You appear to be offline. Some site functionality may not work.
Sign Up

Cloud security

Fastly’s massive globally distributed network provides rapid protection against web application vulnerabilities, DDoS, and botnet attacks. Enforce security rules at the edge with real-time insights into suspicious traffic and the ability to update your configuration in milliseconds.

Start your free trial

Edge filtering

Fastly sees all bidirectional traffic (encrypted and unencrypted) between browsers and your web server and automatically filters all non-HTTP / HTTPS traffic at our global nodes, blocking highly disruptive Layer 3 and Layer 4 attacks. We protect against Ping floods, ICMP floods, reflection / amplification attacks, transaction floods, resource exhaustion, and UDP abuse.

Fastly’s edge cache nodes act as enforcement points. Using VCL, we apply rules to protect your network from complex Layer 7 attacks. We inspect the entire HTTP / HTTPS requests, and block based on client and request criteria, like headers, cookies, request path, and client IP, or indicators like geolocation.

Edge filtering

Rapid response

Fastly’s edge cloud platform gives you the flexibility to keep up with rapidly changing attacker methods. Our real-time streaming logs help you monitor site performance and quickly identify anomalies like traffic spikes and instability. Our service is highly configurable; if you identify signs of a potential DDoS attack, you can use our configuration control panel or upload custom VCL to block certain URLs, client types, geographies, or types of requests. We also keep a history of previous configurations so you can quickly roll back changes if needed.

Origin Cloaking

Sophisticated attackers use tools like Cloudpiercer to uncover the IP address of origin servers. This allows them to direct attack traffic at these exposed origin servers, bypassing a traditional CDN’s protection capabilities. Fastly’s Origin Cloaking prevents these kinds of attacks by hiding your origin from attackers. Using private network interconnections, we connect directly with your origin server, hiding the IP address from the public internet. This forces all attack traffic through our network where we apply DDoS mitigation rules.

Origin Cloaking

Flexible service options

Choose one of our two options as an add-on to your Fastly service: both plans provide layer 7 DDoS mitigation support of HTTP (port 80) and HTTPS (port 443, TLS) with unlimited overage protection.

DDoS Protection and Mitigation Service: our 12-month service helps you minimize risk with continuous, year-long protection.

DDoS Threat Response Service: use our month-to-month service to respond to immediate DDoS threats or for ongoing DDoS attacks.