Code examples for SaaS
Our code examples library is an always-evolving set of samples to do just about anything on the Fastly edge cloud. Browse or search for a keyword to find the perfect, ready-made solution you can paste into your service or adapt and customize for your own needs. Using Fastly Fiddle, play with any example and take advantage of the Fastly edge cloud, all without registering or affecting any existing account.
Decorating origin requests with GeoIP
Add GeoIP data about the client browser as extra headers in any requests from Fastly to your origin.
Threat intelligence preflight
Detect requests that contain submitted passwords and use a service to determine whether the password has leaked before allowing the request to proceed to origin (data from haveibeenpwned).
Serve stale to search crawlers
Prioritize human traffic over search crawlers by serving stale content to crawlers.
Overriding TTLs based on content type
Set TTLs at the edge based on the type of resource. Better done at origin, but this can be a great 'quick fix' or a solution if you don't control the origin.
Streaming server-sent-events
Stream responses to the browser while still receiving data from the origin and also saving it to cache. Great for spreading out server-sent-events streams to millions of users from a single source stream.
No-origin RUM logging
Collect and aggregate log data submitted from browsers directly into S3 or another log store without having to handle the traffic at your origin.
Replace origin errors with 'safe' responses
If origin responds with 500 internal server error, modify status to 503 and serve a 'safe' error message.
CORS OPTIONS preflights at the edge
Browsers send OPTIONS requests before performing cross-origin POSTs. You can answer these requests directly from the edge.
HTTP Basic Auth
Store username/password list in an edge dictionary, authorize user at the edge, reject requests that don't have correct credentials.
Serve robots.txt from the edge
Include full text of robots.txt in VCL, serve as a synthetic response to avoid robots.txt requests hitting your origin.
Consistent hashing director
Map requests to backends consistently, which can be useful to improve your internal cache and replication efficiency.
Synthetic binary responses
Serve binary objects, such as images, directly from edge configuration by encoding them using Base64 encoding.
Make very large payloads visible in VCL using custom headers
Using the Fetch API in JavaScript, it's possible to add custom headers to a request and see that data in VCL, which is subject to a much higher limit than those that we place on URL length and exposed POST body.
Time-limited URL tokens
Make URLs expire after a configurable period.
Image optimization
Use Fastly Image Optimizer to transform and serve images at the edge, closer to your users.
Manipulate query string
Add, remove, and sort querystring parameters.
Client public IP API at the edge
Quickly fetch the user's public IP from an API endpoint on your own domain, with no origin.
Add or remove cookies
Read individual cookies, set new cookies in response.
Caching POST requests
By default, Fastly does not cache responses to POST requests. But you can enable this if you wish.
ACL based IP block list
Block a list of IP address ranges from accessing your service.
CAPTCHA challenge
Intercept suspicious traffic and display a CAPTCHA challenge. If the user passes, allow the request to go to the origin server.
Normalize requests
Improve cache performance by normalizing requests. Filter and reorder query params, convert to lowercase, filter headers, and more.
Azure blob storage bucket origin (private)
Use Microsoft Azure authenticated requests to protect communication between your Fastly service and Azure.
Logging to Google BigQuery
Build raw JSON strings matching your BigQuery table schema to send log data to BigQuery.
Base64 POST body
Access the body of a POST request in Base64-encoded form.
Random integers
Generate random whole numbers in a range
Set PCI flag to disable persistent cache storage
PCI-compliant caching requires caching only in volatile storage, which you can enable with beresp.pci in VCL.
Hot-linking protection
Detect and reject requests from third party websites that attempt to embed your images on their pages.
Catch malicious requests with WAF
The web application firewall catches a variety of different types of malicious requests including cross-site scripting (XSS), SQL injection, remote and local file inclusion (RFI, LFI), remote command execution (RCE) and session fixation.
WAF custom rules
The web application firewall has thousands of rules built in, but you can augment these with your own.
Randomized WAF responses
By default, the web application firewall has a single, standard response for blocked requests, but you can vary this to confuse attackers.
Image transformation classes
Use custom, predefined classnames like large, medium, small, teaser, thumb, or article to control Fastly Image Optimizer and optionally prevent end-user access to native properties like 'width'.
JSON web tokens
Decode the popular JWT format to verify user session tokens before forwarding trusted authentication data to your origin.
Redirect old URLs at the edge
Use a dictionary of URL mappings to serve your redirects at lightning speed.
All code on this page is provided under both the BSD and MIT open source licenses.