Ask HN: Cloudflare WAF Alternatives?

19 points by rco8786 9 hours ago|9 comments

I don't know if we're ready to pull the trigger yet, but curious if other folks are looking at alternatives.

The WAF is great, but recent events have made it obvious that having a single point of failure entirely defeats the purpose of DNS being a distributed/decentralized service.

Is anyone doing anything creative here? We like the features that the WAF provides - but not at the expense of global outages. If you have a 3 9s availability SLA, you've just blown 90% of your allotted downtime because of Cloudflare's WAF.

•

stevefan1999 2 hours ago

What about open source alternative built with Nginx/OpenResty? I forgot the name but that's the spirit

•

mappu 8 hours ago

The ability of a WAF to respond to an 0day incident is rapid rollout, 100% of endpoints, which is a SPOF no matter whether it's done via a big company or by a distributed system.

•

3rube 3 hours ago

Fastly (US) and BunnyCDN (EU) are excellent options

•

grim_io 7 hours ago

Being down because half the internet is down is an easier sell than being down because you fucked it up yourself.

•

882542F3884314B 6 hours ago

Akamai is a decent alternative.

•

BOOSTERHIDROGEN 5 hours ago

CrowdSec

•

yearolinuxdsktp 8 hours ago

AWS Route53, built-in DDoS basic protections, plus AWS WAF (can be expensive depending on your budget).

•

synack 6 hours ago

I've been using Cloudfront Functions to do some of the filtering that a WAF would do. It's quite flexible, but you've gotta figure out your own rules.

•

y-curious 5 hours ago

AWS WAF has some presets you can use