Skip to main content
Gcore WAAP helps protect your web applications by detecting and mitigating traffic originating from IP addresses with a known malicious reputation. Our reputation system continuously collects, verifies, and updates intelligence about suspicious IP addresses. Based on this data, WAAP can automatically block, challenge, or allow requests coming from sources with a high likelihood of malicious activity.
InfoThe IP Reputation policy group is available in the Pro and Enterprise plans. See the Security pricing page for more details.

Available policies

Traffic via TOR network

The TOR network provides strong anonymity and is frequently used to conceal the origin of traffic. While it has legitimate use cases, it is also commonly used by attackers, scrapers, and spam tools. When enabled, this policy blocks traffic originating from TOR exit nodes.

Traffic via proxy networks

Proxy networks allow users to mask their real IP address. These networks are often used by automated tools and attackers attempting to bypass standard protections. This policy applies JavaScript validation to traffic originating from known proxy networks, helping distinguish legitimate users from automated or abusive activity.

Traffic from hosting services

Legitimate end-user traffic rarely originates from IP ranges belonging to hosting providers. Traffic from these networks is often generated by automated tools running on compromised or rented infrastructure. This policy applies JavaScript validation to requests coming from hosting providers and commercial cloud infrastructure.

Traffic via VPNs

Virtual Private Networks (VPNs) are widely used for privacy and traffic anonymization. However, they are also frequently used by attackers, scrapers, and abuse automation. This policy validates requests originating from VPN networks using JavaScript validation.

Bot traffic

Some IP addresses are associated with known malicious automated agents. This policy applies JavaScript validation to requests originating from IPs linked to malicious bot activity.

Traffic from suspicious NAT ranges

Some NAT ranges generate consistently suspicious traffic patterns. This policy applies JavaScript validation to requests originating from high-risk NAT ranges identified by a machine-learning classifier trained on historical traffic behavior.

External reputation block list

This list contains IP addresses identified as malicious or associated with spam by external threat intelligence sources. When traffic originates from an IP on this list, WAAP performs JavaScript validation to verify the request.

Traffic via CDNs

Requests originating directly from CDN provider IP ranges are uncommon for legitimate end-user traffic and may indicate traffic relaying or abuse. This policy applies JavaScript validation to requests coming from CDN infrastructure.