- Assurance Services
- DDoS Protection and Mitigation Service and SLA
- Dedicated IP addresses
- Fastly product lifecycle
- Fastly’s Full-Site Delivery
- Fastly's Media Shield
- Fastly's On-the-Fly Packaging service
- Fastly’s Streaming Delivery
- HIPAA-Compliant Caching and Delivery
- Live Event Monitoring Service
- Logging Insights Package
- Origin Connect
- PCI-Compliant Caching and Delivery
- Performance Optimization Package
- Platform TLS Certificate Management Product
- Professional Services
- Related offerings
- Service availability SLA
- Subscriber Provided Prefix
- Summary product definitions
- Support description and SLA
- Technical Account Management
- TLS オプション
- TLS service options
- WAF Quick Start Package
- WAF Support and SLA
- WAF Tuning Package
- WAF Tuning Plus Package
Legacy offerings
- Fastly's Legacy Full-site Delivery services
- Fastly's Legacy Media Shield
- Legacy Platinum Support and SLA
- Legacy Premium Support and SLA
Third-party information
WAF Tuning Plus Package
Last updated May 23, 2019
Fastly’s WAF Tuning Plus Package provides your organization with enhanced professional maintenance of your WAF by Fastly. The WAF Tuning Plus Package also improves visibility into application layer threats and strengthens your overall security posture. The WAF Tuning Plus Package includes ongoing tuning and configuration services designed to help protect you against critical threats. To protect against WAF bypass attacks, it also includes authenticated TLS to origin.
For more information about the WAF Tuning Plus Package, contact support@fastly.com.
IMPORTANT: This information is part of a limited availability release. For more information, see our product and feature lifecycle descriptions.
WAF Tuning Plus Package features
Fastly’s WAF Tuning Plus Package is a service offering for the term of your contractual agreement. It includes the following features.
Ongoing tuning and configuration
At your request, Fastly will provide you with one report per service protected by the Fastly WAF. Fastly will schedule periodic calls with you to review the reports.
Up to once per quarter, at your request, Fastly will tune previously provisioned WAF services as follows:
- We’ll update your original profile, created during your initial WAF tuning, to record any new changes to your application stack or new perceived security risks based on actual or attempted attacks.
- We’ll update your WAF rule set to the latest available (if applicable).
- We’ll enable, disable, or change new or existing WAF rules based on new traffic patterns or security risks not present in the initial tuning cycle.
- We'll make a set of final recommendations on OWASP thresholds and switch your WAF into blocking mode.
Up to three times per quarter, at your request, Fastly will provide on-demand rule enablement (if available) for critical vulnerabilities.
Proactive notifications
We may notify you of available Fastly rules to help address critical vulnerabilities that we identify.
Authenticated TLS to origin
To mitigate WAF bypass attacks, Fastly will configure client-authenticated connections to your origin server for each service running WAF. This is an additional layer of security on top of network-level ACLs. This service requires a customer-provided TLS certificate, matching private key, and CA certificate or certificate chain.
Fastly will update the certificate on your behalf prior to expiration. Here’s how it works:
- Fastly must receive new certificates at least 15 business days prior to expiration.
- Fastly will update the private key on your behalf (with a 15 business day notice) should the key be revoked.
- If you don’t have your own key and certificate, Fastly can help you generate the certificates and keys at an additional cost. For more information, contact sales@fastly.com.