API
The Gcore Customer Portal is being updated. Screenshots may not show the current version.
WAAP
WAAP
Chosen image
Home/WAAP/WAAP rules/Custom rules/Tag rules/Predefined tags

Predefined tags and their descriptions

We offer a range of predefined tags that you can use to filter and sanction web requests. These tags are generated by a behavioral component, which analyzes the traffic based on heuristics and AI models. Using these tags, you can configure tag-based rules both in the Customer Portal and via API.

Check the following table for a full list of predefined tags, their API slugs, and descriptions. For details on how to create tag-based rules, check our dedicated guide.

Tag name API slug Description
Abnormal Dynamic Requests abnormaldynamicrequests This session makes a high number of requests based on the site's average number of requests.
Abnormal Request Volume abnormalrequestvolume The traffic from this client is relatively high for this domain.
Abnormal Traffic Volume abnormaltrafficvolume The traffic from this IP is relatively high for this domain.
Abuse.ch abusech This malicious client was detected by Abuse.ch.
Ajax Scraper ajaxscraper The number of ajax requests in this session is much higher compared to other sessions on this domain.
Anonymized Traffic anonymizedtraffic This IP's provisioned traffic has several requests from an unidentified client.
Anonymizer Fingerprint anonymizedfp This fingerprint belongs to an anonymizer service.
Apache Struts aps This client attempted to exploit an Apache Struts vulnerability.
Authentic User Agent authenticuseragent The user agent reported by the client is valid.
Automated Client automatedclient This client made identical, automated requests to the site's resources.
Automated Dynamic Requests automateddynamicrequests This client made automated requests to the site's dynamic pages.
Automation Driver automationdriver This client uses an unidentified headless browser.
BlockList.de blocklistde This malicious client was detected by BlockList.de.
Botnet Client botnetclient This IP is part of a botnet network.
Browser Based Bot browserbasedbot This session attempts to refresh the same page continuously to check for any changes.
Brute Force Attempt bruteforceattempt This client attempted to forcefully enter a web application's login page.
Captcha Farm Bot Fingerprint captchafarmbotfp This client's fingerprint failed the CAPTCHA challenge multiple times.
Captcha Farm Bot Usertag captchafarmbotut The client associated with this UserTag failed the CAPTCHA challenge multiple times.
Captcha Validation Failed captchavalidationfailed The CAPTCHA challenge was completed by a CAPTCHA farm. Thus, the user isn’t legitimate.
CDN cdn This range belongs to a content delivery network company.
Client Flood clientflood Multiple clients behind this IP perform requests simultaneously.
CMS Scanner cmsscanner This client scans web applications to find specific content management system administration or vulnerable pages.
Code Injection cij This client attempted to inject his code into the web application.
Common Web Application cfg This client attempted to exploit a common web application vulnerability.
Confirmed Automation confirmedautomation This client has been confirmed as being automated, based on the client's behavior and the inability to pass WAAP response pages.
Multiple Repeated Requests multiplerepeatedrequests The IP address is making multiple repeated requests to a domain.
Cross Site Request Forgery csrf This client attempted an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.
Cross Site Scripting xss This client attempted Cross-Site Scripting (XSS) injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code.
DDOS Client ddosclient This IP was part of multiple DDoS attacks on this domain.
DOM Automation domautomation This client uses a document object model automation tool to make requests to this site.
Drupal Admin drupaladmin This client is the admin of this Drupal site.
Dynamic Page Scraper injectedscraper The number of dynamic requests in this session is much higher compared to other sessions on this domain.
Evasive Client evasiveclient This client failed to return a JavaScript fingerprint.
Evasive Traffic evasivetraffic This IP had multiple sessions that failed to return a JavaScript fingerprint.
Exceptionally High Request Volume exceptionallyhighrequestvolume This session made a high number of requests. Thus, it was blocked.
Fake User-Agent fakeuseragent This client has been identified with a user agent that’s not compatible with browser properties.
Fast Form Submission fastformsubmission The duration between POST and GET requests is noticeably higher than the average duration for this domain.
Glove Extension gloveextension This client installed the Glove extension.
Headless Browser headlessbrowser This client uses a web browser without a graphical user interface (GUI).
Headless Browser Fingerprint headlessbrowserfp This client has a fingerprint of a headless browser.
Hosting Services hostingservices This IP belongs to a web hosting company.
Identified Automation identifiedautomation This client has been identified as being automated based on its behavior.
Injection Attack injectionattack This client has been identified as a confirmed perpetrator of injection attacks.
Injection Attempt injectionattempt Multiple injection attempts were detected.
Intensive Traffic from Fingerprint intensivetrafficfromfp There is prolonged traffic coming from this fingerprint.
Invalid Captcha Validator invalidcaptchavalidator The client has completed the CAPTCHA challenge automatically.
Invalid Cookie invalidcookie This client presented invalid Gcore’s WAAP cookies.
Invalid Fingerprint invalidfp This client's fingerprint is not valid.
Invalid User Agents uag This client has an invalid user agent, a request header string that lets servers and network peers identify the application, operating system, vendor, or version of the client.
IP Swapper ipswapper This client is switching IPs.
Joomla Admin joomlaadmin This client is the admin of this Joomla site.
Katalon Extension katalonextension This client installed the Katalon extension.
Known Bot knownbot This client is a known bot.
Local File Inclusion lfi This client attempted to trick the web application into including local files with malicious code.
Magento Admin magentoadmin This client is the admin for this Magento site.
Malicious Crawler maliciouscrawler This client violates robots.txt directives.
Mechanical Requests mechanicalrequests This client makes requests at a steady rate.
Modx Admin modxadmin This client is the admin of this Modex site.
Mouse Device mousedevice This client uses a device with a mouse.
MOZ Automation Extension mozautomationextension This client installed a suspicious extension.
Multiple Captcha Validation Fails multiplecaptchavalidationfails This client failed the captcha challenge multiple times.
Multiple Client Errors multipleclienterrors This client received multiple, consecutive 4XX errors.
Multiple Concurrent Clients multipleconcurrentclients Multiple stable sessions are coming from this IP.
Multiple Consecutive Challenges multipleconsecutivechallenges This client didn’t complete challenges for multiple consecutive sessions.
Multiple Errors multipleerrors A session that attempts to map a web application's directory structure.
Multiple Failed Challenges multiplefailedchallenges This session failed challenges multiple times.
Multiple Fake User Agent Sessions multiplefakeuasessions This IP had multiple sessions with a user agent that didn’t match the actual client type.
Multiple Forbidden Ajax Requests multipleforbiddenajaxrequests This IP was forbidden in multiple, consecutive AJAX requests.
Multiple Forbidden Requests multipleforbiddenrequests This IP was denied access in multiple requests.
Multiple Large Sessions multiplelargesessions Multiple clients behind this IP have a high number of requests.
Multiple No Event Sessions multiplenoeventsessions This client had multiple sessions with no UI events.
Multiple Refreshed Pages multiplerefreshedpages This client refreshed the same URL multiple times consecutively.
Multiple Repeated Violations multiplerepeatedviolations This client repeatedly failed to complete challenges. As a result, it was confirmed to be automated.
No Browser Ajax Calls nobrowserajaxcalls This client made requests to AJAX URLs without a browser.
No Plugins Fingerprint nopluginsfp This client's fingerprint indicates that the client's browser doesn’t have a plugin installed.
No UI Events nouievents This client didn’t create UI events.
Non-Scriptable Client nonscriptableclient This client doesn’t have a JavaScript engine.
Not Unique Fingerprint fpnotunique There is a high probability that this fingerprint represents multiple clients.
Open Redirect ord An open redirect attack has been detected. These attacks happen when an attacker manipulates URL queries to redirect users offsite.
Personal Identifiable Information pii An exposure of personally identifiable information was detected.
PhantomJS phantomjs This client uses PhantomJS, a scripted, headless browser used for automating web page interaction.
PimCore Admin pimcoreadmin The PimCore cookie for logged-in admin users was detected.
Prolonged Ajax Traffic prolongedajaxtraffic The AJAX requests from this IP continued for a long time.
Prolonged API Traffic prolongedapitraffic The API requests from this IP continued for a long time.
Prolonged Dynamic Traffic prolongedinjectedtraffic The dynamic requests from this IP continued for a long time.
Prolonged Not Injected Traffic prolongednotinjectedtraffic The requests from this IP continued for a long time.
Protocol Attack rhi A protocol attack was detected.
Proxy Network proxynetwork This IP is part of the anonymizer proxy network.
Rapid Requests rapidbehaviour This client made multiple fast requests in one or multiple sessions.
Remote File Inclusion rfi This client attempted to trick the web application into including remote files with malicious code.
Request Maker Extension requestmakerextension This client installed the Request Maker extension.
Scanner scanner A client that scans web applications.
Selenium selenium This client uses Selenium, a portable software-testing framework for web applications.
Selenium Extension seleniumextension This client installed the Selenium extension.
Sensitive Data Exposure sde An exposure of sensitive data was detected.
Session via Multiple Countries multiplecountries This client changed their country-of-origin multiple times in this session.
Sessionless Client sessionlessclient This client doesn’t maintain a session.
Shell Injection shi A shell (command) injection attack was detected.
ShellShock Attack shs This client attempted a ShellShock vulnerability, which in Bash allows remote code execution without confirmation.
Sideex Extension sideexextension This client installed the Sidexx extension.
Site Mapper sitemapper This client attempts to map a web application's directory structure.
SP Honeypot Scanner baitscanner This IP was detected by scanning random servers.
Spam Bot spambot This IP's client uses automation to generate multiple POST events that are suspected of being spam.
Spam Client spamclient This client made multiple consecutive POST requests with no referrer header.
Spamhaus spamhaus This malicious client was detected by Spamhaus.
SQL Injection sql This client attempted insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data, etc.
Static Scraper staticscraper The number of static requests in this session is much higher compared to other sessions on this domain.
Stop Forum Spam stopforumspam This malicious client was detected by Stop Forum Spam.
Suspected Automation suspectedautomation This traffic is suspected of being automated based on the traffic's behavior.
Suspected Automation Fingerprint suspiciousfp This fingerprint belongs to a suspicious client.
Suspected Automation User Tag suspiciousut This user tag belongs to a suspicious client.
Suspected Proxy Network suspectedproxynetwork This IP is suspected of being part of a proxy network.
Suspicious Local IP suspiciouslocalip This session is making a high number of web page requests.
Suspicious Scraper notinjectedscraper The number of suspicious requests in this session is much higher compared to other sessions on this domain.
Thousand Eyes Extension thousandeyesextension This client installed the Thousand Eyes extension.
TOR Network tor This client is part of a TOR anonymizer network.
Touch Device touchdevice This client uses a touch device.
UI Events Detected uieventdetected This client created UI events.
UI Events Pause uieventspause This client stopped creating UI events.
Unique Fingerprint fpunique There is a high probability that this fingerprint represents a single client.
Unverified Anonymized Fingerprint unverifiedanonymizedfp This fingerprint is suspected of being part of a VPN / proxy network.
Verified Headless Browser verifiedheadlessbrowser This client has been verified as a headless browser.
Visit Multiple Domains visitmultipledomains This client has visited a high number of Gcore domains.
VPN Network vpnnetwork This IP is part of a VPN network service.
Vulnerability Scanner vulnerabilityscanner A client that scans web applications for vulnerabilities.
Vulnerable Resource vuln An attempt to access a vulnerable resource was detected.
Web Shell wbs This client attempted to upload a web shell. A shell-like interface that enables a web server to be remotely accessed, often for cyber-attacks.
Webdriver webdriver This client is controlled by automated tools.
Wordpress Admin wordpressadmin This client is the admin of this WordPress site.
WordPress Admin Detection wad A WordPress admin dashboard was detected.
WordPress Vulnerability wps This client attempted to exploit a vulnerability related to the WordPress CMS.
XML External Entity xxe An XML external entity attack was detected. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, and other system impacts.

Was this article helpful?