INTEGER, can be read and
set, but not
The total score accumulated by triggering scoring rules in the Cross Site Scripting category during WAF processing.
Each scoring rule in the appropriate category that is matched by the current request will increment this variable by the value associated with the rule.
waf_debug_log subroutine, the value of this variable will reflect the total score accumulated so far, and not the score associated with any individual rule.
waf.xss_score is used in the following code examples. Examples apply VCL to real-world use cases and can be deployed as they are, or adapted for your own service. See the full list of code examples for more inspiration.
Click RUN on a sample below to provision a Fastly service, execute the code on Fastly, and see how the function behaves.
Add custom WAF rules
The web application firewall has thousands of rules built in, but you can augment these with your own.