You appear to be offline. Some site functionality may not work.
Try Fastly free Call us

Cloud WAF

Fastly’s web application firewall protects your applications from malicious attacks designed to compromise web servers. Built on our powerful edge cloud platform, it protects against injection attacks, cross site scripting, HTTP protocol violations, and more.

Start your free trial

Comprehensive protection

Comprehensive protection

Fastly’s cloud-based WAF consumes third-party rules from the OWASP Core Ruleset, commercial sources, and open source, in addition to Fastly-generated rules. Customers are protected from key application-layer attacks, such as injection attacks and malicious inputs, cross site scripting, data exfiltration, HTTP protocol violations, and other OWASP Top 10 threats. Fastly WAF rules are instantly configurable so you can respond to threats as they arise.

Superior performance

Superior performance

Fastly’s WAF provides global protection without any significant performance impact because it’s fully integrated into our Varnish-based edge cloud platform. Using a set of pre-built rules, we only run WAF detection logic on requests that cannot be served from cache, saving valuable milliseconds in detecting attacks aimed at the origin server. Integration with our edge cloud platform also ensures support for IPv6 and HTTP/2.

Deeper integration

Deeper integration

Third-party CMS platforms are increasingly becoming the target for application-layer attacks. Having the ability to virtually patch these platforms allows you to protect your applications until you roll out software updates. Fastly’s WAF is tightly integrated into our cache nodes, allowing us to detect your website’s application stack. We can apply pre-defined rulesets to protect against known vulnerabilities in popular tools like Drupal and WordPress. You can also quickly add, remove or change WAF-based rules for these platforms.

Real-time visibility and control

Built on our powerful edge cloud platform, Fastly’s WAF gives you access to 100% of your security events and notifications within seconds from the edge. You can quickly identify potential application layer threats and make instant configuration changes to your WAF rules from within our service. Real-time log streaming also gives you immediate visibility into attack mitigation efforts.

WAF Datasheet

Always on, world class web application-layer protection


The most frequently asked questions about Fastly’s WAF

Ready to get started?

Get in touch or create an account.