This module enables the use of DataDome Bot Protection on the Fastly Compute platform.

Installation

Prerequisites

• The server-side key available in your DataDome dashboard
• The client-side key available in your DataDome dashboard
• Fastly CLI installed and configured
• Node.js 18+

Protect your traffic

There are two options to start protecting your traffic with DataDome Bot Protection:

• Create a new service for the integration
• Update an existing service with the integration

Option 1 - Using a new Fastly Compute service

Run the following command to initialize the project from our public template:

fastly compute init --from=https://github.com/DataDome/datadome-fastly-compute-template \
  --language=javascript \
  --accept-defaults \
  -y

Then to create and upload the Fastly Compute service, run:

fastly compute publish

This command will prompt for the following inputs:

• service name - Name of the service on your Fastly dashboard
• domain - Domain to route the traffic to the service (requires to update the CNAME record to point to Fastly)
• origin- Hostname of the origin backend to protect
• datadome - Hostname of the DataDome Bot protection API: it is recommended to keep the default value, api-fastly.datadome.co
• config store name - Name of the config store to create: it is recommended to keep the default value, datadome
• datadome_client_side_key - Client-side key from your DataDome dashboard
• datadome_server_side_key - Server-side key from your DataDome dashboard

Congrats! 🎉 Your traffic is now protected by DataDome Bot Protection.

📘

Configuration file location

The complete configuration of the service is declared in the fastly.toml file from the template and handled by the Fastly CLI.

Option 2 - Using an existing Fastly Compute service

1. Add the DataDome module dependency to your service with the following command:

npm i @datadome/module-fastly-compute

2. Insert the following code in the entry file (src/index.js as declared by default in webpack.config.js)

import { DataDome } from "@datadome/module-fastly-compute";

const onAllowedRequest = (event) => {
		// Current processing of your service
		// This code is executed when the request is allowed
};

addEventListener(
  	"fetch",
  	(event) => event.respondWith(DataDome.handleRequest(event, onAllowedRequest))
);

Edit the code above to include the current processing of your compute service inside the onAllowedRequest function.

3. Create a config store named datadome to hold the configuration from the Fastly dashboard

4. Link the datadome config store to the service

5. Add your DataDome keys (Both server-side and cleint-side) in the datadome config store

6. Create and configure the DataDome API backend to point to api-fastly.datadome.co in the Fastly Compute service

7. Edit the host configuration of the DataDome API backend

• Change the name to datadome

• Change the Override host to api-fastly.datadome.co

• (Optional) Change the Advanced options for more control on timeout values

8. Activate the Fastly Compute service

Congrats! 🎉 Your traffic is now protected by DataDome Bot protection.

Configuration

Settings

Default exclusion pattern

/\.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js|map)$/i

FAQ

How can I change the timeout value?

The timeout value is defined in the compute service in the datadome host.
Its configuration can be edited in the Advanced options section.

How can I log enriched headers?

Headers are added to the request made to the origin backend. It is possible to log them in the onAllowedRequest callback:

async function onAllowedRequest(event) {
    console.log('request headers: ' + [...event.request.headers.keys()].join(', '));
    return await fetch(event.request, { backend: 'origin' });
}

The onAllowedRequest callback is triggered when the protection allows the request to reach the origin. It must be used as a parameter of the handleRequest method:

addEventListener("fetch", (event) => event.respondWith(DataDome.handleRequest(event, onAllowedRequest)));

The logs can then be used by a Fastly logging endpoint following the documentation on Setting up remote log streaming

Can I still use VCL?

Yes, services can be chained - see Fastly Compute to VCL chaining for more details on the setup.

The backend to my origin has a different name. Can I change it?

In the datadome config store linked to the compute service, add a key-value pair attribute with:

• key: datadome_origin_backend_name
• value: the name of the backend to use

How can I test / debug the service?

If there is no data appearing in your DataDome dashboard, there might be a configuration issue.

Check the Compute logs for your service in your Fastly dashboard.

You can find the following log messages.

• When the config store is not linked to the service:

Error: DataDome:Configuration:Config Store 'datadome' must be linked to this service

• When the server-side key is missing:

Error: DataDome:Configuration:'datadome_server_side_key' is missing from Config Store

• When there is no backend named origin in the Fastly service configuration:

Error while running request handler: Requested backend named 'origin' does not exist

• When there is no backend named datadome in the Fastly service configuration:

Error: DataDome:Configuration:TypeError: Requested backend named 'datadome' does not exist

• When a timeout occured with the DataDome API:

Warn: DataDome:Timeout:NetworkError: HTTP response timeout