OCI Web Application Firewall (WAF) - Steps for a Quick Implementation
Table of Contents
Oracle Web Application Firewall (WAF) is a cloud-based, PCI-compliant, global security service that protects applications from malicious and unwanted internet traffic. Oracle Cloud Infrastructure WAF can protect any internet-facing endpoint, providing consistent rule enforcement across a customer's applications.
WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS), SQL Injection, and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can be limited based on geography or the signature of the request.
The global Security Operations Center (SOC) will continually monitor the internet threat landscape acting as an extension of your IT infrastructure.
Create WAF Policy> - Creating a policy without rules enabled to route traffic through the WAF ensures that there are no regressions by having a reverse proxy in front of the application.
Update CNAME in DNS - Update the CNAME to OCI DNS zone or on-prem DNS A record based on the provider.
Map OCI LB hostname to OCI WAF CNAME
Upload certificate to WAF - Upload certificate to WAF
Open WAF policy and go to settings, general settings then select HTTPS support to attach the uploaded certificate.
Test Your Application> - Open a chrome browser and Enter the FQDN of the website protected by WAF. Inspect HTTP Response Headers to see if traffic is flowing through WAF. Some HTTP Response Headers to look for are (X-Cdn: Served-By-Zenedge or Server: ZENEDGE)
Click the name of your WAF Policy, under Logs, click View. Logs for the WAF policy appear.
Protection Rules - WAF contains over 250 pre-defined protection rules. The rules match web traffic to rule conditions and determine the action to be taken when the conditions are met. Protection Rule Settings allow you to define the parameters for enforcement any time a protection rule is matched.
Access Control - Administrators can add and configure their own access controls based on geolocation data, whitelisted and blacklisted IP addresses, and HTTP URL and header characteristics.
Threat Intelligence> - >Oracle WAF takes feeds from a number of threat intelligence providers to ensure it has the latest, up-to-date information on suspicious IP addresses.
Bot Management> - >Leverages an advanced set of challenges including JavaScript verification, CAPTCHA, device fingerprinting, and human interaction algorithms to identify and block malicious bot traffic.
Additional Security> - >Configure the servers to accept traffic from the WAF servers. Configure origin's ingress rules to only accept connections from the following CIDR ranges in NSG and attach to the VNIC.
CIDR Ranges
129.146.12.128/25 | 134.70.72.0/22 | 140.91.10.0/23 | 192.29.160.0/21 |
129.146.13.128/25 | 134.70.76.0/22 | 140.91.12.0/22 | 192.29.168.0/22 |
129.146.14.128/25 | 134.70.8.0/21 | 140.91.22.0/23 | 192.29.172.0/25 |
129.213.0.128/25 | 134.70.80.0/22 | 140.91.24.0/22 | 192.29.178.0/25 |
129.213.2.128/25 | 134.70.84.0/22 | 140.91.28.0/23 | 192.29.180.0/22 |
129.213.4.128/25 | 134.70.88.0/22 | 140.91.30.0/23 | 192.29.32.0/21 |
130.35.0.0/20 | 134.70.92.0/22 | 140.91.32.0/23 | 192.29.40.0/22 |
130.35.112.0/22 | 134.70.96.0/22 | 140.91.34.0/23 | 192.29.44.0/25 |
130.35.116.0/25 | 138.1.0.0/20 | 140.91.36.0/23 | 192.29.48.0/21 |
130.35.120.0/21 | 138.1.104.0/22 | 140.91.38.0/23 | 192.29.56.0/21 |
130.35.128.0/20 | 138.1.128.0/19 | 140.91.4.0/22 | 192.29.60.0/23 |
130.35.144.0/20 | 138.1.16.0/20 | 140.91.40.0/23 | 192.29.64.0/20 |
130.35.16.0/20 | 138.1.160.0/19 | 140.91.8.0/23 | 192.29.96.0/20 |
130.35.176.0/20 | 138.1.192.0/20 | 147.154.0.0/18 | 192.69.118.0/23 |
130.35.192.0/19 | 138.1.208.0/20 | 147.154.128.0/18 | 198.181.48.0/21 |
130.35.224.0/22 | 138.1.224.0/19 | 147.154.192.0/20 | 199.195.6.0/23 |
130.35.232.0/21 | 138.1.32.0/21 | 147.154.208.0/21 | 205.147.88.0/21 |
130.35.240.0/20 | 138.1.40.0/21 | 147.154.224.0/19 | |
130.35.48.0/20 | 138.1.48.0/21 | 147.154.64.0/20 | |
130.35.64.0/19 | 138.1.64.0/20 | 147.154.80.0/21 | |
130.35.96.0/20 | 138.1.80.0/20 | 147.154.96.0/19 | |
138.1.96.0/21 | 192.157.18.0/24 | ||
140.204.0.128/25 | 192.157.19.0/24 | ||
132.145.4.128/25 | 140.204.12.128/25 | 192.29.0.0/20 | |
140.204.16.128/25 | 192.29.128.0/21 | ||
134.70.24.0/21 | 140.204.20.128/25 | 192.29.138.0/23 | |
134.70.32.0/22 | 140.204.24.128/25 | 192.29.144.0/21 | |
134.70.56.0/21 | 140.204.4.128/25 | 192.29.152.0/22 | |
134.70.64.0/22 | 140.204.8.128/25 | 192.29.16.0/20 |
Abbreviations
- Oracle Cloud Infrastructure (OCI)
- Web Application Firewall (WAF)
Document Versioning
Document |
Name |
Date |
Document Version |
Created by |
Gopinath Samraj |
04/16/2021 |
1.0 |
Reviewed by |
Rahul Somraj |
05/21/2021 |
1.0 |
Approved by |
Mohammed Jiyash |
05/31/2021 |
1.0 |
To learn more about OCI WAF or you need help with setting up your firewall contact us at info@beastute.com.
Updates, News, Trends, and New releases
Get to know the overview of all features before anyone else and gain a competitive advantage.
Search
Related Posts
Subscribe Our Newsletter
Gain access to exclusive insights, technical know-how and crucial knowledge from Astute experts.
Share Article
See The Team In Action
Upcoming Events
- All
- General interest topics
Broadcom's VMWare Price Surge: Impact on the Tech Sector
Broadcom's VMWare Price Surge: Impact on the Tech Sector
Exploring Market Trends and Strategic Implications
Description
In this 30-minute panel discussion, industry experts will delve into the recent price surge of Broadcom shares, exploring its underlying causes and projecting its potential effects on the broader technology sector. As Broadcom—a leader in semiconductor and infrastructure software solutions—sees significant fluctuations in its stock prices, stakeholders from across the industry are keen to understand the repercussions. This session will cover key topics such as the drivers behind the price surge, including market trends, financial health, and strategic acquisitions. Additionally, our panelists will discuss how this volatility affects investors, competitors, and the technology market as a whole. Join us to gain insights that could shape your strategic decisions in this rapidly evolving landscape. Whether you are an investor, a tech professional, or simply interested in the dynamics of the tech industry, this discussion promises valuable perspectives to help you navigate the complexities of market changes.
Event Type
VirtualEvent Subject
General Interest TopicsOracle Product Focus
Oracle VMWare Cloud ServiceEvent Audience
AllSpeakers
- All
- Intelligent document processing
Next-Level Docs: IDP Strategies that Work
Next-Level Docs: IDP Strategies that Work
Improve Workflow with Intelligent Document Processing
Description
Join us for a dynamic 45-minute session where we'll dive into the powerful capabilities of Intelligent Document Processing (IDP). This technology isn't just about handling paperwork—it's about transforming how your business operates. Throughout our discussion, we'll explore how IDP uses machine learning and AI to turn dense documents into usable data, swiftly and accurately. You'll learn about the essential components of IDP systems, see them in action through practical examples, and discover strategies to seamlessly integrate these tools into your daily operations. If you're looking to cut costs, boost efficiency, and make more informed decisions, you won't want to miss how IDP can be a game-changer for your organization.
Event Type
VirtualEvent Subject
Intelligent Document ProcessingOracle Product Focus
Oracle Document Understanding ServiceEvent Audience
AllSpeakers
AI-Powered Invoice Automation
Transforming Finance with AI
Description
Join us for an engaging one-hour webinar that explores the revolutionary Astute AP Invoice Automation solution, powered by Oracle AI. Learn how artificial intelligence is reshaping finance by automating the entire invoice process, from capture to payment. We'll discuss key features such as automated error correction, fraud detection, and real-time analytics, providing CFOs and AP teams with the tools needed for efficient and secure financial transactions. Discover how to enhance visibility, speed up approvals, and manage cash flow more effectively with a cloud-native, plug-and-play solution. Perfect for finance professionals seeking to optimize their procure-to-pay processes and leverage cutting-edge AI capabilities for better business outcomes.
Event Type
VirtualEvent Subject
AP AutomationOracle Product Focus
Oracle Document Understanding ServiceEvent Audience
AllSpeakers
- All
- Peoplesoft lifecycle management
PeopleSoft Sytem Health: Key Insights
PeopleSoft Sytem Health: Key Insights
Optimizing PeopleSoft for Strategic Business Alignment
Description
In this insightful webinar, discover the comprehensive benefits of the PeopleSoft Health Check service offered by Astute Business Solutions. Learn how this assessment strategically aligns IT goals with overarching business objectives to maximize efficiency and effectiveness. Our experts will guide you through the process of analyzing business needs, organizational structures, and technical environments to optimize your PeopleSoft implementation. Enhance your understanding of the pivotal areas for improvement and prepare your PeopleSoft systems for future challenges and opportunities. Join us to empower your organization with the best practices and actionable insights from PeopleSoft specialists.
Event Type
VirtualEvent Subject
PeopleSoft Lifecycle ManagementOracle Product Focus
PeopleSoftEvent Audience
AllSpeakers
Reach Out
Ready to Connect?
Please fill the following form, we will get back to you within a business day.
Contact Form
Contact Us