Configuring Edge WAF deployments using the Next-Gen WAF control panel
After deploying the Edge WAF, you can:
- change the percentage of traffic that is sent to the WAF.
- use request headers to customize inspection.
- re-assign the Fastly service to a new site (workspace).
Changing the percentage of traffic sent to the WAF
You can control the amount of traffic inspected by the Edge WAF using the Enabled dictionary key. This value is available in the Edge_Security dictionary and is automatically created when you attach a delivery service.
The default value is 0, with numbers greater than zero representing a percentage of the traffic being inspected. This means that unless you change the value of the Edge_Security Edge dictionary, your WAF will be enabled but won't inspect any traffic. If the value is set to 100, all traffic (100%) will be passed through the Edge WAF. If the value is less than 100, a random sample of the specified percentage will be sent through the Edge WAF.
Edge_Security Edge dictionary no longer uses the DISABLED field, set Enabled to 0 if you don't want the WAF to inspect any traffic. Alternatively, you can use the control panel to control blocking and logging behavior of the Edge WAF or to turn off agent configurations entirely.Customizing inspection with headers
You can use X-SigSci- headers to force the Next-Gen WAF to inspect requests, to disable inspection, and to skip initial inspection.
Re-mapping a Fastly CDN service to a new site (workspace)
To re-assign the Fastly service to a new site (workspace), follow these steps:
Using the curl command line tool, call the DELETE deliveryIntegration/${fastlySID} API endpoint in a terminal application:
$ curl -v -H "x-api-user: ${SIGSCI_EMAIL}" -H "x-api-token: ${SIGSCI_TOKEN}" \-H "Fastly-Key: ${FASTLY_KEY}" -H 'Content-Type: application/json' -X DELETE \"https://dashboard.signalsciences.net/api/v0/corps/${corpName}/sites/${siteName}/deliveryIntegration/${fastlySID}"This API call requires the Fastly-Key header for authentication. The Fastly API key must have write access to the Fastly service ID. This API call removes all backends from the Edge WAF deployment connected to the Fastly service and detaches the Fastly service from the Edge WAF deployment.
Using the curl command line tool, call the PUT deliveryIntegration/{fastlySID} API endpoint in a terminal application to map the existing Fastly service to the new
${siteName}. For example:$ curl -H "x-api-user:${SIGSCI_EMAIL}" -H "x-api-token:${SIGSCI_TOKEN}" \-H "Fastly-Key: ${FASTLY_KEY}" -H 'Content-Type: application/json' -X PUT \"https://dashboard.signalsciences.net/api/v0/corps/${corpName}/sites/${siteName}/deliveryIntegration/${fastlySID}"This API call will activate a new service version by updating the existing Next-Gen WAF VCL dynamic snippet with the new edge security service ID. It also sets the percent of traffic sent to the WAF for inspection to
0.(Optional) Increase the percentage of traffic sent to the WAF for inspection.
