How to bypass WAF for GraphQL requests

This article explains how to bypass WAF for GraphQL requests when the Fastly WAF is blocking your GraphQL requests.

Affected products and versions

Adobe Commerce on cloud infrastructure (all versions)


Due to the inherent nature of GraphQL requests, there can be a lot of repeated characters that can trigger false positive blocking of the requests by the Fastly WAF.


  1. Bypass the WAF for these requests by adding a custom snippet through the Fastly Magento module:

    type: recv
    priority: 15

    code language-none
    if( req.url.path ~ "^/graphql" ) {
        set req.http.bypasswaf = "1";
  2. Click on Upload VCL to Fastly.