DDoS Protection and Mitigation Service and SLA

Fastly offers DDoS Protection and Mitigation Service to customers with a sustained DDoS threat risk or with short term and seasonal events to protect. While the DDoS Protection and Mitigation Service cannot prevent or eliminate attacks or guarantee the uptime of your origin servers, it offers the following resources to assist you with mitigating the service and financial impacts of DDoS and related attacks.

For more details about this product, including how to purchase it, contact your account manager or email sales@fastly.com.

Fastly's DDoS Protection and Mitigation Service includes:

  • Immediate onboarding - We will work directly with you to immediately transition you to Fastly's CDN service if you're not already a customer.
  • Emergency configuration and deployment support - We will actively work with you to configure your service map and provide an initial filter policy to immediately block an attack.
  • Ongoing attack mitigation support - We will work directly with you to write custom VCL filters to deal with changing attacks or new attacks. We'll also isolate malicious traffic on your behalf.
  • Incident response plan - We will create a plan that identifies how communication and escalation will occur between you and your staff and Fastly if an attack occurs. The plan will also describe mitigation and defense details such as any DDoS filters that we can insert into VCL prior to or during an attack.

Using our knowledge of attacks against our network and our customers, we analyze all DDoS Attack vectors using VCL statements, network filters, bulk traffic filtering through regional sinks, or a combination of these techniques.

The following table summarizes what is provided under our DDoS Protection and Mitigation Service:

Support offeringDetails
Online self-service helpUnlimited access.
Availability for general inquiries24/7.
Availability for incident reports24/7.
Initial response timesAttack notification response within 15 minutes. Service onboarding beginning within 60 minutes of threat notification.
Overage InsuranceIncluded.
Access to Fastly IP SpaceIncluded.
Email supportAvailable.
Phone and chat supportToll-free telephone available 24/7/365. Dedicated chat channel available during Fastly Business Hours.
Emergency escalationAvailable via email and phone support.

Technical support

The following section applies to all Subscribers of the DDoS Protection and Mitigation Service.


  • "Business Hours" are 8AM-6PM during a Business Day in California, New York, London, or Tokyo.
  • "Business Days" are Monday through Friday, excluding any day that is simultaneously a US, UK, and Japanese national or banking holiday.
  • A "DDoS Attack" is a Denial of Service (DoS) event (including Distributed Denial of Service (DDoS) or Distributed Reflection Amplification Denial of Service (DRDoS) attacks) that includes both an increase of unwanted traffic beyond two (2) times the average traffic of any Fastly Service for the preceding two (2) month period and a simultaneous increase in error responses from origin sites configured for any Fastly service. Fastly captures and analyzes suspected or actual DDoS Attack traffic to improve and protect its services.
  • A "Fastly IP Space" is a published API endpoint that allows you to download an updated list of all Fastly IPs globally and can be used to filter traffic and control communication between Fastly's caches and your origin. Fastly provides the Fastly IP Space to you in order to ensure known communication between the Fastly cache nodes and your origin's data center.
  • "Fastly Control" means elements entirely under Fastly's control and not a consequence of (a) your hardware or software failures, (b) you or your end user's connectivity issues, (c) your operator errors, (d) traffic amounts that exceed your Permitted Utilization as defined in the Terms and Conditions, (e) your corrupted content, (f) acts of god (any) or war, or earthquakes, or terrorist actions.

Subscriber responsibilities

As a Subscriber, you:

  • must identify and maintain two points of contact to be used during an attack to communicate status, issues, and coordinate with Fastly to successfully protect services.
  • must use common best practices for DDoS Attack defense including:
    • using updated allow and block lists in the Fastly IP Space at the origin data center to protect against attack traffic bypassing Fastly's infrastructure.
    • limiting or eliminating your origin IP addresses from Domain Name System (DNS) records to avoid these addresses being used as attack targets.
  • are responsible for using and configuring services according to the documentation available at https://docs.fastly.com.

Support requests

Subscribers may make support requests by submitting a support ticket which will trigger a system-generated acknowledgement within minutes containing the ticket number and a direct link to the ticket.

DDoS Attack reports should include at least:

  • a determination of the severity of the attack.
  • the size of the attack threatened or previously observed.
  • the type and vector of attack traffic seen or threatened.
  • any duration of previous attacks and vector behavior including major source IP addresses.
  • attack history for the last 24 months.
  • threat specifics including all details of any attacks that the protected services or sites have experienced in the past.

Communications and channels of support

Support tickets

Create support tickets by visiting https://support.fastly.com/, sending email to support@fastly.com, or calling our dedicated phone line. Filed tickets trigger Fastly's promised response time.

Tickets for communication between Fastly support engineers and a Subscriber's personnel are tracked using a ticketing application, which maintains a time-stamped transcript of communications, and sends emails to Subscriber and Fastly staff as tickets are updated.

Phone support

Subscribers to the DDoS Protection and Mitigation Service receive a dedicated phone number to contact Fastly support engineers. Fastly personnel can also establish audio and video conferencing (free app or browser plug-in required) for real-time voice and video communications.


To facilitate real-time communication, Subscribers to the DDoS Protection and Mitigation Service receive a dedicated chat channel for real-time communications during Business Hours or as needed by Fastly personnel. Though subject to change, Fastly's current chat provider is Slack (www.slack.com).

Attack traffic

Response time

Fastly commits to responding to DDoS Attack notifications from Subscribers within 15 minutes of notice and, as applicable, will begin on-boarding Subscribers to the DDoS Protection and Mitigation Service within 60 minutes of a DDoS Attack notification.

Fastly will waive all bandwidth and request charges associated with DDoS Attack traffic and will provide Invoice Credits or adjustments for the same.

Attack traffic credit terms

Subscribers must submit claims for waiver of DDoS Attack-related charges to billing@fastly.com within 30 days of the DDoS Attack.

DDoS Mitigation response SLA

If, during a DDoS Attack on a Subscriber with the DDoS Protection and Mitigation Service, there is a material delay in response time and the cause of the delay is within Fastly's control, a one-time credit of $500 per incident will be credited to that Subscriber's account.

SLA credit terms

  • Requests for Invoice Credits must be made within 30 days of the DDoS Attack that triggered the service credit.
  • All requests for Invoice Credits must be made to billing@fastly.com.
  • In no event shall Invoice Credits exceed the fee for the DDoS Protection and Mitigation Service payable by a Subscriber for the month in which the Invoice Credits accrued.
  • A pending Invoice Credit does not release a Subscriber from the Subscriber's obligation to pay Fastly's submitted invoices in full when due.
  • Invoice Credits will be applied to the invoice within the month the credits were incurred.

Termination for SLA

For a Subscriber of the DDoS Protection and Mitigation Service with a Termed Contract, if in any three-month period where three (3) or more support response time objectives are not met and the failure to meet the objectives materially adversely impacted the Subscriber, the Subscriber will have 30 days to terminate the DDoS Protection and Mitigation Service subscription following the third response failure. Subscribers must notify Fastly of their intention to terminate the DDoS Protection and Mitigation Service subscription within 30 days of the triggering event.

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.