You appear to be offline. Some site functionality may not work.
Call Us

Build on Fastly

Try out powerful solutions on Fastly’s edge with step-by-step tutorials and ready-to-deploy code.

Discover common
solution patterns.

Learn the ins and outs of popular solution patterns, then create, customize, and deploy the solution to your Fastly configuration.

A/B Testing

You want to try out multiple variations of a page or a feature of your website, dividing your users into groups, some of whom experience one version, and some the other. Once a person is…

Learn more

Beacon termination

Your website includes JavaScript on the client side that generates analytics, and you want to collect this data, but want to avoid an uncacheable request reaching your servers for every pageview. Fastly’s real time logging…

Learn more

Geofencing

Your site is available only in certain regions, or offers content that varies between regions. Whether it’s at the country level or down to the square kilometer, Fastly’s geolocation data offers a way to group…

Learn more

Decoding JSON Web Tokens

The popular JSON Web Token format is a useful way to maintain authentication state and synchronise it between client and server. You are using JWTs as part of your authentication process and you want to…

Learn more

Redirects

Your servers often have to handle millions of requests for old and non-canonical URLs. This can cause unneeded load, as well as make logs messier and, if you have recently changed your site’s URL scheme,…

Learn more

Waiting room

You have regular large volumes of traffic and need to limit the rate at which users can start new sessions. Once a user has been allowed in, they should retain access.

Learn more

Get started with
ready-to-deploy recipes.

Solve problems faster with pre-built code blocks that were developed by Fastly’s experts. Copy the code, customize it to meet your needs, and deploy it to your configuration.

Revalidating stale content and getting 304 from origin

Allow conditional GET requests to origin with 304 response, even if ‘outer’ request from browser is not conditional.

Geo-IP API at the Edge

Create an API endpoint for fetching GeoIP data for the requesting browser, implemented 100% at the edge. The response should show your current approximate location, but no requests to any origin servers.

Decorating origin requests with GeoIP

Add GeoIP data about the client browser as extra headers in any requests from Fastly to your origin.

Preflighting for flags

Park request, make a different request first, use the response to annotate the real origin request (or make decisions about how to route it).

Preflighting for paywall

Use a custom Paywall header to trigger preflight requests to authenticate every article view with a backend paywall service

Threat intelligence preflight

Detect requests that contain submitted passwords and use a service to determine whether the password has leaked before allowing the request to proceed to origin (data from haveibeenpwned)

Relative date insertion using ESI

Generate relative time datelines like “3 minutes ago” at the Edge instead of in JavaScript or at origin. Better caching, faster rendering, fewer reflows.

Serve stale to search crawlers

Prioritise human traffic over search crawlers by serving stale content to crawlers

Overriding TTLs based on content-type

Set TTLs at the edge based on the type of resource. Better done at origin, but this can be a great ‘quick fix’ or a solution if you don’t control the origin.

Streaming server-sent-events

Stream responses to the browser while still receiving data from the origin and also saving it to cache. Great for fanning out server-sent-events streams to millions of users from a single source stream

Header overflows

Fastly imposes per-request resource limits on customers’ use of our edge network. If you set too many headers, this happens.

IPv6 to IPv4 translation

Create an identifier that looks like an IPv4 address if the user has made their request using IPv6. Useful for origin servers that require an IPv4 address for some reason.

No-origin RUM logging

Collect and aggregate log data submitted from browsers directly into S3 or other log store without having to handle the traffic at your origin

URL path based routing for microservices

Send request to different origin servers based on the URL path.

Replace origin errors with 'safe' responses

If origin responds with 500 internal server error, modify status to 503 and serve a ‘safe’ error message.

CORS OPTIONS preflights at the edge

Browsers send OPTIONS requests before performing cross-origin POSTs. You can answer these requests directly from the edge.

HTTP Basic Auth

Store username/password list in an edge dictionary, authorise user at the edge, reject requests that don’t have correct credentials.

Serve robots.txt from the edge

Include full text of robots.txt in VCL, serve as a synthetic response to avoid robots.txt requests hitting your origin

Serve stale on origin failure

Deal with all potential scenarios for using stale content to satisfy requests when origin is unhealthy or misbehaving

Random director

Load balance requests randomly across multiple backends, dropping them automatically if they become unhealthy

Consistent hashing director

Map requests to backends consistently, which can be useful for sticky sessions load balancing.

Fallback director

Try backends in turn until one is healthy (also known as an ‘active standby’ or ‘master slave’ strategy)

Client director

Map requests to backends based on user ID, aka “sticky sessions”. Defaults to IP address but you can customise.

Custom logging

Emit logging data to your chosen log endpoint from any VCL stage, not just vcl_log

Partial content 'Range' requests

Range headers sent from client are stripped by Fastly, so that we can cache the full object at the Edge

Synthetic binary responses

Serve binary objects such as images directly from edge configuration by encoding them using base64

Make very large payloads visible in VCL using custom headers

Using the fetch API in JavaScript it’s possible to add custom headers to a request, and you can see that data in VCL, which is subject to a much higher limit than those that we…

Time-limited URL tokens

Make URLs expire after a configurable period.

Image optimization

Use Fastly Image Optimizer to transform and serve images at the edge, closer to your users.

Scheduled invalidation

Purge your edge cache automatically at a certain time. This may cause an inrush of traffic to origin at the scheduled time and should be used with care.

Airport departures using Server-Sent-Events

This simulation of an airport departures board uses Fastly to easily fan out Server-Sent-Events streams to thousands of users, delivering in real time.

Enable modern web security headers to all responses

Go from F to A on securityheaders.io by adding security policy headers to your responses at the edge.

Add, remove or change HTTP headers

Fastly can easily read and write HTTP headers at multiple stages of the request/response cycle.

Rewrite URL path

Receive a request for one path but request a different path from origin, without a redirect.

Manipulate query string

Add, remove, and sort querystring parameters

Change request method

Change PUT, DELETE, OPTIONS and others to POST, or vice versa, to help integrate incompatible client and server apps.

GZip compression at the edge

Compress HTML, SVG, and other compressable formats at the edge and store and serve both compressed and uncompressed versions.

Client public IP API at the edge

Quickly fetch the user’s public IP from an API endpoint on your own domain, with no origin.

Add/remove cookies

Read individual cookies, set new cookies in response

Math assignment operators

Use addition, subtraction, multiplication, division, and modulus operators when assigning numeric values to headers or variables

Caching POST requests

By default, Fastly does not cache responses to POST requests. But you can enable this if you wish.

Regular expression capturing patterns

Use our re.group variable to capture regex pattern groups

Google Cloud storage origin (public)

Use a public GCS bucket as a backend for your Fastly service

Dictionary based IP block list

Ban a list of IP addresses from accessing your service, with expiry time

ACL based IP block list

Ban a list of IP address ranges from accessing your service

CAPTCHA challenge

Intercept suspicious traffic and display a CAPTCHA challenge. If the user passes, allow the request to go to the origin server.

Normalize requests

Improve cache performance by normalising requests. Filter and reorder query params, convert to lowercase, filter headers etc.

Search and replace in strings

Use regular expression substitution functions (regsub) to map paths, strip extraneous slashes, and more.

AWS S3 bucket origin (private)

Use AWS authenticated requests (signature version 2) to protect communication between your Fastly service and AWS.

Azure blob storage bucket origin (private)

Use Microsoft Azure authenticated requests to protect communication between your Fastly service and Azure.

Logging to Google BigQuery

Build raw JSON strings matching your BigQuery table schema to send log data to BigQuery

Unicode escaping in VCL

Represent non-ASCII characters in VCL using unicode escapes

Base64 POST body

Access the body of a POST request in base64 encoded form

Logical assignment operators

Logical expressions involving the left side of an assignment as an operand

Random integers

Generate random whole numbers in a range

Substr to extract substrings

Isolate a portion of a string

POST to GET rewrite using a base64 encoded querystring

To allow caching of POST requests, consider rewriting them as GET requests at the edge.

Set PCI flag to disable persistent cache storage

PCI compliant caching requires caching only in volatile storage, which you can enable with beresp.pci in VCL

Early expiry of cached objects

Cached a large number of objects for too long, and want to update and shorten their TTLs

Smoke test a new origin

Send a copy of your traffic to a test origin before returning a response from the production one

Compute intersection of two lists

Useful for comparing capabilities with required permissions

Hot-linking protection

Detect and reject requests from third party websites that attempt to embed your images on their pages

Prohibit browser caching

Ensure resources are not cached on the front end, while allowing caching within Fastly

Edge-side includes (ESI)

Use Fastly’s support for ESI to combine multiple origin-hosted objects into a single response at the edge

Clean backend responses

Remove headers added by backends that you don’t want to emit to the browser, like amz- or goog- headers.

Force TLS (SSL, HTTPS)

Redirect any requests that come in on insecure HTTP, to the equivalent TLS endpoint

Cache '429' rate-limiter responses per IP

If a backend returns a 429, cache it for the requesting IP, but continue to allow other clients to use origin

Vary Based on a Cookie

Return different objects based on the presense of a cookie.

Multiple backends load balancing with weight setting

Distribute client requests to multiple backends, a weighting dictionary defines the percentage of requests that one backend can get.

Remove querystring from static assets

Use the new Sec-Fetch-Dest header or URL patterns to identify assets that should not allow querystrings to be part of the cache key.

Geofencing / geoblocking content by region

Group countries into groups to cache content by custom regions, or reject requests from some regions entirely

Ultra-local proximity cache using lat/long grid

Bucket users into small grid squares to allow for hyper-local content caching, eg “stores near you”, “local offers”

Set Google Analytics _ga cookie

Due to ITP 2.1 restrictions, cookies set in JavaScript may be limited to a 7 day TTL. Set your GA cookie on the edge to avoid this.

Failover to a secondary backend

If primary backend fails, retry with a different backend without caching the failure or reducing cache efficiency.

Comprehensive logging

Fastly offers a myriad of different variables that you can log. See and test a large collection here.

Catch malicious requests with WAF

The web application fireewall catches a variety of different types of malicious requests including cross site scripting (XSS), SQL injection, remote and local file inclusion (RFI, LFI), remote command execution (RCE) and session fixation.

WAF custom rules

The web application firewall has thousands of rules built in, but you can augment these with your own.

Randomized WAF responses

By default, the web application firewall has a single standard response for blocked requests, but you can vary this if you wish to confuse attackers.

Enable Segmented Caching Gradually

Avoid a huge inrush of traffic to origin caused by enabling segmented caching, by enabling it gradually over a period of hours or days.

Custom condition for triggering WAF

The web application firewall runs only on traffic to your origin, but you can further refine when it should be invoked.

Image transformation classes

Use custom, predefined classnames like large, medium, small, teaser, thumb, or article to control Fastly IO, and optionally prevent end-user access to native properties like ‘width’

All code provided through the Fastly Developer Library is provided under both the BSD and MIT open source licenses.

Get in touch

Help us make this resource more useful for the entire Fastly community. Email your questions, requests, and big ideas to developers@fastly.com — or reach out and let us know what you’re working on.