Add GeoIP data about the client browser as extra headers in any requests from Fastly to your origin.
Code examples for SaaS
Our code examples library is an always-evolving set of samples to do just about anything on the Fastly edge cloud. Browse or search for a keyword to find the perfect, ready-made solution you can paste into your service or adapt and customize for your own needs. Using Fastly Fiddle, play with any example and take advantage of the Fastly edge cloud, all without registering or affecting any existing account.
Detect requests that contain submitted passwords and use a service to determine whether the password has leaked before allowing the request to proceed to origin (data from haveibeenpwned).
Prioritize human traffic over search crawlers by serving stale content to crawlers.
Set TTLs at the edge based on the type of resource. Better done at origin, but this can be a great 'quick fix' or a solution if you don't control the origin.
Stream responses to the browser while still receiving data from the origin and also saving it to cache. Great for spreading out server-sent-events streams to millions of users from a single source stream.
Collect and aggregate log data submitted from browsers directly into S3 or another log store without having to handle the traffic at your origin.
If origin responds with 500 internal server error, modify status to 503 and serve a 'safe' error message.
Browsers send OPTIONS requests before performing cross-origin POSTs. You can answer these requests directly from the edge.
Store username/password list in an edge dictionary, authorize user at the edge, reject requests that don't have correct credentials.
Include full text of robots.txt in VCL, serve as a synthetic response to avoid robots.txt requests hitting your origin.
Map requests to backends consistently, which can be useful to improve your internal cache and replication efficiency.
Serve binary objects, such as images, directly from edge configuration by encoding them using Base64 encoding.
Using the Fetch API in JavaScript, it's possible to add custom headers to a request and see that data in VCL, which is subject to a much higher limit than those that we place on URL length and exposed POST body.
Make URLs expire after a configurable period.
Use Fastly Image Optimizer to transform and serve images at the edge, closer to your users.
Add, remove, and sort querystring parameters.
Quickly fetch the user's public IP from an API endpoint on your own domain, with no origin.
Read individual cookies, set new cookies in response.
By default, Fastly does not cache responses to POST requests. But you can enable this if you wish.
Block a list of IP address ranges from accessing your service.
Intercept suspicious traffic and display a CAPTCHA challenge. If the user passes, allow the request to go to the origin server.
Improve cache performance by normalizing requests. Filter and reorder query params, convert to lowercase, filter headers, and more.
Use Microsoft Azure authenticated requests to protect communication between your Fastly service and Azure.
Build raw JSON strings matching your BigQuery table schema to send log data to BigQuery.
Access the body of a POST request in Base64-encoded form.
Generate random whole numbers in a range
PCI-compliant caching requires caching only in volatile storage, which you can enable with beresp.pci in VCL.
Detect and reject requests from third party websites that attempt to embed your images on their pages.
The web application firewall catches a variety of different types of malicious requests including cross-site scripting (XSS), SQL injection, remote and local file inclusion (RFI, LFI), remote command execution (RCE) and session fixation.
The web application firewall has thousands of rules built in, but you can augment these with your own.
By default, the web application firewall has a single, standard response for blocked requests, but you can vary this to confuse attackers.
Use custom, predefined classnames like large, medium, small, teaser, thumb, or article to control Fastly Image Optimizer and optionally prevent end-user access to native properties like 'width'.
Decode the popular JWT format to verify user session tokens before forwarding trusted authentication data to your origin.
Use a dictionary of URL mappings to serve your redirects at lightning speed.
All code on this page is provided under both the BSD and MIT open source licenses.