Configure for WAAP
To work exclusively with WAAP tools, set theGCORE_TOOLS environment variable to filter the toolset. This reduces tool count and helps clients load faster when managing security configurations.
Available tools
WAAP tools cover domains, security rules, custom pages, analytics, and IP reputation:| Resource | Operations | Description |
|---|---|---|
domains | list, create, get, update, delete | Protected domains |
advanced_rules | list, create, get, update, delete | Custom security rules |
custom_page_sets | list, create, get, delete | Custom error pages |
tags | list, create, get, delete | Domain tags |
analytics | get | Security analytics |
insights | get | Security insights |
statistics | get | Traffic statistics |
ip_info | lookup | IP reputation lookup |
Domain management
Asking the assistant to “list all domains protected by WAAP” returns each domain with its ID, protection status, mode (monitoring or blocking), and traffic statistics including blocked requests over the past 24 hours. This overview helps identify which domains receive the most attacks and whether protection modes need adjustment. Adding domains works through natural language—“add domain shop.example.com to WAAP protection” registers the domain and returns DNS configuration instructions. New domains start in monitoring mode by default, allowing traffic analysis before enabling blocking. The assistant provides the CNAME record needed to route traffic through the WAAP proxy. To switch protection modes, describe the change—“switch shop.example.com from monitoring to blocking mode” updates the domain configuration. In blocking mode, detected threats are actively blocked rather than logged.Security analytics
Threat analysis shows attack patterns and blocked requests. Asking “show security analytics for api.example.com over the last 24 hours” returns a breakdown by threat type—SQL injection attempts, cross-site scripting (XSS), bot traffic, and rate limit violations. The assistant also identifies the IP addresses responsible for the most attack traffic. For proactive security management, request insights—“show security insights and recommendations for my domains” analyzes protection configurations and suggests improvements. Recommendations might include enabling bot protection for domains with high automated traffic, switching from monitoring to blocking after a clean observation period, or adding IP allowlists for admin panels.Custom security rules
Security rules control traffic based on conditions such as geography, rate limits, or request patterns. Asking “create a rule to block requests from country RU for api.example.com” creates a geo-blocking rule that takes effect immediately. The assistant returns the rule ID for later reference. Rate limiting rules protect against abuse—“create a rate limiting rule: max 100 requests per minute per IP for api.example.com” enforces the specified threshold. Requests exceeding the limit are blocked automatically. To manage existing rules, ask the assistant to list rules for a domain along with their hit counts. Rules can be disabled temporarily for testing without deletion—“disable rule rule_56789 temporarily for testing” suspends the rule while preserving its configuration.IP reputation
Before creating blocking rules, investigate suspicious IP addresses. Asking “check the reputation of IP 192.0.2.100” returns risk scores, geographic location, ISP information, and known threat categories such as scanner or brute force activity. This context helps determine whether to block individual IPs, entire ranges, or specific threat patterns.Custom error pages
When WAAP blocks a request, visitors see a default block page. Custom pages provide branded messaging—create a page with a specific message, then apply it to domains. The assistant handles both steps when asked to create and apply a custom block page in sequence.Multi-step workflows
The assistant handles multi-step workflows in a single conversation. To onboard a new domain with full protection, describe the complete setup—“set up WAAP protection for newsite.com with bot protection, rate limiting at 200 requests per minute, and start in monitoring mode.” The assistant executes each step in sequence and reports the results. When investigating attacks, combine analytics queries—“show blocked requests for api.example.com in the last hour grouped by attack type, and identify which IPs are responsible for SQL injection attempts.” The assistant correlates data across multiple tool calls to provide a comprehensive view of the attack.InfoTool names follow the pattern
waap.[resource].[operation], such as waap.domains.list or waap.advanced_rules.create. The MCP Inspector displays all available tools with their parameters and expected inputs.GCORE_TOOLS environment variable.