How to bypass WAF for GraphQL requests

Last update: Wed May 08 2024 00:00:00 GMT+0000 (Coordinated Universal Time)

Topics:
GraphQL

This article explains how to bypass WAF for GraphQL requests when the Fastly WAF is blocking your GraphQL requests.

Affected products and versions

Adobe Commerce on cloud infrastructure (all versions)

Cause

Due to the inherent nature of GraphQL requests, there can be a lot of repeated characters that can trigger false positive blocking of the requests by the Fastly WAF.

Solution

Bypass the WAF for these requests by adding a custom snippet through the Fastly Magento module:

type: recv
priority: 15
content:

code language-none
`if( req.url.path ~ "^/graphql" ) { set req.http.bypasswaf = "1"; }`

Click on Upload VCL to Fastly.

Web Application Firewall (WAF) in Commerce on Cloud Infrastructure guide.
Getting started with custom VCL in Commerce on Cloud Infrastructure guide.

recommendation-more-help

8bd06ef0-b3d5-4137-b74e-d7b00485808a

How to bypass WAF for GraphQL requests

Affected products and versions

Cause

Solution

Related reading