Security

These articles describe how to restrict access to resources by allowing or blocking IP addresses with access control lists (ACLs).

• About ACLs
• Manually creating access control lists
• Using the IP block list
• Working with ACLs using the API
• Working with ACLs using the web interface

These articles describe how to secure communications between Fastly, your origin servers, and your customers.

• Accessing Fastly's IP ranges
• Support for App Transport Security

These articles provide information about the administrative, physical, and technical safeguards that protect the Fastly CDN service.

• Penetration testing your service behind Fastly
• Security measures
• Security program
• Signal Sciences security measures
• Technology compliance

These articles describe how to set up TLS certificates with Fastly services.

• Enabling HSTS through Fastly
• Enabling TLS 1.3 through Fastly
• Forcing a TLS redirect
• Serving HTTPS traffic using certificates you manage
• Serving HTTPS traffic using Fastly-managed certificates
• Setting up free TLS
• TLS termination

These articles provide information about the Fastly Web Application Firewall (WAF 2020) security product.

• About the Fastly WAF dashboard (2020)
• About the Fastly WAF rule management interface (2020)
• Creating a custom WAF error page (2020)
• Fastly WAF logging (2020)
• Managing rules on the Fastly WAF (2020)
• WAF Rule Exclusions (2020)
• Web Application Firewall (WAF) (2020)

These articles provide information about the legacy Fastly Web Application Firewall (WAF) security product.

• About the Fastly WAF dashboard (legacy)
• About the Fastly WAF rule management interface (legacy)
• Creating a custom WAF error page (legacy)
• Fastly WAF logging (legacy)
• Fastly WAF rule set updates and maintenance (legacy)
• Managing the Fastly WAF (legacy)
• Web Application Firewall (WAF) (legacy)