Astute Business Solutions is a full service cloud advisory, and managed services firm catering to PeopleSoft, E-Business Suite, and Ellucian Banner customers.

Contact Details

shape2
shape2
shape_round
shape_round
shape_round

OCI Web Application Firewall (WAF) - Steps for a Quick Implementation

Table of Contents

    Oracle Web Application Firewall (WAF) is a cloud-based, PCI-compliant, global security service that protects applications from malicious and unwanted internet traffic. Oracle Cloud Infrastructure WAF can protect any internet-facing endpoint, providing consistent rule enforcement across a customer's applications.

    WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS), SQL Injection, and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can be limited based on geography or the signature of the request.

    The global Security Operations Center (SOC) will continually monitor the internet threat landscape acting as an extension of your IT infrastructure.

    Create WAF Policy> - Creating a policy without rules enabled to route traffic through the WAF ensures that there are no regressions by having a reverse proxy in front of the application.

    Update CNAME in DNS - Update the CNAME to OCI DNS zone or on-prem DNS A record based on the provider.

    Map OCI LB hostname to OCI WAF CNAME

    Upload certificate to WAF - Upload certificate to WAF

    Open WAF policy and go to settings, general settings then select HTTPS support to attach the uploaded certificate.

    Test Your Application> - Open a chrome browser and Enter the FQDN of the website protected by WAF. Inspect HTTP Response Headers to see if traffic is flowing through WAF. Some HTTP Response Headers to look for are (X-Cdn: Served-By-Zenedge or Server: ZENEDGE)

    Click the name of your WAF Policy, under Logs, click View. Logs for the WAF policy appear.

    Protection Rules - WAF contains over 250 pre-defined protection rules. The rules match web traffic to rule conditions and determine the action to be taken when the conditions are met. Protection Rule Settings allow you to define the parameters for enforcement any time a protection rule is matched.

    Access Control - Administrators can add and configure their own access controls based on geolocation data, whitelisted and blacklisted IP addresses, and HTTP URL and header characteristics.

    Threat Intelligence> - >Oracle WAF takes feeds from a number of threat intelligence providers to ensure it has the latest, up-to-date information on suspicious IP addresses.

    Bot Management> - >Leverages an advanced set of challenges including JavaScript verification, CAPTCHA, device fingerprinting, and human interaction algorithms to identify and block malicious bot traffic.

    Additional Security> - >Configure the servers to accept traffic from the WAF servers. Configure origin's ingress rules to only accept connections from the following CIDR ranges in NSG and attach to the VNIC.

    CIDR Ranges

    129.146.12.128/25 134.70.72.0/22 140.91.10.0/23 192.29.160.0/21
    129.146.13.128/25 134.70.76.0/22 140.91.12.0/22 192.29.168.0/22
    129.146.14.128/25 134.70.8.0/21 140.91.22.0/23 192.29.172.0/25
    129.213.0.128/25 134.70.80.0/22 140.91.24.0/22 192.29.178.0/25
    129.213.2.128/25 134.70.84.0/22 140.91.28.0/23 192.29.180.0/22
    129.213.4.128/25 134.70.88.0/22 140.91.30.0/23 192.29.32.0/21
    130.35.0.0/20 134.70.92.0/22 140.91.32.0/23 192.29.40.0/22
    130.35.112.0/22 134.70.96.0/22 140.91.34.0/23 192.29.44.0/25
    130.35.116.0/25 138.1.0.0/20 140.91.36.0/23 192.29.48.0/21
    130.35.120.0/21 138.1.104.0/22 140.91.38.0/23 192.29.56.0/21
    130.35.128.0/20 138.1.128.0/19 140.91.4.0/22 192.29.60.0/23
    130.35.144.0/20 138.1.16.0/20 140.91.40.0/23 192.29.64.0/20
    130.35.16.0/20 138.1.160.0/19 140.91.8.0/23 192.29.96.0/20
    130.35.176.0/20 138.1.192.0/20 147.154.0.0/18 192.69.118.0/23
    130.35.192.0/19 138.1.208.0/20 147.154.128.0/18 198.181.48.0/21
    130.35.224.0/22 138.1.224.0/19 147.154.192.0/20 199.195.6.0/23
    130.35.232.0/21 138.1.32.0/21 147.154.208.0/21 205.147.88.0/21
    130.35.240.0/20 138.1.40.0/21 147.154.224.0/19
    130.35.48.0/20 138.1.48.0/21 147.154.64.0/20
    130.35.64.0/19 138.1.64.0/20 147.154.80.0/21
    130.35.96.0/20 138.1.80.0/20 147.154.96.0/19
    138.1.96.0/21 192.157.18.0/24
    140.204.0.128/25 192.157.19.0/24
    132.145.4.128/25 140.204.12.128/25 192.29.0.0/20
    140.204.16.128/25 192.29.128.0/21
    134.70.24.0/21 140.204.20.128/25 192.29.138.0/23
    134.70.32.0/22 140.204.24.128/25 192.29.144.0/21
    134.70.56.0/21 140.204.4.128/25 192.29.152.0/22
    134.70.64.0/22 140.204.8.128/25 192.29.16.0/20

    Abbreviations

    1. Oracle Cloud Infrastructure (OCI)
    2. Web Application Firewall (WAF)

    Document Versioning

    Document

    Name

    Date

    Document Version

    Created by

    Gopinath Samraj

    04/16/2021

    1.0

    Reviewed by

    Rahul Somraj

    05/21/2021

    1.0

    Approved by

    Mohammed Jiyash

    05/31/2021

    1.0

    To learn more about OCI WAF or you need help with setting up your firewall contact us at info@beastute.com.

    Tags

    Oracle Cloud Oracle Cloud Infrastructure Cloud Technology web application firewall WAF OCI
    Gopi Samraj
    Gopi Samraj
    Search
      Categories
      Related Posts
      Oracle Database Cloud Service - The Best of Both Worlds

      Oracle Database Cloud Service - The Best of Both Worlds

      Benefits and Best Practices: Disaster Recovery with Oracle

      Benefits and Best Practices: Disaster Recovery with Oracle

      Recap: PeopleTools 8.60

      Recap: PeopleTools 8.60

      Migrating PeopleSoft to Oracle Cloud in Higher Education

      Migrating PeopleSoft to Oracle Cloud in Higher Education

      See The Team In Action

      Upcoming Events

      Virtual event
      Kibana-for-CS-Deep-Dive
      October 4, 2023
      04:00 PM ET
      • Non-technical
      • Peoplesoft reporting

      Kibana for CS - Deep Dive

      Register Now
      In-person
      HEUG East - North Carolina
      October 9, 2023
      09:00 AM ET
      • Everyone
      • Peoplesoft

      HEUG East - North Carolina

      Register Now
      Virtual event
      PTF-Webinar-Series--featured-image_v2-1-1
      October 11, 2023
      04:00 PM ET
      • Technical
      • Peoplesoft testing

      Webinar: Mastering PTF - Tips and Tricks for CS

      Register Now
      Virtual event
      Back-Office-Evolution-Modernizing-ERP-Systems
      October 18, 2023
      02:00 PM ET
      • Everyone
      • Erp

      Back Office Evolution: Modernizing ERP Systems

      Register Now
      Virtual event
      event1-1-1
      October 23, 2023
      04:00 PM ET
      • Everyone
      • Peoplesoft

      Virtual Conference: RECONNECT Dive Deep

      Learn More

      Reach Out

      Ready to Connect?

      Please fill the following form, we will get back to you within a business day.

      Contact Form

      Contact Us

      Schedule an
      Appointment Now

      Meet with an Astute expert today, we would love to help you think about your enterprise applications, and how the cloud can deliver greater value to your customers.