Fastly WAF

  • Published on Nov 13, 2025
Prev Next

TL;DR

Supported data types

3rd party

detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Fastly WAF

✅

✅

✅

fastly_waf

TXT

S3

Overview

The Fastly Next‑Gen WAF is a modern web application and API firewall built on the edge-cloud platform of Fastly, Inc. to provide unified protection across web apps, APIs, and microservices, no matter where they’re hosted. It monitors traffic in real-time, uses behavioral and contextual analysis (rather than just regex rules) to detect threats, and offers customizable responses (e.g., block, rate-limit, tag, or deceive).


Key features:

  • Deployable at the edge, on-premises, or as a fully hosted cloud WAF, giving flexibility to fit almost any infrastructure.

  • Protection covers OWASP Top 10, API abuse, credential stuffing, malicious bots, and more advanced threats under one solution.

  • Integrates with Fastly’s global CDN edge network, enabling security enforcement closer to users and reducing origin exposure.

  • Offers shared threat intelligence via a Network Learning Exchange, where data from multiple customers helps identify bad actors faster.

It’s a high-performance, deployment-agnostic WAF designed for modern web and API environments with minimal rule-tuning and maximum scalability.

Supported data types

Fastly WAF logs

Table name: fastly_waf

Send data to Hunters

  1. Contact fastly_waf support to learn how to route your Security logs to S3.

  2. Once the export is completed and the logs are collected to S3, follow the steps in this section.

    Expected format

Logs are expected in JSON format with an header:

<134>2025-10-27T23:33:36Z cache-nyc-a1-fast001 example-app[24567]: {"timestamp":"2025-10-27T23:33:36+0000","client_ip":"X.0.X.X","geo_country":"US","geo_city":"New York","host":"customer-edge.example.net","url":"/v2/data/fetch?session_id=****&auth_token=****","request_method":"POST","request_protocol":"HTTP/2","request_referer":"https://portal.example.com/login","request_user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0 Safari/537.36","response_state":"PASS","response_status":200,"response_reason":"OK","response_body_size":8392,"fastly_server":"cache-nyc1234-ABC","fastly_is_edge":true}