This FAQ discusses common questions about Fastly origin cloaking enablement in Adobe Commerce.
Origin cloaking is a security feature that allows Adobe Commerce on cloud infrastructure to block any non-Fastly traffic (to prevent DDoS attacks, going to the cloud infrastructure (origin).
Origin cloaking is designed to prevent traffic from bypassing the Fastly Web Application Firewall (WAF) and routing it through the strictly defined flow of Fastly > Load Balancer > Instances. With this implementation, all the traffic is guaranteed to go through the Fastly WAF as well as the internal WAF built into the load balancer.
This feature was newly created to benefit Adobe Commerce on cloud infrastructure.
No, it does not.
Fastly does not cache API calls, so the client should be fine with the change. Origin cloaking only blocks requests that go straight to the origin, such as:
In this example, the client will still be able to hit the API if they change the URL to
mywebsite.com/rest/default/V1/integration/admin/token?username=XXXX&password=XXXXX; mywebsite.com/rest/default/V1/orders/ mywebsite.com/rest/default/V1/products/ mywebsite.com/rest/default/V1/inventory/source-items
No, this change will NOT impact deployment and downtime.
Yes, if the project has multiple stagings, the change will be applied to all stagings.