Getting started
Configuration
Security
Integrations
Diagnostics
Account info
Reference
Basics
- About the web interface controls
- Always-on DDoS mitigation
- Browser recommendations when using the Fastly web interface
- Content and its delivery
- Fastly POP locations
- Getting started with Fastly
- How caching and CDNs work
- How Fastly's CDN Service works
- HTTP status codes cached by default
- Self-provisioned Fastly services
- Sign up and create your first service
- Working with services
Domains & Origins
Performance
Configuration
Basics
Dictionaries
Domains & Origins
- Changing origins based on user location
- Connecting to origins
- Enabling global POPs
- Failover configuration
- IPv6 support
- Maintaining separate HTTP and HTTPS requests to origin servers
- Routing assets to different origins
- Setting up redundant origin servers
- Specifying an override host
- Using Fastly with apex domains
Request settings
Cache settings
Headers
Responses
Performance
- About Dynamic Servers
- Authenticating URL purge requests via API
- Cache control tutorial
- Caching configuration best practices
- Controlling caching
- Creating and using pools with Dynamic Servers
- Creating and using server entries with Dynamic Servers
- Enabling API caching
- Enabling automatic gzipping
- Failure modes with large files
- Getting started with surrogate keys
- HTTP/2 server push
- Implementing API cache control
- Logging purge requests
- Making query strings agnostic
- Purging API cache with surrogate keys
- Request collapsing
- Segmented Caching
- Serving stale content
- Setting Surrogate-Key headers based on a URL
- Setting Surrogate-Key headers for Amazon S3 origins
- Single purges
- Soft purges
- Streaming Miss
- Wildcard purges
Custom VCL
- Accept-Language header VCL features
- Authenticating before returning a request
- Basic authentication
- Creating location-based tagging
- Custom responses that don't hit origin servers
- Delivering different content to different devices
- Enabling URL token validation
- Guide to VCL
- Isolating header values without regular expressions
- Manipulating the cache key
- IP geolocation variables: Migrating to the new dataset
- Overriding which IP address the geolocation features use
- Response Cookie handling
- Support for the Edge-Control header
- Understanding the different PASS action behaviors
- Using edge side includes (ESI)
- VCL regular expression cheat sheet
Image optimization
Video
Security
Access Control Lists
Monitoring and testing
Securing communications
Security measures
TLS
- Domain validation for TLS certificates
- Enabling HSTS through Fastly
- Forcing a TLS redirect
- Managing domains on TLS certificates
- Serving HTTPS traffic using certificates you manage
- Serving HTTPS traffic using Fastly-managed certificates
- Setting up free TLS
- TLS key and certificate replacement
- TLS termination
Web Application Firewall
Integrations
Logging endpoints
- Log streaming: Amazon S3
- Log streaming: Microsoft Azure Blob Storage
- Log streaming: Cloud Files
- Log streaming: Datadog
- Log streaming: DigitalOcean Spaces
- Log streaming: Elasticsearch
- Log streaming: FTP
- Log streaming: Google BigQuery
- Log streaming: Google Cloud Storage
- Log streaming: Honeycomb
- Log streaming: Kafka
- Log streaming: Log Shuttle
- Log streaming: LogDNA
- Log streaming: Logentries
- Log streaming: Loggly
- Log streaming: Heroku's Logplex
- Log streaming: OpenStack
- Log streaming: Papertrail
- Log streaming: Scalyr
- Log streaming: SFTP
- Log streaming: Splunk
- Log streaming: Sumo Logic
- Log streaming: Syslog
Non-Fastly services
Diagnostics
Streaming logs
Debugging techniques
Common errors
Account info
Account management
Billing
User access and control
Reference
Recently viewed Clear
WAF rule set update for 2018-09-05
ID
3vnl3cwPda9Q3WYCDRuGW
Version
v10Date
2018-09-05Type of Change
- Introduced new OWASP rule 932190, which mitigates RCE (OS File Access Attempt) on low paranoia level WAF
- Introduced new OWASP rule 941110, which mitigates XSS using script tag vector
- Introduced new OWASP rule 944100, which mitigates RCE via Java deserialization vulnerabilities (CVE-2017-9805, CVE-2017-10271)
- Introduced new OWASP rule 944110, which mitigates RCE via Java process spawn vulnerability (CVE-2017-9805)
- Introduced new OWASP rule 944120, which mitigates RCE via Java serialization (CVE-2015-5842)
- Introduced new OWASP rule 944240, which mitigates RCE via Java serialization (CVE-2015-5842)
- Introduced new OWASP rule 944130, which detects suspicious Java classes
- Introduced new OWASP rule 944250, which detects RCE via Java method
- Introduced new OWASP rule 944200, which detects magic bytes being used that signal Java serialization
- Introduced new OWASP rule 944210, which detects magic bytes being Base64 encoded that signal Java serialization
- Introduced new OWASP rule 944220, which detects vulnerable Java class in use
- Introduced new OWASP rule 944300, which detects Base64 encoded string that matched suspicious keyword
- Introduced new Fastly internal rule 4134010, which mitigates CVE-2018-11776 Apache Struts v2 vulnerability
- Introduced new Fastly internal rule 4113010, which detects suspicious X-Rewrite-URL header
- Introduced new Fastly internal rule 4113020, which detects suspicious X-Original-URL header
- Introduced new Fastly internal rule 4113030, which detects ESI directives in request
- Introduced new Fastly internal rule 4113050, which detects ESI directives in body
- Removed Trustwave rule 2200000, IP blocklist
- Removed Trustwave rule 2200002, TOR Exit Nodes blocklist
Affected Rule Sets
- OWASP
- Fastly Rules
- Trustwave