Fastly’s massive globally distributed network provides rapid protection against web application vulnerabilities, DDoS, and botnet attacks. Enforce security rules at the edge with real-time insights into suspicious traffic and the ability to update your configuration in milliseconds.
Fastly’s cloud-based WAF consumes third-party rules from the OWASP Core Ruleset, commercial sources, and open source, in addition to Fastly-generated rules. Customers are protected from key application-layer attacks, such as injection attacks and malicious inputs, cross site scripting, data exfiltration, HTTP protocol violations, and other OWASP Top 10 threats. Fastly WAF rules are instantly configurable so you can respond to threats as they arise.
Fastly’s WAF provides global protection without any significant performance impact because it’s fully integrated into our Varnish-based edge cloud platform. Using a set of pre-built rules, we only run WAF detection logic on requests that cannot be served from cache, saving valuable milliseconds in detecting attacks aimed at the origin server. Integration with our edge cloud platform also ensures support for IPv6 and HTTP/2.
Third-party CMS platforms are increasingly becoming the target for application-layer attacks. Having the ability to virtually patch these platforms allows you to protect your applications until you roll out software updates. Fastly’s WAF is tightly integrated into our cache nodes, allowing us to detect your website’s application stack. We can apply pre-defined rulesets to protect against known vulnerabilities in popular tools like Drupal and WordPress. You can also quickly add, remove or change WAF-based rules for these platforms.
Built on our powerful edge cloud platform, Fastly’s WAF gives you access to 100% of your security events and notifications within seconds from the edge. You can quickly identify potential application layer threats and make instant configuration changes to your WAF rules from within our service. Real-time log streaming also gives you immediate visibility into attack mitigation efforts.