About the agent mode (protection mode)

  Last updated 2024-10-22

Agent mode (also known as Protection mode) is a site (also known as workspace) setting that determines how the Next-Gen WAF agent handles request processing. Options include:

  • Blocking: enables request blocking and logging. This option actively protects your web application and provides visibility into your web traffic. Legitimate traffic is still allowed.
  • Not Blocking (also known as Logging): enables request logging. This option provides visibility into your web traffic but doesn't actively protect your site (workspace).
  • Off: disables request processing. The agent doesn't block or log requests. This option doesn't uninstall the agent.
NOTE

This guide discusses agent mode (protection mode) in the context of using the Next-Gen WAF. To enable protection mode using Fastly DDoS Protection, check out our guide about DDoS Protection instead.

About the Blocking option

When the Agent mode (Protection mode) menu is set to Blocking, the Next-Gen WAF:

  • logs requests based on our storage policy.
  • blocks malicious requests from reaching your web servers and doing harm. Site alerts (also known as workspace alerts) and rules define the criteria used to evaluate and block individual requests.

When requests are blocked, the 406 response code is returned unless you specified a different custom response code. You can view non-sensitive portions of blocked requests and response metadata via the Next-Gen WAF control panel, Fastly control panel, and API.

About the Not Blocking (Logging) option

When the Agent mode (Protection mode) menu is set to Not Blocking (Logging), the Next-Gen WAF logs requests based on our storage policy and all traffic is allowed.

IMPORTANT

The Not blocking (Logging) option never blocks requests. Requests that match rules with a block action will be allowed.

Changing the agent mode (protection mode)

To change the agent mode (protection mode), compete the following steps:

  1. Next-Gen WAF control panel
  2. Fastly control panel
NOTE

If you've been assigned the observer role, you cannot change the agent mode.

  1. Log in to the Next-Gen WAF control panel.
  2. From the Sites menu, select a site if you have more than one site.

  3. From the site navigation bar, click the agent mode indicator.

  4. Click Manage.

    The agent mode selection page.

  5. From the Agent mode menu, select the agent mode for the site. Options include:

    • Blocking: enables request blocking and logging. This option actively protects your web application and provides visibility into your web traffic. Legitimate traffic is still allowed.
    • Not Blocking: enables request logging. This option provides visibility into your web traffic but doesn't actively protect your site.
    • Off: disables request processing. The agent doesn't block or log requests. This option doesn't uninstall the agent.

  6. Click Update.

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Fastly
© Fastly 2024