Skip to main content

How to manage your own Fastly configuration (custom VCL)

Comments

4 comments

  • Dan Morrison

    You can avoid the manual steps!

    Fastly now provides a CLI tool that you should be able to use to get access to all Fastly functionality directly!
    https://github.com/fastly/cli

    0
  • Dan Morrison

    To use the Fastly CLI, quickstart:

    # Declare your project ID (or just move into your working directory)
    export PLATFORM_PROJECT=2rfibv66j424w
    export PLATFORM_BRANCH=main
    # Then extract and remember the Fastly service ID info. 
    # Fastly API will use these environment vars from now on to make invocation easier. 
    export FASTLY_SERVICE_ID=$(platform ssh "echo \$FASTLY_SERVICE_ID" | sed -e 's/[[:space:]]//g' )
    export FASTLY_API_TOKEN=$(platform ssh "echo \$FASTLY_API_TOKEN" | sed -e 's/[[:space:]]//g' )
    
    fastly service describe
    

    And you should see the information about your Fastly service that is wrapping this environment.

    See the CLI docs, it mirrors the API functions, but is a lot quicker to use.

    fastly stats historical --from="2 days ago"
    

    Remember, if working with an active Fastly service, you have to first

    • clone the active version
    • edit the new latest version (eg add a snippet)
    • activate the latest version

    It may look something like:

    fastly service-version clone --version=active
    fastly vcl snippet create --version=latest --name="Re-Enable shielding"  --content="./re_enable_shielding.vcl_snippet"
    fastly service-version activate --version=latest
    
    0
  • Timothy Lim

    Adding a couple more commands to show how to add IPs to the list and how to remove them via their IDs

    View Blocked IPs and the ID

    curl -s -H "Fastly-Key: $FASTLY_API_TOKEN" \
      "${FASTLY_API_URL}/service/${FASTLY_SERVICE_ID}/acl/${ACL_ID}/entries" | jq -r ".[] | {\"id\": .id, \"ip\": .ip } "
    

    Add an IP to the Block list

    curl -X POST -s -H "Fastly-Key: $FASTLY_API_TOKEN" -H "Content-Type: application/json"  -H "Accept: application/json"  \
        "${FASTLY_API_URL}/service/${FASTLY_SERVICE_ID}/acl/${ACL_ID}/entry" -d "{\"ip\":\"192.168.0.1\"}"
    

    Delete an IP address from the Block list via it’s ID

    curl -s -H "Fastly-Key: $FASTLY_API_TOKEN" -H "Accept: application/json" \
       -X DELETE "${FASTLY_API_URL}/service/${FASTLY_SERVICE_ID}/acl/${ACL_ID}/entry/lExhSsWk3QVyrAt5hykZ34"
    
    0
  • Matthias Van Woensel

    Based on the above information I’ve written a tool to auto add IPs to the fastly block list based on whatever is in the table ban_ip in your application.

    This allows you to use a tool like autoban for drupal
    Or write your own code to detect and block ips right in your app. They will automatically be synced to fastly.

    Source: GitHub - matthiaz/platformsh-tools

    0

Please sign in to leave a comment.