diff --git a/.github/workflows/github-action.yml b/.github/workflows/github-action.yml
new file mode 100644
index 0000000..18a6a3e
--- /dev/null
+++ b/.github/workflows/github-action.yml
@@ -0,0 +1,36 @@
+# This is a basic workflow to help you get started with Actions
+
+name: CI
+
+# Controls when the workflow will run
+on:
+  # Triggers the workflow on push or pull request events but only for the "main" branch
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called "build"
+  build:
+    # The type of runner that the job will run on
+    runs-on: ubuntu-latest
+
+    # Steps represent a sequence of tasks that will be executed as part of the job
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v3
+
+      # Runs a single command using the runners shell
+      - name: Run a one-line script
+        run: echo Hello, world!
+
+      # Runs a set of commands using the runners shell
+      - name: Run a multi-line script
+        run: |
+          echo Add other actions to build,
+          echo test, and deploy your project.
diff --git a/.gitignore b/.gitignore
index b2217da..35854a5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,7 @@
 *.tfstate
 *.tfstate.*
 *.lock.hcl
+terraform.tfvars
 
 # Crash log files
 crash.log
diff --git a/README.md b/README.md
index fd63de7..223ce5f 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,5 @@
+[![CI](https://github.com/fastly/security-use-cases/actions/workflows/github-action.yml/badge.svg)](https://github.com/fastly/security-use-cases/actions/workflows/github-action.yml)
+
 # NextGen WAF Edge Deployment Quick Start
 This repository allows you to quickly deploy a the NextGen WAF Edge integration using Terraform.
 
@@ -20,5 +22,5 @@ This repository allows you to quickly deploy a the NextGen WAF Edge integration
 Check out [Terraform for beginners](https://geekflare.com/terraform-for-beginners/)
 
 # Want some new functionality or have questions?
-Reach out Max Anderson, Guy Brown, or Brooks Cunningham on the TSG team.
+Reach out to the contributors of this repo.
 
diff --git a/gold-standard-starter/main.tf b/gold-standard-starter/main.tf
index 697b960..34e0232 100644
--- a/gold-standard-starter/main.tf
+++ b/gold-standard-starter/main.tf
@@ -4,9 +4,9 @@
 # environment variables must be available using "TF_VAR_*" in your terminal. 
 # For example, `echo $TF_VAR_NGWAF_CORP` should return your intended corp.
 provider "sigsci" {
-  corp        = var.NGWAF_CORP
-  email       = var.NGWAF_EMAIL
-  auth_token  = var.NGWAF_TOKEN
+  corp       = var.NGWAF_CORP
+  email      = var.NGWAF_EMAIL
+  auth_token = var.NGWAF_TOKEN
 }
 #### Supply NGWAF API authentication - End
 
@@ -50,19 +50,19 @@ resource "sigsci_corp_signal_tag" "malicious-attacker-signal" {
 
 resource "sigsci_corp_rule" "malicious-attacker-rule" {
   site_short_names = []
-  type            = "request"
-  corp_scope      = "global"
-  group_operator  = "all"
-  enabled         = true
-  reason          = "Detect attacks from known attacking IPs"
-  expiration      = ""
+  type             = "request"
+  corp_scope       = "global"
+  group_operator   = "all"
+  enabled          = true
+  reason           = "Detect attacks from known attacking IPs"
+  expiration       = ""
 
 
   conditions {
-    type     = "multival"
-    field    = "signal"
+    type           = "multival"
+    field          = "signal"
     group_operator = "all"
-    operator = "exists"
+    operator       = "exists"
 
     conditions {
       type     = "single"
@@ -81,8 +81,8 @@ resource "sigsci_corp_rule" "malicious-attacker-rule" {
   # actions {
   #   type = "block"
   # }
-    actions {
-    type = "addSignal"
+  actions {
+    type   = "addSignal"
     signal = sigsci_corp_signal_tag.malicious-attacker-signal.id
   }
 
@@ -106,34 +106,34 @@ resource "sigsci_corp_list" "blocked-countries-corp-list" {
   name = "blocked-countries"
   type = "country"
   entries = [
-      "KP",
+    "KP",
   ]
   description = "Block countries that are not revenue generating. KP is North Korea."
 }
 
 resource "sigsci_corp_rule" "blocked-countries-corp-rule" {
   site_short_names = []
-  type = "request"
-  corp_scope = "global"
-  enabled = true
-  group_operator = "all"
-  reason = "Country Blocking Rule"
-  expiration = ""
+  type             = "request"
+  corp_scope       = "global"
+  enabled          = true
+  group_operator   = "all"
+  reason           = "Country Blocking Rule"
+  expiration       = ""
 
   conditions {
     type     = "single"
     field    = "country"
     operator = "inList"
-    value = sigsci_corp_list.blocked-countries-corp-list.id
+    value    = sigsci_corp_list.blocked-countries-corp-list.id
   }
-  
+
   # Easily go into blocking by uncommenting the following action
   # actions {
   #   type = "block"
   # }
 
   actions {
-    type = "addSignal"
+    type   = "addSignal"
     signal = sigsci_corp_signal_tag.blocked-countries-corp-signal.id
   }
 
@@ -154,32 +154,32 @@ resource "sigsci_corp_signal_tag" "system-attack-signal" {
 
 resource "sigsci_corp_rule" "system-attack-rule" {
   site_short_names = []
-  type            = "request"
-  corp_scope      = "global"
-  group_operator  = "all"
-  enabled         = true
-  reason          = "Add a signal for any attack"
-  expiration      = ""
+  type             = "request"
+  corp_scope       = "global"
+  group_operator   = "all"
+  enabled          = true
+  reason           = "Add a signal for any attack"
+  expiration       = ""
 
   conditions {
-    type     = "multival"
-    field    = "signal"
+    type           = "multival"
+    field          = "signal"
     group_operator = "all"
-    operator = "exists"
+    operator       = "exists"
 
     conditions {
       type     = "single"
       field    = "signalType"
       operator = "inList"
-      value = sigsci_corp_list.system-attack-signals-list.id
+      value    = sigsci_corp_list.system-attack-signals-list.id
     }
   }
   #### Easily go into blocking by uncommenting the following action
   # actions {
   #   type = "block"
   # }
-    actions {
-    type = "addSignal"
+  actions {
+    type   = "addSignal"
     signal = sigsci_corp_signal_tag.system-attack-signal.id
   }
   depends_on = [
@@ -243,44 +243,44 @@ resource "sigsci_corp_signal_tag" "anomaly-attack-signal" {
 }
 
 resource "sigsci_corp_list" "anomaly-attack-signals-list" {
-    name = "anomaly-attack-signals"
-    type = "signal"
-    entries = [
-      "ABNORMALPATH",
-      "CODEINJECTION",
-      "DOUBLEENCODING",
-      "DUPLICATE-HEADERS",
-      "NOTUTF8",
-      "MALFORMED-DATA",
-      "NOUA",
-      "PRIVATEFILE",
-      "RESPONSESPLIT",
-    ]
+  name = "anomaly-attack-signals"
+  type = "signal"
+  entries = [
+    "ABNORMALPATH",
+    "CODEINJECTION",
+    "DOUBLEENCODING",
+    "DUPLICATE-HEADERS",
+    "NOTUTF8",
+    "MALFORMED-DATA",
+    "NOUA",
+    "PRIVATEFILE",
+    "RESPONSESPLIT",
+  ]
 }
 
 resource "sigsci_corp_rule" "anomaly-attack-corp-rule" {
   site_short_names = []
-  type            = "request"
-  corp_scope      = "global"
-  group_operator  = "all"
-  enabled         = true
-  reason          = "Identify attacks from Anomaly Traffic"
-  expiration      = ""
+  type             = "request"
+  corp_scope       = "global"
+  group_operator   = "all"
+  enabled          = true
+  reason           = "Identify attacks from Anomaly Traffic"
+  expiration       = ""
   conditions {
-    type     = "multival"
-    field    = "signal"
+    type           = "multival"
+    field          = "signal"
     group_operator = "all"
-    operator = "exists"
+    operator       = "exists"
 
     conditions {
       type     = "single"
       field    = "signalType"
       operator = "inList"
-      value = sigsci_corp_list.anomaly-attack-signals-list.id
+      value    = sigsci_corp_list.anomaly-attack-signals-list.id
     }
   }
   actions {
-    type = "addSignal"
+    type   = "addSignal"
     signal = sigsci_corp_signal_tag.anomaly-attack-signal.id
   }
   #### Easily go into blocking by uncommenting the following action
@@ -296,9 +296,9 @@ resource "sigsci_corp_rule" "anomaly-attack-corp-rule" {
 
 #### Rate Limiting Enumeration Attempts - Start
 resource "sigsci_site_signal_tag" "bad-response-signal" {
-  site_short_name   = var.NGWAF_SITE
-  name              = "bad-response"
-  description       = "Identification of attacks from malicious IPs"
+  site_short_name = var.NGWAF_SITE
+  name            = "bad-response"
+  description     = "Identification of attacks from malicious IPs"
 
 }
 
@@ -311,16 +311,16 @@ resource "sigsci_site_rule" "enumeration-attack-rule" {
   expiration      = ""
 
   conditions {
-    type      = "single"
-    field     = "responseCode"
-    operator  = "like"
-    value     = "4[0-9][0-9]"
+    type     = "single"
+    field    = "responseCode"
+    operator = "like"
+    value    = "4[0-9][0-9]"
   }
   conditions {
-    type      = "single"
-    field     = "responseCode"
-    operator  = "like"
-    value     = "5[0-9][0-9]"
+    type     = "single"
+    field    = "responseCode"
+    operator = "like"
+    value    = "5[0-9][0-9]"
   }
   # actions {
   #   type          = "blockSignal"
@@ -329,13 +329,13 @@ resource "sigsci_site_rule" "enumeration-attack-rule" {
   # }
 
   actions {
-    type = "logRequest"
+    type   = "logRequest"
     signal = sigsci_site_signal_tag.bad-response-signal.id
   }
 
   rate_limit = {
     threshold = 10,
-    interval  =  1,
+    interval  = 1,
     duration  = 600,
     # clientIdentifiers = "ip" Defaults to IP
   }
@@ -347,3 +347,14 @@ resource "sigsci_site_rule" "enumeration-attack-rule" {
 }
 
 #### Rate Limiting Enumeration Attempts - End
+
+
+output "live_waf_love_output" {
+  value = <<tfmultiline
+
+  #### Click the URL to go to the Fastly NGWAF service ####
+  https://dashboard.signalsciences.net/corps/${var.NGWAF_CORP}/sites/${var.NGWAF_SITE}
+
+  tfmultiline
+  
+}
\ No newline at end of file
diff --git a/gold-standard-starter/rules_with_edge_deployment.tf b/gold-standard-starter/rules_with_edge_deployment.tf
new file mode 100644
index 0000000..d0d0917
--- /dev/null
+++ b/gold-standard-starter/rules_with_edge_deployment.tf
@@ -0,0 +1,151 @@
+#### Add rules from https://www.fastly.com/blog/stronger-security-with-a-unified-cdn-and-waf
+
+# Using JA3 signatures and ASNs
+resource "sigsci_corp_list" "malicious-ja3s-list" {
+  name = "malicious-ja3s-list"
+  type = "string"
+  entries = [
+    "entries_go_here",
+  ]
+}
+resource "sigsci_corp_signal_tag" "malicious-ja3-signal" {
+  short_name  = "malicious-ja3"
+  description = "corp level malicious ja3"
+}
+
+resource "sigsci_corp_rule" "malicious-ja3-rule" {
+  site_short_names = []
+  type             = "request"
+  corp_scope       = "global"
+  group_operator   = "all"
+  enabled          = true
+  reason           = "malicious-ja3-rule"
+  expiration       = ""
+  conditions {
+    type           = "multival"
+    field          = "requestHeader"
+    group_operator = "all"
+    operator       = "exists"
+    conditions {
+      type     = "single"
+      field    = "name"
+      operator = "equals"
+      value    = "client-ja3"
+    }
+
+    conditions {
+      type     = "single"
+      field    = "valueString"
+      operator = "inList"
+      value    = sigsci_corp_list.malicious-ja3s-list.id
+    }
+  }
+  actions {
+    type   = "addSignal"
+    signal = sigsci_corp_signal_tag.malicious-ja3-signal.id
+  }
+}
+
+# Utilizing the ASN header
+resource "sigsci_corp_list" "bad-reputation-asn-list" {
+  name = "bad-reputation-asn-list"
+  type = "string"
+  entries = [
+    "entries_go_here",
+  ]
+}
+resource "sigsci_corp_signal_tag" "bad-reputation-asn-signal" {
+  short_name  = "bad-reputation-asn"
+  description = "corp level bad reputation asn"
+}
+
+resource "sigsci_corp_rule" "bad-reputation-asn-rule" {
+  site_short_names = []
+  type             = "request"
+  corp_scope       = "global"
+  group_operator   = "all"
+  enabled          = true
+  reason           = "bad-reputation-asn"
+  expiration       = ""
+  conditions {
+    type           = "multival"
+    field          = "requestHeader"
+    group_operator = "all"
+    operator       = "exists"
+    conditions {
+      type     = "single"
+      field    = "name"
+      operator = "equals"
+      value    = "asn"
+    }
+    conditions {
+      type     = "single"
+      field    = "valueString"
+      operator = "inList"
+      value    = sigsci_corp_list.bad-reputation-asn-list.id
+    }
+  }
+  actions {
+    type   = "addSignal"
+    signal = sigsci_corp_signal_tag.bad-reputation-asn-signal.id
+  }
+}
+
+# Taking Advantage of the Proxy Headers
+resource "sigsci_corp_signal_tag" "suspicious-hosting-signal" {
+  short_name  = "suspicious-hosting"
+  description = "suspicious hosting provider"
+}
+
+resource "sigsci_corp_rule" "suspicious-hosting-rule" {
+  site_short_names = []
+  type             = "request"
+  corp_scope       = "global"
+  group_operator   = "all"
+  enabled          = true
+  reason           = "suspicious-hosting"
+  expiration       = ""
+  conditions {
+    type           = "multival"
+    field          = "requestHeader"
+    group_operator = "all"
+    operator       = "exists"
+    conditions {
+      type     = "single"
+      field    = "name"
+      operator = "equals"
+      value    = "proxy-type"
+    }
+    conditions {
+      type     = "single"
+      field    = "valueString"
+      operator = "equals"
+      value    = "hosting"
+    }
+  }
+  conditions {
+    type           = "multival"
+    field          = "requestHeader"
+    group_operator = "all"
+    operator       = "exists"
+    conditions {
+      type     = "single"
+      field    = "name"
+      operator = "equals"
+      value    = "proxy-desc"
+    }
+    conditions {
+      type     = "single"
+      field    = "valueString"
+      operator = "doesNotEqual"
+      value    = "cloud"
+    }
+  }
+  actions {
+    type   = "addSignal"
+    signal = sigsci_corp_signal_tag.suspicious-hosting-signal.id
+  }
+}
+
+# Optimize NGWAF enforcement with the Edge Cloud Network 
+# Rate limiting rule
diff --git a/gold-standard-starter/versions.tf b/gold-standard-starter/versions.tf
index d991886..0a5f052 100644
--- a/gold-standard-starter/versions.tf
+++ b/gold-standard-starter/versions.tf
@@ -3,7 +3,7 @@ terraform {
     # https://registry.terraform.io/providers/signalsciences/sigsci/latest
     sigsci = {
       source = "signalsciences/sigsci"
-	  version = "1.2.3"
+	  version = ">= 2.1.0"
     }
   }
 }
\ No newline at end of file
diff --git a/ngwaf-terraform-edge-deploy/main.tf b/ngwaf-terraform-edge-deploy/main.tf
index a6889a0..9452021 100644
--- a/ngwaf-terraform-edge-deploy/main.tf
+++ b/ngwaf-terraform-edge-deploy/main.tf
@@ -31,6 +31,21 @@ resource "fastly_service_vcl" "frontend-vcl-service" {
     priority = 110
   }
 
+  # https://www.fastly.com/blog/stronger-security-with-a-unified-cdn-and-waf  
+  snippet {
+    name = "cdn enrichment"
+    content = file("${path.module}/vcl/cdn_enrichment.vcl")
+    type = "recv"
+    priority = 120
+  }
+
+  snippet {
+    name = "erl enrichment"
+    content = file("${path.module}/vcl/erl_enrichment.vcl")
+    type = "init"
+    priority = 100
+  }
+
   #### Only disable caching for testing. Do not disable caching for production traffic.
   # snippet {
   #   name = "Disable caching"
@@ -203,7 +218,7 @@ resource "sigsci_edge_deployment_service_backend" "ngwaf_edge_service_backend_sy
 
 #### Edge deploy and sync - End
 
-output "live_laugh_love_ngwaf" {
+output "live_waf_love_output" {
   value = <<tfmultiline
   
   #### Click the URL to go to the Fastly VCL service ####
diff --git a/ngwaf-terraform-edge-deploy/vcl/cdn_enrichment.vcl b/ngwaf-terraform-edge-deploy/vcl/cdn_enrichment.vcl
new file mode 100644
index 0000000..1213601
--- /dev/null
+++ b/ngwaf-terraform-edge-deploy/vcl/cdn_enrichment.vcl
@@ -0,0 +1,9 @@
+#vcl_recv
+
+if(fastly.ff.visits_this_service == 0 && req.restarts == 0){
+    set req.http.Fastly-Client-IP = client.ip;
+    set req.http.Client-JA3 = tls.client.ja3_md5;
+    set req.http.asn = client.as.number;
+    set req.http.proxy-type = client.geo.proxy_type;
+    set req.http.proxy-desc = client.geo.proxy_description;
+}
diff --git a/ngwaf-terraform-edge-deploy/vcl/erl_enrichment.vcl b/ngwaf-terraform-edge-deploy/vcl/erl_enrichment.vcl
new file mode 100644
index 0000000..e496231
--- /dev/null
+++ b/ngwaf-terraform-edge-deploy/vcl/erl_enrichment.vcl
@@ -0,0 +1,40 @@
+#vcl_init
+
+penaltybox rl_default_pb {}
+ratecounter rl_default_rc {}
+
+sub rate_limit_process {
+  if(fastly.ff.visits_this_service == 0 && req.restarts == 0){
+
+    declare local var.rl_client_id STRING;
+    # set var.rl_client_id = req.http.rl-key;
+    set var.rl_client_id = client.ip;
+
+    # unset the request header if it exists.
+    unset bereq.http.erl-60s;
+
+    if (std.strlen(var.rl_client_id) > 0){
+        if(ratelimit.check_rate(
+            var.rl_client_id, # identifier
+            rl_default_rc, #rate counter
+            1, # delta
+            60, # window
+            100, # limit
+            rl_default_pb, #penalty box
+            2m
+            )){
+                set bereq.http.erl-60s = "99999";
+            } else {
+                set bereq.http.erl-60s = ratecounter.rl_default_rc.bucket.60s;
+            }
+        }
+    }
+}
+
+sub vcl_miss {
+    call rate_limit_process;
+}
+
+sub vcl_pass {
+    call rate_limit_process;
+}
\ No newline at end of file