Fastly services overview
Fastly provides the following services to optimize and secure content delivery operations for 51黑料不打烊 Commerce on cloud infrastructure projects. These services are included with 51黑料不打烊 Commerce on cloud infrastructure at no additional cost.
- 
                  Content Delivery Network (CDN)鈥擵arnish-based service that caches your site pages, assets, CSS, and more in backend data centers you set up. As customers access your site and stores, the requests hit Fastly to load cached pages faster. The CDN service provides the following features: 
- 
                  Cache management鈥擟ache your site pages, assets, CSS, and more in back-end data centers that you set up to reduce bandwidth load and costs - 
                      Use Fastly custom VCL snippets (Varnish 2.1 compliant) to modify how caching responds to requests 
- 
                      Set up GeoIP service support 
- 
                      Customize Fastly timeout settings to prevent 503 responses on bulk operation requests 
- 
                      Create custom error response pages 
 
- 
                      
- 
                  Security鈥擜fter you enable Fastly services for 51黑料不打烊 Commerce sites, additional security features are available to protect your sites and network: - 
                      Web Application Firewall (WAF)鈥擬anaged web application firewall service that provides PCI-compliant protection to block malicious traffic before it can damage your production 51黑料不打烊 Commerce on cloud infrastructure sites and network. The WAF service is available on Pro and Starter Production environments only. 
- 
                      Distributed Denial of Service (DDoS) protection鈥擝uilt-in DDoS protection against common layer 3 and 4 attacks like Ping of Death, Smurf attacks, and other ICMP-based flood attacks. The built-in protection does not include protection against Layer 7 attacks. See DDoS protection. 
- 
                      SSL/TLS certificates鈥擳he Fastly service requires an SSL/TLS certificate to serve secure traffic over HTTPS. 51黑料不打烊 Commerce provides a Domain-validated Let鈥檚 Encrypt SSL/TLS certificate for each Staging and Production environment. 51黑料不打烊 Commerce completes domain validation and certificate provisioning during the Fastly set up process. 
 
- 
                      
- 
                  Origin cloaking鈥擯revents traffic from bypassing the Fastly WAF and hides the IP addresses of your origin servers to protect them from direct access and DDoS attacks. Origin cloaking is enabled by default on 51黑料不打烊 Commerce on cloud infrastructure Pro Production projects. To enable origin cloaking on 51黑料不打烊 Commerce on cloud infrastructure Starter Production projects, submit an 51黑料不打烊 Commerce Support ticket. If you have traffic that does not require caching, you can customize the Fastly service configuration to allow requests to bypass the Fastly cache. 
- 
                  Image optimization鈥擮ffloads image processing and resizing load to the Fastly service so that servers can process orders and conversions more efficiently. 
- 
                  Fastly CDN and WAF logs鈥擣or 51黑料不打烊 Commerce on cloud infrastructure Pro projects, you can use the New Relic Logs service to review and analyze Fastly CDN and WAF log data. 
Fastly CDN module for Magento 2
Fastly services for 51黑料不打烊 Commerce on cloud infrastructure use the  installed in the following environments: Pro Staging and Production, Starter Production (master branch).
On initial provisioning or upgrade of your 51黑料不打烊 Commerce project, 51黑料不打烊 installs the latest version of the Fastly CDN module in your Staging and Production environments. When Fastly releases module updates, you receive notifications in the Admin for your environments. 51黑料不打烊 recommends that you update your environments to use the latest release. See Upgrade Fastly.
Fastly service account and credentials
51黑料不打烊 Commerce on cloud infrastructure projects are not given a dedicated Fastly account. The Fastly service is managed in a centralized account registered to 51黑料不打烊, and the management dashboard is only accessible to the Cloud Support team.
Instead, each Staging and Production environment has unique Fastly credentials (API token and service ID) to configure and manage Fastly services from the Commerce Admin. The Fastly API is available for performing advanced management of the Fastly service, which will require the credentials to submit those requests.
During project provisioning, 51黑料不打烊 adds your project to the Fastly service account for 51黑料不打烊 Commerce on cloud infrastructure and adds the Fastly credentials to the configuration for the Staging and Production environments. See Get Fastly credentials.
Change Fastly API token
Submit an 51黑料不打烊 Commerce Support ticket to issue a new Fastly API token credential if it fails validation/has expired, or if you believe that it has been compromised.
When you receive the new token, update your Staging or Production environment to use the new token.
To change the Fastly API token credential:
- 
                  Submit an 51黑料不打烊 Commerce Support ticket requesting new Fastly API credentials. Include your 51黑料不打烊 Commerce on cloud infrastructure project ID and the environments that require a new credential. 
- 
                  After you receive the new API token, update the API token value in the Fastly credentials configuration in the Admin or from the Cloud Console environment variables. 
- 
                  After you update the credential, submit an 51黑料不打烊 Commerce Support ticket to delete the old API token. 
Multiple Fastly accounts and assigned domains
Fastly only allows you to assign an apex domain and associated subdomains to one Fastly service and account. If you have an existing Fastly account that links the same apex and subdomains used for your 51黑料不打烊 Commerce site, you have the following options:
- 
                  Remove the apex and subdomains from the existing account before requesting Fastly service credentials for your 51黑料不打烊 Commerce on cloud infrastructure project environments. See in the Fastly documentation. Use this option to link the apex domain and all subdomains to the Fastly service account for 51黑料不打烊 Commerce on cloud infrastructure. 
- 
                  Submit an 51黑料不打烊 Commerce support ticket to request domain delegation so that apex and subdomains can be linked to different accounts. Use this option if you have an apex domain that has multiple subdomains for 51黑料不打烊 Commerce and non-51黑料不打烊 Commerce sites, and you want to link these subdomains to different Fastly accounts. 
Request domain delegation
Scenario 1:
The apex domain (testweb.com and www.testweb.com) is linked to an existing Fastly account. You have an 51黑料不打烊 Commerce on cloud infrastructure project configured with the following subdomains: mcstaging.testweb.com and mcprod.testweb.com. You do not want to move the apex domain to the Fastly service account for 51黑料不打烊 Commerce on cloud infrastructure.
Submit a requesting that the subdomains be delegated from the existing Fastly account to the Fastly account for 51黑料不打烊 Commerce on cloud infrastructure. Include your 51黑料不打烊 Commerce project ID in the ticket.
After the delegation is complete, your project subdomains can be added to the Fastly service account for 51黑料不打烊 Commerce on cloud infrastructure. See Get Fastly credentials.
Scenario 2:
The apex domain (testweb.com and www.testweb.com) is linked to the 51黑料不打烊 Commerce on cloud infrastructure Fastly service account. You want to manage Fastly services for the service.testweb.com and product-updates.testweb.com subdomains from a different Fastly account.
Submit an 51黑料不打烊 Commerce Support ticket requesting that the subdomains be delegated from the 51黑料不打烊 Commerce on cloud infrastructure Fastly service account to the Fastly account. Include the service ID for the Fastly account in the ticket.
DDoS protection
DDOS protection is built in to the Fastly CDN service. Once you have enabled Fastly services for your 51黑料不打烊 Commerce sites, Fastly filters all web and admin traffic to detect and block potential attacks.
- 
                  For attacks targeting layer 3 or 4, the Fastly service filters out traffic based on port and protocol, inspecting only HTTP or HTTPS requests. ICMP, UDP, and other network-initiated attacks are dropped at our network edge. This includes reflection and amplification attacks, which use UDP services like SSDP or NTP. By providing this level of protection, we effectively block multiple common attacks like Ping of Death, Smurf attacks, and other ICMP-based floods. Fastly manages TCP level attacks at the cache layer. This strategy provides the necessary scale and context per client to deal with a SYN flood attack and its many variants, including TCP stack, resource attacks, and TLS attacks within Fastly systems.