Back to blog

Follow and Subscribe

All blog posts

Page 5 of 50

  • Request Collapsing Demystified

    Stephen Crim

    Boost website performance with request collapsing! Learn how it improves efficiency, reduces origin load, and optimizes caching for a snappy user experience.

    Performance
    + 2 more
    An illustration of a keyboard with a lever in the middle and a hand pushing the lever forward

  • Teach Your robots.txt a New Trick (for AI)

    Brooks Cunningham

    Control how AI bots like Google-Extended and Applebot-Extended use your website content for training. Update your robots.txt file with simple Disallow rules.

    CDN & Delivery
    + 3 more

  • Fastly + Scalepost: Extending the Fastly platform to manage AI Crawlers

    John Agger

    See when and how AI chatbots use your content. With Fastly and ScalePost, publishers finally gain visibility into how their work shows up in AI-generated answers.

  • Control and Monetize Your Content with the RSL Standard

    Simon Wistow

    AI crawlers are scraping the web, often ignoring rules and costing publishers resources. The new RSL Standard lets you block, allow, or even charge AI for access to your content. Here’s how it works.

    CDN & Delivery
    Product
    An illustration of a keyboard with a lever in the middle and a hand pushing the lever forward

  • OS Command Injection Explained

    Fastly Security Research Team, Matthew Mathur

    In this blog, we'll explore the web application vulnerability, OS Command Injection, and how to prevent it.

    Security
    TLS configuration icon

  • 4 Tips for Developers for Using Fastly’s Sustainability Dashboard

    Leon Brocard

    Track the real-world emissions of your Fastly workloads. This blog shares practical tips on using the Sustainability dashboard for greener, faster code.

    Performance
    + 3 more

  • The Tools Gap: Why Developers Struggle to Code Green

    Alina Lehtinen-Vela

    77% of developers want to code sustainably, but most lack the tools to measure impact. Fastly’s survey reveals the barriers and opportunities in green coding.

    Industry insights
    Engineering
    CODE - Fastly

  • Vulnerability in modern processors

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    On Wednesday, January 3rd, research was published on a class of security vulnerabilities affecting specific processors. These vulnerabilities could allow a user who can execute code on a system to gain unauthorized access to information across security boundaries. Fastly has completed initial analysis of these vulnerabilities and does not believe they pose an immediate threat to Fastly customers.

    Security

  • Request body disclosure to other Fastly services

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    From August 31st through November 4th, Fastly deployed a version of Varnish which contained a security bug that, in a limited and non-standard set of configurations, disclosed request bodies to other customer origins. In these cases, a request body sent to an affected Fastly customer's service would have been included in a malformed request to a different customer's origin, which may have been logged in that origin web server's access logs. Fastly performed a comprehensive assessment to identify customers most likely to be affected by this issue. These customers have been contacted directly by Fastly Customer Engineering.

    Security

  • Vulnerability in use of HTTP_PROXY by CGI

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    On Monday, July 18, 2016, security researchers published information on a vulnerability in the handling of the HTTP_PROXY environment variable by specific Common Gateway Interface (CGI) scripts. While this vulnerability does not affect Fastly, web servers used as origins may run a variety of scripts, some of which may be vulnerable. This Security Advisory provides guidance to customers on how they can protect origin servers from attacks.

  • Use After Free flaw in Lucet-runtime

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    On November 11th 2021, Fastly Engineering received alerts related to segmentation faults on Compute@Edge. A Fastly investigation into CVE-2021-43790, a bug in Lucet, a dependency of Compute@Edge, is disclosed in a recent Bytecode Alliance security advisory. Fastly investigations have not identified additional impact outside of the single case disclosed in this advisory. It's our goal in this Fastly Security Advisory to illustrate our knowledge about the bug discovered and the actions we have taken to prevent further possible impact to our customers.

    Security

  • Cache Poisoning Leveraging Various X-Headers

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    On Thursday, August 9th, research was published at Black Hat USA 2018 on cache poisoning attacks against websites deployed behind caching infrastructure. These attacks could allow an attacker to inject arbitrary content into a victim’s cache. Fastly service configurations that do not take into consideration the interaction between headers that backends use to select content may be vulnerable. This risk can be fully mitigated via a VCL patch or by modifying backend configurations.

    Security

  • Vulnerability in Linux Kernel TCP implementation

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    On August 6, 2018, a vulnerability in the Linux kernel TCP implementation, called SegmentSmack, was publicly disclosed. This vulnerability allowed a remote attacker to cause a denial-of-service attack on a target server by simply establishing a TCP connection to the server and sending specific segments over the connection. Fastly has worked with the security community in advance of this disclosure to address this vulnerability in our edge networks. They pose no threat to Fastly customers.

    Security

  • CVE-2015-7547 Buffer Overflow in glibc

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    On Tuesday, February 16th, researchers published details about a new vulnerability in the glibc library, a standard C library. The vulnerability existed in the code used to translate hostnames into IP addresses. Processes that use it are very common across network service providers, such as CDNs. Fastly immediately implemented a security update on affected systems. No customer action is required. Fastly’s service was not impacted.

    Security

  • DROWN Attack & Fastly

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    Today in conjunction with an OpenSSL Security Advisory several researchers announced a new attack on HTTPS they are calling “Decrypting RSA with Obsolete and Weakened Encryption,” or DROWN. Due to Fastly’s existing TLS configuration, our services, and customers using Fastly as their CDN, are not vulnerable to this attack.

  • Resolved: Fastly “forward secrecy” vulnerability

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    On Monday, November 14, 2016, security researchers published a paper “Measuring the Security Harm of TLS Crypto Shortcuts.” Among other findings across the TLS implementation of several sites, the paper identified Fastly as not frequently rotating TLS session tickets, limiting the effectiveness of forward secrecy. While Fastly was not directly contacted by the researchers, Fastly had previously been made aware of the issue, and this vulnerability was addressed on Friday, November 11. No customer action is required to benefit from the fix.

    Security

  • GlobalSign TLS certificate revocation errors

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    On October 13, 2016 around 11:10am GMT, users visiting websites using GlobalSign TLS certificates, including some hosted by Fastly, started experiencing TLS certificate validation errors. This issue was caused by incorrect certificate revocation information published by our certificate vendor, GlobalSign. This security advisory describes the root cause of this issue, and describes the actions Fastly has taken to limit customer impact.

    Security

  • Widespread Dyn DNS outage affecting Fastly customers

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    On October 21st, 2016, Dyn, a major managed DNS provider, experienced a Distributed Denial of Service attack, which led to outages affecting several major websites, including Fastly infrastructure (such as the Fastly Control Panel and API) and Fastly customers. Fastly worked with our additional managed DNS providers to ensure availability during the incident. This mitigated impact on Fastly customers.

    Security

  • Securing Edge-To-Origin TLS

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    Fastly has fixed a problem in our default Transport Layer Security (TLS) configuration that prevented proper certificate validation when connecting to customer origin servers. Services created after September 6th, 2015 were not affected. This advisory describes the issue to inform our customers of the potential exposure, the fix we’ve made, and additional improvements we’re making. This vulnerability has been assigned Fastly Security severity rating of HIGH.

    Security

  • Incorrect Delivery of Partial Log

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    On July 29th at 00:00 UTC, Fastly was notified by a customer (customer X) that a single log line intended for a different customer (customer Y) was received by customer X’s log system. Fastly promptly began to investigate and determined that when a complex series of conditions occur, a log line may be misrouted to an incorrect logging service. We were able to trace the root cause to an error in logic introduced by Fastly to improve performance in April 2012. This single report from one customer is the only instance that Fastly is aware of, where all necessary conditions aligned simultaneously in eight years.

    Security