1. Home
2. Guides
3. Next-Gen WAF
4. Using the Next-Gen WAF

To help protect your web application against Common Vulnerabilities and Exposures (CVE), you can enable virtual patches. A virtual patch is a pre-constructed rule that targets a specific CVE. Once enabled, requests that meet the virtual patch's criteria are tagged with the appropriate CVE signal and then blocked or logged per your enablement specification. We announce new virtual patches through our Announcements guide.

Working with virtual patches using the Next-Gen WAF control panel

From the Next-Gen WAF control panel, you can enable virtual patches and subscribe to virtual patch release notifications.

Enabling virtual patches

To enable a CVE virtual patch using the Next-Gen WAF control panel, complete the following steps:

Subscribing to virtual patch announcements

To receive an email when we release a new virtual patch, complete the following steps using the Next-Gen WAF control panel:

1. Log in to the Next-Gen WAF control panel.

2. From the corp navigation bar, click My Profile.
3. In the Corp subscriptions section, select the Alert me when a new Virtual Patch for a CVE is available checkbox.

Enabling virtual patches using the Fastly control panel

From the Fastly control panel, you can enable a CVE virtual patch:

1. Log in to the Fastly control panel.

2. Go to Security > Next-Gen WAF > Workspaces.

3. Click the gear next to the workspace that you want to modify.

4. Click Virtual patches.

5. Use the search bar to find the virtual patch you want to apply, and then click the pencil to the right of the patch.

   

6. From the Status menu, select Enabled.

7. (Optional) If your workspace is in blocking mode, choose whether to Block requests or Log requests when the signal is observed.

8. Click Update virtual patch.

Related content

• Configuring system signals