> ## Documentation Index
> Fetch the complete documentation index at: https://gcore.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Protect CDN resources with Gcore WAAP

[Gcore Web Application and API Protection](/waap/overview) (WAAP) combines all aspects of website security and traffic management, including Layer 7 DDoS protection, web app security, and API protection.

With built-in security rules, advanced behavioral analytics, and a range of available customization options, Gcore WAAP protects your domains against known vulnerabilities and common exploits.

## Enable WAAP for a resource

1. In the [Gcore Customer Portal](https://accounts.gcore.com/reports/dashboard), navigate to **CDN** > **CDN resources**.

2. Next to the resource that you want to protect with WAAP, click the three-dot icon and select **Settings**.

<Frame>
  <img src="https://mintcdn.com/gcore/r1CXNOIG_SsiX16z/images/docs/waap/getting-started/cdn-resources-page.png?fit=max&auto=format&n=r1CXNOIG_SsiX16z&q=85&s=541dfabf37dfb9a217867833a083a903" alt="CDN resource settings page in the Customer Portal" width="1603" height="1016" data-path="images/docs/waap/getting-started/cdn-resources-page.png" />
</Frame>

3. Scroll down the page and find the **Security** section.

4. Enable the **WAAP** toggle to activate Web Application and API Protection for your CDN resource.

<Frame>
  <img src="https://mintcdn.com/gcore/4f8dx5YPqFylAjWM/images/docs/waap/getting-started/security-section-waap-enabled.png?fit=max&auto=format&n=4f8dx5YPqFylAjWM&q=85&s=4dc09b4ef35ef918b4316fffcbb4627e" alt="WAAP toggle" width="1323" height="573" data-path="images/docs/waap/getting-started/security-section-waap-enabled.png" />
</Frame>

5. Click **Save** to apply the changes.

<Warning>
  **Warning**

  After enabling WAAP in CDN, you need to invalidate the cache. This is necessary to ensure that WAAP settings are properly applied. When "Secure Token" and/or "Referrer access policy" CDN options are enabled in conjunction with WAAP, the CDN may block WAAP requests.

  These limitations will be removed soon.
</Warning>

Consider that it might take up to 20 minutes for the HTTP traffic to start passing through our WAAP after the activation.

### What to do if WAAP blocks content that shouldn't be blocked?

Instead of disabling WAAP protection for the whole resource, you can create a rule with an exception:

1. In the CDN resource settings, open the **Rules** tab.

2. Click **Create rule** > **Create blank rule**.

3. Give your rule a name.

4. In the **Match criteria** section, specify the URLs or a regular expression of files blocked by WAAP.

5. Set the origin pull protocol to **Inherit from resource**.

<Frame>
  <img src="https://mintcdn.com/gcore/WY_9vZf2twxr_SY3/images/docs/waap/getting-started/rule-name-match-options.png?fit=max&auto=format&n=WY_9vZf2twxr_SY3&q=85&s=e52b2c0aa5b3adb46e658b0652b63607" alt="WAAP toggle" width="2796" height="2388" data-path="images/docs/waap/getting-started/rule-name-match-options.png" />
</Frame>

6. In the **Options** section, click **Add option**.

7. Find WAAP and then turn it off for the selected URL rule pattern.

8. Click **Create rule**.

Your content should no longer be blocked by WAAP.