Start here

Getting started

Basics

About the web interface controls
Always-on DDoS mitigation
Browser recommendations when using the Fastly web interface
Content and its delivery
Fastly POP locations
Getting started with Fastly
How caching and CDNs work
How Fastly's CDN Service works
HTTP status codes cached by default
Self-provisioned Fastly services
Shielding
Sign up and create your first service
Working with services

Domains & Origins

Adding CNAME records
Testing setup before changing domains
Working with domains
Working with health checks

Configuration

Caching

Cache control tutorial
Caching configuration best practices
Controlling caching
Enabling API caching
Implementing API cache control
Overriding caching defaults based on a backend response
Segmented Caching

Conditions

About conditions
Troubleshooting conditions
Using conditions

Custom VCL

Accept-Language header VCL features
Authenticating before returning a request
Basic authentication
Creating location-based tagging
Custom responses that don't hit origin servers
Delivering different content to different devices
Enabling URL token validation
Guide to VCL
Isolating header values without regular expressions
Manipulating the cache key
IP geolocation variables: Migrating to the new dataset
Overriding which IP address the geolocation features use
Response Cookie handling
Support for the Edge-Control header
Understanding the different PASS action behaviors
Using edge side includes (ESI)
VCL regular expression cheat sheet

Dictionaries

About Edge Dictionaries
Private Edge Dictionaries
Working with Edge Dictionaries using the API
Working with Edge Dictionaries using the web interface
Working with Edge Dictionary items using the API

Domains & Origins

Changing origins based on user location
Connecting to origins
Enabling global POPs
Failover configuration
IPv6 support
Maintaining separate HTTP and HTTPS requests to origin servers
Routing assets to different origins
Setting up redundant origin servers
Specifying an override host
Using Fastly with apex domains

Headers

Adding or modifying headers on HTTP requests and responses
Enabling cross-origin resource sharing (CORS)
Removing headers from backend response
Setting Content Type based on file extension
Understanding cache HIT and MISS headers with shielded services
Understanding the X-Timer header

Image optimization

About Fastly Image Optimizer
Automating optimization
Controlling image quality
Cropping images
Image optimization VCL boilerplate
Purging optimized images
Reorienting images
Resizing images
Serving images
Serving responsive images
Setting up image optimization
Trimming images

Load balancing

About Dynamic Servers
Creating and using pools with Dynamic Servers
Creating and using server entries with Dynamic Servers
Load-balancing configuration

Performance

Enabling automatic gzipping
Failure modes with large files
HTTP/2 server push
Making query strings agnostic
Request collapsing
Serving stale content
Streaming Miss

Purging

Authenticating URL purge requests via API
Getting started with surrogate keys
Logging purge requests
Purging API cache with surrogate keys
Setting Surrogate-Key headers based on a URL
Setting Surrogate-Key headers for Amazon S3 origins
Single purges
Soft purges
Wildcard purges

Requests

Checking multiple backends for a single request
Conditionally changing a URL
How request settings are applied
Manipulating the X-Forwarded-For header

Responses

Creating and customizing a robots.txt file
Creating error pages with custom responses
Generating HTTP redirects at the edge
Responses tutorial

Video

Adaptive bitrate playback URL guidelines
Collecting OTFP metrics
Configuration guidelines for live streaming

Security

Access Control Lists

About ACLs
Manually creating access control lists
Using the IP block list
Working with ACLs using the API
Working with ACLs using the web interface

Securing communications

Accessing Fastly's IP ranges
Support for App Transport Security

Security measures

Penetration testing your service behind Fastly
Security measures
Security program
Technology compliance

TLS

Domain validation for TLS certificates
Enabling HSTS through Fastly
Forcing a TLS redirect
Managing domains on TLS certificates
Serving HTTPS traffic using certificates you manage
Serving HTTPS traffic using Fastly-managed certificates
Setting up free TLS
TLS key and certificate replacement
TLS termination

Web Application Firewall

About the Fastly WAF dashboard
Creating a custom WAF error page
Fastly WAF logging
Fastly WAF rule set updates and maintenance
Managing the Fastly WAF
Web Application Firewall (WAF)

Integrations

Logging endpoints

Non-Fastly services

Amazon S3
DigitalOcean Spaces
Discounted egress from Google
Google Cloud Storage
Google Compute Engine
Microsoft Azure Blob Storage
Outbound data transfer from Azure
PerimeterX Bot Defender
Wasabi

Account info

Account management

Account lockouts
Changing your account's company name
Enabling an IP allowlist for account logins through the web interface
Enabling and disabling two-factor authentication
Finding and managing your account info
Monitoring account activity with event logs
Using API tokens

Billing

Accounts and pricing plans
How we calculate your bill
Paying your bill
Who receives your bill

User access and control

Adding and deleting user accounts
Configuring user roles and permissions
Email and password changes
Setting up single sign-on (SSO)
Transferring services to other accounts

Reference

Glossary of terms
Resource limits

WAF rule set update for 2017-10-06

The following information describes the updates and changes to the rule set.

ID

2vyJNHO7fngQYJXU8UGUY6

Version

Date

2017-10-06

Type of Change

Updates to rule 932140 to account for SAML false positives in Windows
Reintroduction of missing transforms on some OWASP rules
Introduction of Fastly internal rule to protect against CVE-2017-9805

Affected Rule Sets

OWASP
Fastly Rules

For more information, see our guide on Fastly WAF rule set updates and maintenance. Back to Top