Sold by: F5, Inc.Â
Deployed on AWS
Protect against web exploits. F5 Web Exploits Rules for AWS WAF, provides protection against web attacks that are part of the OWASP Top 10, such as: SQLi, XSS, command injection, No-SQLi injection, path traversal, and predictable resource.
3.5
Overview
F5's Managed Rules for AWS WAF offer an additional layer of protection that can be easily applied to your AWS WAF. F5's Web Exploits OWASP rules help mitigate attacks seeking to exploit vulnerabilities that are part of the OWASP Top 10, such as: SQL injection, cross-site scripting (XSS), command injection, No-SQL injection, path traversal, predictable resource and more. All rules are written, managed and regularly updated by F5's security specialists to ensure protection against evolving threats without the need for intervention on your part. The rules are licensed on a pay-as-you-go basis so you will only pay for what you use. Deployment guidance can be found at https://pages.awscloud.com/rs/112-TZM-766/images/F5_OWASP_Getting%20Started%20Guide.pdfÂ
Alternatively, if you require more sophisticated protection then F5's Advanced WAF may be a more appropriate solution. Leveraging behavioral analytics, machine learning and deep app expertise to thwart complex attacks such as L7 DoS, simple automated bot threats and API protocol attacks, F5 Advanced WAF affords apps and data unrivaled protection. Learn more about F5 Advanced WAF here (https://aws.amazon.com/marketplace/pp/prodview-cs4qijwjf3ijs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa ) or contact our sales organizationhttps://www.f5.com/products/get-f5?ls=meta#contactsalesÂ
Highlights
- Easily Enhance Security - No security expertise needed, simply attach rules to your AWS WAF instances to immediately bolster protection.
- Continuously Updated - Rulesets are monitored, maintained and update by F5's security experts to ensure protection against evolving threats.
- Fast & Simple Deployment - Attach F5's WAF rules to your AWS WAF instance in a matter of minutes following three simple deployment steps.
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
Charge per month in each available region (pro-rated by the hour) | $20.00 |
Charge per million requests in each available region | $1.20 |
Dimensions summary
F5 Rules for AWS WAF follows a two-part pricing model on AWS Marketplace. The monthly regional charge covers the base subscription for maintaining and updating the WAF rules in each AWS region you deploy, with the flexibility of hourly prorating. The per-million requests pricing applies to the actual traffic processed through the WAF rules in each region, ensuring you only pay for the protection you use. This straightforward model combines fixed and variable costs to align with your security needs and usage patterns.
Top-of-mind questions for buyers like you
How does the monthly regional charge work for F5 Rules for AWS WAF?
The monthly regional charge is a base fee applied for each AWS region where you deploy F5's WAF rules. This charge covers continuous rule updates, maintenance, and access to F5's security expertise, while being prorated hourly to provide deployment flexibility and cost optimization.
What defines a billable request in the per-million requests pricing?
A billable request is any web traffic that passes through your AWS WAF using F5's rule sets. This includes API calls, web page requests, and any other HTTP/HTTPS traffic that is evaluated against the F5 security rules, with charges calculated based on the total volume of requests processed in each region.
Are there any prerequisites or additional AWS costs to consider?
While F5's pricing covers the rules and updates, you need an active AWS WAF deployment which incurs separate AWS charges. The AWS WAF costs include web ACL capacity units (WCU) and per-request charges that are billed directly by AWS, independent of F5's pricing.
Vendor refund policy
For this offering, F5 does not offer refund, you may cancel at anytime.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
F5 Rules for AWS WAF are supported via F5 DevCentral - F5's extensive community of experts, developers and users addressing technical issues related to F5 products. If you have any questions or need assistance with any aspect of F5's rulesets please submit a question with the tag 'F5 rules for AWS WAF' (http://devcentral.f5.com/s/questions?tag=F5+Rules+for+AWS+WAF ). Response times may be up to 2 days. For online information regarding F5 Rules for AWS WAF, please refer to https://support.f5.com/csp/article/K21015971 . For any infrastructure and WAF related questions please contact AWS Support (https://aws.amazon.com/contact-us ) for AWS WAF related assistance.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Fortinet Inc.
By Cyber Security Cloud Inc.
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Web Attack Protection
Comprehensive defense against OWASP Top 10 web vulnerabilities including SQLi, XSS, command injection, No-SQLi injection, path traversal, and predictable resource attacks
Threat Rule Management
Dynamically written, managed, and regularly updated security rules by F5 security specialists to address evolving cyber threats
Rule Application Mechanism
Seamless integration and attachment of security rules to AWS WAF instances for immediate enhanced protection
Vulnerability Coverage
Targeted mitigation of complex web application security risks across multiple attack vectors and exploitation techniques
Security Rule Monitoring
Continuous surveillance and proactive updating of ruleset to ensure ongoing defense against emerging web-based attack methodologies
Web Application Threat Protection
Comprehensive ruleset covering OWASP Top 10 web application threats including SQL Injection, Cross Site Scripting, and Known Exploits
Security Signature Updates
Regular threat information updates from FortiGuard Labs to maintain current protection signatures
Malicious Traffic Detection
Protection against malicious bots and common vulnerabilities and exposures (CVE)
Configurable Security Response
Flexible configuration options to log, alert, and block detected web application threats
Attack Vector Coverage
Comprehensive security rules targeting multiple web application attack vectors including general and known exploits
Web Application Threat Protection
Comprehensive ruleset targeting OWASP Top 10 Web Application Threats with low false-positive rate
Vulnerability Mitigation
Managed rules addressing code injection techniques including SQLi, NoSQLi, OScommandi, XSS, and directory traversal
Technology-Specific Protection
Specialized rules for web technologies like Apache Struts2, Apache Tomcat, Oracle WebLogic, WordPress, Drupal, and Joomla
Cyber Threat Intelligence
Regularly updated rulesets incorporating latest threat intelligence and security alerts
Compliance Support
Security rules designed to help meet compliance standards such as PCI-DSS
Standard contract
No
No
No
Customer reviews
G Verduci
Application layer protection has improved traffic control and supports my initial security testing
Reviewed on Dec 02, 2025
Review from a verified AWS customer
What is our primary use case?
I have been using F5 Rules for AWS WAFÂ for a short time and want to discover more about it.
My main use case with F5 Rules for AWS WAFÂ is testing it out.
I don't have a quick specific example of what I'm testing at this moment.
For now, I don't have anything else to add about my testing experience so far.
What is most valuable?
The best features F5 Rules for AWS WAFÂ offers, from what I've seen or read so far, are application layer protection.
I am referring to application layer protection with F5 Rules for AWS WAFÂ , which stands out to me as using something similar to iRules to protect applications.
F5 Rules for AWS WAF has positively impacted our organization for security through the implementation of traffic rules in our application.
I have noticed specific benefits such as easy management with F5 Rules for AWS WAF, but I think that it's too early to provide a definitive assessment because I started using it only a few days ago.
What needs improvement?
I don't know how F5 Rules for AWS WAF can be improved because I have only been using it for a few days.
I don't have anything to add about the needed improvements for F5 Rules for AWS WAF at this time.
For how long have I used the solution?
I have been working in my current field for about two years.
What do I think about the stability of the solution?
F5 Rules for AWS WAF is stable in my experience so far.
What do I think about the scalability of the solution?
From what I've seen, F5 Rules for AWS WAF's scalability is stable for now.
How are customer service and support?
I have not had any experience with customer support for F5 Rules for AWS WAF yet.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I did not previously use a different solution.
How was the initial setup?
I had a great experience with the pricing, setup cost, and licensing.
What about the implementation team?
My company does not have a business relationship with this vendor other than being a customer.
What was our ROI?
It's too early to talk about a return on investment with F5 Rules for AWS WAF.
What's my experience with pricing, setup cost, and licensing?
I had a great experience with the pricing, setup cost, and licensing.
Which other solutions did I evaluate?
I did not evaluate other options before choosing F5 Rules for AWS WAF as it was my first time.
What other advice do I have?
It's too early to provide my experience or advice to others looking into using F5 Rules for AWS WAF.
I don't have any additional thoughts about F5 Rules for AWS WAF before we wrap up.
I found this interview at AWSÂ re:Invent.
I gave this review a rating of 8.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Sumit K.
F5 AFM is powerful and advanced software based firewall
Reviewed on Apr 07, 2023
Review provided by G2
What do you like best about the product?
F5 advanced firewall is software based firewall solution to provide network security. It can provide real-time visibility in to network traffic and can block traffic real-time. It also has intrusion prevention which is advanced security feature. It can be deployed in a wide range of network environment.
What do you dislike about the product?
It is premium product but still having some performance related issues. Overall its a powerful device with great features.
What problems is the product solving and how is that benefiting you?
It provides the advanced network security in large networks. Better GUI interface for quick setup and configuration. Really advanced firewall in industry.
David L.
Great Product and has met all our needs!
Reviewed on Oct 15, 2021
Review provided by G2
What do you like best about the product?
It has integrated well with what we have and replaced some really old software. It has been a great experience and given us everything we needed.
What do you dislike about the product?
Nothing so far.. the only thing was we had to have some help on the setup due to it being a little complicated.
What problems is the product solving and how is that benefiting you?
giving extra security to some of our internal websites
Computer Networking
"Firewall Manager for Data Center"
Reviewed on Sep 20, 2019
Review provided by G2
What do you like best about the product?
As i am working with ISP Company i need to deal with firewalls.F5 Advanced Firewall Manager are most effective network-level security for enterprises and service providers.Connect securely to VPN within quick time.Connection times are fast and reliable.Web properties and applications in balance and maintain high accessibility level."
What do you dislike about the product?
I think cost is little bit high as compare to other firewall manager.
What problems is the product solving and how is that benefiting you?
*Connection times are fast and reliable.
*It provides full SSL visibility,as well as network-layer and session-layer security.
*Advanced Firewall Manager gives fast and secure access as well as it is high performance firewall.
*It provides full SSL visibility,as well as network-layer and session-layer security.
*Advanced Firewall Manager gives fast and secure access as well as it is high performance firewall.
Recommendations to others considering the product:
Secure protection for data center and cloud,Highly recomended.
Public Relations and Communications
Got rid of the product
Reviewed on Mar 15, 2019
Review provided by G2
What do you like best about the product?
The consistency of appearence; specifically- that when it shows up I can be alerted of potential threats on my computer.
What do you dislike about the product?
I dislike the quality of the browser when this pops up. I’d like to adjust it in my settings but I don’t know how to.
What problems is the product solving and how is that benefiting you?
I’m not solving any business problems per say; it’s moreso if managing my computer and my files to make sure that everything is safe and secure.