inspect
The inspect() function inspects a request using the Fastly Next-Gen WAF.
Syntax
inspect(request, config);
Parameters
request: Request- The Request to get a WAF determination for.
config: objectcorp: string- Set a corp name for the configuration.
- This parameter is currently required.
workspace: string- Set a workspace name for the configuration.
- This parameter is currently required.
overrideClientIp: string- Specify an explicit client IP address to inspect.
- By default,
inspectwill use the IP address that made the request to the running Compute service, but you may want to use a different IP when service chaining or if requests are proxied from outside of Fastly’s network.
Return value
Returns an Object with the inspect response, with the following fields:
-
waf_response: number- Security status code.
-
redirect_url: string | null- A redirect URL returned from Security.
-
tags: string[]- Tags returned by Security.
-
verdict: string- The outcome of inspecting a request with Security. It can be one of the following:
"allow"- Security indicated that this request is allowed.
"block"- Security indicated that this request should be blocked.
"unauthorized"- Security indicated that this service is not authorized to inspect a request.
- Other verdicts may be returned but not currently documented.
- The outcome of inspecting a request with Security. It can be one of the following:
-
decision_ms: number- How long Security spent determining its verdict, in milliseconds.
Examples
/// <reference types="@fastly/js-compute" />
import { inspect } from "fastly:security";
async function app(event) {
const res = inspect(event.request, {
corp: "mycorp",
workspace: "myws"
});
switch (res.verdict) {
case "allow":
return await fetch(event.request);
case "block":
return new Response("Request Blocked", { status: 400 });
case "unauthorized":
return new Response("Unauthorized", { status: 401 });
default:
return new Response("idk", { status: 500 });
}
}
addEventListener("fetch", (event) => event.respondWith(app(event)));