As we continue to monitor the rapidly evolving situation with the log4j vulnerability, our Security Research and Engineering teams have completed several iterations of our Fastly WAF and Signal Sciences Next-Gen WAF CVE rules. Signal Sciences Next-Gen WAF implementations automatically receive updates to rules as they are released without any customer action required. Fastly Legacy and Fastly 2020 WAF implementations require customer action to implement updated rules.
For more information on how to update the Legacy Fastly WAF rule set or individual rules in the Fastly 2020 WAF please visit
Going forward we will post updates to our status pages as new versions of these rules are made available.
Our efficacy testing has shown that these rules provide excellent coverage in protecting our customers from a wide range of variants and attacks, with minimal false positives.
While these rules are being used widely by a variety of customers with great results, a number of customers have asked for a method to provide more strict coverage, though it increases the risk of false positives and the possibility of blocking a portion of legitimate traffic. To accommodate this request, we have created a second set of, “strict enforcement rules.” These are titled:
Fastly WAFs: Log4j2 - 2.14.1 JNDI possible RCE attempt - strict Signal Sciences WAF: CVE-2021-44228-STRICT
We recommend only using these rules as a last resort while working to patch your environment, due to the increased risk of blocking legitimate traffic.
Please contact our support teams if you have any questions or need any assistance updating these rules at email@example.com.
about the Log4j vulnerability. This blog includes background information on the vulnerability, Fastly's observations we've seen so far, and details on how to block exploitation attempts.
Posted Dec 11, 2021 - 00:43 UTC
Fastly is aware of a serious vulnerability in log4j. We have developed defenses to assist customers in the mitigation of this vulnerability.
For Sciences Next-Gen WAF customers: You can enable this a new templated rule in the Signal Sciences console by going to Site Rules -> Templated Rules. Look for CVE-2021-44228 and click View. Click Configure. Check the box next to Enabled and click “Update rule”.
For Fastly Legacy WAF customers: please contact the CSOC at firstname.lastname@example.org for assistance with VCL snippets to protect your CDN services.