DDoS protection at the network edge
Protect your digital infrastructure with Fastly's high-bandwidth, globally distributed network. Our real-time DDoS mitigation safeguards performance without compromising protection. Filter malicious requests at the network edge before they get near your origin.
In today's digital landscape, countering DDoS attacks is crucial. DDoS protection is built into our platform, automatically blocking highly disruptive Layer 3/4 DDoS attacks as well as inspecting and blocking more complex Layer 7 attacks. With over a trillion requests served daily through our global network, we have access to data at a massive scale and leverage it to make informed security decisions, ensuring stronger defenses for our customers.
Fastly's network boasts 291+ Tbps of capacity, standing up to even the most massive DDoS attacks. Our infrastructure acts as a DDoS scrubbing center, filtering malicious requests at the network edge before they can reach your origin, so you can focus on keeping your business running.
HTTP(S) traffic can be hard to see at scale, especially when you are under attack. There can be a fine line between the thundering herd of a viral campaign, a DDoS attack, or abusive bot behavior. Fastly’s real-time, flexible logging and observability capabilities provide the insights you need to block attack traffic while letting legitimate users access your site.
Many DDoS attacks evolve in real time to avoid blocking. Fastly helps you adapt to changing attack patterns without compromising performance. Stay one step ahead with the ability to update your security policies and push changes around the globe within seconds: our median deployment time is 13 seconds.
Fastly DDOS Mitigation ensures availability and uptime by offering over 277+ Tbps to halt the largest Layer 3/4 attacks and inspecting the entirety of requests to identify and block Layer 7 attacks. Leverage its full configuration options to make intelligent rate-limiting and blocking decisions.
Fastly sees all bidirectional traffic (encrypted and unencrypted) between browsers and your web server. We automatically filter all non-HTTP / HTTPS traffic at our global nodes, blocking highly disruptive Layer 3 and Layer 4 attacks. We also protect against Ping floods, ICMP floods, reflection/amplification attacks, transaction floods, resource exhaustion, and UDP abuse.
Fastly's edge cache nodes enforce Varnish (VCL) rules to safeguard against Layer 7 attacks. We inspect the entire HTTP / HTTPS requests, and block or rate limit based on client and request criteria, or indicators like geolocation. Our Next-Gen WAF complements our CDN’s built-in protection through advanced rate limiting, thresholding, and SmartParse.
Our service is highly configurable: use our control panel or upload custom VCL to block a multitude of request types the moment a potential DDoS attack is identified. Our CDN also picks up responses from our Next-Gen WAF, enabling additional options for blocking or restricting clients as necessary.
Protect against Denial of Service style attacks with flexible configurations that enable powerful protection
Fastly’s Origin Shield maximizes computing resources for continuous content requests by designating a specific POP to serve as a “shield” for your origin servers. A shield POP can also be used to configure more specific DDoS protections and improve service availability.
Fastly provides an API endpoint so you know which IP addresses our caches will use to send traffic from our CDN to your origin server. This enables you to update firewalls at the origin so only our cache traffic can access your resources.
Fastly offers rate limiting on the edge and within the WAF. Edge rate limiting on the CDN is ideal for high-speed, high-volume attacks, while the Next-Gen WAF’s advanced rate limiting counters slow and low attacks. Together, they provide unmatched flexibility to effectively mitigate attacks of any level and complexity.
Upload custom VCL to block certain URLs, client types, geographies, or types of requests for immediate response to DDoS attacks.
Distributed Reflection Denial of Service (DRDoS) attacks take down a victim's network by overwhelming it with response requests sent from a different or spoofed origin.
Ping Floods (also known as ICMP floods) aim to overwhelm a network with ICMP echo requests, impacting both outgoing and incoming bandwidth.
Core DDoS protection is included for all Fastly delivery customers. We also offer a curated set of services for those requiring greater capabilities and assistance around DDoS attacks and preparedness.
Minimize your risk with continuous protection on an annual basis. This service provides DDoS protection of HTTP (port 80) and HTTPS (port 443, TLS) services with unlimited overage protection. Features immediate onboarding, incident response planning, and emergency and ongoing attack mitigation support. Learn more
This full-service offering is for those who require comprehensive, 24/7 monitoring of their environments. It includes proactive monitoring and remediation, monthly and post-event reports and reviews, threat hunting, and readiness drills. Learn more
This service augments your team with priority, direct access to Fastly’s 24/7 CSOC and an industry-leading 15-minute response SLA. In the event of an incident, our team of experts is standing by to provide the fastest response. Learn more
Minimize your risk with continuous protection on an annual basis. This service provides DDoS protection of HTTP (port 80) and HTTPS (port 443, TLS) services with unlimited overage protection. Features immediate onboarding, incident response planning, and emergency and ongoing attack mitigation support. Learn more
This full-service offering is for those who require comprehensive, 24/7 monitoring of their environments. It includes proactive monitoring and remediation, monthly and post-event reports and reviews, threat hunting, and readiness drills. Learn more
This service augments your team with priority, direct access to Fastly’s 24/7 CSOC and an industry-leading 15-minute response SLA. In the event of an incident, our team of experts is standing by to provide the fastest response. Learn more
Fastly’s DDoS mitigation is an always-on security solution. Our entire network acts as a scrubbing center for DDoS attacks, offering you the same level of DDoS mitigation for both encrypted and unencrypted traffic.
Read more
Learn how our DDoS Mitigation services can protect your business.
Watch now
Ensure your websites, applications, and services are able to scale to meet the demand of your users and are delivered securely and as fast as possible with Fastly.
Read moreGet in touch or create an account