The Web Application and API Protection (WAAP) includes a Behavioral WAF policy group that helps prevent malicious attacks on your websites. The policy group contains a set of sophisticated user behavior and reputation analysis policies that inspect traffic and defend your website against threats such as spamming or brute force attacks.
ℹ️
Info
This policy group is available in the Pro and Enterprise plans. More details on the Security pricing page.
Configure Behavioral WAF rules
You can review the Behavioral WAF rules and enable or disable them in the CDB Technical Web Portal:
Navigate to WAAP > Default Rules.
In the domain dropdown at the top of the page, select the needed domain.
Click the Behavioral WAF tab to view and adjust the rules.
ℹ️
Info
Most Behavioral WAF policies are enabled by default, except for Repeated violations. To change a policy mode, click the dropdown near that policy.
Probing and forced browsing
Use CAPTCHA and JavaScript validation to challenge brute-forced requests on random URLs, which might aim to discover your web application's structure and hidden directories. Requests that fail to pass the validation will be blocked.
Obfuscated attacks and zero-day mitigation
Block clients that perform multiple injection attacks.
Repeated violations
Present with CAPTCHA or block those clients that failed to answer a previously displayed challenge. Requests that fail to pass the validation will be blocked.
Brute-force protection
Present users with CAPTCHA when there's an attempt to guess usernames and passwords on web login forms. If the client fails to pass the validation after a few attempts, the request will be blocked.
The Policies endpoints manage the Behavioral WAF policy group ? retrieve the current state of each rule and toggle individual policies on or off. Response examples include only the fields used in each step.
ℹ️
An API token is required, along with the ID of a WAAP-protected domain and the Python or Go SDK installed for SDK examples. This policy group is available on the Pro and Enterprise WAAP plans.
Set these environment variables before running the examples:
The response contains all rule sets for the domain. Filter by resource_slug value behavioral-waf to find the Behavioral WAF group. Each rule has a mode field ? true means enabled, false means disabled.
Toggle a policy
Flips the state of one policy ? enabled becomes disabled, disabled becomes enabled. No request body is required.
Parameter
Required
Description
policy_id
Yes
ID of the policy to toggle, obtained from the View policy states response.
domain_id
Yes
ID of the WAAP-protected domain.
import gcore
import os
client = gcore.CDB(api_key=os.environ["GCORE_API_KEY"])
domain_id = int(os.environ["WAAP_DOMAIN_ID"])
# Find the policy ID by name
rule_sets = client.waap.domains.list_rule_sets(domain_id)
behavioral_set = next(
rs for rs in rule_sets if rs.resource_slug == "behavioral-waf"
)
policy = next(r for r in behavioral_set.rules if r.name == "Repeated violations")
result = client.waap.domains.policies.toggle(policy.id, domain_id=domain_id)
status = "enabled" if result.mode else "disabled"
print(f"Policy is now {status}")
package main
import (
"context"
"fmt"
"os"
"strconv"
gcore "github.com/G-Core/gcore-go"
"github.com/G-Core/gcore-go/option"
"github.com/G-Core/gcore-go/waap"
)
func main() {
client := gcore.NewClient(option.WithAPIKey(os.Getenv("GCORE_API_KEY")))
domainID, _ := strconv.ParseInt(os.Getenv("WAAP_DOMAIN_ID"), 10, 64)
// Find the policy ID by name
ruleSets, err := client.Waap.Domains.ListRuleSets(context.Background(), domainID)
if err != nil {
fmt.Println(err)
return
}
var policyID string
for _, rs := range *ruleSets {
if rs.ResourceSlug == "behavioral-waf" {
for _, rule := range rs.Rules {
if rule.Name == "Repeated violations" {
policyID = rule.ID
}
}
}
}
result, err := client.Waap.Domains.Policies.Toggle(
context.Background(),
policyID,
waap.DomainPolicyToggleParams{DomainID: domainID},
)
if err != nil {
fmt.Println(err)
return
}
status := "disabled"
if result.Mode {
status = "enabled"
}
fmt.Printf("Policy is now %s\n", status)
}
# Set POLICY_ID to the ID from the View policy states response or the policy reference below
curl -X PATCH "https://api.cdb-staging.cdn.orange.com/waap/v1/domains/$WAAP_DOMAIN_ID/policies/$POLICY_ID/toggle" \
-H "Authorization: APIKey $GCORE_API_KEY"
Response:
{"mode": true}
The API returns the updated policy state. Call the endpoint again to flip the policy back.