ÃÛ¶¹ÊÓƵ

Documentation

Web Application Firewall (WAF) showing disabled state in ÃÛ¶¹ÊÓƵ Commerce on Cloud Infrastructure admin interface

Last update: Tue Apr 29 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

The Web Application Firewall (WAF) in ÃÛ¶¹ÊÓƵ Commerce on Cloud Infrastructure appears disabled on the admin side, despite being enabled and functioning correctly. To fix this, verify WAF functionality, identify the current VCL version, and use the Fastly API to check if NGWAF has been enabled.

Description description

Environment

ÃÛ¶¹ÊÓƵ Commerce on Cloud Infrastructure

Issue/Symptoms

  • The Admin interface shows WAF as disabled, even though it is enabled.
  • An error message advises contacting support for help.
  • WAF data is visible and functioning on external monitoring tools like New Relic.

Note:

In the ÃÛ¶¹ÊÓƵ Commerce admin Fastly configuration, the WAF button/setting only indicates the state of the Legacy WAF - but not NGWAF.

  • If it indicates that WAF is not enabled, you will have to verify whether NGWAF has been enabled using the Fastly API.
  • The legacy WAF button has been removed in version 1.2.224 of the Fastly extension. If you’re no longer able to see the legacy WAF button, it means that the extension has been upgraded. To prevent the legacy WAF button from being shown, upgrade the extension. It is not currently known if the NGWAF button will be added to a future release of the extension.

Resolution resolution

  1. Verify WAF functionality using monitoring tools like New Relic to confirm it is operating as expected.

  2. Obtain your Fastly keys:

    • For Pro Staging and Production environments, locate the keys on the server in /mnt/shared/fastly_tokens.txt.
    • For Starter Staging and Production environments, find the keys in the Variables section at ÃÛ¶¹ÊÓƵ Commerce Console/settings/variables).

  3. Identify the current VCL version:

    • {{curl -H "Fastly-Key: API_TOKEN" https://api.fastly.com/service/SERVICE_ID/version/active}}

  4. Check the Dynamic snippets using the Fastly API to see if NGWAF has been enabled:

    • Obtain the list of VCL snippets:
      • {{curl -H "Fastly-Key: API_TOKEN" https://api.fastly.com/service/SERVICE_ID/version/ACTIVE_VERSION/snippet > /tmp/snippets.vcl}}
    • Check whether ngwaf_config_deliver exists. If there is a result, NGWAF is enabled:
      • {{jq -c '.[ ] ' /tmp/snippets.vcl | grep 'ngwaf_config_deliver' |json_pp}}

For example,

{   "content" : null,   "type" : "deliver",   "deleted_at" : null,   "version" : "xx",   "id" : "6SnxxxxxxxxGnfV7W54",   "service_id" : "21CxxxxxxxxxDW3fYltn0",   "priority" : "1x0",   "created_at" : "20xx-0x-03T11:18:22Z",   "updated_at" : "20xx-0x-28T17:17:10Z",   "dynamic" : "1",   "name" : "ngwaf_config_deliver"}

If the WAF data confirms proper operation and the Dynamic snippet shows NGWAF as disabled, escalate the issue to ÃÛ¶¹ÊÓƵ’s Application Support Team for further investigation. Provide any additional details or screenshots related to the issue to assist with troubleshooting.

recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f