The Web Application and API Protection (WAAP) includes a Behavioral WAF policy group that helps prevent malicious attacks on your websites. The policy group contains a set of sophisticated user behavior and reputation analysis policies that inspect traffic and defend your website against threats such as spamming or brute force attacks.
This policy group is available in the Pro and Enterprise plans.
You can review the Behavioral WAF policy group and enable or disable its policies in the Gcore Customer Portal:
1. Navigate to WAAP > Domains.
2. Find the domain where you want to configure the policy and click the domain name to open it.
3. On the Policies page that opens, click Behavioral WAAP to expand the section and adjust the policies.
All behavioral WAF policies are enabled by default. To disable a policy, turn on the toggle near that policy.
Use CAPTCHA and JavaScript validation when user activity during a session suggests aggressive use of forms to, for instance, generate new accounts or post spam content.
Use CAPTCHA and JavaScript validation to challenge brute-forced requests on random URLs, which might aim to discover your web application’s structure and hidden directories. Requests that fail to pass the validation will be blocked.
Block clients that perform multiple injection attacks.
Present with CAPTCHA or block those clients that failed to answer a previously displayed challenge. Requests that fail to pass the validation will be blocked.
Present users with CAPTCHA when there’s an attempt to guess usernames and passwords on web login forms. If the client fails to pass the validation after a few attempts, the request will be blocked.
Was this article helpful?