The Gcore Customer Portal is being updated. Screenshots may not show the current version.
Chosen image


Welcome to the Gcore Web Application and API Protection (WAAP) documentation page! Here, we explain how to use, configure, and troubleshoot Gcore’s Web Application and API Protection services.

Our WAAP combines all aspects of website security and traffic management, including Layer 7 DDoS protection, web application firewall, and API protection. With the help of built-in custom rules, advanced behavioral analytics, and a range of available customization options, Gcore WAAP protects your domains against known vulnerabilities and common exploits.

From the left-side menu, you can access in-depth documentation about WAAP:

  • About WAAP - read how WAAP works and about its key components.
  • Getting started – integrate WAAP with your domain.
  • Billing – check the available package options.
  • WAAP policies – view of the list of pre-configured security policies.
  • Analytics - get detailed statistics on web requests and the history of DDoS attacks.
  • Security insights – use system-generated notifications to detect and mitigate potential risks.
  • IP security – inspect IP addresses and add them to block or allow lists.
  • API discovery and protection – identify potential APIs and secure API endpoints.
  • WAAP rules – use predefined and custom rules to manage incoming traffic.
  • Custom pages – configure pages for access restrictions, block operations, and security validations.
  • DDoS protection – protect your application against L7 DDoS attacks.
  • Bot protection – protect your application from unauthorized automation services.
  • Troubleshooting – address common issues related to WAAP.

Was this article helpful?