Gcore WAAP provides several mechanisms to control which traffic reaches your application. Each mechanism targets a different layer ΓÇö from explicit IP allowlists and blocklists to reputation-based filtering and custom rule conditions.
Allowed IPs and Blocked IPs
The Allowed IPs and Blocked IPs lists let you explicitly permit or deny traffic from specific IPv4 and IPv6 addresses or ranges. Rules apply before any other WAAP analysis, making them the fastest and most direct way to block a known-bad source or whitelist a trusted one.
Both single addresses and IP ranges are supported. Subnet masks and CIDR notation are not accepted ΓÇö ranges are defined by a lower and upper bound address. To manage these rules via the Customer Portal or REST API, see IP allowlist and blocklist.
IP Reputation
IP Reputation policies automatically block or challenge traffic from categories of IP addresses with a known malicious history ΓÇö TOR exit nodes, proxy networks, VPNs, hosting providers, bots, suspicious NAT ranges, external block lists, and CDNs.
Most policies are enabled by default and require no manual rule creation. For configuration details, see IP Reputation.
Check IP
The Check IP tool lets you look up any IP address and view its reputation tags and detection history within WAAP. Use it to investigate why traffic from a specific address is being blocked or challenged.
For details, see Check IP.
CDN security policies
CDN-level access control policies filter requests based on referrer, country, IP subnet, or user agent before they reach the origin. These policies apply to CDN resources, not WAAP rules directly.
For configuration details, see Control access to content with country, referrer, IP, and user-agent policies.
Custom Rules
Custom Rules let you define advanced filtering conditions that combine multiple request attributes ΓÇö such as country, user agent, referrer, or URI path ΓÇö with allow, block, or challenge actions. Use Custom Rules when the simpler IP-based controls are insufficient.
For details, see Custom Rules.