cohost eliminates false positives, improves performance and image accuracy with Fastly

The challenge

cohost is a values-driven, alternative social media platform company that wants to work with vendors who meet and exceed their ethical standards. Their previous provider, who supplied both a content delivery network (CDN) and web application firewall (WAF) didn’t adhere to those baseline expectations. “We wanted to migrate the edge CDN for cohost.org away from Cloudflare, which served companies that we consider to be bad actors. We didn’t want to compromise our ethics by directly or indirectly supporting them through CDN subscription fees,” explains Jae Kaplan, a co-founder and developer at cohost. 

Kaplan’s team needed to find a combined CDN and WAF service that met the growing company’s needs. cohost required high-quality caching and image optimization to support its independent creator community, which produces and shares a high volume of user-created images. Cloudflare Images didn’t work well for cohost. “There were lots of cache misses due to Cloudflare’s focus on response time versus correctness—it did not work 90% of the time, and would just send the image unmodified. And it wasn’t configurable, so we couldn’t make it better,” Kaplan explained.

cohost also wanted an easy way to block unwanted traffic that could affect site performance. The team wanted to focus resources on developing a great social media site, not managing infrastructure or fighting a horde of content scrapers.

Finding the best CDN and WAF provider would support cohost in its efforts to grow and become self-sustaining. Intangibles such as ease of configuration and visibility into blocked traffic were high priorities.

The solution

First, cohost moved their attachment storage to Fastly CDN, completing the majority of the move during the proof-of-concept (POC) phase. “We migrated 90% of our production traffic over to Fastly on very short notice with zero downtime through Fastly’s CDN. It was magic,” Kaplan says.

“You can't just snap your fingers and move 40 terabytes of images from one place to another, but Fastly made it remarkably easy. We stood it up in under an hour and migrated all user uploaded images in a way that was completely seamless to our community.”

Next, cohost added Next-Gen WAF and Image Optimizer. “WAF and Image Optimizer are both absolutely essential to our business. All of our content is user-generated, including large numbers of image attachments. Image Optimizer makes serving these images efficient.” 

Greater control, flexibility and accuracy reduces infrastructure burden
Kaplan went on to explain that implementation was easy. “The degree of control provided by Fastly’s Next-Gen WAF was a huge differentiator. We had serious issues with constant false positives and lack of visibility into what caused them with Cloudflare. By contrast, Fastly blocks tens of thousands of unwanted requests a day—270k a week—which takes strain off our infrastructure.”

The CDN’s custom VCL functionality is also a winner. “The control we get over CDN behavior via custom Varnish configuration language (VCL) has made possible complex infrastructure work that otherwise wouldn’t be possible,” Kaplan says. “I cannot count the number of times my job has been made easier by Fastly. Infrastructure work that would take lots of time or resources to do ourselves is quick to accomplish.”  

“It helps that Fastly’s documentation is among the best,” Kaplan says. “Fastly’s documentation is phenomenal and made it so we only needed support from our sales engineer for context on best practices and our specific edge cases.” 

WAF full blocking mode eliminates false positives and saves time
Fastly’s Next-Gen WAF made it easy for cohost to block bad scrapers from hitting the site and causing issues with performance, as well. “From the start, Fastly’s WAF made it easy for us to fully eliminate bad traffic—from fraudulent ASNs to TikTok’s poorly developed crawler that sends thousands of requests a minute—before they reach our servers,” Kaplan says. “We then set up rate alerts for certain attack types, starting in flag mode but quickly moving to full blocking mode, at which point we stopped seeing false positives completely.”

Kaplan says the cohost team loves the ability to tune the Fastly Next-Gen WAF. “With our previous provider we had no visibility and very limited control of the WAF. Users reported problems to us that demonstrated a very high false positive rate while we also experienced a very high false negative rate.”

By contrast, the Fastly Next-Gen WAF reduces strain on the company’s infrastructure and saves the team from having to scale to meet non-user demand. “And Fastly Next-Gen WAF saves us time, because we don’t have to constantly put out fires. It consistently works well. By choosing Fastly, we can focus on developing features and revenue.” 

Shared values supports commitment to open source
Fastly’s corporate values also align with cohost’s corporate values, and they joined Fastly through the Fast Forward Program, a Fastly initiative to provide free services to eligible open source projects and the nonprofit organizations sustaining them.  “It’s important for us to stick to our ideals, and working with Fastly helps us do that,” Kaplan says, “Fastly has saved us so much time and money. Now we can focus on stuff that is more important, like making our platform better.” 

Key takeaway 

Fastly CDN, Image Optimizer, Varnish control language, and Next-Gen WAF make Kaplan’s days easier, lowers infrastructure costs, and makes the alternative social media platform’s users happier through better performance and elimination of false positives.

“Fastly’s Next-Gen WAF has been a breath of fresh air—it’s not a black box. We have visibility. We can make informed decisions. We can set our own rules. And those rules can be based on signals, not just RegEx.” Kaplan says, “I’m a big fan.”