API
The Gcore Customer Portal is being updated. Screenshots may not show the current version.
WAAP
WAAP
About WAAPBilling
Configure WAAP for a domainWAAP modesManage domains protected with WAAP
Protocol validationWAF and OWASP top threatsIP reputationBehavioral WAFAnti-automation and bot protectionCMS protectionCommon automated servicesAdvanced API protection
Allow and block IP addresses in firewall
API discoveryConfigure API access with reserved tagsManually add endpoints to API base path
Advanced rate limiting rulesAdvanced rule objects and attributesSource field objects
Create and manage custom rules
Reserved tagsPredefined tags
Create custom response pagesManage custom response pages
How does WAAP JavaScript injection work?What cookies are used by WAAP?What storage variables does WAAP use?
Enable and troubleshoot bot protectionTroubleshoot blocked usersTroubleshoot 5xx errors
API
Chosen image
Home/WAAP/API discovery and protection/Manually add endpoints to API base path

Manually add endpoints to the API base path

If your domain uses APIs hosted on the same domain and you don't have enabled API Discovery, you can manually add endpoints to the API base path. This will define a communication path for WAAP to expect API requests and protect your endpoints.

This setting doesn't add API endpoints to the allowlist.

When you enter a path, note that:

  • Paths are recursively allowed. For example, api/ allows api/v1/*, api/v2/*, etc.

  • Regex/wildcard input is not accepted. Use api/ instead of api/*.

  • Don't enter the protocol or domain. Use api/ instead of https://example.foobar.com/api/. The domain is automatically added.

  • Paths are not case-sensitive. API/ and api/ are interchangeable.

  • To add multiple APIs, you must create separate entries.

Add endpoints to the base path

1. In the Gcore Customer Portal, navigate to WAAP > Domains.

Domains page in the Customer Portal

2. Find the needed domain and click its name to open it. You'll be directed to the Policies page.

3. In the sidebar, click API Discovery > Settings.

4. Navigate to the API base path section and in the Host field, enter a path to your endpoint.

5. Click Add. The endpoint will appear in the table under the Host field.

To remove endpoints from the base path

1. Find the relevant endpoint and click the three-dot icon next to it.

2. Select Delete.

3. Confirm your action by clicking Delete again.

After you configure the API base path, CAPTCHA and JavaScript validation will be disabled for added endpoints.

The DDoS protection, IP reputation, and rate limitation features will continue to protect those endpoints. Custom WAAP rules and firewall rules can also impact content delivery via API and potentially block users.

Was this article helpful?

Edit on GitHub