> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pwnbook.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Fastly

> View WAF rule violations and traffic security data from Fastly in Pwnbook's Security Workbench.

<img src="https://mintlify.s3.us-west-1.amazonaws.com/pwnbook/logos/fastly.svg" alt="Fastly" style={{ height: "32px", marginBottom: "16px" }} />

## Overview

Fastly is a CDN and edge cloud platform with an integrated Web Application Firewall (WAF). The Pwnbook integration pulls WAF event data and traffic security metrics from Fastly so teams can monitor edge-layer threats alongside other security signals.

## Prerequisites

* A Fastly account with WAF enabled
* Admin or Owner access in Pwnbook

## Credentials required

| Field         | Description                                                          |
| ------------- | -------------------------------------------------------------------- |
| **API Token** | A Fastly personal API token with read access to WAF and service data |

## Setup

<Steps>
  <Step title="Create a Fastly API token">
    1. In Fastly, go to **Account → Personal API Tokens**.
    2. Click **Create Token**.
    3. Give it a name like "Pwnbook".
    4. Set the scope to **Read-only access** for the services you want Pwnbook to monitor.
    5. Set an expiration or leave as non-expiring.
    6. Copy the generated token.

    <Tip>Use a dedicated token for Pwnbook rather than your personal account token, so you can rotate it independently.</Tip>
  </Step>

  <Step title="Configure in Pwnbook">
    1. Go to **Organization Settings → Marketplace → Fastly**.
    2. Paste your **API Token**.
    3. Click **Save & Test** — Pwnbook verifies access by listing your Fastly services.
    4. Select the services to monitor (or select all).
  </Step>
</Steps>

## What gets synced

| Data                  | Description                                                         |
| --------------------- | ------------------------------------------------------------------- |
| **WAF events**        | Rule violations flagged or blocked by the Fastly WAF                |
| **Attack categories** | SQL injection, XSS, path traversal, RFI, and other OWASP categories |
| **Traffic anomalies** | Request spikes, unusual geographic distribution                     |
| **Block vs. log**     | Whether each event resulted in a block or was logged only           |
| **Client IP**         | Source IP for each WAF event                                        |
| **Rule ID**           | The specific WAF rule that triggered                                |

## Workbench card

The Fastly workbench card shows:

* WAF event count over the last 24 hours
* Top attack categories
* Blocked vs. logged event split

## Viewing in Pwnbook

The full Fastly view shows a timeline of WAF events with filtering by service, attack category, action (block/log), and time range.

## Disconnecting

1. Go to **Organization Settings → Marketplace → Fastly**.
2. Click **Disconnect**.
3. Confirm.
