Basics
- About the web interface controls
- Always-on DDoS mitigation
- Browser recommendations when using the Fastly web interface
- Content and its delivery
- Fastly POP locations
- Getting started with Fastly
- How caching and CDNs work
- How Fastly's CDN Service works
- HTTP status codes cached by default
- Self-provisioned Fastly services
- Shielding
- Sign up and create your first service
- Working with services
Domains & Origins
Caching
Conditions
Custom VCL
- About VCL Snippets
- Accept-Language header VCL features
- Authenticating before returning a request
- Basic authentication
- Custom responses that don't hit origin servers
- Enabling URL token validation
- Guide to VCL
- Isolating header values without regular expressions
- Manipulating the cache key
- IP geolocation variables: Migrating to the new dataset
- Response Cookie handling
- Support for the Edge-Control header
- Understanding the different PASS action behaviors
- Uploading custom VCL
- Using dynamic VCL Snippets
- Using edge side includes (ESI)
- Using regular VCL Snippets
- VCL regular expression cheat sheet
Dictionaries
Domains & Origins
- Changing origins based on user location
- Connecting to origins
- Failover configuration
- IPv6 support
- Maintaining separate HTTP and HTTPS requests to origin servers
- Routing assets to different origins
- Setting up redundant origin servers
- Specifying an override host
- Using Fastly with apex domains
- Using Fastly's global POP network
Headers
Image optimization
Load balancing
Performance
Purging
Requests
Responses
Video
Access Control Lists
Securing communications
Security measures
TLS
- Domain validation for TLS certificates
- Enabling HSTS through Fastly
- Enabling TLS 1.3 through Fastly
- Forcing a TLS redirect
- Managing domains on TLS certificates
- Serving HTTPS traffic using certificates you manage
- Serving HTTPS traffic using Fastly-managed certificates
- Setting up free TLS
- TLS termination
Web Application Firewall
Legacy Web Application Firewall
Logging endpoints
- Log streaming: Amazon Kinesis Data Streams
- Log streaming: Amazon S3
- Log streaming: Microsoft Azure Blob Storage
- Log streaming: Cloud Files
- Log streaming: Coralogix
- Log streaming: Datadog via syslog
- Log streaming: Datadog
- Log streaming: DigitalOcean Spaces
- Log streaming: Elasticsearch
- Log streaming: FTP
- Log streaming: Google BigQuery
- Log streaming: Google Cloud Pub/Sub
- Log streaming: Google Cloud Storage
- Log streaming: Honeycomb
- Log streaming: HTTPS
- Log streaming: Hydrolix
- Log streaming: Kafka
- Log streaming: Log Shuttle
- Log streaming: LogDNA
- Log streaming: Logentries
- Log streaming: Loggly
- Log streaming: Heroku's Logplex
- Log streaming: New Relic Logs
- Log streaming: OpenStack
- Log streaming: Oracle Cloud Storage
- Log streaming: Papertrail
- Log streaming: Scalyr
- Log streaming: SFTP
- Log streaming: Shape Log Analysis
- Log streaming: Splunk
- Log streaming: Storj DCS
- Log streaming: Sumo Logic
- Log streaming: Syslog
- Log streaming: Wasabi Hot Cloud Storage
Non-Fastly services
- Alibaba Object Storage Service
- Amazon S3
- Backblaze B2 Cloud Storage
- Data transfer with Backblaze B2
- DigitalOcean Spaces
- Discounted egress from Google
- Google Cloud Storage
- Google Compute Engine
- Microsoft Azure Blob Storage
- Oracle Cloud Storage
- Outbound data transfer from Azure
- PerimeterX Bot Defender
- Storj DCS Object Storage
- Wasabi Hot Cloud Storage
Common errors
Debugging techniques
Streaming logs
- About Fastly's real-time log streaming features
- Changing log compression formats
- Changing log line formats
- Changing where log files are written
- Creating an AWS IAM role for Fastly logging
- Custom log formats
- Encrypting logs
- Setting up remote log streaming
- Useful conditions for logging
- Useful log formats
- Useful variables to log
Account management
- Account lockouts
- Changing an account's company name
- Enabling an IP allowlist for account logins through the web interface
- Enabling and disabling two-factor authentication
- Finding and managing your account info
- Monitoring account activity with the audit log
- Reviewing service activity with the event log
- Using API tokens
Billing
User access and control
Recently viewed Clear
WAF rule set update for 2017-04-26 (legacy)
IMPORTANT: Our original WAF offering is now a legacy product. It was superseded by a new version, including a new interface and API, on July 13, 2020. The legacy version will continue to be supported for all existing users. The new version is available to all customers and is the default version for new customers as of July 13, 2020. Customers of the legacy WAF can contact support@fastly.com or their Fastly account team to upgrade.
ID
39EE4tZnEM9Q8hxFJMHYU5
Version
v2Date
2017-04-26Type of Change
- Global update to the OWASP CRS 3.0 rule set
- New Fastly rule for the February 2017 Wordpress Code Injection
- New Fastly rule for the March 2017 Apache Struts RCE exploit
- Updated Trustwave content inspection rules
Affected Rule Sets
- OWASP
- Trustwave
- Fastly Rules