You appear to be offline. Some site functionality may not work.
Sign Up

Cloud security

Fastly’s massive globally distributed network provides rapid protection against web application vulnerabilities, DDoS, and botnet attacks. Enforce security rules at the edge with real-time insights into suspicious traffic and the ability to update your configuration in milliseconds.

Start your free trial

Edge filtering

Fastly sees all bidirectional traffic (encrypted and unencrypted) between browsers and your web server and automatically filters all non-HTTP / HTTPS traffic at our global nodes, blocking highly disruptive Layer 3 and Layer 4 attacks. We protect against Ping floods, ICMP floods, reflection / amplification attacks, transaction floods, resource exhaustion, and UDP abuse.

Fastly’s edge cache nodes act as enforcement points. Using VCL, we apply rules to protect your network from complex Layer 7 attacks. We inspect the entire HTTP / HTTPS requests, and block based on client and request criteria, like headers, cookies, request path, and client IP, or indicators like geolocation.

Edge filtering

Rapid response

Fastly’s edge cloud platform gives you the flexibility to keep up with rapidly changing attacker methods. Our real-time streaming logs help you monitor site performance and quickly identify anomalies like traffic spikes and instability. Our service is highly configurable; if you identify signs of a potential DDoS attack, you can use our configuration control panel or upload custom VCL to block certain URLs, client types, geographies, or types of requests. We also keep a history of previous configurations so you can quickly roll back changes if needed.

Origin Cloaking

Sophisticated attackers use tools like Cloudpiercer to uncover the IP address of origin servers. This allows them to direct attack traffic at these exposed origin servers, bypassing a traditional CDN’s protection capabilities. Fastly’s Origin Cloaking prevents these kinds of attacks by hiding your origin from attackers. Using private network interconnections, we connect directly with your origin server, hiding the IP address from the public internet. This forces all attack traffic through our network where we apply DDoS mitigation rules.

Origin Cloaking

DDoS Protection and Mitigation Service

Fastly offers a 12-month DDoS Protection and Mitigation Service as an add-on to your Fastly edge cloud service.

This includes:

  • Layer 3, 4 and 7 DDoS mitigation and support of HTTP (port 80) and HTTPS (port 443, TLS)
  • Unlimited overage protection
  • Security support 24/7
We send emails from time to time about upcoming events, new products, & the latest industry trends, but only if you want them. Check the box to consent to receive these messages.