How to bypass WAF for GraphQL requests
This article explains how to bypass WAF for GraphQL requests when the Fastly WAF is blocking your GraphQL requests.
Affected products and versions
Adobe Commerce on cloud infrastructure (all versions)
Cause
Due to the inherent nature of GraphQL requests, there can be a lot of repeated characters that can trigger false positive blocking of the requests by the Fastly WAF.
Solution
-
Bypass the WAF for these requests by adding a custom snippet through the Fastly Magento module:
type: recv
priority: 15
content:code language-none if( req.url.path ~ "^/graphql" ) { set req.http.bypasswaf = "1"; }
-
Click on Upload VCL to Fastly.
Related reading
- Web Application Firewall (WAF) in Commerce on Cloud Infrastructure guide.
- Getting started with custom VCL in Commerce on Cloud Infrastructure guide.
recommendation-more-help
8bd06ef0-b3d5-4137-b74e-d7b00485808a