
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
OWASP Top 10 Attack Protection
Provides protection against web attacks including SQL injection, cross-site scripting (XSS), command injection, NoSQL injection, path traversal, and predictable resource exploitation.
Managed Rule Updates
Rules are written, managed and regularly updated by F5's security specialists to ensure protection against evolving threats without requiring manual intervention.
AWS WAF Integration
Rules can be attached to AWS WAF instances for immediate deployment and protection enhancement.
Automated Threat Detection
Utilizes security expertise to identify and mitigate vulnerabilities that are part of the OWASP Top 10 attack vectors.
Pay-as-You-Go Licensing Model
Rules are licensed on a consumption-based pricing structure where usage determines costs.
OWASP Top 10 Protection Coverage
Comprehensive ruleset protecting against all OWASP Top 10 web application threats including SQL Injection, Cross Site Scripting, General and Known Exploits, Malicious Bots, and Common Vulnerabilities and Exposures (CVE)
Threat Intelligence Updates
Regular updates from FortiGuard Labs to include latest threat information and security signatures
Configurable Response Actions
Rules can be configured to log, alert, and/or block detected threats
FortiWeb Security Signatures
Rulesets based on FortiWeb web application firewall security service signatures
AWS WAF Integration
Managed rule group compatible with AWS WAF for web application firewall deployment across multiple web ACLs and regions
Threat Intelligence Integration
Rulesets regularly updated with latest threat alerts using Cyber Threat Intelligence
OWASP Top 10 Coverage
Comprehensive protection against all OWASP Top 10 Web Application Threats
Code Injection Prevention
Managed rules targeting code injection techniques including SQLi, NoSQLi, and OS command injection
Technology-Specific Vulnerability Protection
Dedicated rules for known exploits in Apache Struts2, Apache Tomcat, Oracle WebLogic, WordPress, Drupal, and Joomla
Malicious Bot Detection
Malicious Bots rulesets included for bot-based threat mitigation
Standard contract
No
No
No
Customer reviews
IsaacHernandez
Managed rules have strengthened our API security and have reduced time spent on threat analysis
Reviewed on Jun 26, 2026
Review from a verified AWS customer
What is our primary use case?
Our main use case for F5 Rules for AWS WAF is for our APIs.
We use F5 Rules for AWS WAF to block common attack patterns such as cross-site scripting and SQL injection. For example, when requests contain a certain payload in the headers, the firewall can block or count them before they reach the application or endpoints. We usually start in count mode, review logs for false positives, and move the rules to block mode once we are confident that we're not affecting legitimate users.
One unique way we use F5 Rules for AWS WAF is as part of our firewall control deployment when we're deploying a new application or API.
What is most valuable?
In my opinion, the best features F5 Rules for AWS WAF offers include fast protection by managed rules, easy implementation, senior vulnerability management, and the necessary scanning for our team, which can range from more standard to reactive, allowing us to wait for an answer while we're loading the problem on the firewall.
Mostly, I mean both easy implementation and customization. From the implementation side, it is a straightforward deployment.
F5 Rules for AWS WAF makes my team's life easier because they can focus on new features and not spend as much time reviewing security requirements. In this case, I can say that having the lock or control in the log is great.
One feature that we appreciate about F5 Rules for AWS WAF is the visibility through the AWS WAF logs. I will also highlight that combining F5 Rules for AWS WAF Managed Rules with custom AWS rules gives us a good balance for our specific applications.
F5 Rules for AWS WAF has positively impacted us by improving our web application security without adding too much operational overhead.
The main improvements we noticed with F5 Rules for AWS WAF include reducing malicious traffic, better visibility, and more confidence.
The workload decreases mainly in analyzing malicious traffic thanks to F5 Rules for AWS WAF.
What needs improvement?
I think F5 Rules for AWS WAF could be improved mainly around visibility, specifically having more actionable recommendations for false positives.
For example, when a request to a popular application is blocked, a recommendation can make it faster to decide whether it is good or bad. I would appreciate a stronger preview dashboard showing blocked requests, source IPs, and maybe a CI/CD example will help with the implementation.
The most useful change for F5 Rules for AWS WAF would be rule-level allow listing and exception management. For example, if a legitimate request is blocked by a rule, we should be able to see which rule is blocking it and have a recommended exception option to check the impact of allowing it. That will make false positive handling much faster and easier.
For how long have I used the solution?
I have been using F5 Rules for AWS WAF for around five years.
What do I think about the stability of the solution?
F5 Rules for AWS WAF is stable and reliable in my experience.
What do I think about the scalability of the solution?
F5 Rules for AWS WAF can work with multiple environments, and we can also create some custom rules when required.
How are customer service and support?
I had to contact support once for a question about F5 Rules for AWS WAF. I remember it was a friendly and quick experience without any problem.
Which solution did I use previously and why did I switch?
Before using F5 Rules for AWS WAF, we mainly used native AWS WAF managed rules and some custom WAF rules. We switched because F5 Rules for AWS WAF gave us stronger managed security.
How was the initial setup?
My experience with pricing, setup cost, and licensing for F5 Rules for AWS WAF was very straightforward because it's all included on the vendor's side.
What about the implementation team?
We are just a customer of F5 Rules for AWS WAF, with no other business relationship with this vendor.
What was our ROI?
We noticed ROI with F5 Rules for AWS WAF. F5 Rules for AWS WAF includes a lot of content, so in this case, I will estimate it simplifies our life and reduces the security work on common web attack patterns.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for F5 Rules for AWS WAF was very straightforward because it's all included on the vendor's side.
Which other solutions did I evaluate?
We evaluated other options before choosing F5 Rules for AWS WAF.
What other advice do I have?
I would rate F5 Rules for AWS WAF a nine out of ten.
I chose nine out of ten because of the auto-update for new features and the preview log.
Regarding F5 Rules for AWS WAF's AI capabilities, I would say that it is not mainly an AI platform.
From a governance and security perspective, F5 Rules for AWS WAF is solid because we can manage rules, get notifications about rule updates, and see who made changes to the configuration, but I think that the governance could be more robust.
I want to continue with F5 Rules for AWS WAF.
For AI capabilities, I will not describe F5 Rules for AWS WAF as having them.
My advice for others looking into using F5 Rules for AWS WAF is to start with count mode, not block mode. I rate F5 Rules for AWS WAF a nine out of ten overall.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Iurii Efimov
Advanced web protection has prevented incidents and secures our applications continuously
Reviewed on Jun 23, 2026
Review from a verified AWS customer
What is our primary use case?
F5 Rules for AWS WAF manages the security rule set by applying the rules and setting the block directly in AWS WAF to provide advanced protection against web application attacks, bots, threats, and some known vulnerabilities. This enhanced security coverage protects our product against all OWASP Top 10 attacks.
How has it helped my organization?
F5 Rules for AWS WAF has positively impacted our organization by empowering our security. The best thing is that we haven't noticed anything because of those rules applied, and we are secured.
What is most valuable?
Easy AWS integration is one of the best features F5 Rules for AWS WAF offers. The easy AWS integration can be attached to existing AWS WAF deployments within minutes and works with CloudFront application load balancers and APIs, which has improved our team's workflow.
What needs improvement?
The additional costs for F5 Rules for AWS WAF are quite high, as F5 managed rules require a separate subscription on top of the standard AWS WAF charges; it would be great if it would be pre-integrated.
Some F5 rules groups consume significantly more AWS capacity units than comparable AWS managed rule sets, which can limit how many rule groups fit into web ACLs.
For how long have I used the solution?
I have been working in my current field for three and a half years.
What do I think about the stability of the solution?
F5 Rules for AWS WAF is stable.
What do I think about the scalability of the solution?
I rate the scalability of F5 Rules for AWS WAF at ten out of ten.
How are customer service and support?
I never reached out to customer support because of no need, but I believe it's great.
Which solution did I use previously and why did I switch?
I previously used a standard AWS rule set before switching to F5 Rules for AWS WAF. I evaluated a standard AWS managed rule set before upgrading to F5 Rules for AWS WAF.
How was the initial setup?
I purchased F5 Rules for AWS WAF through the AWS Marketplace .
What was our ROI?
In the past few years, we have zero security incidents, indicating a return on investment.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for F5 Rules for AWS WAF includes additional costs and high WCU consumption usage, so I'm not one hundred percent happy.
What other advice do I have?
I rate F5 Rules for AWS WAF eight out of ten because of the improvement points I mentioned before. Regarding F5 Rules for AWS WAF's AI capabilities, I would say its governance and security are pretty high, so I give it a ten out of ten.
I would say the accuracy and reliability of output for F5 Rules for AWS WAF are pretty high, as it's based on the data from my account. The accuracy and reliability are based on data from my own AWS account.
I would recommend connecting it from the beginning instead of using standard AWS managed rule sets. My overall review rating for F5 Rules for AWS WAF is eight out of ten.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Pranav Telang
Managed security rules have reduced web threats and now streamline our incident response
Reviewed on Jun 18, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for F5 Rules for AWS WAF is to strengthen our security posture for our public-facing application for one of our US-based clients hosted on AWS , enhancing protection against common web attacks without introducing significant operational complexity. A specific example of how we use F5 Rules for AWS WAF for our public-facing application is that it allows us to quickly extend the native capability of AWS WAF , helping us detect and mitigate common threats such as SQL injection attempts, cross-site scripting, malicious bots, and exploitation techniques. This solution reduces the effort to maintain custom signatures while still providing strong security coverage.
What is most valuable?
The best features F5 Rules for AWS WAF offers include the pre-managed rules which help us identify the kind of traffic we receive from the external side, enabling us to adjust the sub-order rules to block CAPTCHAs or challenges to distinguish between legitimate traffic and possible bots.
F5 Rules for AWS WAF integrates seamlessly with our AWS WAF , protecting our application load balancer, and it provides automation benefits by incorporating F5 managed rules deployment into our infrastructure as code in our CI/CD pipeline. This reduces the operational burden on our security team by automatically addressing issues. F5 Rules for AWS WAF has positively impacted our organization by improving our security posture and reducing the operational efforts of our security team in managing WAF policies. After implementing F5 Rules for AWS WAF, we observed a reduction of approximately 60 to 70% in web application security incidents reaching our application team, particularly blocking common threats like bot traffic and SQL injections without impacting our downstream systems.
What needs improvement?
F5 Rules for AWS WAF could be improved with deeper integration with Infrastructure as Code tools like Terraform for simplification, as well as more AI-driven recommendations for rules tuning to reduce false positives and better dashboards for visibility at the CXO level.
I would appreciate more frequent rules updates and better documentation from F5.
For how long have I used the solution?
I have been using F5 Rules for AWS WAF for almost two and a half years.
What do I think about the stability of the solution?
F5 Rules for AWS WAF is stable in my experience, providing comprehensive managed rules coverage and reducing operational overhead compared to the AWS native managed rules.
What do I think about the scalability of the solution?
F5 Rules for AWS WAF is well-scalable with our AWS WAF and native environments.
How are customer service and support?
My experience with customer support for F5 Rules for AWS WAF is good, though I believe more detailed documentation for custom rules is needed.
Which solution did I use previously and why did I switch?
I previously used Imperva before switching to F5 Rules for AWS WAF.
How was the initial setup?
I purchased F5 Rules for AWS WAF through the AWS Marketplace .
What was our ROI?
After implementation, we saw a reduction of 40 to 50% in time spent by our security team, as the managed rule sets maintained by F5 significantly reduced the manual effort in administration while enhancing protection against common web attacks.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing has been fair, though it is an additional cost for customers seeking strong security coverage without needing separate WAF infrastructure.
Which other solutions did I evaluate?
We evaluated other options including Imperva and Cloudflare before choosing F5 Rules for AWS WAF.
What other advice do I have?
F5 Rules for AWS WAF has an accuracy of about 80 to 90% in blocking common threats, providing a good balance between security coverage and false positives.
I advise others looking into using F5 Rules for AWS WAF to clearly understand their application traffic and security requirements before deployment to add significant value, and to consider leveraging F5's threat intelligence managed rules while implementing automation in policy management. I rate this product an 8 overall.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Ayodeji Bayo-Makinde
Automated web protections have reduced manual security overhead but still require fewer false positives
Reviewed on Jun 13, 2026
Review from a verified AWS customer
What is our primary use case?
F5 Rules for AWS WAF is mainly used for securing web applications to protect against web attacks, including common web attacks like DDoS and SQL injection.
With a particular client use case, the client had a gateway or an app gateway into their application. F5 Rules for AWS WAF was placed in front of that application so that it screens traffic coming in. This way, it serves as the first point of contact when a client makes a request to the application, offering the first level of protection for the application.
If the application is in development or you are trying to make the application only available to a specific set of people, you can streamline the rules in F5 Rules for AWS WAF to allow only a certain IP address range.
What is most valuable?
F5 Rules for AWS WAF offers very strong protection against common web attacks, including DDoS attacks. The rules are frequently updated on the WAF, and it provides enterprise-grade threat intelligence. This helps to proactively prevent threats even before they happen and reduces operational burden on the organization's part by reducing the need to set rules manually.
The automatic rule updates in F5 Rules for AWS WAF help because the team does not have to worry about keeping up to date with the latest threats that come up in the web space. F5 handles figuring out and updating the rules to match current threats. This eliminates the need to evaluate and spend time determining which rules need to be updated for better threat protection.
F5 Rules for AWS WAF has greatly helped to positively reduce operational burden because previously dedicated resources were required to update WAF rules. Although specific time metrics are not available, F5 Rules for AWS WAF has greatly reduced the resources allocated to putting in rules, freeing up those resources to handle other tasks and thereby helping to improve efficiency.
Employees' time has been saved with F5 Rules for AWS WAF. Without F5 Rules for AWS WAF, some employees would need to be put in charge of setting up the rules on the WAF and then updating them. Since those resources no longer need to be dedicated to that task, they can be moved to deal with other work, thereby helping to increase efficiency.
What needs improvement?
There are potential false positives in F5 Rules for AWS WAF that sometimes require tuning. If those false positives could be worked out of the system or reduced to a lesser number, that would be beneficial.
There is limited visibility into the proprietary rule logic in F5 Rules for AWS WAF. If documentation could be expanded more on the rule logic and how the system comes up with its rules, that would be very helpful.
While F5 Rules for AWS WAF is very good and works well, it is an additional cost beyond the regular AWS WAF . The limited visibility into the proprietary rule logic is also a bit of a drawback.
For how long have I used the solution?
F5 Rules for AWS WAF has been used for about two years.
What do I think about the stability of the solution?
F5 Rules for AWS WAF is fairly stable, and I have not really encountered a lot of bugs or glitches.
What do I think about the scalability of the solution?
In the AWS cloud, F5 Rules for AWS WAF is fairly scalable, and scalability is at an acceptable level for what it is as a managed web application firewall.
How are customer service and support?
I have not really had to use customer support for F5 Rules for AWS WAF very much, but from what I have heard, it is fairly good and up to standard.
Which solution did I use previously and why did I switch?
Previously, AWS WAF was manually updated by the team, and that was causing too much strain on the available human resources. This necessity led to the change to using F5 Rules for AWS WAF.
How was the initial setup?
Pricing for F5 Rules for AWS WAF was fair for the going market rate. Setup was mostly seamless and not complicated. A good experience was had on that front.
Which other solutions did I evaluate?
Other options were not really evaluated before choosing F5 Rules for AWS WAF. What was wanted was known, and F5 Rules for AWS WAF checked all the boxes.
What other advice do I have?
F5 Rules for AWS WAF's AI capabilities have not been interacted with much so far, but given the way the resource itself is structured, the security would be expected to be top-notch, and governance would be up to standard.
F5 Rules for AWS WAF has not been interacted with much, but from what has been heard from others, it is quite good and up to standard. It is good enough for the prevailing standard right now.
F5 Rules for AWS WAF is definitely recommended. It is a good tool for anyone to try and see if it matches their use case, and it is something that an organization can really benefit from. The overall review rating for F5 Rules for AWS WAF is seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Harsh Goenka
Advanced security rules have reduced attacks and protect critical web and API traffic
Reviewed on Jun 11, 2026
Review from a verified AWS customer
What is our primary use case?
I am using F5 Rules for AWS WAF for security checks and to implement policies to filter out network traffic and block malicious traffic. In my environment, all traffic goes through these WAF protections, and I have one tool installed in a VM through which all traffic is routed. I have implemented WAF rules on top of that infrastructure, and I have some applications running behind a load balancer. I have configured WAF rules for those load balancers to stop SQL injection, prevent DDoS attacks, implement OWASP protection, and validate rules based on headers.
What is most valuable?
The best feature that I appreciate about F5 Rules for AWS WAF is the dedicated API security where you can implement XML and JSON-based payload inspection. You have OWASP protection, including cross-site scripting and SQL injection prevention. Advanced bot protection is available to guard against web scrapers, system bots, and DDoS tools. F5 Rules for AWS WAF also provides CVE-specific protections, and because F5 manages those rules, they are continuously updated and managed. Easy integration with AWS services such as CloudFront or load balancers and enterprise-level threat intelligence are also provided.
The most important feature I would say is the OWASP protection that it provides.
F5 Rules for AWS WAF's OWASP protection and bot protection have reduced attacks on my applications by 72 to 90%. Almost all attacks are detected earlier, and because of its bot protection, my sites are not getting overloaded and clients are able to browse the application without bots requesting my load balancer and consuming excessive resources.
I have access to the load balancers' CloudWatch metrics from F5 Rules for AWS WAF, which shows how many requests are being received and how many unique users I have. I can list requests based on the WAF and determine how many IP addresses are requesting my load balancer. Through load balancer logs and metrics, I can confirm that attacks have been reduced by 72 to 90%.
What needs improvement?
Nowadays, we know that sometimes LLMs are behind the scenes as well. Although I know some rules are the same for those applications because we do not really expose them, guardrails for LLM applications would be beneficial. WAF rules configured to protect LLMs to work as guardrails would be much better.
F5 Rules for AWS WAF is really good, and if a couple of guardrails for LLM operations and LLMs could be introduced, that would be an improvement.
For how long have I used the solution?
I have been using this tool for two years.
What do I think about the stability of the solution?
F5 Rules for AWS WAF is stable.
What do I think about the scalability of the solution?
F5 Rules for AWS WAF is scalable because there is nothing that impacts scalability. It is not an application; it is just the rules that are configured in AWS WAF , so there is no scope of scalability as such.
How are customer service and support?
Customer support for F5 Rules for AWS WAF is really good, with representatives being helpful and responding fast.
Which solution did I use previously and why did I switch?
I was using native tools only before F5 Rules for AWS WAF, and sometimes I used other open source WAF providers. However, those open source tools, being free, do not have the capabilities at an enterprise level. Thus, I chose to move to F5 Rules for AWS WAF.
What was our ROI?
I did see a return on my investment with F5 Rules for AWS WAF because I was able to detect attacks earlier, and because of this, my resources were not scaling continuously, thus saving costs on resources. Secondly, the client had a good experience because the application was not slow, which was previously happening because of continuous bot requests. Additionally, I now do not need many people checking the environment; I have AI capabilities and a few-member team can use those to help us out.
What's my experience with pricing, setup cost, and licensing?
My experience with the pricing, setup cost, and licensing for F5 Rules for AWS WAF was good with purchasing and the setup cost.
Which other solutions did I evaluate?
I did evaluate other options before choosing F5 Rules for AWS WAF. I evaluated native AWS security tools including AWS Network Policies, Firewall Policies, Control Tower at the organizational level, AWS WAF , and AWS Shield .
What other advice do I have?
I would give F5 Rules for AWS WAF a rating of 10 out of 10.
The reason I choose a rating of 10 for F5 Rules for AWS WAF is that I am already using it at an enterprise level, and the amount of rules and the level of rules they have is really good. I do not have to deep-dive into the rules configuration part; it saves time. Since it is managed by F5, it is trustable and advanced.
When we have those AI capabilities, I am completely aligned with the governance and security for F5 Rules for AWS WAF. Those capabilities are secure and will adhere to the policies that AWS follows; no data will be used outside the client’s environment and without the client’s permission. When we talk about the AI capabilities, I am only reading the data; I am not exposing it, and I am not using it; I am just protecting the data. I am completely aligned with the governance and security.
The accuracy and reliability of output from F5 Rules for AWS WAF is really accurate and reliable. There is always a scope of false positives as that is what AI systems are based on. Those are things that are not yet improved, but overall, I am satisfied.
I would really advise others looking into using F5 Rules for AWS WAF to go with it if they are at an enterprise level; it would be really good for them to use. If they are not at the enterprise level, the cost can really affect the environment. However, if they are at an enterprise level and want to switch to an advanced solution, I would recommend F5 Rules for AWS WAF.