Request Control Management

Describes the request control for a WAF policy. The topic also describes how to manage its features and functionality.

The request control manages the inspection of HTTP request properties and the return a defined HTTP response.

Manage the request control through the Access Control resource of the WAF policy. Here you can do the following request control tasks:

  • View access rules and their properties.
  • View the default action for requests that do not match any rule defined in the WAF policy.
  • Add and manage access rules, including editing, reordering, and deleting them.
  • Specify the default action to be taken when request action rules are met.

Adding Access Rules to Request Controls

Describes how to add an access rule to a request control contained within a WAF policy.

To add an access rule to a request control using the Console

Describes how to add an access rule to a request control contained within a WAF policy using the OCI Console.

  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.

    Alternatively, open the Web Application Firewall page and click Policies under Resources.

    The WAF Policies page appears.

  2. Select the Compartment from the list.

    All the WAF policies in that compartment are listed in tabular form.

  3. (Optional) Apply one or more of the following Filters to limit the WAF policies displayed:
    • State

    • Name

    • Policy Type: Select WAF Policy.

  4. Select the WAF policy to which you want to add an access rule to a request control.
    The WAF Policy Details dialog box appears.
  5. Click Access Control under Resources.

    The Access Control list appears.

  6. Select the Request Control tab.
  7. Click Manage Request Control.

    The Manage Request Control dialog box appears.

  8. Click Add Access Rule.

    The Add Access Rule dialog box appears.

    Complete the following:

    • Name: Enter the name of the access rule.

    • Conditions: Specify the prerequisite conditions that need to be met for the rule action to occur.

    • Rule Action: Select an existing rule to be followed when the preceding conditions are met, or select Create New Action to add one.

      • Pre-configured Check Action: Allows the running of rules and generates a log message documenting the result.

      • Pre-configured Allow Action: Skips all remaining rules in the current module.

      • Pre-configured 401 Response Code Action: Returns a defined HTTP response. The response code configuration (headers and response page body) determines the HTTP response that is returned when this action is run.

        Click Show Header Details to display the HTTP response headers specified in the selected Return HTTP response action.

        Click Show Response Page Body Details to display the HTTP response body specified in the selected "Return HTTP response" action.

      See Actions Management for a complete description and explanation of how to use actions in a WAF policy.

    The access rule you created is added to the list of rules and is available for use.

  9. Click Add Access Rule.

    The Add Access Rule dialog box closes.

  10. Click Save Changes in the Manage Request Control dialog box.

The rule you created appears in the list of access rules for the request control and is available for use.

Listing Access Rules for Request Controls

Describes how to display a list of access rules for a request control contained within a WAF policy.

To list the access rules for a request control rules using the Console

Getting Access Rule Details for Request Controls

Describes how to get the details of an access rule for a request control contained within a WAF policy.

To view default action settings using the Console
To get the details of an access rule for a request control using the Console

Editing Access Rules for Request Controls

Describes how to edit an access rule for a request control contained within a WAF policy.

To edit an access rule for a request control using the Console

Describes how to edit an access rule for a request control contained within a WAF Policy using the OCI Console.

  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.

    Alternatively, open the Web Application Firewall page and click Policies under Resources.

    The WAF Policies page appears.

  2. Select the Compartment from the list.

    All the WAF policies in that compartment are listed in tabular form.

  3. (Optional) Apply one or more of the following Filters to limit the WAF policies displayed:
    • State

    • Name

    • Policy Type: Select WAF Policy.

  4. Select the WAF policy whose access rule you want to edit.
    The WAF Policy Details dialog box appears.
  5. Click Access Control under Resources.

    The Access Control list appears.

  6. Select the Request Control tab.
  7. Click Manage Request Control.

    The Manage Request Control dialog box appears.

  8. Click Edit next to the access rule you want to edit.

    The Edit Access Rule dialog box appears.

  9. Edit the access rule settings. See Adding Access Rules to Request Controls for descriptions of each setting.
  10. Click Save Changes.

    The Edit Access Rule dialog box closes.

  11. Click Save Changes in the Manage Request Control dialog box.
The updates you made are present in the details of the access rule.

Changing Actions for Request Control Access Rules

Describes how to change the action for one or more selected access rules for the WAF policy's request control.

To change the actions for request control access rules using the Console

Describes how to change the action for one or more selected access rules for the WAF policy's request control using the OCI Console.

  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.

    Alternatively, open the Web Application Firewall page and click Policies under Resources.

    The WAF Policies page appears.

  2. Select the Compartment from the list.

    All the WAF policies in that compartment are listed in tabular form.

  3. (Optional) Apply one or more of the following Filters to limit the WAF policies displayed:
    • State

    • Name

    • Policy Type: Select WAF Policy.

  4. Select the WAF policy whose request control access rule actions you want to change.
    The WAF Policy Details dialog box appears.
  5. Click Access Control under Resources.

    The Access Control list appears.

  6. Select the Request Control tab.
  7. Click Manage Request Control.

    The Manage Request Control dialog box appears.

  8. Check one or more entries in the Access Rules list whose actions you want to change.
    Note

    Select at least one access rule entry in the list to use this command.

  9. Click Change Action.

    The Change Action dialog box appears.

  10. Select the action you want to update the selected access rules to use from the list. See Actions Management for more information.
  11. Click Change Action.
    The Change Action dialog box closes.
  12. Click Save Changes in the Manage Request Control dialog box.

Those access rules you selected are updated to use the action you specified.

Reordering Request Control Access Rules

Describes how to reorder the access rules for a WAF policy's request control.

To reorder the access rules for a request control using the Console

Describes how to reorder the access rules for a WAF policy's request control using the OCI Console.

  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.

    Alternatively, open the Web Application Firewall page and click Policies under Resources.

    The WAF Policies page appears.

  2. Select the Compartment from the list.

    All the WAF policies in that compartment are listed in tabular form.

  3. (Optional) Apply one or more of the following Filters to limit the WAF policies displayed:
    • State

    • Name

    • Policy Type: Select WAF Policy.

  4. Select the WAF policy whose request control access rules you want to reorder.
    The WAF Policy Details dialog box appears.
  5. Click Access Control under Resources.

    The Access Control list appears.

  6. Select the Request Control tab.
  7. Click Manage Request Control.

    The Manage Request Control dialog box appears.

    If there are multiple access rules listed, each has a Reorder menu included under Change Order.

  8. Click the Reorder menu and select the appropriate command, such as Move Up or Move to Bottom, to reorder the access rule. Repeat this step for each access rule you want to reorder. The access rules run in the order they appear in this list.
  9. Click Save Changes in the Manage Request Control dialog box.

The access rules you reordered are updated in the WAF policy's request control.

Deleting Access Rule from Request Controls

Describes how to delete an access rule from the request control contained within a WAF policy.

To delete an access rule from a request control using the Console

Describes how to delete an access rule from the request control contained within a WAF policy using the OCI Console.

  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.

    Alternatively, open the Web Application Firewall page and click Policies under Resources.

    The WAF Policies page appears.

  2. Select the Compartment from the list.

    All the WAF policies in that compartment are listed in tabular form.

  3. (Optional) Apply one or more of the following Filters to limit the WAF policies displayed:
    • State

    • Name

    • Policy Type: Select WAF Policy.

  4. Select the WAF policy whose access rule for a request control you want to delete.
    The WAF Policy Details dialog box appears.
  5. Click Access Control under Resources.

    The Access Control list appears.

  6. Select the Request Control tab.
  7. Click Manage Request Control.

    The Manage Request Control dialog box appears.

  8. Check one or more access rules that you want to delete and click Delete.
  9. Confirm the deletion when prompted.
  10. Click Save Changes in the Manage Request Control dialog box.

The list of access rules reappears without the access rules you deleted.