Adding a Web Application Firewall Action

Describes how to add an action to a web application firewall policy.

Using the Console

Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.

Alternatively, open the Web Application Firewall page and click Policies under Resources.

The WAF Policies page appears.
Select the Compartment from the list.

All the WAF policies in that compartment are listed in tabular form.
(Optional) Apply one or more of the following Filters to limit the WAF policies displayed:
- State
- Name
- Policy Type: Select WAF Policy.
Select the WAF policy for which you want to add an action.

The WAF Policy Details dialog box appears.
Click Actions under Resources.

The Actions list appears.
Click Manage Actions.

The Manage Actions dialog box appears.
Click Add Action.

The Add Action dialog box appears.
Complete the following:
- Action Name: Enter the name of the action.
- Action Type: Specify the action type:
  - Allow: Skips all remaining rules in the current module.
  - Check: Does not stop the execution of rules. Instead it generates a log message documenting the result of the rule.
  - Return HTTP Response: Returns a defined HTTP response.
    
    Select the Response Code from the list.
    
    Headers: Complete the following:
    - Header Name: Enter the name of the header.
    - Header Value: Enter the associated value of the header.
    - Click + Another Header to display another header row where you can enter a header name and value pair. Click X to delete the associated header row.
    Response Page Body: Enter the HTTP response body, for example a JSON error response:
```
{"code":"403","message":"Forbidden"}
```
Click Add Action.

The Add Action dialog box closes.
Click Save Changes in the Manage Actions dialog box.

The action you created is included in the Action list.

Oracle Cloud Infrastructure Documentation

Adding a Web Application Firewall Action

Using the Console