Sold by
Cloudbric Managed Rules for AWS WAF - OWASP Top 10 Rule Set
Cloudbric Managed Rules for AWS WAF - OWASP Top 10 Protection provides security against threats from OWASP Top 10 Web Application Security Risks such as SQL Injection and Cross-Site Scripting (XSS).
Reviews (9)
Mario Rodríguez Hernández
Managed rules have streamlined deployments and have improved security for internet-facing apps
Reviewed on Jun 18, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Cloudbric Managed Rules for AWS WAF is to associate it with CloudFront distributions, API Gateway, and application load balancers in the different applications that I deploy on AWS.
A specific example of how I integrate Cloudbric Managed Rules for AWS WAF in my applications is that I have associated it with an application that is exposed to the internet, both in API Gateway and in CloudFront, where it provides me with very high security and I do not have to get directly involved in managing the WAF rules, since they are already managed for me by this solution.
What is most valuable?
I consider the best features offered by Cloudbric Managed Rules for AWS WAF to be ease of use.
Regarding ease of use, I find it especially simple and intuitive when working with this solution because since it is a Marketplace product, I just purchase it and it already appears as an option within WAF, and those rules are provided to me and I do not have to do anything else; I do not have anything to manage or create.
Cloudbric Managed Rules for AWS WAF has positively impacted my organization by improving both security and efficiency when deploying these services without having to manage or create those WAF rules myself.
It has improved efficiency in deployments because I do not need a specific security profile; instead, once I purchase the product, I link those rules to the different CloudFront and ALB and API Gateway, as I mentioned before, and I do not worry about it anymore. I need fewer staff on projects.
What needs improvement?
I would like Cloudbric Managed Rules for AWS WAF to continue being improved.
For how long have I used the solution?
I have been using Cloudbric Managed Rules for AWS WAF for one year.
What do I think about the stability of the solution?
I consider Cloudbric Managed Rules for AWS WAF to be stable.
What do I think about the scalability of the solution?
I find the scalability of Cloudbric Managed Rules for AWS WAF adapts to the growth of my needs.
How are customer service and support?
My experience with the customer support of Cloudbric Managed Rules for AWS WAF has been positive; I have not had to use it.
Which solution did I use previously and why did I switch?
I used the native AWS ones before Cloudbric Managed Rules for AWS WAF and decided to switch because these were more secure.
I used Amazon's native managed rules and I moved to Cloudbric Managed Rules for AWS WAF because in forums and from various specialists they indicated that these were of higher quality and provided greater security for applications.
How was the initial setup?
I purchased Cloudbric Managed Rules for AWS WAF through the AWS Marketplace.
What was our ROI?
I have seen a return on investment with this solution, particularly in terms of staff reduction.
Since I started using this tool, I estimate that I need one fewer person per project.
What's my experience with pricing, setup cost, and licensing?
My experience with the price, implementation costs, and licensing of this tool was that I did not have any noteworthy problems; everything went smoothly.
Which other solutions did I evaluate?
Before choosing Cloudbric Managed Rules for AWS WAF, I evaluated other options such as the managed rules from Fortinet and I chose these because they had a better price.
What other advice do I have?
My advice to other people who are considering using Cloudbric Managed Rules for AWS WAF is to analyze the results it can give them, and how it can make their applications more secure and better protected from the internet. I would rate this solution an 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Ayodeji Bayo-Makinde
Granular api security has freed team resources and reduced effort but detection accuracy needs work
Reviewed on Jun 13, 2026
Review from a verified AWS customer
What is our primary use case?
Currently, I use Cloudbric Managed Rules for AWS WAF for one of my AWS Load Balancer integrations, placing the managed rules in front of my load balancer as a form of security measure for traffic coming into the application. My application is a public internet-facing application, which is unique about my environment and setup.
What is most valuable?
The feature that stands out to me the most about Cloudbric Managed Rules for AWS WAF is the API protection, as many managed WAF rule sets are originally designed around traditional websites, but Cloudbric integrates a dedicated API protection module aimed at REST APIs, GraphQL endpoints, XML validation, and API-specific attacks.
My experience with the API protection module is positive, as I had one implementation for a mobile backend and some FinTech APIs where Cloudbric Managed Rules for AWS WAF really worked wonders for that setup, requiring minimal modifications or tweaking.
Another thing I appreciate about Cloudbric Managed Rules for AWS WAF is that it does not force me into a monolithic package, allowing for selective deployments where I can choose specific protections such as only malicious IP, thus providing flexibility to control costs and capacity consumption.
Cloudbric Managed Rules for AWS WAF has positively impacted my organization by freeing up human resources that would otherwise be dedicated to creating and managing WAF rules, helping me reduce costs as I can streamline WAF rules for some applications and deploy protection in less than an hour instead of days or weeks.
What needs improvement?
I find that the only drawbacks with Cloudbric Managed Rules for AWS WAF are its less market penetration, especially in North America and Europe, resulting in fewer community reviews, published case studies, and a small ecosystem of users, along with less third-party validation and occasional false positives triggered by API payload or JSON bodies.
For how long have I used the solution?
I have been using Cloudbric Managed Rules for AWS WAF for just over a year.
What do I think about the stability of the solution?
Cloudbric Managed Rules for AWS WAF has been fairly stable in my experience.
What do I think about the scalability of the solution?
In terms of scalability, Cloudbric Managed Rules for AWS WAF has been fairly scalable for my use case, working really well.
How are customer service and support?
Customer support for Cloudbric Managed Rules for AWS WAF has been quite good, and although I have not had to use it often, the few times I have reached out, they have been satisfactory.
Which solution did I use previously and why did I switch?
Previously, I was using Imperva and F5 for that particular use case, but I switched to Cloudbric Managed Rules for AWS WAF because I did not need the full protection those tools provided; I needed something more flexible.
How was the initial setup?
My experience with Cloudbric Managed Rules for AWS WAF's pricing and setup was positive; the setup was fairly straightforward and took less than an hour, and the pricing is very good and flexible, allowing me to choose the parts of WAF protection I want.
What's my experience with pricing, setup cost, and licensing?
I can definitely say that since using Cloudbric Managed Rules for AWS WAF, I need fewer employees because those who would have been dedicated to creating and managing WAF rules are now free to pursue higher priorities, leading to reduced cost in human resources.
Which other solutions did I evaluate?
The only other option I evaluated before choosing Cloudbric Managed Rules for AWS WAF was Fortinet, but it was still too much for what I needed.
What other advice do I have?
I have not had to use the AI capabilities of Cloudbric Managed Rules for AWS WAF yet, but from others' feedback, it has been fairly standard performance for the markets.
I have not noticed anything specific regarding the accuracy and reliability of output from Cloudbric Managed Rules for AWS WAF since I have not really made use of the AI capabilities, so that is still to be seen on my end.
I did purchase Cloudbric Managed Rules for AWS WAF through the AWS Marketplace.
My advice for others looking into using Cloudbric Managed Rules for AWS WAF is that if you have a use case for granular WAF rules where you do not need full traditional rule protection, especially for securing APIs, Cloudbric Managed Rules for AWS WAF is really effective at API-specific protection. I would rate this product a seven out of ten.
Kevin Tan
I’ve been using Cloudbric’s Managed Rules for AWS WAF – OWASP Top 10 Rule Set
Reviewed on May 21, 2025
Review from a verified AWS customer
After testing several AWS WAF rule providers, we selected Cloudbric’s OWASP Top 10 bundle for its balance of coverage and efficiency. Setup through AWS Marketplace was intuitive, and the default rule priorities required only minor adjustment to suit our application. During simulated attack scenarios, the managed rules consistently blocked attempts without breaking legitimate API calls. In comparison, open-source rule sets needed more manual tuning. The Cloudbric solution reduced our security team’s maintenance time by roughly 50%, allowing us to focus on new feature development rather than constant rule tweaking.
Tony B.
Simple, strong, well performing
Reviewed on Apr 15, 2025
Review provided by G2
What do you like best about the product?
I’ve been using one of their rule sets already, and decided to give this one a try as part of a test run before potentially migrating, based on an offer I received.
Just like the others, it was simple to set up, smoothly integrated, and packed with all the essentials—especially key protections aligned with OWASP standards.
What really stood out, though, was the support team—quick to respond, incredibly helpful, and genuinely considerate. I really value that kind of human touch and attention to detail. It’s rare, and it makes a difference.
At this point, I’m seriously leaning toward accepting their offer and migrating permanently. Very satisfying overall. Kudos to them!
Just like the others, it was simple to set up, smoothly integrated, and packed with all the essentials—especially key protections aligned with OWASP standards.
What really stood out, though, was the support team—quick to respond, incredibly helpful, and genuinely considerate. I really value that kind of human touch and attention to detail. It’s rare, and it makes a difference.
At this point, I’m seriously leaning toward accepting their offer and migrating permanently. Very satisfying overall. Kudos to them!
What do you dislike about the product?
Nothing major.
Just had to adjust a few initial settings during setup. But with support that solid, it wasn’t a big deal at all.
Just had to adjust a few initial settings during setup. But with support that solid, it wasn’t a big deal at all.
What problems is the product solving and how is that benefiting you?
This product helps protect our web apps from common security threats, like the ones listed by OWASP.
Maya C.
Easy to implement, high detection rate.
Reviewed on Apr 03, 2025
Review provided by G2
What do you like best about the product?
I was looking for a managed rule group to use for my AWS WAF, and Cloudbric Managed Rules - OWASP Top 10 rule set showed the best detection rate. It was very easy to implement, as it only required me to subscribe to the product and associate it with the web ACL. It seems to be covering most of the criteria of OWASP Top 10 web vulnerabilities, and it seems to be working well. When I had a question about the rules, the customer support responded quickly and provided me with thorough information.
What do you dislike about the product?
I don't have much complaints, other than the fact that it tends to over detect from time to time. However, this could be solved just by overriding the rule or changing the rule action to count, which is much less of a work than having to create a new rule to respond to threats that are not detected.
What problems is the product solving and how is that benefiting you?
It provides easy and cost-effective security. Unlike most security solutions, it is quite affordable, perfect for small to medium sized organizations.
mgs
perform well
Reviewed on Aug 16, 2022
Review from a verified AWS customer
I used this product this time. perform well It seems to prevent hacking well.
It looks better and better than other products.
Daniel
It's good at detecting and it's very useful
Reviewed on Aug 15, 2022
Review from a verified AWS customer
It is easy to apply and has a high detection rate.
It is difficult to organize and use WAF rules directly.
Cloudbric OWASP is great for easy and affordable use of high-performance AWS Rules.
security
Easy to setup and use
Reviewed on Aug 15, 2022
Review from a verified AWS customer
Easy to use.
Good performance at a low price.
When I inquired about the user by mail, it was good to receive a very kind reply.
Causes 403 error for my application
All POST methods returning with error 403 forbidden
Reviewed on May 10, 2022
Review from a verified AWS customer
I am unsure what the issue was but when cloudbric OWASP top 10 ruleset was turned on all my post methods return with a 403 error.
I have tried contacting the developer to see if they have a developer guide or some hints, but no response.
The app has been built to comply with the OWASP ASVS and the AWS provided rules do not affect its function.