Skip to main content

WAAP FAQ

Do I need Multi-CDN to use WAAP?

No. WAAP runs independently on its own protection provider — you can protect an origin that isn't behind VNETWORK's CDN. That said, Multi-CDN and WAAP pair well: CDN for delivery and caching, WAAP for deep protection.

How does traffic reach WAAP?

WAAP is an inline proxy. You onboard a website (domain

  • origin + TLS) and point its DNS at the edge; WAAP inspects requests and forwards clean ones to your origin.

Will WAAP block legitimate users?

Any WAF can produce false positives. WAAP logs every action, and new rules can run in detect/log mode first so you measure impact before enforcing. Review blocked traffic and add allowlist exceptions to tune.

What's the difference from the CDN WAF?

The CDN-attached WAF applies managed and custom rules to traffic vEdge delivers. WAAP adds an AI-WAF with managed protection policies, bot management, API protection and DDoS/emergency mitigation — deeper, API-aware protection with its own console and analytics.

Why are some features locked?

Bot Management, API Protection and Programmable Mitigation are plan features — the Free plan doesn't include them. See Plans & settings to compare tiers and upgrade.

How is WAAP different from the coming-soon Web Application Firewall?

Web Application Firewall is a planned standalone edge WAF + DDoS product. WAAP is the available, broader app-and-API protection suite. If you need protection today, use WAAP.

Can it protect APIs specifically?

Yes — see API protection for schema validation and access control on API endpoints.