Getting started with the Edge WAF
Last updated 2025-04-10
If your web application uses a Fastly CDN or Compute service, you can integrate the Next-Gen WAF into your request flow by enabling an Edge WAF deployment. Like your CDN or Compute service, Fastly delivers the Edge WAF through our global network of POPs. This means that you don’t have to make any changes to your hosting environment (e.g., installing clients or applications locally). The Edge WAF is able to process a request within a few milliseconds.
Prerequisites
Before enabling the Edge WAF, be sure you have the following prerequisites in place:
- You must purchase the Next-Gen WAF for your Fastly account by contacting sales@fastly.com. Once purchased, our staff will give you access to the Next-Gen WAF product in either the Next-Gen WAF control panel or the Fastly control panel. Our staff will also create a Next-Gen WAF corp (also known as account) and at least one site (also known as workspace) for your use.
- If you have access to the product in the Next-Gen WAF control panel, you must be assigned the owner role in order to enable Edge WAF. If you have access to the product in the Fastly control panel, you must be assigned the superuser role in order to enable the Edge WAF.
- You must have an existing CDN or Compute service that you want to map to an existing Next-Gen WAF site (workspace).
- If you want to map Compute services to Next-Gen WAF sites (workspaces), ask our support team to enable Compute for your corp (account).
Quick start
Once all prerequisites have been met, enable the Edge WAF for your CDN service by following the instructions for the control panel that you use to access the Next-Gen WAF.
TIP
Have a Compute service? Check out our tutorial.
- Next-Gen WAF control panel
- Fastly control panel
Using the curl command line tool, call the PUT /edgeDeployment API endpoint. Be sure to replace
${SIGSCI_EMAIL}and${SIGSCI_TOKEN}with your email and Next-Gen WAF API token and${corpName}and${siteName}with those of your corp (account) and site (workspace). You can find these values in the address of the Next-Gen WAF control panel, such ashttps://dashboard.signalsciences.net/corps/${corpName}/sites/${siteName}.$ curl -X PUT "https://dashboard.signalsciences.net/api/v0/corps/${corpName}/sites/${siteName}/edgeDeployment" \-H "x-api-user:${SIGSCI_EMAIL}" \-H "x-api-token:${SIGSCI_TOKEN}" \-H "Content-Type: application/json"Using the curl command line tool, call the PUT /deliveryIntegration/${fastlySID} API endpoint. Be sure to replace
${FASTLY_KEY}with your Fastly authentication token,${fastlySID}with the ID of your CDN service, and${SIGSCI_EMAIL},${SIGSCI_TOKEN},${corpName}, and${siteName}with the same values used in the previous step.$ curl -H "x-api-user:${SIGSCI_EMAIL}" -H "x-api-token:${SIGSCI_TOKEN}" \-H "Fastly-Key: ${FASTLY_KEY}" -H "Content-Type: application/json" -X PUT \-d '{"activateVersion": true, "percentEnabled": 100}' \"https://dashboard.signalsciences.net/api/v0/corps/${corpName}/sites/${siteName}/deliveryIntegration/${fastlySID}"The Edge WAF starts inspecting all traffic that passes through your CDN service.
(Optional) Use attack tooling to verify that the Next-Gen WAF is monitoring your web application and identifying malicious and anomalous requests.
For detailed set up instructions, check out Setting up Edge WAF deployments using the Next-Gen WAF control panel.
What’s next
Learn more about how the Edge WAF works and adjust the protection of your web application as needed.
Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
