Back to blog

Follow and Subscribe

All blog posts

Page 6 of 50

  • Incorrect Delivery of Partial Log

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    On July 29th at 00:00 UTC, Fastly was notified by a customer (customer X) that a single log line intended for a different customer (customer Y) was received by customer X’s log system. Fastly promptly began to investigate and determined that when a complex series of conditions occur, a log line may be misrouted to an incorrect logging service. We were able to trace the root cause to an error in logic introduced by Fastly to improve performance in April 2012. This single report from one customer is the only instance that Fastly is aware of, where all necessary conditions aligned simultaneously in eight years.

    Security

  • Fastly Security Advisory: Cache Poisoning Vulnerability Leveraging X-Forwarded-Host Header

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    Fastly was notified of the issue on May 21, 2020 13:30 UTC. Fastly immediately launched an investigation, identifying which origin servers responded with a test port number in the redirect response, in order to understand the vulnerability and possible solutions. After the investigation, Fastly first notified potentially affected customers on July 15, 2020 at 04:30 UTC. The vulnerability is a variant of a [previously reported vulnerability](https://www.fastly.com/security-advisories/cache-poisoning-leveraging-various-x-headers), and ultimately the result of constructing cacheable origin responses based on user-defined data. The issue occurs when an attacker issues an HTTPS request and specifies within the Host header a port number that is not actually being used for any services. It is possible to cache a resource in such a way as to deny future requests from being serviced properly.

    Security

  • Vulnerability in Fastly open source CDN module intended to be integrated into Magento2

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    During the investigation of a customer report, Fastly became aware of and addressed a security vulnerability (CVE-2017-13761) in the Fastly CDN module intended to be integrated into Magento2. This is open source code which Fastly releases to enable easy integration with our partner’s products. All versions prior to 1.2.26 are affected and customers are encouraged to upgrade. Fastly has reached out directly to customers currently using affected versions of the module.

    Security

  • Incorrect service routing involving HTTP/2 client connections

    Fastly Security Research Team, The Fastly Security Technical Account Management Team

    On November 11, 2019, at 21:57 UTC, Fastly deployed a new build of its HTTP/2 termination software to two Fastly cache servers in the Minneapolis-St.Paul (STP) data center. This build contained a processing flaw involving connection re-use between internal Fastly systems (unrelated to HTTP/2 multiplexing), and caused some incoming HTTP/2 requests for Fastly customers’ services to potentially be routed incorrectly to a group of up to 20 different Fastly customers’ services and origins. This led to some client request data being delivered to, and a response returned by, an incorrect customer origin. The customers whose origins erroneously received these requests may have logged the incorrectly-routed request data. Fastly was first notified by a customer of a client error on November 12, 2019, at 23:07 UTC. On November 13, 2019, at 00:50 UTC, all customer traffic was diverted away from the affected data center. Fastly immediately commenced an investigation, and on November 14, 2019, at 00:31 UTC, we validated the presence of incorrectly routed request data in a customer’s logs. We estimate this flaw affected 0.00016% of our global request traffic during the 27-hour period. It is unlikely that affected client requests came from outside of North America. Because Fastly does not store customer log data, we are not able to say with certainty if an affected request was incorrectly routed.

    Security

  • Memory access due to code generation flaw in Cranelift module

    The Fastly Security Technical Account Management Team, Fastly Security Research Team

    The bug identified in the Cranelift x64 backend performs a sign-extend instead of a zero-extend on a value loaded from the stack, when the register allocator reloads a spilled integer value narrower than 64 bits. This interacts poorly with another optimization: the instruction selector elides a 32-to-64-bit zero-extend operator when we know that an instruction producing a 32-bit value actually zeros the upper 32 bits of its destination register. Hence, the x64 compiler relies on these zeroed bits, but the type of the value is still i32, and the spill/reload reconstitutes those bits as the sign extension of the i32’s MSB.

    Security

  • Publish your website without a host

    Sue Smith

    Deploy static sites to Fastly Compute directly from your browser or IDE. Publish blogs, apps, and websites at the edge without hosting.

    CDN & Delivery
    + 3 more

  • DDoS in August

    Liam Mayron, David King

    August 2025 DDoS attack trends: Hyperscale clouds are the source for 70% of attacks. Get insights on the latest application DDoS trends to strengthen security.

    Security
    + 2 more

  • Trust at Scale with Fastly Image Optimizer and C2PA

    James Sherry

    Fastly Image Optimizer now supports C2PA, enabling verifiable content authenticity. Combat misinformation and build trust with secure image provenance at scale.

    CDN & Delivery
    + 2 more

  • Sustainability dashboard: Shine a light on your digital carbon footprint

    Eoghan Kelly

    Fastly's Sustainability dashboard provides instant access to electricity-related Scope 2 & 3 emissions data. Understand and optimize your digital carbon footprint with ease.

    CDN & Delivery
    + 3 more

  • Bridging the real-time testing gap: Fanout support in local development for Fastly Compute

    Katsuyuki Omuro

    Fastly Compute now supports local Fanout testing, letting you build and validate real-time features without deploying to production.

    Engineering
    + 2 more

  • AI Bots in Q2 2025: Trends from Fastly's Threat Insights Report

    Matthew Mathur, David King, + 1 more

    Fastly's Q2 2025 Threat Insights Report uncovers how Meta, OpenAI, and others are shaping web traffic and what organizations need to do to stay in control.

    Security
    Industry insights

  • Powering PyPI with Advanced Traffic Engineering

    Joe Williams, Stephen Strowes

    PyPI serves millions daily. See how Fastly’s Individual Provider Anycast unlocks faster, smarter routing for Python’s package index.

    CDN & Delivery
    + 4 more

  • Fastly DDoS Protection wins SiliconANGLE TechForward Cloud Security Award

    David King

    Fastly DDoS Protection wins SiliconANGLE TechForward Cloud Security Award after rigorous analysis by 32 industry peers.

    Security
    An illustration of a hand holding a megaphone with shield and lock icons blaring out

  • Fastly's Resilience to HTTP/1.1 Desynchronization Attacks

    Frederik Deweerdt, Kazuho Oku, + 2 more

    Discover why Fastly's architecture protects against HTTP/1.1 desynchronization attacks, unlike other CDNs. Protect your applications with Fastly's secure platform.

    Security
    + 4 more

  • Maximizing Compute Performance with Log Explorer & Insights

    Namit Shivaram

    Monitor and troubleshoot Fastly Compute services with Log Explorer & Insights. Gain granular insights, optimize performance, and debug faster for efficient applications.

    Compute
    + 2 more

  • Why Paying Copyright Holders for AI Training is Essential

    Simon Wistow, John Agger

    AI and creator rights don’t need to clash. A fair, consent-based model can drive innovation without exploiting creative work.

    Industry insights

  • DDoS in July

    Liam Mayron, David King

    July 2025 DDoS attack trends: Fastly's report reveals infrequent but massive enterprise attacks & insights on attack volume, industries targeted, and company size.

    Security
    Industry insights

  • Fastly is easier than ever to use with our Model Context Protocol (MCP) Server

    Jaskirat Singh Randhawa

    Manage Fastly with ease using the new open-source Model Context Protocol (MCP) Server. Integrate with AI assistants for conversational control of your services.

    Product
    Compute

  • Demystifying Fastly’s Defense Against HTTP Desynchronization Attacks

    Brian Haberman, Sandra Escandor-O’Keefe, + 1 more

    Learn how Fastly's robust architecture and strict protocol parsing defend against HTTP desynchronization attacks, ensuring your web applications are secure.

    Security
    + 3 more

  • Unlock Faster Web Performance: The Data Behind Fastly's Edge Over Akamai

    Lucas Olslund

    Discover why migrating from Akamai to Fastly boosts web performance. Our data shows 57% faster TTFB & 17% faster LCP, based on real-world CrUX data.

    CDN & Delivery
    Performance