Skip to main content

Documentation Index

Fetch the complete documentation index at: https://gcore.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

The Web Application and API Protection (WAAP) includes a Behavioral WAF policy group that helps prevent malicious attacks on your websites. The policy group contains a set of sophisticated user behavior and reputation analysis policies that inspect traffic and defend your website against threats such as spamming or brute force attacks.
InfoThis policy group is available in the Pro and Enterprise plans. More details on the Security pricing page.

Configure Behavioral WAF rules

You can review the Behavioral WAF rules and enable or disable them in the Gcore Customer Portal: 1. Navigate to WAAP > Default Rules. 2. In the domain dropdown at the top of the page, select the needed domain. 3. Click the Behavioral WAF tab to view and adjust the rules.
InfoMost Behavioral WAF policies are enabled by default, except for Repeated violations. To change a policy mode, click the dropdown near that policy.

Probing and forced browsing

Use CAPTCHA and JavaScript validation to challenge brute-forced requests on random URLs, which might aim to discover your web application’s structure and hidden directories. Requests that fail to pass the validation will be blocked.

Obfuscated attacks and zero-day mitigation

Block clients that perform multiple injection attacks.

Repeated violations

Present with CAPTCHA or block those clients that failed to answer a previously displayed challenge. Requests that fail to pass the validation will be blocked.

Brute-force protection

Present users with CAPTCHA when there’s an attempt to guess usernames and passwords on web login forms. If the client fails to pass the validation after a few attempts, the request will be blocked.