fastly/fastly-ngwaf
skills/fastly-ngwaf/SKILL.md
Performs an internal audit of Fastly Next-Gen WAF (NGWAF) workspaces to audit that critical templated protection rules are configured and enabled. Use when auditing NGWAF workspace security posture, checking for missing or disabled login protection rules (LOGINDISCOVERY, LOGINATTEMPT, LOGINSUCCESS, LOGINFAILURE), auditing credit card validation rules (CC-VAL-ATTEMPT, CC-VAL-FAILURE, CC-VAL-SUCCESS), auditing gift card protection rules (GC-VAL-ATTEMPT, GC-VAL-FAILURE, GC-VAL-SUCCESS), or identifying potential login endpoints not covered by NGWAF rules.
$ install --global
skillsauthnpx skillsauth add fastly/fastly-agent-toolkit fastly-ngwafInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 26, 2026, 3:50 AM37.7s2 files scanned
SKILL.md
- name:
- fastly-ngwaf
- description:
- Performs an internal audit of Fastly Next-Gen WAF (NGWAF) workspaces to audit that critical templated protection rules are configured and enabled. Use when auditing NGWAF workspace security posture, checking for missing or disabled login protection rules (LOGINDISCOVERY, LOGINATTEMPT, LOGINSUCCESS, LOGINFAILURE), auditing credit card validation rules (CC-VAL-ATTEMPT, CC-VAL-FAILURE, CC-VAL-SUCCESS), auditing gift card protection rules (GC-VAL-ATTEMPT, GC-VAL-FAILURE, GC-VAL-SUCCESS), or identifying potential login endpoints not covered by NGWAF rules.
Trigger and scope
This skill is designed to be triggered when performing an internal audit of Fastly Next-Gen WAF (NGWAF) workspaces. It is particularly useful for security teams, DevOps engineers, or anyone responsible for managing NGWAF configurations who wants to ensure that critical templated protection rules are properly configured and enabled. The fastly-cli skill should be used to configure rules while this skill is used to identify any gaps in rule configuration or enablement, especially for login protection, credit card validation, and gift card validation rules.
Fastly Next-Gen WAF Internal Audit
This skill audits Fastly NGWAF workspaces to understand the status of critical templated rules related to:
- Login Protection:
LOGINDISCOVERY,LOGINATTEMPT,LOGINSUCCESS, andLOGINFAILURE. - Credit Card Validation:
CC-VAL-ATTEMPT,CC-VAL-FAILURE, andCC-VAL-SUCCESS. - Gift Card Validation:
GC-VAL-ATTEMPT,GC-VAL-FAILURE, andGC-VAL-SUCCESS.
Workflow
- Retrieve Workspaces: Fetches all NGWAF workspaces associated with the account.
- Inspect Rules: For each workspace, it retrieves the list of configured rules.
- Validate Critical Rules: Specifically checks for the presence and enablement of the templated rules listed above.
- Recommend Actions: If any of these rules are missing or disabled, it recommends configuring and enabling them to strengthen security posture against Account Takeover (ATO) and carding attacks.
Usage
Assume that the user has correctly configured their FASTLY_API_KEY environment variable. Run the assessment script provided in the skill:
# Execute the assessment script
./scripts/assess_ngwaf_rules.sh
API References
- List Workspaces
- List Workspace Rules
Related Skills
fastly/viceroy
development
VerifiedTrustedCommunity
Runs Fastly Compute WASM applications locally with Viceroy, specifically for Rust and Component Model projects. Use when starting a local Fastly Compute dev server with Viceroy, configuring fastly.toml for local backend overrides and store definitions, running Rust unit tests with cargo-nextest against the Compute runtime, debugging Compute apps locally, adapting core WASM modules to the Component Model, or troubleshooting local Compute testing issues (connection refused, missing backends, store config). For non-Rust Compute work or understanding the Compute API, prefer the fastlike skill instead — its source code is easier to understand as a Fastly Compute API reference.
22SKILL.mdUpdated Apr 4, 2026
fastly/fastly
development
VerifiedTrustedCommunity
Configures, manages, and debugs the Fastly CDN platform — covering service and backend setup, caching and VCL, security features like DDoS/WAF/NGWAF/rate limiting/bot management, TLS certificates and cache purging, the Compute platform, and the REST API. Use when working with Fastly services or domains, setting up edge caching or origin shielding, configuring security features, making Fastly API calls, enabling products, or looking up Fastly documentation. Also applies when troubleshooting 503 errors or SSL/TLS certificate mismatches on Fastly, and for configuring logging endpoints, load balancing, ACLs, or edge dictionaries.
22SKILL.mdUpdated Apr 4, 2026
fastly/fastly-cli
tools
VerifiedTrustedCommunity
Executes Fastly CLI commands for managing CDN services, Compute deploys, and edge infrastructure. Use when running `fastly` CLI commands, creating or managing Fastly services from the terminal, deploying Fastly Compute applications, managing backends/domains/VCL snippets via command line, purging cache, configuring log streaming, setting up TLS certificates, managing KV/config/secret stores, checking service stats, authenticating with Fastly SSO, or working with fastly.toml. Also applies when working with Fastly service IDs in CLI context, or with `fastly service`, `fastly compute`, `fastly auth`, or any Fastly CLI subcommand. Covers service CRUD, version management, autocloning, and troubleshooting common CLI errors.
22SKILL.mdUpdated Apr 4, 2026
fastly/fastlike
development
VerifiedTrustedCommunity
Runs Fastly Compute WASM binaries locally and serves as the authoritative reference for Compute platform internals. The fastlike source code is highly readable and covers the host ABI, caching and purging APIs, KV/config/secret store interfaces, rate limiting with counters and penalty boxes, ACL lookups, the full request lifecycle, backend fetch semantics, and a built-in per-request profiler with hostcall spans, backend waterfalls, native CPU samples, and optional deep metrics (body bytes, cache outcomes, header summaries, wasm heap curve). Use when working with Compute runtime internals or host calls, understanding how edge data stores behave at runtime, profiling local Compute apps, or testing WASM binaries locally. Prefer this skill over Viceroy for any non-Rust Compute work — its source code is easier to understand as a Fastly Compute API reference.
22SKILL.mdUpdated Apr 4, 2026