Next-Gen WAF
These articles explain how to use the Fastly Next-Gen WAF.
API docs
Have access to the Next-Gen WAF control panel? Check out our Next-Gen WAF API docs. Otherwise, check out our Fastly Security API docs.
What's new
Learn about recently released features and products.
Protection from CVE-2024-53677 (Apache Struts File Upload Logic Vulnerability) A directory traversal vulnerability within file uploads has…
Read moreGetting started
These articles provide basic information about the Next-Gen WAF product and architecture.
These articles describe key features of the Next-Gen WAF control panel.
- Viewing agent details
- About the Agents page
- About the Corp Manage menu
- About the Corp Overview page
- About the Corp Rules menu
- About the Manage menu
- About the Monitor menu
- About the My Profile menu
- About the Requests page
- About the Rules menu
- About the Signals page
- About the Site Overview page
- About the web interface controls
Welcome! This guide provides a high-level overview of the steps needed to set up and configure the Next-Gen WAF product. Guided by our Sales…
Read moreThe Next-Gen WAF is an application security monitoring system that proactively monitors and protects your web application from malicious…
Read moreInstall guides
These articles explain how to install and configure the Next-Gen WAF.
These articles describe the module-agent deployment options.
- Java module overview
- About module-agent deployment
- About the NGINX module
- Installing the Apache module
- Module configuration
- Upgrading the Apache module
- .Net module install
- .Net Core module install
- Golang module install
- HAProxy module install
- HAProxy SPOE module install
- IBM HTTP Server
- IIS module install
- Installing the NGINX dynamic module
- Installing the NGINX Lua module
- Installing the Java Module with Dropwizard
- Installing the Java Module as a Jetty Handler
- Installing the Java Module as a Netty Handler
- Installing the Java Module as a Servlet Filter
- Installing the Java Module on Weblogic
- Kong plugin install
- Node.js module install
- SELinux support
- Troubleshooting module-agent deployments
- Upgrading the NGINX module
These articles describe how to install the Next-Gen WAF on Kubernetes.
- Kubernetes installation overview
- Agent container image
- Kubernetes reverse proxy
- Kubernetes Agent + Module
- Kubernetes Agent + Ingress Controller + Module
- Kubernetes Envoy
- Kubernetes Istio
- Kubernetes Ambassador
- Agent scaling and running as a service
- Kubernetes startup probe
- Pivotal Container Services (PKS) setup
- AWS Elastic Container Service (ECS) setup
- Example helloworld test web application
- Using the Next-Gen WAF core command line utility
To deploy the Next-Gen WAF, you need to integrate the Next-Gen WAF product into your request flow by: Choosing a deployment method. A…
Read moreWhen deployed in a self-hosted deployment, the Next-Gen WAF agent requires egress to multiple external endpoints to facilitate actions (e.g…
Read moreNext-Gen WAF agent Per our agent end-of-support policy , we support agent versions that are under two years old. On a quarterly cadence, we…
Read moreAgent The Next-Gen WAF agent supports different combinations of operating systems and architecture types. Download the latest version of…
Read moreUsing the Next-Gen WAF
These articles provide information about working with the Next-Gen WAF web interface.
Often the server being protected is behind a load balancer or other proxy. In this case, the server will see this load balancer or proxy IP…
Read moreHeader links facilitate cross-referencing Next-Gen WAF data with your own internal systems via a hyperlink. We currently support linking…
Read moreDeveloper
These articles explain how to work with the Next-Gen WAF API.
Our entire control panel is built API-first — this means that anything we can do, you can do as well via our RESTful/JSON API . We’ve seen…
Read moreNext-Gen WAF stores requests that contain attacks and anomalies, with some qualifications. If you would like to extract this data in bulk…
Read moreThis document demonstrates various data flows between the Module and Agent. While MessagePack is the serialization protocol, the data is…
Read moreX-SigSci-* headers are added to incoming requests. The end user (your customers) can't see them. However, your internal application can use…
Read moreFAQ
These articles provide answers to frequently asked questions.
StatsD Metrics Metrics can be reported through StatsD to the service of your choice using the statsd-address agent configuration flag…
Read moreFastly Security Labs is a program that grants your corp (also known as an account) access to in-development beta features. In addition to…
Read moreFastly provides full support for IPv6 in the product, including: Detection and decisioning: Requests are appropriately tagged and IPv…
Read moreReference
These articles provide reference information for Next-Gen WAF.
You can use the web interface to view a list of individual requests that have been tagged with signals and that fit into the all or sampled…
Read more