Next-Gen WAF

These articles explain how to use the Fastly Next-Gen WAF (powered by Signal Sciences).


What's new

Learn about recently released features and products.

Attack signal thresholds are now aggregated System site alerts monitor and flag IP addresses that exhibit repeat malicious behavior and…

Read more...

How it works

These articles provide basic information about the Next-Gen WAF product and architecture.

The Signal Sciences platform is an application security monitoring system that proactively monitors for malicious and anomalous web traffic…

Read more...

The Signal Sciences platform is an application security monitoring system that proactively monitors for malicious and anomalous web traffic…

Read more...

Install guides

These articles explain how to install and configure the Next-Gen WAF.

Cloud WAF
 

These articles describe how to use Cloud WAF.

Platform as a Service (PaaS)
 

These articles describe set up and deployment of the Signal Sciences agent using one of our compatible PaaS platforms.

Processors We support the following processors: Intel. All agent and module versions are compatible with Intel processors. AMD. All agent…

Read more...

The Edge deployment method allows you to add the Signal Sciences as an edge security service onto Fastly's Edge Cloud Platform without…

Read more...

Support is available for the Envoy Proxy via builtin Envoy gRPC APIs implemented in the sigsci-agent running as a gRPC server. Envoy v…

Read more...

Signal Sciences supports multiple installation methods. You can use Fastly’s Edge Cloud Platform , you can use Signal Sciences’ hosted…

Read more...

We provide the ability to configure the Signal Sciences module. The following attributes are set by default, but may need to be modified to…

Read more...

Agent The Signal Sciences agent supports different combinations of operating systems and architecture types. Download the latest version of…

Read more...

The Agent can be configured to run as a reverse proxy allowing it to interact directly with requests and responses without the need for a…

Read more...

Using the Next-Gen WAF

These articles provide information about working with the Next-Gen WAF web interface.

Agent mode
 

These articles describe how to set the Agent mode on the Signal Sciences agent.

Agent response codes
 

These articles describe how to set custom agent response codes on the Signal Sciences agent.

Data storage and privacy
 

These articles describe how we store and make available request and response data via the web interface and API.

Signals
 

These articles describe how to work with signals.

Sites
 

These articles describe how to work with sites (also known as workspaces).

Header links facilitate cross-referencing Signal Sciences data with your own internal systems via a hyperlink. We currently support linking…

Read more...

Site alerts monitor and handle requests from IP addresses that have been tagged with specific signals. Specifically, when the number of…

Read more...

Upgrading

These articles provide information on keeping your agents and modules up-to-date.

Our Module package is distributed in our package repositories, if you haven't already, configure our repository on your system. Upgrading…

Read more...

Upgrading the IIS Module The process for upgrading the IIS module is the same as installing the IIS Module with the latest release…

Read more...

Our Module package is distributed in our package repositories. If you haven't already, configure our repository on your system. Upgrading…

Read more...

Integrations

These articles explain how to work with integrations to notify you about activity within your corps and sites.

There are two types of integrations: Corp Integrations and Site Integrations : Corp Integrations Corp integrations notify you about…

Read more...

Cisco Threat Response (CTR) is a tool used by incident responders that aggregates data from various Cisco security products like AMP for…

Read more...

Events Feed Our Datadog event integration creates an event when IP addresses are flagged on Signal Sciences. Adding a Datadog integration…

Read more...

Our generic webhooks integration allows you to subscribe to notifications for certain activity on Signal Sciences. Adding a webhook From the…

Read more...

With the Signal Sciences plugin for HashiCorp Vault, you can use Vault to manage the keys for your agents. Vault is an identity-based…

Read more...

Our JIRA issue integration creates an issue when IP addresses are flagged on Signal Sciences. Adding a JIRA issue integration JIRA issue…

Read more...

Our mailing list integration allows you to receive email notifications for certain activity on Signal Sciences. Adding a mailing list…

Read more...

Our OpsGenie issue integration creates an alert when IP addresses are flagged on Signal Sciences. Adding a OpsGenie integration Create an…

Read more...

Our PagerDuty issue integration creates an incident when IP addresses are flagged on Signal Sciences. Adding a PagerDuty integration…

Read more...

The PivotalTracker integration allows you to create a story anytime an event triggers. Adding a PivotalTracker integration PivotalTracker…

Read more...

Our Slack message integration allows you to be notified when certain activity occurs on Signal Sciences. Adding a Slack message integration…

Read more...

The generic webhook integration enables you to export notifications for certain activity on Signal Sciences directly to Sumo Logic…

Read more...

Our Teams integration allows you to be notified when certain activity occurs on Signal Sciences. Adding Teams integration You can add Teams…

Read more...

The VictorOps integration allows you to send a notification to VictorOps anytime activity occurs. This includes IP flagging events in…

Read more...

Developer

These articles explain how to work with the Next-Gen WAF API.

Our entire console is built API-first — this means that anything we can do, you can do as well via our API, which is fully documented here…

Read more...

Signal Sciences stores requests that contain attacks and anomalies, with some qualifications. If you would like to extract this data in…

Read more...

This document demonstrates various data flows between the Module and Agent. While MessagePack is the serialization protocol, the data is…

Read more...

Starting with: Agent > 1.8.386 NGINX Module > 1.0.0+343 Apache Module > 207 X-SigSci- headers are added in the incoming request. The end…

Read more...

FAQ

These articles provide answers to frequently asked questions.

Basics Here are some answers to a few basic Signal Sciences questions. What platforms does SigSci support for the module/agent? Our…

Read more...

StatsD Metrics Metrics can be reported through StatsD to the service of your choice using the statsd-address agent configuration flag…

Read more...

Fastly Security Labs is a program that grants your Signal Sciences corp access to in-development beta features. In addition to early…

Read more...

Term Definition Admin A user role that has limited access to corp configurations, can edit specific sites, and can invite users to sites…

Read more...

Signal Sciences provides full support for IPv6 in the product, including: Detection and decisioning: Requests are appropriately tagged and…

Read more...

Currently, NGINX only supports one init_by_lua or init_by_lua_file , which is used by the Signal Sciences NGINX module. If you have your…

Read more...

Often the server being protected is behind a load balancer or other proxy. In this case, the server will see this load balancer or proxy IP…

Read more...

Free Text In many cases, you can just enter a free-text query. Example Description /a/path/here sqli -7h Show all SQLI in last 7 hours with…

Read more...

Troubleshooting

These articles describe how to troubleshoot common problems.

My data is not showing in the console but the agent and module are running If both the agent and module are reporting as active within the…

Read more...

Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security…

Read more...

Apache module fails to load ( The following information has been confirmed for RHEL/CentOS deployments using the default yum module…

Read more...

Reference

These articles provide reference information for Next-Gen WAF.