This FAQ discusses common questions about Fastly origin cloaking enablement in Adobe Commerce (that has been fully implemented as of 2021).
Origin cloaking is a security feature that allows Adobe Commerce on cloud infrastructure to block any non-Fastly traffic (to prevent DDoS attacks, going to the cloud infrastructure (origin).
Origin cloaking is designed to prevent traffic from bypassing the Fastly Web Application Firewall (WAF) and routing it through the strictly defined flow of Fastly > Load Balancer > Instances. With this implementation, all the traffic is guaranteed to go through the Fastly WAF as well as the internal WAF built into the load balancer.
This feature was originally created to benefit Adobe Commerce on cloud infrastructure.
No. This feature should have already been implemented on all cloud projects, and any projects that have been provisioned since 2021 would have had this enabled by default. However, you may request that origin cloaking be disabled for your project by submitting a support request.
No, it does not.
Fastly does not cache API calls, so the client should be fine with the change. Origin cloaking only blocks requests that go straight to the origin, such as:
In this example, the client will still be able to hit the API if they change the URL to
mywebsite.com/rest/default/V1/integration/admin/token?username=XXXX&password=XXXXX; mywebsite.com/rest/default/V1/orders/ mywebsite.com/rest/default/V1/products/ mywebsite.com/rest/default/V1/inventory/source-items
No, this change will NOT impact deployment and downtime.
Yes, if the project has multiple staging environments, the change will be applied to all staging environments.