
OCI Web Application Firewall (WAF) - Steps for a Quick Implementation
Table of Contents
Oracle Web Application Firewall (WAF) is a cloud-based, PCI-compliant, global security service that protects applications from malicious and unwanted internet traffic. Oracle Cloud Infrastructure WAF can protect any internet-facing endpoint, providing consistent rule enforcement across a customer's applications.
WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS), SQL Injection, and other OWASP-defined vulnerabilities. Unwanted bots can be mitigated while tactically allowed desirable bots to enter. Access rules can be limited based on geography or the signature of the request.
The global Security Operations Center (SOC) will continually monitor the internet threat landscape acting as an extension of your IT infrastructure.
Create WAF Policy> - Creating a policy without rules enabled to route traffic through the WAF ensures that there are no regressions by having a reverse proxy in front of the application.
Update CNAME in DNS - Update the CNAME to OCI DNS zone or on-prem DNS A record based on the provider.
Map OCI LB hostname to OCI WAF CNAME
Upload certificate to WAF - Upload certificate to WAF
Open WAF policy and go to settings, general settings then select HTTPS support to attach the uploaded certificate.
Test Your Application> - Open a chrome browser and Enter the FQDN of the website protected by WAF. Inspect HTTP Response Headers to see if traffic is flowing through WAF. Some HTTP Response Headers to look for are (X-Cdn: Served-By-Zenedge or Server: ZENEDGE)
Click the name of your WAF Policy, under Logs, click View. Logs for the WAF policy appear.
Protection Rules - WAF contains over 250 pre-defined protection rules. The rules match web traffic to rule conditions and determine the action to be taken when the conditions are met. Protection Rule Settings allow you to define the parameters for enforcement any time a protection rule is matched.
Access Control - Administrators can add and configure their own access controls based on geolocation data, whitelisted and blacklisted IP addresses, and HTTP URL and header characteristics.
Threat Intelligence> - >Oracle WAF takes feeds from a number of threat intelligence providers to ensure it has the latest, up-to-date information on suspicious IP addresses.
Bot Management> - >Leverages an advanced set of challenges including JavaScript verification, CAPTCHA, device fingerprinting, and human interaction algorithms to identify and block malicious bot traffic.
Additional Security> - >Configure the servers to accept traffic from the WAF servers. Configure origin's ingress rules to only accept connections from the following CIDR ranges in NSG and attach to the VNIC.
CIDR Ranges
129.146.12.128/25 | 134.70.72.0/22 | 140.91.10.0/23 | 192.29.160.0/21 |
129.146.13.128/25 | 134.70.76.0/22 | 140.91.12.0/22 | 192.29.168.0/22 |
129.146.14.128/25 | 134.70.8.0/21 | 140.91.22.0/23 | 192.29.172.0/25 |
129.213.0.128/25 | 134.70.80.0/22 | 140.91.24.0/22 | 192.29.178.0/25 |
129.213.2.128/25 | 134.70.84.0/22 | 140.91.28.0/23 | 192.29.180.0/22 |
129.213.4.128/25 | 134.70.88.0/22 | 140.91.30.0/23 | 192.29.32.0/21 |
130.35.0.0/20 | 134.70.92.0/22 | 140.91.32.0/23 | 192.29.40.0/22 |
130.35.112.0/22 | 134.70.96.0/22 | 140.91.34.0/23 | 192.29.44.0/25 |
130.35.116.0/25 | 138.1.0.0/20 | 140.91.36.0/23 | 192.29.48.0/21 |
130.35.120.0/21 | 138.1.104.0/22 | 140.91.38.0/23 | 192.29.56.0/21 |
130.35.128.0/20 | 138.1.128.0/19 | 140.91.4.0/22 | 192.29.60.0/23 |
130.35.144.0/20 | 138.1.16.0/20 | 140.91.40.0/23 | 192.29.64.0/20 |
130.35.16.0/20 | 138.1.160.0/19 | 140.91.8.0/23 | 192.29.96.0/20 |
130.35.176.0/20 | 138.1.192.0/20 | 147.154.0.0/18 | 192.69.118.0/23 |
130.35.192.0/19 | 138.1.208.0/20 | 147.154.128.0/18 | 198.181.48.0/21 |
130.35.224.0/22 | 138.1.224.0/19 | 147.154.192.0/20 | 199.195.6.0/23 |
130.35.232.0/21 | 138.1.32.0/21 | 147.154.208.0/21 | 205.147.88.0/21 |
130.35.240.0/20 | 138.1.40.0/21 | 147.154.224.0/19 | |
130.35.48.0/20 | 138.1.48.0/21 | 147.154.64.0/20 | |
130.35.64.0/19 | 138.1.64.0/20 | 147.154.80.0/21 | |
130.35.96.0/20 | 138.1.80.0/20 | 147.154.96.0/19 | |
138.1.96.0/21 | 192.157.18.0/24 | ||
140.204.0.128/25 | 192.157.19.0/24 | ||
132.145.4.128/25 | 140.204.12.128/25 | 192.29.0.0/20 | |
140.204.16.128/25 | 192.29.128.0/21 | ||
134.70.24.0/21 | 140.204.20.128/25 | 192.29.138.0/23 | |
134.70.32.0/22 | 140.204.24.128/25 | 192.29.144.0/21 | |
134.70.56.0/21 | 140.204.4.128/25 | 192.29.152.0/22 | |
134.70.64.0/22 | 140.204.8.128/25 | 192.29.16.0/20 |
Abbreviations
- Oracle Cloud Infrastructure (OCI)
- Web Application Firewall (WAF)
Document Versioning
Document |
Name |
Date |
Document Version |
Created by |
Gopinath Samraj |
04/16/2021 |
1.0 |
Reviewed by |
Rahul Somraj |
05/21/2021 |
1.0 |
Approved by |
Mohammed Jiyash |
05/31/2021 |
1.0 |
To learn more about OCI WAF or you need help with setting up your firewall contact us at info@beastute.com.
Search
Categories
- All
- PeopleSoft
- Cloud
- Oracle Cloud
- Oracle
- Oracle Cloud Infrastructure
- PeopleSoft Test Framework
- Cloud Technology
- Astute Business Solutions
- Cloud Infrastructure
- PeopleSoft on Cloud
- Technology
- Automation
- Ellucian Banner
- Lift and Shift
- PeopleSoft Reporting
- Analytics
- Disaster Recovery
- PeopleSoft Cloud Manager
- Autonomous
- Autonomous Data Warehouse
- Oracle Integration Cloud
- PeopleSoft Testing
- Tools Upgrade
- Cloud Managed Service
- Kibana
- PeopleSoft 9.2
- PeopleSoft to Cloud
- higher education
- Chatbot
- Chatbot Integration Framework
- Fluid UI
- Integration
- Oracle Digital Assistant
- PeopleSoft Campus Solutions
- PeopleSoft Lift and Shift to Oracle Cloud
- Database Cloud Service
- Digital Transformation
- ERP
- FasTest
- Hybrid Cloud
- OCI
- PeopleSoft Update Manager
- Recovery
- Service
- Upgrades
- Artificial Intelligence
- Astute
- Ellucian Banner ERP
- Fluid
- Human Capital Management
- Managed Service Provider
- Mobile
- Oracle Database
- Oracle VMware Cloud Solution
- PUM Testing
- PeopleSoft Absence Bot
- PeopleTools 8.58
- RPA
- Robotic Process Automation
- Selective adoption
- Smart Bots
- Validation
- anayltics cloud enablement
- beastute
- implementation
- AI/ML
- AWE
- AWS
- Analytics Cloud Enablement
- Beginning with Bots
- Bots
- Cloud Advisory
- Containers
- Dashboards
- EBS
- EBusiness Suite
- Ellucian Banner on Cloud
- Enterprise Resource Planing
- HCM PUM 32
- Load Testing
- Machine Learning
- Oracle Apps Unlimited
- PeopleTools 8.60
- Security Zone
- Solutions
- Visualizations
- WAF
- banner migration
- directory synchronization
- ellucian banner to oracle cloud
- ellucian migration
- oracle analytics cloud
- peopletools 8.57
- run ellucian banner on oracle cloud
- student
- use cases
- web application firewall
- workflow
Related Posts
Subscribe Our Newsletter
Lorem Ipsum is simply dummy text of the printing and typesetting
See The Team In Action
Upcoming Events

- Non-technical
- Peoplesoft reporting
Kibana for CS - Deep Dive


- Technical
- Peoplesoft testing
Webinar: Mastering PTF - Tips and Tricks for CS

- Everyone
- Erp
Back Office Evolution: Modernizing ERP Systems

Reach Out
Ready to Connect?
Please fill the following form, we will get back to you within a business day.
Contact Form
Contact Us