search close

Edge Deployment

access_time Updated Jan 11, 2022

Note: This information is part of a beta release and subject to change. For more information, see our product and feature lifecycle descriptions.

The Edge deployment method currently only supports the features of the Essential platform. Features included with the Professional or Premier platforms are not supported.

About Edge deployment

The Edge deployment method allows you to add the Signal Sciences as an edge security service onto Fastly’s Edge Cloud Platform without needing to make any modifications to your own hosting environment.


Deploying at the edge

To deploy at the edge, you will need a Signal Sciences corp and at least one site to protect. Setup involves making calls to the Signal Sciences API and modifying VCL on the Fastly service.

Creating the edge security service

Create a new edge security service by calling the edgeDeployment API endpoint. This API call creates a new edge security service associated with your corp and site. You will need to replace {corpName} and {siteName} with those of the corp and site you are adding the edge security service to. Your {corpname} and {siteName} are both present in the address of your Signal Sciences console, such as{corpName}/sites/{siteName}.

curl -H "x-api-user:$SIGSCI_EMAIL" -H "x-api-token:$ACCESS_TOKEN" \
-H "Content-Type: application/json" -X PUT \{corpName}/sites/{siteName}/edgeDeployment

Run this API call again for each site you want to deploy on.

Mapping to the Fastly service

Map your corp and site to an existing Fastly service and synchronize the origins by calling the edgeDeployment/{fastlySID} API endpoint. You will need to replace {fastlySID} with the ID of the Fastly service.

Note: This API call requires Fastly-Key for authentication. The Fastly API key must have write access to the Fastly Service ID.

curl -H "x-api-user:$SIGSCI_EMAIL" -H "x-api-token:$ACCESS_TOKEN" \
-H "Fastly-Key: $FASTLY_KEY" -H 'Content-Type: application/json' -X PUT \{corpName}/sites/{siteName}/edgeDeployment/{fastlySID}

Run this API call again for each Fastly service you want to deploy on. If your origins change, you will need to run this API call again to resynchronize the backends.

This API call makes changes and adds a new sigsci_config custom VCL file to your Fastly service. After making the API call, these changes will be left in an unactivated draft version. Activate the draft service version for the changes to take effect.

Calling the edge security service

You will need to call the new sigsci_config VCL file for your Fastly service to load it. Add the following line to your main VCL file:

include "sigsci_config";

Then add the following line to both the vcl_miss and vcl_pass subroutines of your service to call the edge security service.

call edge_security;

After adding the lines, activate the draft service version for the changes to take effect.