Outage in Fastly

Novel JSON Function Use in SQL Injection

Resolved Minor
December 13, 2022 - about 2 months ago - Lasted about 1 month
Latest Fastly outages
Purging Systems Performance Issues - 1 day ago
Palermo (PMO) Rerouted Traffic - 4 days ago
Impact to Fastly WAF Console - 6 days ago

Details

On the 9th of December 2022, Fastly began investigation into a novel attack vector recently demonstrated in a blog post by security researchers, Claroty’s Team82. It uses JSON functions within SQL injection (SQLi) payloads that may not currently be detected by our NextGen and Legacy WAF products. Since the publication of this new attack vector, our teams have been working to extend detections for Fastly WAF products. Our teams have released a new scoring rule for the Fastly Legacy 2020 WAF that customers may deploy at their convenience.Our team plans to release initial updates for Next Gen WAF Edge deployments, and a new agent version, that address this novel form of SQL injection later today. CloudWAF instances will be updated shortly thereafter. Fastly will not be releasing new rules to address this issue for pre-2020 Legacy WAF. Pre-2020 Legacy WAF customers may contact [email protected] for assistance upgrading to 2020 or Next-Gen WAF options.
Updates ( sorted recent to last )
INFORMATIONAL at 12/09/2022 04:33PM

On the 9th of December 2022, Fastly began investigation into a novel attack vector recently demonstrated in a blog post by security researchers, Claroty’s Team82. It uses JSON functions within SQL injection (SQLi) payloads that may not currently be detected by our NextGen and Legacy WAF products. Since the publication of this new attack vector, our teams have been working to extend detections for Fastly WAF products. Our teams have released a new scoring rule for the Fastly Legacy 2020 WAF that customers may deploy at their convenience.Our team plans to release initial updates for Next Gen WAF Edge deployments, and a new agent version, that address this novel form of SQL injection later today. CloudWAF instances will be updated shortly thereafter. Fastly will not be releasing new rules to address this issue for pre-2020 Legacy WAF. Pre-2020 Legacy WAF customers may contact [email protected] for assistance upgrading to 2020 or Next-Gen WAF options.

INFORMATIONAL at 12/13/2022 09:50PM

We've improved our agent's SQLI detection to address this attack vector.To take advantage of this improved detection you will need to upgrade your agents to version 4.36.1. Our documentation on how to upgrade your agents can be found here: https://docs.fastly.com/signalsciences/upgrading/upgrading-an-agent/ If you are using a Cloud WAF or Edge Deployment, our team is currently upgrading these agents to take advantage of this improved SQLI detection.If you have any questions please reach out [email protected]

INFORMATIONAL at 12/14/2022 12:26AM

Fastly Next Generation WAF Edge deployments have now been updated to extend SQLI detections. No customer action is required to leverage these improvements.

INFORMATIONAL at 12/15/2022 07:56PM

Cloud WAF deployments have now been updated to extend SQLI detections.

Never miss outages in Fastly and all third-party dependencies

IsDown is an uptime monitoring solution for your critical business dependencies. Keep tabs on your SaaS and cloud providers in real-time and never miss another outage again. Get instant alerts and stay informed when an incident impacts your operations.

Start free trial

No credit card required · Cancel anytime · 2362 services available

Integrations with Slack Microsoft Teams Google Chat Datadog PagerDuty Zapier Discord Webhook

Monitor all your dependencies in a consistent way.

The Old Way
  • Subscribing to status pages one-by-one
  • Limited notification options
  • Can't monitor only the parts that matter
  • No bird's eye view over all your services
  • Losing time looking for problems elsewhere
  • No access to historical issues and stats
With IsDown
  • Easily subscribe to all status pages
  • Notifications in the tools you already use
  • Monitor only what directly impacts your business
  • Easy access to the status of all your services
  • Outages information where it's needed
  • Historical data of outages for all your providers

IsDown is the missing layer in your monitoring stack

Quickly identify external outages that impact your business. We are monitoring more than 2300 services in real time.

Get Started for Free

Your team on top of problems

IsDown aggregates the information from the status pages of all your services, making it easy to monitor the health of all your services in one place. Say goodbye to managing each status page individually - our service simplifies the process.

IsDown Dashboard

No more wasting time. Uptime monitoring in real time

Say goodbye to wasting time trying to diagnose issues with your services - our 24/7 monitoring service does the work for you. We'll notify you if there is an incident, so you can focus on other tasks.

Receive alerts in your preferred channels

Our outage monitoring keeps you informed, no matter where you are. Get instant notifications in your email, Slack, Teams, or Discord when an outage is detected, so you can take action quickly.

IsDown Integrations

Easily integrate with your current tools and workflows

Enhance your processes with more information using our integration of Zapier, Webhooks, PagerDuty, and Datadog. Stay notified and in control. Upgrade your operations today.

Avoid notifications clutter

Maximize your control with customizable notifications from each service. Filter by components and severity to only receive the most important updates. Streamline your processes and stay informed with our advanced notification features.

Notify By Components

Multiple dashboards, shareable with the world

Create one dashboard for each of your teams/clients/projects and monitor only the services that each uses. Have a dedicated dashboard with custom notification settings. Easily make your dashboard public and share it with the world.

Multiple Dashboards

Prepare for scheduled maintenances

Never again be caught off guard by unexpected maintenance from your services. A feed of the next scheduled maintenances is available.

Weekly Digest of the services' outages

Every Monday, you'll receive a weekly summary of what happened the previous week as well as the maintenance schedule for the following week.

Get Started Free

Integrate with tools you already use and love

The data and notifications you need, in the tools you already use.

Slack
Slack PagerDuty
PagerDuty Google Chat
Google Chat Microsoft Teams
Microsoft Teams Crisp
Crisp LogSnag
LogSnag
Zapier
Zapier
Discord
Discord

Email
Webhooks

Webhooks

Your teams will love it

DevOps & On-Call Teams

You already monitor your internal systems. What about the external services? Monitor the services your business depends on. Don't waste time looking elsewhere when external outages are the cause of issues.

IT Support Teams

Detect external outages before your clients tell you. Anticipate possible issues and make the necessary arrangements. Having proactive communication, builds trust over clients and prevents flow of support tickets.

5 minute setup,
instant value for your team

  1. Step 1 Create an account

    Start with a trial account that will allow you to try and monitor up to 40 services for 14 days.

  2. Step 2 Select your cloud services

    There are 2362 services to choose from and you can start monitoring, and we're adding more every week.

  3. Step 3 Set up notifications

    You can get notifications by email, Slack, and Discord. You can also use Zapier or Webhooks to build your workflows.

  4. Step 4 Done!

    You'll start getting alerts when we detect outages in your external dependencies! No more wasting time looking in the wrong place!

Get Started Free

Frequently Asked Questions

Is Fastly down right now? What is Fastly current status?
Fastly seems to be up and running. We've updated the status 1 minute ago.
Was Fastly down today?
Fastly is up and running now. In the last 24 hours there was 0 outages.
I'm having issues with Fastly, but the status is OK. What's going on?
There are a few things you can try:
  • Check the official status page for more information.
  • Check on the top of the page if there are any reported problems by other users.
Having problems with Fastly and need support?
Fastly outage? How can I monitor Fastly?
Why use IsDown instead of Fastly status page?
IsDown is a status page aggregator, which means that we aggregate the status of multiple cloud services. Monitor all the services that impact your business. Get a dashboard with the health of all services and status updates. Set up notifications via email, Slack, or Discord when a service you monitor has issues or when maintenances are scheduled.
What happens when I create an IsDown account?
You'll have access to a 14-day trial in our Pro plan. You can cancel or delete your account anytime. After 14 days, you'll need to subscribe to continue to use the service and get notifications.
How can I pay for a subscription?
You can go to the Billing section in your account and choose one of the plans. We have monthly and yearly options. We accept all major credit cards, Apple Pay, and Google Play. We use Stripe for payments.
Can I get a refund?
We'll refund your subscription if you cancel it until ten days after the subscription has started. No questions asked.
Can't find a service/integration?
Just contact us, and we'll add it ASAP.

Setup in 5 minutes or less

Try it out! How much time you'll save your team, by having the outages information close to them?

  • 14-day free trial
  • No credit card required to start
  • Cancel anytime
  • +2000 services available
Start today for FREE