Cloud WAF overview

What is Cloud WAF?

Cloud WAF is a hosted solution designed for customers that may not have full autonomy over their infrastructure and therefore do not wish to install a Next-Gen WAF agent and module into their respective environments.

For environments such as these, Cloud WAF is an easily deployable option that provides the same security capabilities of other Next-Gen WAF agent-based deployment options.

Cloud WAF shares a unified management control panel with all other deployment options thus providing actionable information and key metrics quickly in a single centralized interface for your entire organization.

How does it work?

Cloud WAF uses the same technology as our other agent-based deployment options under the hood, which means that as a customer, you have full flexibility to deploy wherever your application operates.

An architecture diagram showing request data flowing from external sources to the Cloud WAF Engine, then to the application origin. Metadata is shown flowing between the application origin and the Cloud WAF Engine via API communication.

For additional information about how the Cloud WAF solution works, see our Cloud WAF product page and data sheet.

Getting started

To deploy a Cloud WAF instance:

  1. Secure communication between Cloud WAF and the client. Upload a TLS certificate for the domain you are protecting with Cloud WAF to ensure communication between the Cloud WAF instance and the client is encrypted and secure. If your requests will be coming from Fastly’s Edge, you can use a Fastly-managed TLS certificate instead and uploading a TLS certificate is optional.

  2. Create the Cloud WAF instance. Create a new Cloud WAF instance in a geographic location close to the location of your origin. Only Owner users can create and edit Cloud WAF instances. All other user roles will have visibility into your Cloud WAF instances but will not be able to create or edit Cloud WAF instances.

  3. Point DNS to your Cloud WAF instance. After the DNS change propagates, confirm that Cloud WAF is protecting your applications by viewing the request data populated in the control panel.


    Ensure that your DNS registrar has the ability to create aliases or CNAME records at the apex (or root) of the domain. If your DNS provider does not support this, we can recommend several DNS providers based on your implementation. Reach out to our support team for more information.

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.