The Fastly NGWAF MCP Server provides comprehensive management of Fastly's Next-Gen Web Application Firewall through an AI-assisted natural language interface with multi-tenancy support. Key capabilities include:
- 🛡️ WAF Management: Create, update, delete, and manage security rules, IP allow/block lists, and configure rate limiting
- 🏢 Multi-tenancy: Manage corporations and sites, set context-aware defaults, and perform bulk operations
- 🤖 AI Integration: Use natural language to create rules, detect threats, and receive policy suggestions
- 🔍 Security Monitoring: View events, search request logs, identify suspicious IPs, and manage incident response
- 📊 Analytics & Reporting: Access attack trends, security metrics, and high-level summaries
- 🔧 Administration: Manage custom lists, alerts, CloudWAF instances, and user roles/access
- 🚀 Automation: Streamline security tasks, incident response, and bulk rule application
Integrates with Fastly's Next-Gen Web Application Firewall (NGWAF) API, allowing management of security rules, IP allowlists/blocklists, rate limiting, alerts, and security event monitoring across multiple sites and corporations.
Requires Node.js 18+ as a prerequisite for running the server.
Supports implementation of protection against OWASP top 10 vulnerabilities through rule creation and configuration.
Fastly NGWAF MCP Server
A comprehensive Model Context Protocol (MCP) server that provides seamless integration with the Fastly NGWAF (Next-Gen Web Application Firewall) API. This server enables AI assistants like Claude to manage web application security through natural language interactions.
Features
🛡️ Complete WAF Management
- Create, read, update, and delete security rules
- Manage IP allow/block lists
- Configure rate limiting and alerts
- Monitor security events and analytics
🏢 Multi-tenancy Support
- Corporation and site-level management
- Context-aware operations
- Bulk operations across multiple sites
🤖 AI-Friendly Interface
- Natural language rule creation
- Intelligent threat pattern detection
- Automated security policy suggestions
Installation
Prerequisites
- Node.js 18+
- Fastly NGWAF account with API access
- MCP-compatible AI assistant (Claude Desktop, etc.)
Setup
- Clone the repository
- Install dependencies
- Configure environment variables (optional)
- Start the server
Configuration
Claude Desktop Integration
Add this to your Claude Desktop configuration file:
Windows: %APPDATA%\Claude\claude_desktop_config.json
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
AI-Powered Interactions
Natural Language: "Create a rule to block SQL injection attacks on my website"
AI Response: The assistant will automatically:
- Detect the intent (create security rule)
- Identify the threat type (SQL injection)
- Generate appropriate rule conditions
- Apply the rule to your configured site
Available Tools
Authentication & Setup
set_credentials
- Configure API credentialstest_connection
- Validate API connectivityset_context
- Set default corp/site contextdiscover_environment
- Explore available resources
Rule Management
list_corp_rules
/list_site_rules
- List security rulescreate_corp_rule
/create_site_rule
- Create new rulesdelete_corp_rule
/delete_site_rule
- Remove rules
Security Monitoring
list_events
- View security eventssearch_requests
- Search request logsget_suspicious_ips
- Identify threat sourcesexpire_event
- Manually unblock IPs
IP List Management
manage_whitelist
- Allow/block IP addressesmanage_blacklist
- Block malicious IPsmanage_lists
- Custom IP/country/string lists
Analytics & Reporting
get_analytics
- Security metrics and trendsget_corp_overview
- High-level attack summarymanage_alerts
- Configure monitoring alerts
Advanced Features
manage_cloudwaf
- CloudWAF instance managementmanage_users
- User access control
Common Use Cases
🚨 Incident Response
"An IP address 1.2.3.4 is attacking my site, block it immediately"
- AI automatically identifies the threat
- Adds IP to blacklist with appropriate duration
- Confirms blocking is active
🛡️ Proactive Security
"Set up protection against the latest OWASP top 10 vulnerabilities"
- Creates comprehensive rule sets
- Configures appropriate thresholds
- Sets up monitoring alerts
📊 Security Analytics
"Show me attack trends from the past month and suggest improvements"
- Analyzes historical attack data
- Identifies patterns and threat sources
- Recommends rule optimizations
🔧 Bulk Management
"Apply the same security rules from site A to sites B, C, and D"
- Exports existing rule configurations
- Adapts rules for different sites
- Bulk applies with verification
API Reference
The server exposes the complete Fastly NGWAF API through intuitive MCP tools. Each tool maps to specific API endpoints while handling authentication, context resolution, and error management automatically.
Rate Limiting
The server respects Fastly API rate limits and implements appropriate retry logic.
Development
Project Structure
Testing
Troubleshooting
Common Issues
Authentication Failed
- Verify email and API token are correct
- Ensure token has appropriate permissions
- Check Fastly account status
Context Errors
- Set default corporation:
set_context({ corpName: "your-corp" })
- Verify corp/site names exist:
discover_environment()
Permission Denied
- Check user role has necessary permissions
- Verify site access in Fastly dashboard
Debug Mode
Enable verbose logging by setting environment variable:
Security Considerations
- Store API credentials securely (environment variables or secure credential managers)
- Use principle of least privilege for API tokens
- Regularly rotate API credentials
- Monitor for unauthorized API usage
- Keep dependencies updated
License
MIT License - see LICENSE file for details.
Support
Changelog
v1.0.0
- Initial release with complete NGWAF API coverage
- MCP server implementation
- Rule management (CRUD operations)
- IP list management
- Analytics and monitoring
- CloudWAF support
- User management features
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
Tools
Provides seamless integration with Fastly's Next-Gen Web Application Firewall API, enabling AI assistants to manage web application security through natural language interactions.
- Features
- Installation
- Configuration
- Available Tools
- Common Use Cases
- API Reference
- Development
- Troubleshooting
- Security Considerations
- License
- Support
- Changelog
Related Resources
Related MCP Servers
- -securityAlicense-qualityEnables AI assistants to interact with WordPress sites through the REST API. Supports multiple WordPress sites with secure authentication, enabling content management, post operations, and site configuration through natural language.Last updated -18MIT License
- -securityAlicense-qualityA modular, extensible FastAPI-based platform that aggregates multiple AI tools and microservices into a unified interface with standardized I/O formats, perfect for frontend integration or LLM system orchestration.Last updated -1PythonMIT License
- AsecurityAlicenseAqualityEnables AI assistants to interact with Fastly's CDN API through the Model Context Protocol, allowing secure management of CDN services, caching, security settings, and performance monitoring without exposing API keys.Last updated -23JavaScriptMIT License
- AsecurityAlicenseAqualityA secure server that enables AI agents to access 2FA codes and passwords from the Authenticator App, allowing them to assist with automated login processes while maintaining security.Last updated -31752TypeScriptMIT License