BOOL, read-only.

Available inall subroutines.

Indicates whether the backend is a Fastly Shield POP.

Shielding directs traffic from the Fastly POPs closest to the end user to the Fastly POP closest to your backend, and onward to your servers. It is therefore possible for a resource to be fetched from a backend that is another Fastly POP. When this is the case, req.backend.is_shield will be true and req.backend.is_origin will be false.

Conversely, if a request is being forwarded from Fastly to a server outside of the Fastly network, req.backend.is_shield will be false and req.backend.is_origin will be true.

Try it out

req.backend.is_shield is used in the following code examples. Examples apply VCL to real-world use cases and can be deployed as they are, or adapted for your own service. See the full list of code examples for more inspiration.

Click RUN on a sample below to provision a Fastly service, execute the code on Fastly, and see how the function behaves.

Custom conditions for triggering WAF

The web application firewall runs only on traffic to your origin, but you can further refine when it should be invoked.