In today's digital landscape, safeguarding against DDoS attacks is crucial. DDoS protection is built into our platform by default, automatically blocking highly disruptive Layer 3/4 DDoS attacks as well as inspecting and blocking more complex Layer 7 attacks. With over a trillion requests served daily through our globally distributed network, we have access to data at a massive scale and leverage this data to make informed security decisions, ensuring stronger defenses for our customers.
Fastly's network boasts 277+ Tbps of capacity, standing up to even the most massive DDoS attacks. Our infrastructure acts as a DDoS scrubbing center, filtering malicious requests at the network edge before they can reach your origin, so you can focus on keeping your business running.
HTTP(S) traffic can be hard to see at scale, especially when you are under attack. There can be a fine line between the thundering herd of a viral campaign, a DDoS attack, or abusive bot behavior. Fastly’s real-time, flexible logging and observability capabilities provide the insights you need to block attack traffic while letting legitimate users access your site.
Many DDoS attacks evolve in real time to avoid blocking. Fastly helps you adapt to changing attack patterns without compromising performance. Stay one step ahead with the ability to update your security policies and push changes around the globe within seconds: our median deployment time is 13 seconds.
Fastly sees all bidirectional traffic (encrypted and unencrypted) between browsers and your web server. We automatically filter all non-HTTP / HTTPS traffic at our global nodes, blocking highly disruptive Layer 3 and Layer 4 attacks. We also protect against Ping floods, ICMP floods, reflection/amplification attacks, transaction floods, resource exhaustion, and UDP abuse.
Fastly’s edge cache nodes act as enforcement points. Using Varnish Configuration Language (VCL), we apply rules to protect your network from complex Layer 7 attacks. We inspect the entire HTTP / HTTPS requests, and block or rate limit based on client and request criteria, like headers, cookies, request path, and client IP, or indicators like geolocation. Our Next-Gen WAF complements our built-in protection provided by the CDN through advanced rate limiting, thresholding, and SmartParse.
Our service is highly configurable: if you identify signs of a potential DDoS attack, you can use our configuration control panel or upload custom VCL to block certain URLs, client types, geographies, or types of requests. We also keep a history of previous configurations so you can quickly roll back changes if needed. Additionally, our CDN can pick up responses from our Next-Gen WAF, enabling additional options for blocking or restricting clients as necessary.
Core DDoS protection is included for all Fastly delivery customers. We also offer a curated set of services for those requiring greater capabilities and assistance around DDoS attacks and preparedness.
Minimize your risk with continuous protection on an annual basis. This service provides DDoS protection of HTTP (port 80) and HTTPS (port 443, TLS) services with unlimited overage protection. Features immediate onboarding, incident response planning, and emergency and ongoing attack mitigation support.Learn more
This service augments your team with priority, direct access to Fastly’s 24/7 CSOC and an industry-leading 15-minute response SLA. In the event of an incident, our team of experts is standing by to provide the fastest response.Learn more
This full-service offering is for those who require comprehensive, 24/7 monitoring of their environments. It includes proactive monitoring and remediation, monthly and post-event reports and reviews, threat hunting, and readiness drills.Learn more
“Fastly’s DDoS mitigation capabilities allow us to quickly scale while remaining protected from a wide range of security threats."
"By enabling us to mitigate DDoS attacks and terminate TLS at the edge, Fastly empowers us to protect our users while providing consistent and fast experiences."
"Overall great service and support. The technology works well. It's really helped us mitigate DDoS attacks and improve our overall site performance. "
Fastly’s Origin Shield maximizes computing resources for continuous content requests by designating a specific POP to serve as a “shield” for your origin servers. A shield POP can also be used to configure more specific DDoS protections and improve service availability.
Fastly provides an API endpoint so you know which IP addresses our caches will use to send traffic from our CDN to your origin server. This enables you to update firewalls at the origin so only our cache traffic can access your resources.
Upload custom VCL to block certain URLs, client types, geographies, or types of requests for immediate response to DDoS attacks.
Distributed Reflection Denial of Service (DRDoS) attacks take down a victim's network by overwhelming it with response requests sent from a different or spoofed origin.
Ping Floods (also known as ICMP floods) aim to overwhelm a network with ICMP echo requests, impacting both outgoing and incoming bandwidth.
Fastly's DDoS protection provides real-time response and malicious request mitigation at both the network layer (Layer 3 and 4) and application layer (Layer 7).
Learn how we enable you to fortify your digital infrastructure and defend against disruptive DDoS threats.
Ensure your websites, applications, and services are able to scale to meet the demand of your users and are delivered securely and as fast as possible with Fastly.
Stay ahead of web application threats with Fastly’s most complete security coverage offering. Expert protection, 24/7 peace of mind.