Cloud WAF overview
Last updated 2024-08-28
IMPORTANT
This guide only applies to Next-Gen WAF customers with access to the Next-Gen WAF control panel. If you have access to the Next-Gen WAF product in the Fastly control panel, you can only deploy the Next-Gen WAF with the Edge WAF deployment method.
What is Cloud WAF?
Cloud WAF is a hosted solution designed for customers that may not have full autonomy over their infrastructure and therefore do not wish to install a Next-Gen WAF agent and module into their respective environments.
For environments such as these, Cloud WAF is an easily deployable option that provides the same security capabilities of other Next-Gen WAF agent-based deployment options.
Cloud WAF shares a unified management control panel with all other deployment options thus providing actionable information and key metrics quickly in a single centralized interface for your entire organization.
How does it work?
Cloud WAF uses the same technology as our other agent-based deployment options under the hood, which means that as a customer, you have full flexibility to deploy wherever your application operates.
Getting started
To deploy a Cloud WAF instance:
Secure communication between Cloud WAF and the client. Upload a TLS certificate for the domain you are protecting with Cloud WAF to ensure communication between the Cloud WAF instance and the client is encrypted and secure. If your requests will be coming from Fastly’s Edge, you can use a Fastly-managed TLS certificate instead and uploading a TLS certificate is optional.
Create the Cloud WAF instance. Create a new Cloud WAF instance in a geographic location close to the location of your origin. Only users assigned the role of owner (superuser) can create and edit Cloud WAF instances. All other roles will have visibility into your Cloud WAF instances but will not be able to create or edit Cloud WAF instances.
Point DNS to your Cloud WAF instance. After the DNS change propagates, confirm that Cloud WAF is protecting your applications by viewing the request data populated in the control panel.
NOTE
Ensure that your DNS registrar has the ability to create aliases or CNAME records at the apex (or root) of the domain. If your DNS provider does not support this, we can recommend several DNS providers based on your implementation. Reach out to our support team for more information.
Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.