Sold by: F5, Inc.Â
Deployed on AWS
Protects against API attacks, web attacks (such as XML external entity attacks) and server side request forgery. The rule set includes support for XML and JSON payloads, and common web API frameworks.
Overview
F5's Managed Rules for AWS WAF offer an additional layer of protection that can be easily applied to your AWS WAF. F5's API Security rules protect against API-level attacks as well as XML external entity attacks and server-side request forgery (SSRF); offering support for both XML and JSON payloads and other common web API frameworks. All rules are written, managed and regularly updated by F5's security specialists to ensure protection against evolving threats without the need for intervention on your part. The rules are licensed on a pay-as-you-go basis so you will only pay for what you use. Deployment guidance can be found at https://pages.awscloud.com/rs/112-TZM-766/images/F5_OWASP_Getting%20Started%20Guide.pdf .
Alternatively, if you require more sophisticated protection then F5's Advanced WAF may be a more appropriate solution. Leveraging behavioral analytics, machine learning and deep app expertise to thwart complex attacks such as L7 DoS, simple automated bot threats and API protocol attacks, F5 Advanced WAF affords apps and data unrivaled protection. Learn more about F5 Advanced WAF here (https://aws.amazon.com/marketplace/pp/prodview-cs4qijwjf3ijs?sr=0-1&ref_=beagle&applicationId=AWSMPContessa ) or contact our sales organization https://www.f5.com/products/get-f5?ls=meta#contactsalesÂ
Highlights
- Easily Enhance Security - No security expertise needed, simply attach rules to your AWS WAF instances to immediately bolster protection
- Continuously Updated - Rulesets are monitored, maintained and update by F5's security experts to ensure protection against evolving threats
- Fast and Simple Deployment - Attach F5's WAF rules to your AWS WAF instance in a matter of minutes following three simple deployment steps
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/unit |
|---|---|
Charge per month in each available region (pro-rated by the hour) | $20.00 |
Charge per million requests in each available region | $1.20 |
Dimensions summary
F5 Rules for AWS WAF follows a two-part pricing model on AWS Marketplace. The monthly regional charge covers the base subscription for maintaining and updating the WAF rules in each AWS region you deploy, with the flexibility of hourly prorating. The per-million requests pricing applies to the actual traffic processed through the WAF rules in each region, ensuring you only pay for the protection you use. This straightforward model combines fixed and variable costs to align with your security needs and usage patterns.
Top-of-mind questions for buyers like you
How does the monthly regional charge work for F5 Rules for AWS WAF?
The monthly regional charge is a base fee applied for each AWS region where you deploy F5's WAF rules. This charge covers continuous rule updates, maintenance, and access to F5's security expertise, while being prorated hourly to provide deployment flexibility and cost optimization.
What defines a billable request in the per-million requests pricing?
A billable request is any web traffic that passes through your AWS WAF using F5's rule sets. This includes API calls, web page requests, and any other HTTP/HTTPS traffic that is evaluated against the F5 security rules, with charges calculated based on the total volume of requests processed in each region.
Are there any prerequisites or additional AWS costs to consider?
While F5's pricing covers the rules and updates, you need an active AWS WAF deployment which incurs separate AWS charges. The AWS WAF costs include web ACL capacity units (WCU) and per-request charges that are billed directly by AWS, independent of F5's pricing.
Vendor refund policy
For this offering, F5 does not offer refund, you may cancel at anytime.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
F5 Rules for AWS WAF are supported via F5 DevCentral - F5's extensive community of experts, developers and users addressing technical issues related to F5 products. Response times may be up to 2 days. For online information regarding F5 Rules for AWS WAF, please refer to https://support.f5.com/csp/article/K21015971 . For any infrastructure and WAF related questions please contact AWS Support (https://aws.amazon.com/contact-us ) for AWS WAF related assistance.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By F5, Inc.
By Fortinet Inc.
By Cyber Security Cloud Inc.
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
API Payload Protection
Supports security rules for both XML and JSON payloads across web API frameworks
Attack Mitigation
Defends against API-level attacks, XML external entity attacks, and server-side request forgery (SSRF)
Threat Detection
Utilizes security rules written and regularly updated by specialized security experts
Web Application Protection
Provides comprehensive security rules for web application defense mechanisms
Automated Security Management
Offers continuous monitoring and maintenance of security rulesets without manual intervention
Web Application Threat Protection
Comprehensive ruleset covering OWASP Top 10 web application threats including SQL Injection, Cross Site Scripting, and Known Exploits
Security Signature Updates
Regular threat information updates from FortiGuard Labs to maintain current protection signatures
Malicious Traffic Detection
Protection against malicious bots and common vulnerabilities and exposures (CVE)
Configurable Security Response
Flexible configuration options to log, alert, and block detected web application threats
Attack Vector Coverage
Comprehensive security rules targeting multiple web application attack vectors including general and known exploits
Web Application Threat Protection
Comprehensive ruleset targeting OWASP Top 10 Web Application Threats with low false-positive rate
Vulnerability Mitigation
Managed rules addressing code injection techniques including SQLi, NoSQLi, OScommandi, XSS, and directory traversal
Technology-Specific Protection
Specialized rules for web technologies like Apache Struts2, Apache Tomcat, Oracle WebLogic, WordPress, Drupal, and Joomla
Cyber Threat Intelligence
Regularly updated rulesets incorporating latest threat intelligence and security alerts
Compliance Support
Security rules designed to help meet compliance standards such as PCI-DSS
Standard contract
No
No
No
Customer reviews
0 ratings
0 AWS reviews
|
3 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Retail
F5 has a lot of potential
Reviewed on Mar 12, 2019
Review provided by G2
What do you like best about the product?
When running smoothly, F5 is awesome. I’m able to access all of the files needed for my business, which is a must have. Makes me feel like I’m in the office sometimes even though I work remotely.
What do you dislike about the product?
F5 has a lot to offer but it could use some improvements. Although it has improved a lot, the constant disconnection hurts as I work remotely and rely on it. I have determined through multiple sources that it is not my ISP but, in fact, F5.
What problems is the product solving and how is that benefiting you?
Definitely great because as soon as we login, we have access to all of the applications we need to do our job. Also great to have as a remote user. Without it, I cannot do my job.
Internet
Amazing Load Balancing Hardware and Interface
Reviewed on Aug 27, 2016
Review provided by G2
What do you like best about the product?
We use the F5 to load balance all of our web properties. It is versatile and quite intuitive to use.
What do you dislike about the product?
Would just like the learning curve to be a bit easier but hands on training has helped a lot.
What problems is the product solving and how is that benefiting you?
We have enabled our web properties to be load balanced and thus offered in high availability.
Recommendations to others considering the product:
If you to use the F5 for load balancing of for firewall, you have picked a great versatile product.
Michael L.
Easy and Straigthforward
Reviewed on May 28, 2016
Review provided by G2
What do you like best about the product?
Very easy to use, I've never had a problem with my RSA remote login device.
What do you dislike about the product?
The device itself is a bit clunky, and I'm told fairly susceptible to water damage.
What problems is the product solving and how is that benefiting you?
This software and corresponding device allows me to access the department's servers remotely.
Recommendations to others considering the product:
Assuming it isn't more expensive that competitors, I have no complaints about the F5 advanced firewall manager.