【Table of contents】
-
1. Introduction
In this blog, we're going to compare AWS WAF and Cloudflare. Both are tools that can protect your web application from web attacks, but we are going to go into detail about what makes each tool better.
-
a) What is AWS WAF?
AWS WAF is a web application firewall provided by AWS, which has the largest share of the global cloud service market. It is mainly used to protect websites from attacks on web applications. It is necessary to protect the 7th layer (application layer) of the OSI reference model. AWS WAF has the following features:
・Cost effective
While other WAF products may cost thousands of dollars just for the initial cost, AWS WAF has no initial cost and the running cost is only around $20 per month, making it very cheap.・Ease of deployment
If you have a basic knowledge of security, you can set it up in a few clicks. And in case you don't have any security knowledge, you can start with “Managed Rules” for AWS WAF, the defensive rules sold by security-specific vendors on AWS marketplace. These "managed rules" are also available at a very low cost. -
b) What is Cloudflare?
Cloudflare is a CDN (Content Delivery Network) service provided by Cloudflare, Inc. A CDN is a service that caches (i.e., temporarily stores) images and text displayed by Web applications around the world.
-
c) What is CDN?
Before explaining the advantages of Cloudflare, let's take a look at what a CDN is. Normally, images and files of a web application are stored on a web server and are delivered from the web server when the user who wants to see them accesses it. There are 2 problems with this.
・If you don't have servers all over the world, the response could be slow in some locations.
For example, if a person in Brazil accesses a Japanese web server, communication will take place over a network that is at least halfway around the world. This slows down the display of the web screen. Therefore, if the web servers are not deployed around the world, depending on where it is used, the response of the web application could be very poor.・When the web server is down, you cannot see the web page.
If images or files have been placed on a web server, then in case the web server goes down due to a failure, you will not be able to use the web application at all. The web application may also become unavailable if it is targeted by DDoS or other attacks.The CDN service allows you to temporarily store the images and files used by your web application, eliminating the problems described above. Also, since users do not communicate directly with the web server, it is unlikely to suffer from DDoS or other website tampering attacks.
-
d) Advantages of Cloudflare
Let's take a look at the advantages of using Cloudflare.
・Cheap
There are four different plans of Cloudflare, Free, Pro, Business and Enterprise. Although the features are quite limited in the Free plan, you can start using it for free. You can also use Pro Plan for about $20 a month and Business Plan for $200 a month, which is quite cheap.・A certain amount of customization is possible.
Depending on your plan, Cloudflare also offer WAF and load balancing services. The WAF that can be used in this case is not as customizable as the AWS WAF, but it can withstand a certain amount of security attacks.
-
-
2. AWS WAF vs Cloudflare
We have described what kind of services AWS WAF and Cloudflare are, and now we will compare them in detail and decide which one to use.
-
a) Comparison
Let's go over the differences between AWS WAF and Cloudflare.
AWS WAF Cloudflare Kind of service It is a Web Application Firewall. Since AWS CloudFront serves as a CDN, you need to use it in conjunction with AWS CloudFront. It is a Content Delivery Network. WAF features are available depending on the selected plan. Price Very cheap. Very cheap. Installation Speed It's fast. It is possible to introduce the system in a few minutes. All you have to do is prepare a domain name, and you'll be up and running in a few minutes to a few days. Customizability AWS WAF can be customized in various ways by itself. It is also possible to combine AWS services such as AWS CloudFront and AWS Shield to add functionality. Additional options and features can be added with higher plans. However, it doesn't allow for as detailed customization as AWS WAF. Preventable Security Attacks Can only prevent attacks on the application layer. You can also get additional protection against DDoS and other attacks by combining with other services such as AWS Shield, etc. Defense against DDoS attacks. You can also use additional WAF function, to get protection against attacks on the application layer. -
b) Configuration that AWS WAF is suitable for
The AWS WAF is suitable for the following configuration.
・System configured on AWS
AWS WAF is available on AWS, where there are 16 security-related services available for selection as of December 2019. By combining these services with AWS WAF, you can have the same or more features than what Cloudflare offers.・If you need to customize the security level
AWS WAF allows you to finely customize the rules to defend your web applications against various attacks. Consider using an AWS WAF if you require a stronger level of security, for example, a credit card company's system. -
c) Configuration that Cloudflare is suitable for
Cloudflare is suitable for the following configuration.
・If you are building a web application in an on-premises environment
If you're building web applications in an on-premises environment, it often becomes expensive to protect against DDoS and other attacks on your web applications. Although with limited functionality, Cloudflare is a cheaper alternative to that.・If you want to expand your service to the world at a low cost
If you're building and delivering web applications on-premises rather than in the cloud, such as AWS, and you want to deploy it worldwide, you should use Cloudflare. It's a much faster and cheaper way to deploy applications around the world than contracting with data centers around the world.
-
-
3. Conclusion
Both AWS WAF and Cloudflare are very cheap and feature-rich services, so if you're building on AWS and want to ensure a high level of security, you'll want to use AWS WAF. If you're building web applications in an on-premise environment, you might want to consider Cloudflare.
