fastly-ngwaf
Trigger and scope
This skill is designed to be triggered when performing an internal audit of Fastly Next-Gen WAF (NGWAF) workspaces. It is particularly useful for security teams, DevOps engineers, or anyone responsible for managing NGWAF configurations who wants to ensure that critical templated protection rules are properly configured and enabled. The fastly-cli skill should be used to configure rules while this skill is used to identify any gaps in rule configuration or enablement, especially for login protection, credit card validation, and gift card validation rules.
Fastly Next-Gen WAF Internal Audit
This skill audits Fastly NGWAF workspaces to understand the status of critical templated rules related to:
- Login Protection:
LOGINDISCOVERY,LOGINATTEMPT,LOGINSUCCESS, andLOGINFAILURE. - Credit Card Validation:
CC-VAL-ATTEMPT,CC-VAL-FAILURE, andCC-VAL-SUCCESS. - Gift Card Validation:
GC-VAL-ATTEMPT,GC-VAL-FAILURE, andGC-VAL-SUCCESS.
Workflow
- Retrieve Workspaces: Fetches all NGWAF workspaces associated with the account.
- Inspect Rules: For each workspace, it retrieves the list of configured rules.
- Validate Critical Rules: Specifically checks for the presence and enablement of the templated rules listed above.
- Recommend Actions: If any of these rules are missing or disabled, it recommends configuring and enabling them to strengthen security posture against Account Takeover (ATO) and carding attacks.
Usage
Assume that the user has correctly configured their FASTLY_API_KEY environment variable. Run the assessment script provided in the skill:
More from fastly/fastly-agent-toolkit
fastly
Configures, manages, and debugs the Fastly CDN platform — covering service and backend setup, caching and VCL, security features like DDoS/WAF/NGWAF/rate limiting/bot management, TLS certificates and cache purging, the Compute platform, and the REST API. Use when working with Fastly services or domains, setting up edge caching or origin shielding, configuring security features, making Fastly API calls, enabling products, or looking up Fastly documentation. Also applies when troubleshooting 503 errors or SSL/TLS certificate mismatches on Fastly, and for configuring logging endpoints, load balancing, ACLs, or edge dictionaries.
48falco
Lints, tests, simulates, and formats Fastly VCL code using the falco tool. Also serves as the authoritative VCL reference via the falco Go source, which implements Fastly's full VCL dialect. Use when validating VCL syntax, running VCL linting, testing VCL locally, simulating VCL request handling, formatting VCL files, writing VCL unit tests with assertions, debugging VCL logic errors, looking up VCL function signatures or variable scopes, understanding VCL subroutine behavior, or running `falco lint`/`falco simulate`/`falco test`/`falco fmt`. Also applies when working with VCL syntax errors, type mismatches in VCL, choosing which VCL subroutine to use, or setting up a local VCL development and testing environment.
47viceroy
Runs Fastly Compute WASM applications locally with Viceroy, specifically for Rust and Component Model projects. Use when starting a local Fastly Compute dev server with Viceroy, configuring fastly.toml for local backend overrides and store definitions, running Rust unit tests with cargo-nextest against the Compute runtime, debugging Compute apps locally, adapting core WASM modules to the Component Model, or troubleshooting local Compute testing issues (connection refused, missing backends, store config). For non-Rust Compute work or understanding the Compute API, prefer the fastlike skill instead — its source code is easier to understand as a Fastly Compute API reference.
45fastly-cli
Executes Fastly CLI commands for managing CDN services, Compute deploys, and edge infrastructure. Use when running `fastly` CLI commands, creating or managing Fastly services from the terminal, deploying Fastly Compute applications, managing backends/domains/VCL snippets via command line, purging cache, configuring log streaming, setting up TLS certificates, managing KV/config/secret stores, checking service stats, authenticating with Fastly SSO, or working with fastly.toml. Also applies when working with Fastly service IDs in CLI context, or with `fastly service`, `fastly compute`, `fastly auth`, or any Fastly CLI subcommand. Covers service CRUD, version management, autocloning, and troubleshooting common CLI errors.
43xvcl
Extends Fastly VCL with loops, functions, constants, macros, conditionals, and includes via XVCL — a VCL transpiler that compiles .xvcl files into standard VCL. Use when writing VCL for Fastly, working with .xvcl files, generating repetitive VCL (multiple backends, routing rules, headers) with loops, defining reusable VCL functions with return values, using compile-time constants instead of magic numbers, or writing any Fastly VCL configuration. XVCL syntax is not in training data so this skill is required. Also applies when writing and testing VCL locally (compile with `uvx xvcl`, test with falco), reducing VCL code duplication, splitting large VCL into modular includes, or doing any VCL development task for Fastly — even without explicitly mentioning XVCL.
24fastlike
Runs Fastly Compute WASM binaries locally and serves as the authoritative reference for Compute platform internals. The fastlike source code is highly readable and covers the host ABI, caching and purging APIs, KV/config/secret store interfaces, rate limiting with counters and penalty boxes, ACL lookups, the full request lifecycle, and backend fetch semantics. Use when working with Compute runtime internals or host calls, understanding how edge data stores behave at runtime, exploring the WASM Component Model adaptation layer, or testing WASM binaries locally. Prefer this skill over Viceroy for any non-Rust Compute work — its source code is easier to understand as a Fastly Compute API reference.
19