Fastly NGWAF MCP Server
Provides seamless integration with Fastly's Next-Gen Web Application Firewall API, enabling AI assistants to manage web application security through natural language interactions.
README Documentation
Fastly NGWAF MCP Server
A comprehensive Model Context Protocol (MCP) server that provides seamless integration with the Fastly NGWAF (Next-Gen Web Application Firewall) API. This server enables AI assistants like Claude to manage web application security through natural language interactions.
Features
š”ļø Complete WAF Management
- Create, read, update, and delete security rules
- Manage IP allow/block lists
- Configure rate limiting and alerts
- Monitor security events and analytics
š¢ Multi-tenancy Support
- Corporation and site-level management
- Context-aware operations
- Bulk operations across multiple sites
š¤ AI-Friendly Interface
- Natural language rule creation
- Intelligent threat pattern detection
- Automated security policy suggestions
Installation
Prerequisites
- Node.js 18+
- Fastly NGWAF account with API access
- MCP-compatible AI assistant (Claude Desktop, etc.)
Setup
- Clone the repository
git clone https://github.com/yourusername/FastlyMCP.git
cd FastlyMCP
- Install dependencies
npm install
- Configure environment variables (optional)
# Create .env file
FASTLY_NGWAF_EMAIL=your-email@example.com
FASTLY_NGWAF_TOKEN=your-api-token
FASTLY_NGWAF_DEFAULT_CORP=your-corp-name
FASTLY_NGWAF_DEFAULT_SITE=your-site-name
- Start the server
npm start
Configuration
Claude Desktop Integration
Add this to your Claude Desktop configuration file:
Windows: %APPDATA%\Claude\claude_desktop_config.json
macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"fastly-ngwaf": {
"command": "node",
"args": ["path/to/FastlyMCP/server.js"],
"env": {
"FASTLY_NGWAF_EMAIL": "your-email@example.com",
"FASTLY_NGWAF_TOKEN": "your-api-token"
}
}
}
}
AI-Powered Interactions
Natural Language: "Create a rule to block SQL injection attacks on my website"
AI Response: The assistant will automatically:
- Detect the intent (create security rule)
- Identify the threat type (SQL injection)
- Generate appropriate rule conditions
- Apply the rule to your configured site
Available Tools
Authentication & Setup
set_credentials- Configure API credentialstest_connection- Validate API connectivityset_context- Set default corp/site contextdiscover_environment- Explore available resources
Rule Management
list_corp_rules/list_site_rules- List security rulescreate_corp_rule/create_site_rule- Create new rulesdelete_corp_rule/delete_site_rule- Remove rules
Security Monitoring
list_events- View security eventssearch_requests- Search request logsget_suspicious_ips- Identify threat sourcesexpire_event- Manually unblock IPs
IP List Management
manage_whitelist- Allow/block IP addressesmanage_blacklist- Block malicious IPsmanage_lists- Custom IP/country/string lists
Analytics & Reporting
get_analytics- Security metrics and trendsget_corp_overview- High-level attack summarymanage_alerts- Configure monitoring alerts
Advanced Features
manage_cloudwaf- CloudWAF instance managementmanage_users- User access control
Common Use Cases
šØ Incident Response
"An IP address 1.2.3.4 is attacking my site, block it immediately"
- AI automatically identifies the threat
- Adds IP to blacklist with appropriate duration
- Confirms blocking is active
š”ļø Proactive Security
"Set up protection against the latest OWASP top 10 vulnerabilities"
- Creates comprehensive rule sets
- Configures appropriate thresholds
- Sets up monitoring alerts
š Security Analytics
"Show me attack trends from the past month and suggest improvements"
- Analyzes historical attack data
- Identifies patterns and threat sources
- Recommends rule optimizations
š§ Bulk Management
"Apply the same security rules from site A to sites B, C, and D"
- Exports existing rule configurations
- Adapts rules for different sites
- Bulk applies with verification
API Reference
The server exposes the complete Fastly NGWAF API through intuitive MCP tools. Each tool maps to specific API endpoints while handling authentication, context resolution, and error management automatically.
Rate Limiting
The server respects Fastly API rate limits and implements appropriate retry logic.
Development
Project Structure
FastlyMCP/
āāā server.js # Main MCP server implementation
āāā package.json # Dependencies and scripts
āāā README.md # This documentation
āāā .env.example # Environment variable template
Testing
# Test API connectivity
npm start
# In another terminal/AI session:
# test_connection()
Troubleshooting
Common Issues
Authentication Failed
- Verify email and API token are correct
- Ensure token has appropriate permissions
- Check Fastly account status
Context Errors
- Set default corporation:
set_context({ corpName: "your-corp" }) - Verify corp/site names exist:
discover_environment()
Permission Denied
- Check user role has necessary permissions
- Verify site access in Fastly dashboard
Debug Mode
Enable verbose logging by setting environment variable:
DEBUG=fastly-ngwaf npm start
Security Considerations
- Store API credentials securely (environment variables or secure credential managers)
- Use principle of least privilege for API tokens
- Regularly rotate API credentials
- Monitor for unauthorized API usage
- Keep dependencies updated
License
MIT License - see LICENSE file for details.
Support
Changelog
v1.0.0
- Initial release with complete NGWAF API coverage
- MCP server implementation
- Rule management (CRUD operations)
- IP list management
- Analytics and monitoring
- CloudWAF support
- User management features