- Fastly's Legacy Full-site Delivery services
- Fastly's Legacy Media Shield
- Legacy Certificate Procurement, Management, and Hosting Service
- Legacy Customer-Provided TLS Certificate Hosting Service
- Legacy Platinum Support and SLA
- Legacy Premium Support and SLA
- Legacy Shared TLS and Shared TLS Wildcard Certificate Services
Signal Sciences Next-Gen WAF
Last updated March 08, 2021
The Signal Sciences Next-Gen WAF (Next-Gen WAF) is an application security monitoring system that monitors for suspicious and anomalous web traffic and protects against attacks directed at the applications and origin servers that you specify. The system is comprised of three components:
- a monitoring agent
- a web server integration module
- our cloud-hosted collection and analysis system (cloud analysis system)
The module and agent run on your web servers within your infrastructure, analyzing and acting on suspicious traffic in real-time. Anomalous request data is collected locally and uploaded to our cloud analysis system, allowing us to perform out-of-band analysis of inbound traffic.
The Next-Gen WAF requires modifications to your applications and origin servers. You must install the Signal Sciences Agent. We also recommend that you install the optional Signal Sciences Module, an architecture component that passes request data to the agent.
When the module and agent determine that an incoming request is anomalous, a snippet of that request is sent to the cloud analysis system. This system aggregates data from across all of your agents. When enough attacks are seen from an IP address, the cloud analysis system determines whether to allow the request, block the request, tag the request with signals, flag the IP address, or rate limit the IP address. You can choose to enable or disable the blocking feature.
As part of Next-Gen WAF, we aggregate the attack data collected from your agents and combine it with data collected from security and other services offered as part of the Fastly platform, including for other subscribers. We use these data insights (Threat Intelligence) to analyze and detect potential future anomalies or attacks and to improve, secure, provide, and market Fastly services in a manner that does not associate the Threat Intelligence with or identify any subscriber. For example, you receive the benefits of this Threat Intelligence via the Network Learning Exchange (NLX) feature that adds a unique signal to information in the Hosted Dashboard and NLX alerts you to potential bad actors that have been identified elsewhere in the subscriber network.
Signal Sciences Agent
The Signal Sciences Agent is a required small daemon process that provides an interface between your web server and our cloud analysis system. The agent decides whether inbound requests should be permitted to continue or whether action should be taken. You are responsible for installing and maintaining the Signal Sciences Agent.
Signal Sciences Module
The Signal Sciences Module is an optional architecture component that passes request data to the agent. The module can exist as a plugin to your web server or a language or framework specific implementation. You can remove the module if you run the agent in reverse proxy mode. You are responsible for installing and maintaining the Signal Sciences Module.
Signal Sciences Hosted Dashboard
The Signal Sciences Hosted Dashboard (Hosted Dashboard) is a web interface that you can use to investigate anomalous web traffic and see what actions, if any, Next-Gen WAF performed in response to certain requests. You can also use the Hosted Dashboard to create Workspaces. A Workspace is a user-defined set of rules and settings for applications and origin servers. The Hosted Dashboard allows you to create multiple Workspaces to differentiate between one or more APIs, microservices, or web applications. For each Workspace, you can use the Hosted Dashboard to add rules for requests, configure site alert thresholds, and add integrations to other systems.
The Signal Sciences Application Programming Interface (API) allows you to integrate your applications and services with the Next-Gen WAF. It uses standard HTTP response codes and verbs to allow you to programmatically control all the same features that are available through the Hosted Dashboard. The Signal Sciences API provides a variety of endpoints that we document in our API reference documentation.
Control over data sharing
Next-Gen WAF gives you control over data shared with Fastly. Next-Gen WAF does not require transmission or collection of any sensitive or personally identifiable information to function other than IP addresses that are identified as the initiator of anomalous or suspicious requests and related metadata. The agents and modules are designed to automatically redact other sensitive or personally identifiable information in fields that are known to commonly contain sensitive or personally identifiable information before transmission to Fastly. Also, the agents and modules allow you to manually configure them via the Hosted Dashboard to redact any sensitive information or other information not needed to be transmitted to Fastly, other than the limited data required for the functionality of the Next-Gen WAF. If properly configured, none of your sensitive information other than the IP addresses identified as the initiator of anomalous or suspicious requests will be shared with Fastly.
We provide documentation for the Next-Gen WAF in the Signal Sciences Help Center. Release notes for the agents and modules are also provided in the Signal Sciences Help Center.
We bill you as specified in your applicable ordering document, according to the number of Workspaces and the average requests per second (RPS) processed by Next-Gen WAF. We measure months according to Coordinated Universal Time (UTC).
From time to time, we may provide error corrections, bug fixes, software updates, and software upgrades to the Signal Sciences Agent and/or the Signal Sciences Module (Updates). Notices about Updates are included in the Documentation and they are also described in the Release notes. You can also subscribe to receive emails from us when Updates are released, or subscribe to our integrations with third-party tools (e.g., Slack or Microsoft Teams). It is your responsibility to ensure that you are using the most recent version of the Next-Gen WAF components.
As a Subscriber, you can identify and maintain up to five points of contact for support communications. All support requests must be initiated from and communicated through the designated points of contact.
Subject to the terms of any open source license applicable to any Fastly software installed in your environment (namely the agents and modules), your subscription for Next-Gen WAF does not include permission to modify the software or create derivative works based upon the software other than as set forth in the Documentation.
Support channels and response times
Fastly provides customer support via the support channels listed below.
Next-Gen WAF includes access to a support portal that allows you to submit requests for support online, update existing support tickets, and track the status of support tickets. As part of submitting a request via the support portal, you may designate a proposed severity level for the issue being reported, but the ultimate classification of a request will be determined by Fastly based on various factors including input you provide.
Fastly's technical support staff can be contacted via firstname.lastname@example.org during standard business hours. All support tickets generated by email will be designated with a P2 severity level.
The following table summarizes the response times based on the severity of the reported issue.
|Severity Level||Description||Response Time||Updates|
|P0||Urgent - Critical Impact: A Confirmed Error in a production environment makes the solution, its features, or its functionality completely unavailable to users.||60 minutes or less (24/7/365)||Every 2 hours (24/7/365)|
|P1||High - Serious Impact: A Confirmed Error in a production environment causes significant loss functionality for a primary feature of the solution that has notable impacts to customer business.||4 business hours||Every 12 business hours|
|P2||Normal - Minor Impact: A Confirmed Error in a production environment causes partial loss of functionality of a non-significant feature or a significant cosmetic issue with the web interface. Any errors in a non-production environment are identified.||1 business day||Every 4 business days|
|P3||Low - Minor Impact: Minor cosmetic issues with the web interface are identified. Also applicable to feature requests and general questions about functionality.||2 business days||Not applicable|
- Business Hours are 4 AM-7 PM Monday through Friday, Pacific Time.
- Business Days are Monday through Friday, except standard Fastly holidays.
- Confirmed Error is any failure of the Next-Gen WAF to meet Fastly's specifications outlined in the relevant documentation, found in production uses of Next-Gen WAF, and that can reasonably be reproduced by Fastly.
Fastly endeavors to maintain 99.9% availability of the Hosted Dashboard. Subscribers experiencing unavailability of the Hosted Dashboard will be entitled to service credits according to the following table.
|Monthly Availability of Hosted Dashboard||Service Credit % of Pro-rated Monthly Next-Gen WAF Subscription Fees|
"Availability" of the Hosted Dashboard is calculated as follows: ([# of minutes in month]-[# of minutes per month the Hosted Dashboard is Unavailable]) / [# of minutes in month].
"Unavailable" with respect to the Hosted Dashboard means the Hosted Dashboard is not available for your access and use through your internet connection, excluding (a) unavailability of the Hosted Dashboard caused by issues not under Fastly Control or (b) unavailability that does not last for a consecutive ten-minute period.
"Fastly Control" means elements entirely under Fastly’s control and not a consequence of (a) Subscriber or third party hardware or software failures, (b) Subscriber or end user connectivity issues, (c) Subscriber operator errors, (d) alteration, modification, unauthorized or misuse of Fastly products, or use not in accordance with the documentation, (e) corrupted Subscriber content, or (f) acts of god (any) or war, or earthquakes, or terrorist actions.
- You must contact us within 15 days of experiencing unavailability to receive a service credit.
- For any given month, the maximum amount of any credit is 20%, regardless of the reason it is owed.
- A pending credit does not release Subscriber from its obligation to pay Fastly's submitted invoices in full when due.
- Credits will be applied to the invoice two months following the month an invoice credit was incurred.
All WAF products that exist today, including the Next-Gen WAF, have several limitations:
- False positives. Any WAF can mistake good traffic for bad. We strongly recommend you monitor your traffic via the Hosted Dashboard for a minimum of two weeks before blocking traffic. You don't want to start blocking traffic with configurations that are generating false positives.
- Custom application vulnerabilities. If attackers discover a vulnerability unique to your application or the technologies you use, and if your WAF configuration does not have a rule to protect against exploits for that particular vulnerability, it will not be able to protect your application in that instance.
- Inspection of HTTP and HTTPS traffic only. A WAF only inspects HTTP or HTTPS requests (layer 7). It will not process any TCP, UDP, or ICMP requests.
- Security products note. No security product, such as a WAF or DDoS mitigation product, including those security services offered by Fastly, will detect or prevent all possible attacks or threats. Subscribers should maintain appropriate security controls on all web applications and origins, and the use of Fastly's security products do not relieve subscribers of this obligation. Subscribers should test and validate the effectiveness of Fastly's security services to the extent possible prior to deploying these services in production, and continuously monitor their performance and adjust these services as appropriate to address changes in the Subscriber's web applications, origin services, and configurations of the other aspects of the Subscriber's Fastly services.