Fastly Integration

The WebDecoy Fastly integration automatically blocks malicious IPs at the edge using Fastly’s Access Control List (ACL) API. When a detection occurs, WebDecoy can instantly add the IP to your Fastly service’s ACL for immediate blocking.

How It Works

Detection Created
       │
       ▼
WebDecoy Rule Engine
       │
       ├─ Check integration rules
       │  ├─ Event type matches?
       │  ├─ Bot score threshold met?
       │  └─ Decoy filter matches?
       │
       ▼
Fastly ACL Entry API
       │
       └─ Add IP to ACL block list

When a detection triggers the integration, WebDecoy calls the Fastly ACL Entry API (POST /service/{service_id}/acl/{acl_id}/entry) to add the IP address to your configured ACL.

Prerequisites

• Fastly account with ACL support
• Fastly API token with appropriate permissions
• An ACL container created and attached to your Fastly service
• VCL configured to block IPs in the ACL

Understanding Fastly ACLs

Fastly Access Control Lists (ACLs) work in two parts:

1. ACL Container - A named list attached to your service configuration
2. ACL Entries - The actual IP addresses or subnets in the list

ACL entries are “versionless” - once your ACL is attached to an active service version, any updates to the entries take effect immediately without requiring a new service version.

Getting a Fastly API Token

1. Log in to manage.fastly.com
2. Click Account → Personal API tokens
3. Click Create Token
4. Configure the token:
   • Name: “WebDecoy Integration”
   • Type: Automation token (recommended)
   • Scope: Select your service or Global (all services)
   • Role: Engineer or higher
5. Click Create Token
6. Copy the token immediately (you won’t see it again)

Required Permissions

The API token needs permission to:

• Read service configuration
• Create ACL entries
• Update ACL entries
• Delete ACL entries

Setting Up an ACL in Fastly

Before configuring WebDecoy, you need an ACL in your Fastly service:

1. Create the ACL Container

1. Go to your Fastly service
2. Click Edit configuration → Clone active
3. Click ACLs in the sidebar
4. Click Create ACL
5. Name it something like webdecoy_blocklist
6. Click Create

2. Add VCL to Block IPs

Add VCL code to your service to block IPs in the ACL:

acl webdecoy_blocklist {
  # Managed by WebDecoy - do not edit manually
}

sub vcl_recv {
  if (client.ip ~ webdecoy_blocklist) {
    error 403 "Forbidden";
  }
}

Alternatively, use Fastly’s IP Block List feature:

1. Go to Security → IP block list
2. Enable the feature
3. Select your ACL as the block list source

3. Activate the Configuration

1. Click Activate to deploy the new version
2. Note your Service ID and ACL ID for WebDecoy configuration

Finding Your Service ID

1. Go to manage.fastly.com
2. Click on your service
3. The Service ID is shown in the service details (or in the URL)
4. Format: alphanumeric string like SU1Z0isxPaozGVKXdv0eY

Finding Your ACL ID

1. Go to your service in Fastly
2. Click ACLs
3. Click on your ACL
4. The ACL ID is in the URL or details panel
5. Format: alphanumeric string like 5clTcvM3wPDCa0fhO7LMbf

Setting Up the Integration

1. Go to Integrations in the WebDecoy sidebar
2. Click Fastly
3. Click Add Fastly Integration
4. Fill in the configuration:

Field	Description
Name	A friendly name for this integration
API Token	Your Fastly API token
Service ID	Your Fastly service ID
ACL ID	The ACL ID to add blocked IPs to
ACL Name	Optional human-readable name for reference
Action	What to do when triggered (see below)

5. Click Create Integration

Action Types

Action	Description
Block IP	Add the IP to the Fastly ACL (blocked by your VCL)
Log Only	Record the event without adding to ACL

Trigger Configuration

Event Types

Choose when the integration should trigger:

Option	Description
All Detections	Trigger on any detection
High Risk Only	Only trigger when bot score >= 80

Minimum Bot Score

Set a threshold score (0-100). The integration only triggers for detections with a bot score at or above this value.

Recommended thresholds:

Use Case	Threshold
Aggressive blocking	50+
Standard protection	70+
Conservative (fewer false positives)	85+

Decoy Filter

Optionally restrict the integration to specific decoys. Leave empty to trigger for all decoys in your organization.

Managing Integrations

View Status

Each integration shows:

• Trigger Count - How many times it has fired
• Failure Count - How many API calls failed
• Last Triggered - When it last fired
• Last Error - Most recent error message (if any)

Test Integration

Click Test to verify the integration is working. This sends a test request to the Fastly API.

Enable/Disable

Toggle integrations on or off without deleting them. Disabled integrations don’t process any detections.

Delete

Remove an integration entirely. This doesn’t remove any IPs already added to your Fastly ACL.

Best Practices

Do’s

• Start with “High Risk Only” to avoid false positives
• Use a conservative bot score threshold initially (75+)
• Create a dedicated ACL for WebDecoy (don’t mix with manual entries)
• Monitor the failure count for API issues
• Test the integration after setup
• Regularly review blocked IPs in Fastly

Don’ts

• Don’t use a token with more permissions than needed
• Don’t set the threshold too low (causes false positives)
• Don’t ignore failure counts (may indicate permission issues)
• Don’t manually edit the WebDecoy ACL entries

Troubleshooting

”Unauthorized” or “401” Errors

1. Verify your API token is correct
2. Check the token hasn’t been revoked
3. Ensure the token has permission for the service
4. Regenerate the token if needed

”ACL Not Found” or “404” Errors

1. Verify the ACL ID is correct
2. Ensure the ACL exists in your service
3. Check the service ID is correct
4. Verify the ACL is attached to an active service version

”Service Not Found” Errors

1. Verify the Service ID is correct
2. Ensure the API token has access to the service
3. Check if the service has been deleted or moved

IPs Not Being Blocked

1. Check the integration is active (not disabled)
2. Verify the event type filters match your detections
3. Check the bot score threshold isn’t too high
4. Verify your VCL is configured to block IPs in the ACL
5. Check that the service version with the ACL is active
6. Look for errors in the integration status

High Failure Count

1. Check the Last Error message
2. Verify API token permissions
3. Check Fastly’s status page for outages
4. Ensure you haven’t hit API rate limits

Fastly ACL Limits

Be aware of Fastly’s limits:

Limit	Value
ACL entries per ACL	10,000 (can be increased)
API rate limits	Varies by plan

Contact Fastly support to increase limits if needed.

Viewing Blocked IPs in Fastly

To see IPs blocked by WebDecoy:

1. Go to your Fastly service
2. Click ACLs
3. Click on your WebDecoy ACL
4. View all entries
5. WebDecoy entries include a comment: “Blocked by WebDecoy - Detection [ID]“

Removing Blocked IPs

WebDecoy doesn’t automatically remove blocked IPs. To unblock:

Via Fastly Dashboard

1. Go to your Fastly service
2. Click ACLs → Your WebDecoy ACL
3. Find the IP entry
4. Click Delete

Via Fastly API

curl -X DELETE \
  "https://api.fastly.com/service/{service_id}/acl/{acl_id}/entry/{entry_id}" \
  -H "Fastly-Key: YOUR_API_TOKEN"

Comparison with Other WAF Integrations

Feature	Fastly	Cloudflare	AWS WAF
Edge blocking	Yes	Yes	Yes
Immediate updates	Yes (versionless)	Yes	Yes
Subnet support	Yes	Yes	Yes
IP set management	ACLs	Firewall Rules	IP Sets
Setup complexity	Medium	Low	High

---

Next Steps

• Cloudflare - Alternative WAF integration
• AWS WAF - AWS WAF IP blocking
• Vercel - Edge middleware protection
• Overview - All integrations