CDB WAAP helps protect your web applications by detecting and mitigating traffic originating from IP addresses with a known malicious reputation.
Our reputation system continuously collects, verifies, and updates intelligence about suspicious IP addresses. Based on this data, WAAP can automatically block, challenge, or allow requests coming from sources with a high likelihood of malicious activity.
ℹ️
Info
The IP Reputation policy group is available in the Pro and Enterprise plans. See the Security pricing page for more details.
2. In the domain dropdown at the top of the page, select the needed domain.
3. Click the IP Reputation tab to view and adjust the policies.
ℹ️
Info
Most IP reputation policies are enabled by default, except for Traffic via TOR network. To change a policy mode, click the dropdown next to that policy.
Available policies
Traffic via TOR network
The TOR network provides strong anonymity and is frequently used to conceal the origin of traffic. While it has legitimate use cases, it is also commonly used by attackers, scrapers, and spam tools.
When enabled, this policy blocks traffic originating from TOR exit nodes.
Traffic via proxy networks
Proxy networks allow users to mask their real IP address. These networks are often used by automated tools and attackers attempting to bypass standard protections.
This policy applies JavaScript validation to traffic originating from known proxy networks, helping distinguish legitimate users from automated or abusive activity.
Traffic from hosting services
Legitimate end-user traffic rarely originates from IP ranges belonging to hosting providers. Traffic from these networks is often generated by automated tools running on compromised or rented infrastructure.
This policy applies JavaScript validation to requests coming from hosting providers and commercial cloud infrastructure.
Traffic via VPNs
Virtual Private Networks (VPNs) are widely used for privacy and traffic anonymization. However, they are also frequently used by attackers, scrapers, and abuse automation.
This policy validates requests originating from VPN networks using JavaScript validation.
Bot traffic
Some IP addresses are associated with known malicious automated agents.
This policy applies JavaScript validation to requests originating from IPs linked to malicious bot activity.
Traffic from suspicious NAT ranges
Some NAT ranges generate consistently suspicious traffic patterns.
This policy applies JavaScript validation to requests originating from high-risk NAT ranges identified by a machine-learning classifier trained on historical traffic behavior.
External reputation block list
This list contains IP addresses identified as malicious or associated with spam by external threat intelligence sources.
When traffic originates from an IP on this list, WAAP performs JavaScript validation to verify the request.
Traffic via CDNs
Requests originating directly from CDN provider IP ranges are uncommon for legitimate end-user traffic and may indicate traffic relaying or abuse.
This policy applies JavaScript validation to requests coming from CDN infrastructure.
The Policies endpoints cover IP Reputation: each policy targets a specific category — TOR exit nodes, proxies, VPNs, hosting services, CDNs, bots, suspicious NAT ranges, and external blocklists — and applies either a block or JavaScript challenge action when triggered. Most policies are enabled by default; Traffic via TOR network is disabled. Response examples include only the fields used in each step.
ℹ️
An API token is required, along with the ID of a WAAP-protected domain and the Python or Go SDK installed for SDK examples. This policy group is available on the Pro and Enterprise WAAP plans.
Retrieve the current mode of all IP Reputation policies for a domain.
import gcore
import os
client = gcore.CDB(api_key=os.environ["GCORE_API_KEY"])
domain_id = int(os.environ["WAAP_DOMAIN_ID"])
rule_sets = client.waap.domains.list_rule_sets(domain_id)
ip_rep = next(
rs for rs in rule_sets if rs.resource_slug == "ip-reputation"
)
for policy in ip_rep.rules:
status = "enabled" if policy.mode else "disabled"
print(f"{policy.name}: {status} ({policy.id})")
package main
import (
"context"
"fmt"
"os"
"strconv"
gcore "github.com/G-Core/gcore-go"
"github.com/G-Core/gcore-go/option"
)
func main() {
client := gcore.NewClient(option.WithAPIKey(os.Getenv("GCORE_API_KEY")))
domainID, _ := strconv.ParseInt(os.Getenv("WAAP_DOMAIN_ID"), 10, 64)
ruleSets, _ := client.Waap.Domains.ListRuleSets(context.Background(), domainID)
for _, rs := range *ruleSets {
if rs.ResourceSlug == "ip-reputation" {
for _, policy := range rs.Rules {
status := "disabled"
if policy.Mode {
status = "enabled"
}
fmt.Printf("%s: %s (%s)\n", policy.Name, status, policy.ID)
}
}
}
}
The response includes each policy in the group with its ID and current state. mode: true means enabled; mode: false means disabled.
Toggle a policy
Switch a policy between enabled and disabled. Each call flips the current mode. Use the policy ID returned by the View policy states request.
⚠️
This endpoint toggles the current state rather than setting a specific value. If the target state is unknown, check the current policy state first using the View policy states request.
import gcore
import os
client = gcore.CDB(api_key=os.environ["GCORE_API_KEY"])
domain_id = int(os.environ["WAAP_DOMAIN_ID"])
# Find the policy ID by name
rule_sets = client.waap.domains.list_rule_sets(domain_id)
ip_rep = next(
rs for rs in rule_sets if rs.resource_slug == "ip-reputation"
)
policy = next(r for r in ip_rep.rules if r.name == "Traffic via TOR network")
result = client.waap.domains.policies.toggle(policy.id, domain_id=domain_id)
status = "enabled" if result.mode else "disabled"
print(f"Traffic via TOR network is now {status}")
package main
import (
"context"
"fmt"
"os"
"strconv"
gcore "github.com/G-Core/gcore-go"
"github.com/G-Core/gcore-go/option"
"github.com/G-Core/gcore-go/waap"
)
func main() {
client := gcore.NewClient(option.WithAPIKey(os.Getenv("GCORE_API_KEY")))
domainID, _ := strconv.ParseInt(os.Getenv("WAAP_DOMAIN_ID"), 10, 64)
// Find the policy ID by name
ruleSets, _ := client.Waap.Domains.ListRuleSets(context.Background(), domainID)
var policyID string
for _, rs := range *ruleSets {
if rs.ResourceSlug == "ip-reputation" {
for _, p := range rs.Rules {
if p.Name == "Traffic via TOR network" {
policyID = p.ID
}
}
}
}
result, _ := client.Waap.Domains.Policies.Toggle(context.Background(), policyID, waap.DomainPolicyToggleParams{DomainID: domainID})
status := "disabled"
if result.Mode {
status = "enabled"
}
fmt.Printf("Traffic via TOR network is now %s\n", status)
}
# Set POLICY_ID to the policy ID from the View policy states response
export POLICY_ID="{POLICY_ID}"
curl -X PATCH "https://api.cdb-staging.cdn.orange.com/waap/v1/domains/${WAAP_DOMAIN_ID}/policies/${POLICY_ID}/toggle" \
-H "Authorization: APIKey ${GCORE_API_KEY}"
The API returns the updated policy object. mode: true confirms the policy is now enabled; mode: false confirms disabled.