Skip to main content

Manage domains protected with WAAP

After activating WAAP for a domain in CDN, it appears on the Domains page in the CDB Technical Web Portal. This page displays all domains and their statuses, provides access to CDN settings, and allows deletion of inactive domains.

Domains page in the Customer Portal

A domain in WAAP can have the following statuses:

  • Monitoring: WAAP monitors all traffic to the domain but doesn't enforce any actions on requests.

  • Protection: WAAP enforces all configured security settings for the domain.

  • Disabled: The domain isn't protected because WAAP is disabled. You can always enable WAAP for inactive domains in the CDN resource settings. Note that inactive domains are still billable.

Disable WAAP protection for a domain

Info

Inactive domains still incur charges as we retain all configured settings and data. If you want to discontinue billing for WAAP protection, delete a domain.

To disable WAAP protection for a domain:

  1. In the CDB Technical Web Portal, navigate to CDN > CDN resources.
  2. Next to the resource for which you want to disable WAAP, click the three-dot icon and select Settings.
CDN resource settings page in the Customer Portal
  1. Navigate to the relevant section:
  • If you enabled WAAP in the resource settings, scroll down to the Security section and disable the WAAP toggle.

  • If you enabled WAAP for a particular rule, open the Rules tab, find the relevant rule, and disable the WAAP toggle in the Options section.

  1. Save the changes. Note that deactivating a domain can take up to 20 minutes as this step ensures that all changes are correctly and consistently applied across our system.

After you deactivate WAAP protection for your domain, all traffic from the CDN will go directly to the origin with no security checks. The domain status on the Domains page in WAAP will change to inactive. All WAAP settings and configured rules will remain intact and can be modified. However, it'll take no effect while WAAP is disabled.

To activate WAAP protection again, enable the WAAP toggle in the CDN settings.

Warning

If you disable WAAP protection for a CDN resource and later re-enable it, WAAP mode will be set to Monitoring. If you had Protection mode before deactivating a domain, you need to enable it again.

Delete a domain from WAAP

You can't delete a domain that has enabled WAAP protection. To delete the domain, disable WAAP in CDN resource settings first. The WAAP domain mode should change to Disabled.

To delete an inactive domain:

  1. In the CDB Technical Web Portal, navigate to WAAP > Domains.
  2. Click the three-dot icon next to the domain that you want to remove.
  3. Select Delete.
  4. Confirm your action by clicking Delete.

You've successfully removed your domain from WAAP.

Suspend a CDN resource with WAAP protection

If you suspend a CDN resource with enabled WAAP, the status of your WAAP-protected domain will change to Disabled. All web requests will go directly to the origin, bypassing both CDN and WAAP.

Info

Inactive domains still incur charges as we retain all configured settings and data. If you want to discontinue billing for WAAP protection, delete a domain.

A suspended resource is automatically deleted after 90 days. During this period, WAAP settings remain intact, and you can reactivate both CDN and WAAP.

Delete a CDN resource with WAAP protection

If you delete a CDN resource that has enabled WAAP protection, your domain and all relevant settings will be automatically removed from WAAP.

For instructions on how to delete a CDN resource, check our dedicated guide.

The Domains endpoints cover checking a domain's protection status and deleting an inactive domain. Switching between Monitoring and Protection modes is covered in the domain setup guide. Response examples include only the fields used in each step.

An API token is required. Use GET /docs/waap/v1/domains to retrieve the domain ID.

export GCORE_API_KEY="{YOUR_API_KEY}"
export WAAP_DOMAIN_ID="{YOUR_DOMAIN_ID}"

Domain status

Retrieve the current protection status and basic details of a specific domain. The API uses different names for statuses than the Customer Portal:

Customer PortalAPI value
Protectionactive
Monitoringmonitor
Disabledbypass
import gcore
import os

client = gcore.CDB(api_key=os.environ["GCORE_API_KEY"])
domain_id = int(os.environ["WAAP_DOMAIN_ID"])

domain = client.waap.domains.get(domain_id)
print(f"id={domain.id}  name={domain.name}  status={domain.status}")
package main

import (
    "context"
    "fmt"
    "os"
    "strconv"

    gcore "github.com/G-Core/gcore-go"
    "github.com/G-Core/gcore-go/option"
)

func main() {
    client := gcore.NewClient(option.WithAPIKey(os.Getenv("GCORE_API_KEY")))
    domainID, _ := strconv.ParseInt(os.Getenv("WAAP_DOMAIN_ID"), 10, 64)

    domain, err := client.Waap.Domains.Get(context.Background(), domainID)
    if err != nil {
        panic(err)
    }
    fmt.Printf("id=%d  name=%s  status=%s\n", domain.ID, domain.Name, domain.Status)
}
curl -X GET "https://api.cdb-staging.cdn.orange.com/waap/v1/domains/${WAAP_DOMAIN_ID}" \
  -H "Authorization: APIKey ${GCORE_API_KEY}"

Response:

{
  "id": 12345,
  "name": "example.com",
  "status": "monitor"
  // ...
}

The status field returns the API value from the table above. The bypass state can only be set through CDN resource settings — the WAAP API only supports switching between active and monitor.

Delete a domain

Remove a domain from WAAP permanently, including all configured rules, firewall rules, and custom settings. This action cannot be undone.

The domain must have Disabled status before deletion. To disable a domain, turn off the WAAP toggle in CDN resource settings — the WAAP API only supports switching between active and monitor, not setting Disabled status.

import gcore
import os

client = gcore.CDB(api_key=os.environ["GCORE_API_KEY"])
domain_id = int(os.environ["WAAP_DOMAIN_ID"])

client.waap.domains.delete(domain_id)
print("Domain deleted")
package main

import (
    "context"
    "fmt"
    "os"
    "strconv"

    gcore "github.com/G-Core/gcore-go"
    "github.com/G-Core/gcore-go/option"
)

func main() {
    client := gcore.NewClient(option.WithAPIKey(os.Getenv("GCORE_API_KEY")))
    domainID, _ := strconv.ParseInt(os.Getenv("WAAP_DOMAIN_ID"), 10, 64)

    err := client.Waap.Domains.Delete(context.Background(), domainID)
    if err != nil {
        panic(err)
    }
    fmt.Println("Domain deleted")
}
curl -X DELETE "https://api.cdb-staging.cdn.orange.com/waap/v1/domains/${WAAP_DOMAIN_ID}" \
  -H "Authorization: APIKey ${GCORE_API_KEY}"

The API returns 204 with an empty body on success. Attempting to delete a domain that is not in Disabled status returns 422.