Our Next-Gen WAF customers are often looking for more functionality and visibility when it comes to inspecting their web application traffic. Fastly’s Edge Rate Limiting product has the ability to very quickly detect and mitigate volumetric and abusive traffic. We can extend the fastly Edge Rate Limiting functionality to the Next-Gen WAF by enriching request headers at the Fastly Edge that are then sent to the Next-Gen WAF origin.
Below is a fiddle example of how intelligence from Edge Rate Limiting may be sent to an origin such as Next-Gen WAF edge deployment for further analysis.
With the Next-Gen WAF “greater or equal to” operator currently available in Fastly Security Labs, you may take an action on requests that exceed the value defined in the Request rule. Below is a screenshot of this type of Next-Gen WAF Request rule that uses the intelligence from the Edge Rate Limiting rule.
How are you using the Fastly Edge to send additional intelligence to your origin? Have you looked to gain more visibility into Edge Rate Limiting? Let us know!