We are investigating elevated errors to our Cloud WAF.

Our engineers are continuing to investigate in reported errors experienced when deploying updates to Cloud WAF configurations.

We have confirmed that there is no impact to existing Cloud WAF configurations and customers are still protected by their current WAF services. Our network availability and all other services are unaffected.

Our engineers have identified the contributing factor and are applying a fix to Cloud WAF configurations.

Engineering has deployed a fix and have confirmed a gradual recovery to Cloud WAF configurations. We will continue to monitor until we’ve confirmed that customer experience has been fully restored.

Our network availability and all other services are unaffected.

This event has been resolved.

We are currently investigating elevated errors to our Cloud WAF dashboard.

Our engineers have identified the contributing factor and are applying a fix to Cloud WAF. 

Engineering has confirmed the impact to Cloud WAF has been mitigated.

Engineering has confirmed that Cloud WAF has been fully restored. Customers may have experienced inability to access Cloud WAF instances from 17:05 to 21:30 UTC.

This incident is resolved

Our engineers have identified the contributing factor and are applying a fix to NGWAF@edge and Cloud WAF services.

All other locations and services are unaffected.

Engineering has confirmed the impact to Agents and Module, NGWAF@Edge, Cloud WAF has been mitigated.

Engineering has confirmed that Agents and Module, NGWAF@Edge, Cloud WAF has been fully restored. Customers may have experienced NGWAF agents not receiving updates from 17:58 to 18:42 UTC.

This incident is resolved.

The scheduled maintenance has been completed.

[update from Customer Incident Response]

We have updated this original message from "degraded performance" to "available" and "informational" as our investigations later confirmed this status update to be a false alarm.

[original message]

We're investigating elevated errors in Cloud WAF.

All other locations and services are unaffected

Fastly engineers have confirmed after further investigation that this was a false alarm and there are currently no elevated errors on Cloud WAF services.

We apologize for any confusion this status post may have caused.

We are continuing to investigate and monitor this issue as an isolated incident, please continue to send and monitor ticket updates via email (securitysupport@fastly.com) while we investigate.

Issue has been isolated and determined to be impacting customers whom have enabled SSO and have not accepted the invite sent from the console. Logging in directly from SSO will prevent customers from viewing, updating and interacting with tickets in the console. Fastly advises customers to accept the invite send from the console to resolve their issues with ticket logging and interactions.

Fastly is aware of an expected critical vulnerability the OpenSSL project is expected to disclose in the near future. We are studying the currently available information surrounding this vulnerability and do not currently believe that Signal Sciences is vulnerable. We will continue to monitor as additional information is released and will provide our customers with more information as available.

Fastly has reviewed the initial notification from OpenSSL regarding CVE-2022-3786 and CVE-2022-3602. We have analyzed the versions of OpenSSL in use at Fastly, and verified that we do not use OpenSSL 3.x. Fastly and customer usage of Fastly services are not vulnerable to CVE-2022-3786 or CVE-2022-3602.