If your domain uses APIs hosted on the same domain and you don't have enabled API Discovery, you can manually add endpoints to the API base path. This will define a communication path for WAAP to expect API requests and protect your endpoints.
This setting doesn't add API endpoints to the allowlist.
When you enter a path, note that:
Paths are recursively allowed. For example, api/
allows api/v1/*
, api/v2/*
, etc.
Regex/wildcard input is not accepted. Use api/
instead of api/*
.
Don't enter the protocol or domain. Use api/
instead of https://example.foobar.com/api/
. The domain is automatically added.
Paths are not case-sensitive. API/
and api/
are interchangeable.
To add multiple APIs, you must create separate entries.
1. In the Gcore Customer Portal, navigate to WAAP > Domains.
2. Find the needed domain and click its name to open it. You'll be directed to the Policies page.
3. In the sidebar, click API Discovery > Settings.
4. Navigate to the API base path section and in the Host field, enter a path to your endpoint.
5. Click Add. The endpoint will appear in the table under the Host field.
1. Find the relevant endpoint and click the three-dot icon next to it.
2. Select Delete.
3. Confirm your action by clicking Delete again.
After you configure the API base path, CAPTCHA and JavaScript validation will be disabled for added endpoints.
The DDoS protection, IP reputation, and rate limitation features will continue to protect those endpoints. Custom WAAP rules and firewall rules can also impact content delivery via API and potentially block users.
Was this article helpful?