Next-Gen WAF
These articles explain how to use the Fastly Next-Gen WAF.
API docs
Have access to the Next-Gen WAF control panel? Check out our Next-Gen WAF API docs. Otherwise, check out our Fastly Security API docs.
What's new
Learn about recently released features and products.
Protection from CVE-2024-45115 (Adobe Commerce and Magento Open Source Improper Authentication) An authentication bypass and privilege…
Read moreGetting started
These articles provide basic information about the Next-Gen WAF product and architecture.
These articles describe key features of the Next-Gen WAF control panel.
- Viewing agent details
- About the Agents page
- About the Corp Manage menu
- About the Corp Overview page
- About the Corp Rules menu
- About the Manage menu
- About the Monitor menu
- About the My Profile menu
- About the Requests page
- About the Rules menu
- About the Signals page
- About the Site Overview page
- About the web interface controls
Welcome! This guide provides a high-level overview of the steps needed to set up and configure the Next-Gen WAF product. Guided by our Sales…
Read moreThe Next-Gen WAF is an application security monitoring system that proactively monitors and protects your web application from malicious…
Read moreInstall guides
These articles explain how to install and configure the Next-Gen WAF.
These articles describe how to install, configure, and update the Next-Gen WAF agent.
- Getting started with the agent
- Accessing agent keys
- Agent end-of-support policy
- Allocating resources for the agent
- Configuring the agent
- Installing the agent on Alpine Linux
- Installing the agent on Amazon Linux
- Installing the agent on Debian
- Installing the agent on Red Hat
- Installing the agent on Ubuntu
- Installing the agent on Windows
- Managing agent alerts
- Upgrading the agent
These articles describe the module-agent deployment options.
- Java module overview
- About module-agent deployment
- About the NGINX module
- Apache Module Overview
- Alpine Apache Module Install
- Module configuration
- Amazon Linux Apache Module Install
- Debian Apache Module Install
- Red Hat Apache Module Install
- Ubuntu Apache Module Install
- Windows Apache Module Install
- Upgrading the Apache module
- .Net module install
- .Net Core module install
- Golang module install
- HAProxy module install
- HAProxy SPOE module install
- IBM HTTP Server
- IIS module install
- Installing the NGINX dynamic module
- Installing the NGINX Lua module
- Installing the Java Module with Dropwizard
- Installing the Java Module as a Jetty Handler
- Installing the Java Module as a Netty Handler
- Installing the Java Module as a Servlet Filter
- Installing the Java Module on Weblogic
- Kong plugin install
- Node.js module install
- SELinux support
- Troubleshooting module-agent deployments
- Upgrading the NGINX module
These articles describe how to install the Next-Gen WAF on Kubernetes.
- Kubernetes installation overview
- Agent container image
- Kubernetes reverse proxy
- Kubernetes Agent + Module
- Kubernetes Agent + Ingress Controller + Module
- Kubernetes Envoy
- Kubernetes Istio
- Kubernetes Ambassador
- Agent scaling and running as a service
- Kubernetes startup probe
- Pivotal Container Services (PKS) setup
- AWS Elastic Container Service (ECS) setup
- Example helloworld test web application
- Using the Next-Gen WAF core command line utility
To deploy the Next-Gen WAF, you need to integrate the Next-Gen WAF product into your request flow by: Choosing a deployment method. A…
Read moreWhen deployed in a self-hosted deployment, the Next-Gen WAF agent requires egress to multiple external endpoints to facilitate actions (e.g…
Read moreNext-Gen WAF agent Per our agent end-of-support policy , we support agent versions that are under two years old. On a quarterly cadence, we…
Read moreAgent The Next-Gen WAF agent supports different combinations of operating systems and architecture types. Download the latest version of…
Read moreUsing the Next-Gen WAF
These articles provide information about working with the Next-Gen WAF web interface.
Often the server being protected is behind a load balancer or other proxy. In this case, the server will see this load balancer or proxy IP…
Read moreHeader links facilitate cross-referencing Next-Gen WAF data with your own internal systems via a hyperlink. We currently support linking…
Read moreDeveloper
These articles explain how to work with the Next-Gen WAF API.
Our entire control panel is built API-first — this means that anything we can do, you can do as well via our RESTful/JSON API . We’ve seen…
Read moreNext-Gen WAF stores requests that contain attacks and anomalies, with some qualifications. If you would like to extract this data in bulk…
Read moreThis document demonstrates various data flows between the Module and Agent. While MessagePack is the serialization protocol, the data is…
Read moreX-SigSci-* headers are added to incoming requests. The end user (your customers) can't see them. However, your internal application can use…
Read moreFAQ
These articles provide answers to frequently asked questions.
StatsD Metrics Metrics can be reported through StatsD to the service of your choice using the statsd-address agent configuration flag…
Read moreFastly Security Labs is a program that grants your corp (also known as an account) access to in-development beta features. In addition to…
Read moreFastly provides full support for IPv6 in the product, including: Detection and decisioning: Requests are appropriately tagged and IPv…
Read moreReference
These articles provide reference information for Next-Gen WAF.
These articles provide information about agent and module releases.
- Agent release notes
- Apache release notes
- CloudFoundry release notes
- Dotnet Core release notes
- Dotnet release notes
- Golang release notes
- HAProxy release notes
- Heroku release notes
- IBM Cloud release notes
- IIS release notes
- Java release notes
- NGINX C Binary release notes
- NGINX release notes
- NGINX 1.10 Lua Module release notes
- NGINX 1.11 Lua Module release notes
- NGINX 1.12 Lua Module release notes
- ngwafctl release notes
- NodeJS release notes
You can use the web interface to view a list of individual requests that have been tagged with signals and that fit into the all or sampled…
Read more