Fastly NGWAF

Manage web application security through the Fastly NGWAF API using natural language.

GitHub

Fastly NGWAF MCP Server

A comprehensive Model Context Protocol (MCP) server that provides seamless integration with the Fastly NGWAF (Next-Gen Web Application Firewall) API. This server enables AI assistants like Claude to manage web application security through natural language interactions.

Features

πŸ›‘οΈ Complete WAF Management

  • Create, read, update, and delete security rules
  • Manage IP allow/block lists
  • Configure rate limiting and alerts
  • Monitor security events and analytics

🏒 Multi-tenancy Support

  • Corporation and site-level management
  • Context-aware operations
  • Bulk operations across multiple sites

πŸ€– AI-Friendly Interface

  • Natural language rule creation
  • Intelligent threat pattern detection
  • Automated security policy suggestions

Installation

Prerequisites

  • Node.js 18+
  • Fastly NGWAF account with API access
  • MCP-compatible AI assistant (Claude Desktop, etc.)

Setup

  1. Clone the repository
git clone https://github.com/yourusername/FastlyMCP.git
cd FastlyMCP
  1. Install dependencies
npm install
  1. Configure environment variables (optional)
# Create .env file
[email protected]
FASTLY_NGWAF_TOKEN=your-api-token
FASTLY_NGWAF_DEFAULT_CORP=your-corp-name
FASTLY_NGWAF_DEFAULT_SITE=your-site-name
  1. Start the server
npm start

Configuration

Claude Desktop Integration

Add this to your Claude Desktop configuration file:

Windows: %APPDATA%\Claude\claude_desktop_config.json macOS: ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "fastly-ngwaf": {
      "command": "node",
      "args": ["path/to/FastlyMCP/server.js"],
      "env": {
        "FASTLY_NGWAF_EMAIL": "[email protected]",
        "FASTLY_NGWAF_TOKEN": "your-api-token"
      }
    }
  }
}

AI-Powered Interactions

Natural Language: "Create a rule to block SQL injection attacks on my website"

AI Response: The assistant will automatically:

  1. Detect the intent (create security rule)
  2. Identify the threat type (SQL injection)
  3. Generate appropriate rule conditions
  4. Apply the rule to your configured site

Available Tools

Authentication & Setup

  • set_credentials - Configure API credentials
  • test_connection - Validate API connectivity
  • set_context - Set default corp/site context
  • discover_environment - Explore available resources

Rule Management

  • list_corp_rules / list_site_rules - List security rules
  • create_corp_rule / create_site_rule - Create new rules
  • delete_corp_rule / delete_site_rule - Remove rules

Security Monitoring

  • list_events - View security events
  • search_requests - Search request logs
  • get_suspicious_ips - Identify threat sources
  • expire_event - Manually unblock IPs

IP List Management

  • manage_whitelist - Allow/block IP addresses
  • manage_blacklist - Block malicious IPs
  • manage_lists - Custom IP/country/string lists

Analytics & Reporting

  • get_analytics - Security metrics and trends
  • get_corp_overview - High-level attack summary
  • manage_alerts - Configure monitoring alerts

Advanced Features

  • manage_cloudwaf - CloudWAF instance management
  • manage_users - User access control

Common Use Cases

🚨 Incident Response

"An IP address 1.2.3.4 is attacking my site, block it immediately"

  • AI automatically identifies the threat
  • Adds IP to blacklist with appropriate duration
  • Confirms blocking is active

πŸ›‘οΈ Proactive Security

"Set up protection against the latest OWASP top 10 vulnerabilities"

  • Creates comprehensive rule sets
  • Configures appropriate thresholds
  • Sets up monitoring alerts

πŸ“Š Security Analytics

"Show me attack trends from the past month and suggest improvements"

  • Analyzes historical attack data
  • Identifies patterns and threat sources
  • Recommends rule optimizations

πŸ”§ Bulk Management

"Apply the same security rules from site A to sites B, C, and D"

  • Exports existing rule configurations
  • Adapts rules for different sites
  • Bulk applies with verification

API Reference

The server exposes the complete Fastly NGWAF API through intuitive MCP tools. Each tool maps to specific API endpoints while handling authentication, context resolution, and error management automatically.

Rate Limiting

The server respects Fastly API rate limits and implements appropriate retry logic.

Development

Project Structure

FastlyMCP/
β”œβ”€β”€ server.js          # Main MCP server implementation
β”œβ”€β”€ package.json       # Dependencies and scripts  
β”œβ”€β”€ README.md          # This documentation
└── .env.example       # Environment variable template

Testing

# Test API connectivity
npm start
# In another terminal/AI session:
# test_connection()

Troubleshooting

Common Issues

Authentication Failed

  • Verify email and API token are correct
  • Ensure token has appropriate permissions
  • Check Fastly account status

Context Errors

  • Set default corporation: set_context({ corpName: "your-corp" })
  • Verify corp/site names exist: discover_environment()

Permission Denied

  • Check user role has necessary permissions
  • Verify site access in Fastly dashboard

Debug Mode

Enable verbose logging by setting environment variable:

DEBUG=fastly-ngwaf npm start

Security Considerations

  • Store API credentials securely (environment variables or secure credential managers)
  • Use principle of least privilege for API tokens
  • Regularly rotate API credentials
  • Monitor for unauthorized API usage
  • Keep dependencies updated

License

MIT License - see LICENSE file for details.

Support

Changelog

v1.0.0

  • Initial release with complete NGWAF API coverage
  • MCP server implementation
  • Rule management (CRUD operations)
  • IP list management
  • Analytics and monitoring
  • CloudWAF support
  • User management features

Related Servers