Basics
- About the web interface controls
- Always-on DDoS mitigation
- Browser recommendations when using the Fastly web interface
- Content and its delivery
- Fastly POP locations
- Getting started with Fastly
- How caching and CDNs work
- How Fastly's CDN Service works
- HTTP status codes cached by default
- Self-provisioned Fastly services
- Sign up and create your first service
- Working with services
Domains & Origins
Performance
Basics
Dictionaries
Domains & Origins
- Changing origins based on user location
- Connecting to origins
- Enabling global POPs
- Failover configuration
- IPv6 support
- Maintaining separate HTTP and HTTPS requests to origin servers
- Routing assets to different origins
- Setting up redundant origin servers
- Specifying an override host
- Using Fastly with apex domains
Request settings
Cache settings
Headers
Responses
Performance
- About Dynamic Servers
- Cache control tutorial
- Caching configuration best practices
- Controlling caching
- Creating and using pools with Dynamic Servers
- Creating and using server entries with Dynamic Servers
- Enabling API caching
- Enabling automatic gzipping
- Failure modes with large files
- HTTP/2 server push
- Implementing API cache control
- Making query strings agnostic
- Request collapsing
- Segmented Caching
- Serving stale content
- Setting Surrogate-Key headers based on a URL
- Setting Surrogate-Key headers for Amazon S3 origins
- Streaming Miss
Purging
Custom VCL
- Accept-Language header VCL features
- Authenticating before returning a request
- Basic authentication
- Creating location-based tagging
- Custom responses that don't hit origin servers
- Delivering different content to different devices
- Enabling URL token validation
- Guide to VCL
- Isolating header values without regular expressions
- Manipulating the cache key
- IP geolocation variables: Migrating to the new dataset
- Overriding which IP address the geolocation features use
- Response Cookie handling
- Support for the Edge-Control header
- Understanding the different PASS action behaviors
- Using edge side includes (ESI)
- VCL regular expression cheat sheet
Image optimization
Video
Access Control Lists
Monitoring and testing
Securing communications
Security measures
TLS
- Domain validation for TLS certificates
- Enabling HSTS through Fastly
- Forcing a TLS redirect
- Managing domains on TLS certificates
- Serving HTTPS traffic using certificates you manage
- Serving HTTPS traffic using Fastly-managed certificates
- Setting up free TLS
- TLS key and certificate replacement
- TLS termination
Web Application Firewall
Logging endpoints
- Log streaming: Amazon S3
- Log streaming: Microsoft Azure Blob Storage
- Log streaming: Cloud Files
- Log streaming: Datadog
- Log streaming: DigitalOcean Spaces
- Log streaming: Elasticsearch
- Log streaming: FTP
- Log streaming: Google BigQuery
- Log streaming: Google Cloud Storage
- Log streaming: Honeycomb
- Log streaming: Kafka
- Log streaming: Log Shuttle
- Log streaming: LogDNA
- Log streaming: Logentries
- Log streaming: Loggly
- Log streaming: Heroku's Logplex
- Log streaming: OpenStack
- Log streaming: Papertrail
- Log streaming: Scalyr
- Log streaming: SFTP
- Log streaming: Splunk
- Log streaming: Sumo Logic
- Log streaming: Syslog
Non-Fastly services
Streaming logs
Debugging techniques
Common errors
Account management
Billing
User access and control
Working with ACLs using the API
Last updated July 30, 2018
Access control lists (ACLs) allow you to store a list of permissions that Varnish will use to grant or restrict access to URLs within your services. You can use the Fastly API to add, remove, and update ACLs programmatically.
Working with ACL containers using the API
Using the Fastly API, you can create view, or delete ACL containers into which ACL entries can be placed.
ACL container attributes
Containers for ACLs at the edge have the following attributes:
- Service ID: The ID of the Fastly service the ACL is associated with.
- Service Version Number: The service version number the ACL is associated with. Note that the ACL will continue to reside within subsequently cloned counterparts.
- ACL Name: The name of the ACL.
- ACL ID: The unique identifier of the ACL.
Creating an ACL container
To start using an ACL, you'll need to create an empty container within a version of a service that's unlocked and not yet activated. Make the following API call in a terminal application:
1
curl -H "Fastly-Key: FASTLY_API_TOKEN" -X POST https://api.fastly.com/service/<service_id>/version/<service_version_number>/acl -d name=my_acl
The response will look like this:
1
2
3
4
5
6
7
8
{
"id": "<service_version_number>",
"name": "my_acl",
"service_id": "<service_id>",
"version": "1",
"created_at": "2016-04-14 21:23:21",
"updated_at": "2016-04-14 21:23:21"
}
Be sure to activate the new version of the service you associated with the empty ACL container.
Viewing ACL containers
To see information related to a single ACL (in this example, my_acl
) attached to a particular version of a service, make the following API call in a terminal application:
1
curl -H "Fastly-Key: FASTLY_API_TOKEN" https://api.fastly.com/service/<service_id>/version/<service_version_number>/acl/my_acl
The response will look like this:
1
2
3
4
5
6
7
8
{
"id": "<acl_id>",
"name": "my_acl",
"service_id": "<service_id>",
"version": "<service_version_number>",
"created_at": "2016-04-14 21:23:21",
"updated_at": "2016-04-14 21:23:21"
}
To view a list of all ACL containers attached to a particular version of a service, make the following API call in a terminal application:
1
curl -H "Fastly-Key: FASTLY_API_TOKEN" https://api.fastly.com/service/<service_id>/version/<service_version_number>/acl
The response will look like this:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[
{
"id": "<acl_1_id>",
"name": "my_new_acl",
"service_id": "<service_id>",
"version": "<service_version_number>",
"created_at": "2016-04-14 21:23:21",
"updated_at": "2016-04-15 17:23:09"
},
{
"id": "<acl_2_id>",
"name": "my_other_acl",
"service_id": "<service_id>",
"version": "<service_version_number>",
"created_at": "2016-04-14 21:23:21",
"updated_at": "2016-04-15 17:23:09"
}
]
Deleting an ACL container
Deleting an ACL deletes the ACL and all of its associated entries. To delete an ACL (in this example, my_new_acl
), make the following API call in a terminal application:
1
curl -H "Fastly-Key: FASTLY_API_TOKEN" -X DELETE https://api.fastly.com/service/<service_id>/version/<service_version_number>/acl/my_new_acl
The response will look like this:
1
2
3
{
"status":"ok"
}
Working with ACL entries using the API
ACL entry parameters
ACL entries have the following parameters:
- service_id: The ID of the Fastly service the ACL is associated with.
- acl_id: The ID of the ACL.
- id: The ID of the ACL entry.
- ip: The IP address contained within the ACL entry.
- subnet: Optional. The range of IP addresses within a single ACL entry.
- negated: If true, this entry is an exception to the non-negated entries in the list. Negations override non-negated entries regardless of their order. Valid values are
true
andfalse
. Defaults tofalse
. - comment: Optional. A descriptive comment indicating why you created the ACL entry.
Creating an ACL entry
To add an entry to an existing ACL, make the following API call in a terminal application:
1
curl -H "Fastly-Key: FASTLY_API_TOKEN" -X POST https://api.fastly.com/service/<service_id>/acl/<acl_id>/entry -d 'ip=127.0.0.1&subnet=16&negated=0&comment=test'
The response will look like this:
1
2
3
4
5
6
7
8
9
10
11
12
{
"acl_id": "<acl_id>",
"comment": "test",
"created_at": "2016-04-22T19:14:02+00:00",
"deleted_at": null,
"id": "<acl_entry_id>",
"ip": "127.0.0.1",
"negated": "0",
"service_id": "<service_id>",
"subnet": 16,
"updated_at": "2016-04-22T19:14:02+00:00"
}
Viewing ACL entries
To see information related to a single ACL entry, make the following API call in a terminal application:
1
curl -H "Fastly-Key: FASTLY_API_TOKEN" -H 'Content-Type: application/vnd.api+json' https://api.fastly.com/service/<service_id>/acl/<acl_id>/entry/<acl_entry_id>
The response will look like this:
1
2
3
4
5
6
7
8
9
10
11
12
{
"acl_id": "<acl_id>",
"comment": "",
"created_at": "2016-04-22T19:18:42+00:00",
"deleted_at": null,
"id": "<acl_entry_id>",
"ip": "127.0.0.5",
"negated": "0",
"service_id": "<service_id>",
"subnet": 16,
"updated_at": "2016-04-22T19:18:42+00:00"
}
To view a list of all ACL entries attached to a particular ACL, make the following API call in a terminal application:
1
curl -H "Fastly-Key: FASTLY_API_TOKEN" https://api.fastly.com/service/<service_id>/acl/<acl_id>/entries
The response will look like this:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[
{
"acl_id": "<acl_id>",
"comment": "",
"created_at": "2016-04-22T19:13:03+00:00",
"deleted_at": null,
"id": "<acl_entry_1_id>",
"ip": "127.0.0.1",
"negated": "0",
"service_id": "<service_id>",
"subnet": 16,
"updated_at": "2016-04-22T19:13:03+00:00"
},
{
"acl_id": "<acl_id>",
"comment": "",
"created_at": "2016-04-22T19:14:02+00:00",
"deleted_at": null,
"id": "<acl_entry_2_id>",
"ip": "127.0.0.2",
"negated": "0",
"service_id": "<service_id>",
"subnet": 16,
"updated_at": "2016-04-22T19:14:02+00:00"
}
]
Updating ACL entries
There are two ways to update ACL entries: you can update a single ACL entry, or you can update multiple ACL entries at the same time.
Updating a single ACL entry
To update an existing ACL entry, make the following API call in a terminal application:
1
curl -H "Fastly-Key: FASTLY_API_TOKEN" -X PATCH https://api.fastly.com/service/<service_id>/acl/<acl_id>/entry/<acl_entry_id> -d 'ip=127.0.0.2&subnet=32&negated=0&comment=allow'
The response will look like this:
1
2
3
4
5
6
7
8
9
10
11
12
{
"acl_id": "<acl_id>",
"comment": "allow",
"created_at": "2016-04-22T19:18:42+00:00",
"deleted_at": null,
"id": "<acl_entry_id>",
"ip": "127.0.0.2",
"negated": "0",
"service_id": "<service_id>",
"subnet": 32,
"updated_at": "2016-04-22T19:18:42+00:00"
}
Updating multiple ACL entries
You can also update multiple ACL entries at the same time. Include an entries
array of changes in the API call and pass an operation (op
) parameter for every change. Possible op
values are create
, update
, and delete
.
To update multiple ACL entries at the same time, make the following API call in a terminal application:
1
curl -H "Fastly-Key: FASTLY_API_TOKEN" -H "Content-type: application/json" -X PATCH https://api.fastly.com/service/<service_id>/acl/<acl_id>/entries -d '{"entries":[{"op": "create", "ip": "192.168.0.1","subnet": "8"},{"op": "update", "id": "<acl_entry_id>", "ip": "192.168.0.2", "subnet": "16"},{"op": "delete", "id": "<acl_entry_id>"}]}'
The response will look like this:
1
2
3
{
"status":"ok"
}
Deleting an ACL entry
WARNING: ACL entry deletions are permanent. If you delete an ACL entry, the entry is permanently removed from all service versions and cannot be recovered.
To permanently delete an ACL entry, make the following API call in a terminal application:
1
curl -H "Fastly-Key: FASTLY_API_TOKEN" -X DELETE https://api.fastly.com/service/<service_id>/acl/<acl_id>/entry/<acl_entry_id>
The response will look like this:
1
2
3
{
"status":"ok"
}