These scripts can be leveraged to report on Fastly NGWAF and Legacy WAF status for services. This is accomplished via API by checking the VCL of a given service to see if it contains legacy WAF code as well as NGWAF snippets and an appropriate edge dictionary.
This repository contains two scripts for different analysis approaches:
- waf_check.sh - Service-level analysis (requires service ID input via file)
- account_waf_check.sh - Account-level analysis (requires CID text input or file list input)
Both scripts determine:
- Legacy WAF presence via WAF objects in service configuration
- NGWAF code deployment via ngwaf_config_init snippet detection
- NGWAF activation status via Edge_Security dictionary values
- jq (given in this repo, but you can provide your own binary)
- Valid Fastly API token
Requires config.cfg:
fastly_key="your_api_token" // or provided with env variable
fUrl="https://api.fastly.com"
snipName="ngwaf_config_init"
edgeKey="Enabled"Requires account_config.cfg:
fastly_key="your_api_token" // or provided with env variable
fUrl="https://api.fastly.com"
snipName="ngwaf_config_init"
edgeKey="Enabled"./waf_check.sh <service_ids_file>Input file format (one service ID per line):
1a2b3c4d5e6f7g8h
9i0j1k2l3m4n5o6p
# Single customer ID
./account_waf_check.sh 12345
# Multiple customer IDs from file
./account_waf_check.sh customer_ids.txtCustomer file format (one customer ID per line):
12345
67890
Output files:
report_YYYYMMDD_HHMMSS.csv- Resultslog_YYYYMMDD_HHMMSS.txt- Debug information (account script only)
- Input files must end with empty newline
- Services without active versions are skipped
Common issues:
- Missing jq: Install via package manager
- Authentication errors: Verify API token in config file
- Empty results: Check input file format and newline endings
- Permissions: Ensure scripts are executable (chmod +x)