WAF Configuration Fundamentals#
Rule Set Implementation#
# Custom VCL for WAF integration
sub vcl_recv {
# Enable WAF for specific paths
if (req.url.path ~ "^/api/") {
set req.http.X-Fastly-WAF-Enabled = "true";
}
# Custom headers for WAF logging
set req.http.X-Environment = "production";
set req.http.X-Application = "api-gateway";
}
Advanced Security Rules#
Custom Rule Configuration#
{
"rule_id": "custom-sqli-protection",
"severity": "critical",
"conditions": {
"operator": "and",
"conditions": [
{
"parameter": "REQUEST_URI",
"operator": "contains",
"value": "sql"
},
{
"parameter": "REQUEST_METHOD",
"operator": "equals",
"value": "POST"
}
]
},
"action": "block"
}
Logging and Monitoring#
Real-time Alert Configuration#
{
"name": "waf-alerts",
"endpoint_type": "https",
"url": "https://alerts.example.com/webhook",
"content_type": "application/json",
"format": {
"timestamp": "%{strftime({"%Y-%m-%d %H:%M:%S"}, time.start)}V",
"client_ip": "%{req.http.Fastly-Client-IP}V",
"request_id": "%{req.http.Fastly-Request-ID}V",
"rule_id": "%{waf.rule_id}V",
"severity": "%{waf.severity}V",
"action": "%{waf.action}V",
"message": "%{waf.message}V"
}
}
Production Implementation#
# Terraform configuration for Fastly WAF
resource "fastly_service_waf_configuration" "production" {
name = "production-waf"
rule_set {
type = "owasp"
version = "latest"
}
rule {
rule_id = "1010020"
status = "log"
threshold = 10
}
rule {
rule_id = "1010030"
status = "block"
threshold = 5
}
logging {
name = "waf-logs"
format = "${jsonencode({
timestamp = "%{strftime({"%Y-%m-%d %H:%M:%S"}, time.start)}V",
client_ip = "%{req.http.Fastly-Client-IP}V",
request_id = "%{req.http.Fastly-Request-ID}V",
rule_id = "%{waf.rule_id}V",
severity = "%{waf.severity}V",
action = "%{waf.action}V",
message = "%{waf.message}V"
})}"
}
}