We are providing support to our end customers who have e-commerce websites that need to be exposed to the public, and for a secure way around, we thought of getting them exposed via the Application Load Balancer to make sure it is exposed at Layer 7 only. While making sure it will be protected, we started using AWS WAF services, where we found that we can utilize a WAF rule set from Marketplace. We started using it, and I got the chance to be part of one of the summits where I heard of F5 Rules for AWS WAF. Since then, I have been using their rule sets for bot protection, web exploit OWASP rules, common vulnerabilities and exposures, and API security, which is a use case we are using to configure these rule sets.

We are using AWS WAF, which has been integrated with the Application Load Balancer to ensure that our Application Load Balancer is secure while it gets publicly exposed.

We thought of starting to use F5 Rules for AWS WAF primarily for DDoS protection nowadays, as AWS native rule sets also provide some protection for DDoS. I found that it demands continuous improvement in these rule sets. Previously, we used native rule sets, but these continuous demands were not listed in it, which led us to an unsecure environment. Now, using F5 Rules for AWS WAF for bot protection, I found that they continuously perform vulnerability scans while these rules come into action. This continuous improvisation ensures that I can build trust against these rules instead of other third-party rule sets.

I really appreciate the way F5 Rules for AWS WAF generate reports proactively to show the number of exploits that come in and what remediation has been followed to block such exploits, mainly in the OWASP rule sets.

It has generated value toward us because since these e-commerce websites could become exposed to the public in an unsecure manner, which really no one wants. Now, looking at these rule sets, they ensure that our origin or our application content and code, as well as the application itself or its API, are secure enough, always.

An area for improvement I see is that while everything is in good shape, I demand continuous improvisation of these rule sets. However, I am accepting of this. To stay safer from a security perspective, continuous improvisation in these security rules is required to ensure we are always up to date with new attacks.

I have been using F5 Rules for AWS WAF in the last two years and I found it to be a good choice compared to other products.

F5 Rules for AWS WAF is stable.

Scalability is not a challenge with F5 Rules for AWS WAF, as they are configured within the AWS WAF service, which is reliable and redundant. We have not faced any challenges with the rule set scalability, and that is a positive aspect.

I have reached out to customer support multiple times, especially while configuring rule sets for the first time. The support provided was excellent. I appreciate the assistance; they clearly explained everything, how to configure these rule sets, and what the best options are based on my use case, which helped us shortlist what is required.

Positive

We previously used AWS native rule sets and Fortinet rule sets. We switched to F5 Rules for AWS WAF because we found it more competitive. They continuously improve their security rules and keep adding vulnerability protection to their existing rule sets, ensuring we are protected and our applications are safe.

We mainly evaluated AWS native rule sets prior to F5 Rules for AWS WAF.

It has absolutely saved money for our security team and time. There are two ways: either we write our own rule sets, which demands significant time, or we can use a more mature tool like F5 Rules for AWS WAF, which has already created these rule sets for perfect use cases like we are using for our end customers. Using F5 Rules for AWS WAF saves us time spent on developing security rules ourselves.

From the pricing perspective, I found it to be comparable to other marketplace rules available in AWS Marketplace. It has competitive pricing.

I advise anyone looking for a great tool to secure their public-facing applications to start using F5 Rules for AWS WAF. These are managed rule sets, so you do not need to worry about continuous improvements or ensuring your application is secure; F5 Rules for AWS WAF will take care of that and is always making the necessary improvements in these rule sets to ensure security.

I am very impressed with the rule sets and the continuous engineering from their security team to ensure the required rule set availability. I really appreciate the fantastic job they are doing.

F5 Rules for AWS WAF can be integrated with AWS CloudFront, Application Load Balancer, Lambda, and API Gateway. I am satisfied with all these services as they are our intermediary points for services exposed to the public or globally.

I gave this product a rating of ten out of ten.

I have been using F5 Rules for AWS WAF for a short time and want to discover more about it.

My main use case with F5 Rules for AWS WAF is testing it out.

I don't have a quick specific example of what I'm testing at this moment.

For now, I don't have anything else to add about my testing experience so far.

The best features F5 Rules for AWS WAF offers, from what I've seen or read so far, are application layer protection.

I am referring to application layer protection with F5 Rules for AWS WAF, which stands out to me as using something similar to iRules to protect applications.

F5 Rules for AWS WAF has positively impacted our organization for security through the implementation of traffic rules in our application.

I have noticed specific benefits such as easy management with F5 Rules for AWS WAF, but I think that it's too early to provide a definitive assessment because I started using it only a few days ago.

I don't know how F5 Rules for AWS WAF can be improved because I have only been using it for a few days.

I don't have anything to add about the needed improvements for F5 Rules for AWS WAF at this time.

I have been working in my current field for about two years.

F5 Rules for AWS WAF is stable in my experience so far.

From what I've seen, F5 Rules for AWS WAF's scalability is stable for now.

I have not had any experience with customer support for F5 Rules for AWS WAF yet.

I did not previously use a different solution.

I had a great experience with the pricing, setup cost, and licensing.

My company does not have a business relationship with this vendor other than being a customer.

It's too early to talk about a return on investment with F5 Rules for AWS WAF.

I had a great experience with the pricing, setup cost, and licensing.

I did not evaluate other options before choosing F5 Rules for AWS WAF as it was my first time.

It's too early to provide my experience or advice to others looking into using F5 Rules for AWS WAF.

I don't have any additional thoughts about F5 Rules for AWS WAF before we wrap up.

I found this interview at AWS re:Invent.

I gave this review a rating of 8.