Managing Edge Policies

The Oracle Cloud Infrastructure WAF service enables you to create an edge policy and origin.

Order of Processing

The order in which rules and handlers are processed is:

  1. IP Whitelists/Blacklists/Good Bot Whitelists
  2. Threat Intelligence
  3. Access Rules
  4. Rate Limiting (available in the API)
  5. JavaScript Challenge
  6. Device Fingerprinting Challenge
  7. Human Interaction Challenge
  8. Captcha Challenge
  9. Protection Rules
  10. Caching Rules

Using the Console

Create and Manage WAF Policies

To create an edge policy
  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.
  2. Click Create WAF Policy.

  3. Look at the bottom of the Basic Information page for the following:

    Use legacy workflow here if you need to secure your non-OCI web applications.

  4. Click the link to display the Create Edge Policy dialog box.
  5. Complete the following:
    • Name: A unique name for the policy. Avoid entering confidential information.
    • Domains:
      • Primary Domain: The fully qualified domain name (FQDN) of the application where the policy will be applied.
      • Additional Domains: (Optional) Subdomains where the policy will be applied.
        Note

        Wildcard domains are accepted, however, only as additional domains and only through the API and CLI.

    • WAF Origin: The host or IP address of the public internet facing application that is being protected by the application.
      • Origin Name: A unique name for the origin.
      • URI: Enter the public facing endpoint (IPv4 or FQDN) of the application.
      • HTTPS Port: The port used for secure HTTP connection. The default port is 443.
      • HTTP Port: The HTTP port the origin listens on. The default port is 80.
      • Headers: (Optional)
        • Header Name: The name displayed in the HTTP request header and the header value that can be added and passed to the origin server with all requests.
        • Header Value: Specifies the data requested by the header.
    • Tags: If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure whether to apply tags, skip this option (you can apply tags later) or ask your administrator.
  6. Click Create WAF Policy. The WAF Policy overview appears. Expect the policy to become active within 15 minutes of creation.

    See Managing Edge Policies for more information.

To update an edge policy
  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.
  2. Apply one or more of the following Filters to limit the edge policies displayed:

    • State

    • Name

    • Policy Type: Select Edge Policy.

  3. Click the name of the edge policy you want to update. The Details page for the edge policy you selected appears.

    Tip

    You can use the Date Created sort filter to sort policies by the date they were created in ascending or descending order.
  4. Click Edit.
  5. In the Edit Edge Policy dialog box, make the needed changes and then click Save Changes.

To delete an edge policy
  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.
  2. Apply one or more of the following Filters to limit the edge policies displayed:

    • State

    • Name

    • Policy Type: Select Edge Policy.

  3. Select the check box for the policy you want to delete.

    Tip

    You can use the Date Created sort filter to sort policies by the date they were created in ascending or descending order.
  4. Click Delete.
  5. In the confirmation dialog box, click Delete.

    The status of the policy changes from Active to Deleting. Deleted policies are maintained for a short time before they are unavailable in the Console.

To publish changes

Updates to your WAF policy appear in the list to be published in Unpublished Changes. Pending changes do not persist across browser sessions. Once you publish changes, it cannot be edited until changes propagate to the edge nodes.

  1. In the WAF Policy overview, click Unpublished Changes.
  2. In the Unpublished Changes list, click the drop-down arrow beside an unpublished change to review the change.
  3. Click Publish All.
  4. In the Publish Changes dialog box, click Publish All.
To manage tags for a edge policy
  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.
  2. Click the name of the edge policy you want to view. The Details page for the edge policy you selected appears.
  3. Click the Tags tab to view or edit existing tags. Or click Apply tag(s) to add new ones.

For more information, see Resource Tags.

To move a edge policy to a different compartment
  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.
  2. Apply one or more of the following Filters to limit the edge policies displayed:

    • State

    • Name

    • Policy Type: Select Edge Policy.

  3. Find the WAF policy in the list, click the the Actions icon (three dots), and then click Move Resource to a Different Compartment.
  4. Choose the destination compartment from the list.
  5. Click Move Resource.

Using the CLI

Open a command prompt and run the following command to get the details of a WAAS policy:

oci waas waas-policy get --waas-policy-id <policy_ocid>

This can be useful in retrieving the necessary information when opening a ticket with Oracle Cloud Infrastructure support. For more information about how to access and use the CLI, see Command Line Interface (CLI).