diff --git a/documentation/web-security/faq/how-do-i-get-a-list-of-all-banned-ip-addresses-for-all-resources.md b/documentation/web-security/faq/how-do-i-get-a-list-of-all-banned-ip-addresses-for-all-resources.md
new file mode 100644
index 00000000..f0255903d
--- /dev/null
+++ b/documentation/web-security/faq/how-do-i-get-a-list-of-all-banned-ip-addresses-for-all-resources.md
@@ -0,0 +1,29 @@
+---
+title: how-do-i-get-a-list-of-all-banned-ip-addresses-for-all-resources
+displayName: Get all banned IP addresses for all resources
+published: true
+order: 140
+toc:
+pageTitle: FAQ. All banned IP addresses| Gcore
+pageDescription: How to get a list of all banned IP addresses for all resources via the API request.
+---
+# How do I get a list of all banned IP addresses for all resources?
+
+You can get a list of all banned IP addresses for all Web Security product resources using an API request:
+
+```
+// @name Get protected ip addresses
+GET https://api.gcore.com/security/resources
+Authorization: Bearer {{token_client}}
+Content-Type: application/json
+
+> {%
+ let ip_list = [];
+ for (let resource of response.body) {
+ for (let item of resource["whitelists"]) {
+ ip_list.push(item["whitelist_data"]);
+ }
+ }
+ client.log(ip_list);
+%}
+```
\ No newline at end of file
diff --git a/documentation/web-security/faq/how-do-i-renew-my-ssl-certificate.md b/documentation/web-security/faq/how-do-i-renew-my-ssl-certificate.md
new file mode 100644
index 00000000..78e9c245
--- /dev/null
+++ b/documentation/web-security/faq/how-do-i-renew-my-ssl-certificate.md
@@ -0,0 +1,47 @@
+---
+title: how-do-i-renew-my-ssl-certificate
+displayName: Renew SSL certificates
+published: true
+order: 150
+toc:
+pageTitle: FAQ. Renew SSL certificates attached to your resources under protection | Gcore
+pageDescription: How to renew an SSL certificate depending on its type—Let's Encrypt or Custom.
+---
+# How do I renew my SSL certificate?
+
+Depending on the type of SSL certificate selected for the resource under protection, there are two options for renewing certificates.
+
+1. If you have **Let's Encrypt**, it will be renewed automatically.
+
+2. If you have a **Custom** certificate, you must reissue it yourself via the certificate authority, delete the current certificate in your resource settings, and add the reissued certificate in the Customer portal according to the Add Custom certificate to your resource guide. You can also add a reissued custom certificate via the API request:
+
+```
+// @name Get client ddos resource
+GET {{base_ddos}}/resources/
+Authorization: Bearer {{token_client}}
+Content-Type: application/json
+
+> {%
+ client.global.set("resource", JSON.stringify(response.body.resource));
+%}
+
+###
+
+// @name Update custom SSL certificate for the ddos resource
+< {%
+ let resource = client.global.get("resource");
+ resource = JSON.parse(resource);
+ resource["service_ssl_crt"] = "-----BEGIN CERTIFICATE-----\n\n-----END CERTIFICATE-----";
+ resource["service_ssl_key"] = "-----BEGIN PRIVATE KEY-----\n\n-----END PRIVATE KEY-----";
+ resource = JSON.stringify(resource);
+ request.variables.set("resource_custom_cert", resource);
+%}
+PUT {{base_ddos}}/resources/
+Authorization: Bearer {{token_client}}
+Content-Type: application/json
+
+{{resource_custom_cert}}
+```
+
+**Note**: We do not automatically notify you of SSL certificate expiry dates, so you should monitor the expiry date yourself.
+
diff --git a/documentation/web-security/faq/how-to-force-an-ip-ban.md b/documentation/web-security/faq/how-to-force-an-ip-ban.md
new file mode 100644
index 00000000..88eae1cd
--- /dev/null
+++ b/documentation/web-security/faq/how-to-force-an-ip-ban.md
@@ -0,0 +1,59 @@
+---
+title: how-to-force-an-ip-ban
+displayName: Force an IP ban
+published: true
+order: 130
+toc:
+ --1--Force in customer portal: "force-an-ip-ban-in-the-customer-portal"
+ --1--Force via API: "force-an-ip-ban-via-api"
+pageTitle: FAQ. Force an IP ban | Gcore
+pageDescription: How to force an IP ban in the customer portal and via API.
+---
+# How to force an IP ban
+
+You can force an IP or subnet mask ban using a whitelist policy. This allows requests from all IPs or subnets, except specified IPs or subnet masks.
+
+**Note**: To ban all IPs or subnets *except specified values*, select the blacklist option.
+
+You can set an IP ban in two ways: in the customer portal or via the API.
+
+## Force an IP ban in the customer portal
+
+1\. Go to your list of resources under protection.
+
+2\. Click three dots on the line of the relevant resource and click **Access Policy**.
+
+
+
+3\. On the page that opens, type the IPs or subnet masks in the “Whitelist” field (click the plus button on the right to add more than one) and save changes.
+
+
+
+That’s it. The specified IP will be banned for two hours.
+
+## Force an IP ban via API
+
+Here’s an example of restricting a specific IP using an API request:
+
+```
+// @name Get client ddos resource
+GET https://api.gcore.com/security/resources/
+Authorization: Bearer {{token_client}}
+Content-Type: application/json
+> {%
+ client.global.set("resource", JSON.stringify(response.body.resource));
+%}
+###
+// @name Add whitelist into ddos resources
+< {%
+ let resource = client.global.get("resource");
+ resource = JSON.parse(resource);
+ resource["whitelists"] = [{"whitelist_data": "3.3.3.3"}];
+ resource = JSON.stringify(resource);
+ request.variables.set("resource_whitelist", resource);
+%}
+PUT https://api.gcore.com/security/resources/
+Authorization: Bearer {{token_client}}
+Content-Type: application/json
+{{resource_whitelist}}
+```
\ No newline at end of file