Fastly IP ranges & what they mean for fraud
Fastly publishes its CDN edge ranges. Like Cloudflare, requests originating from these ranges — rather than being served through them — are the signal of interest.
How Sentinel uses these ranges
Because Fastly is a CDN, the useful distinction is traffic originating from these ranges versus traffic merely served through them — Sentinel's signal applies to the former. The numbers above come from Fastly's own published range feed — the same feed Sentinel's verdict pipeline refreshes continuously, so a new range is scored within hours of publication, not whenever a static database ships.
Range data adds a signal; it never overrides deeper network detection. VPN exits live in datacenters, so a range hit doesn't short-circuit tunnel analysis — an IP in Fastly's ranges that is also a VPN exit gets both signals, and your policy sees the full picture in the reasons array.
Should you block Fastly traffic?
Compute@Edge and similar products mean code, not people, initiates connections from these ranges.
The honest answer is: it depends on the surface. A datacenter IP on a signup, login, or checkout is a strong review signal — humans overwhelmingly arrive from residential and mobile networks. The same IP calling your API is often just a legitimate backend. Sentinel returns the raw signal so you can apply exactly that asymmetric policy instead of a blanket block.
curl -X POST https://sntlhq.com/v1/evaluate \ -H "Authorization: Bearer sk_test_sandbox" \ -H "Content-Type: application/json" \ -d '{"token":"test_datacenter"}'
The sandbox key returns the documented datacenter-verdict shape (decision, risk_score, network.datacenter) — no signup required. Details in the API docs.
Free tier: 1,000 requests/hour. No card, no expiry.