Oracle Cloud Infrastructure Documentation

Set Up a WAF Policy

To use a custom endpoint for Oracle Integration, you must front-end your instance with a service such as OCI WAF Edge to validate and terminate SSL for your custom hostname.

To understand WAF edge policy configuration, see Getting Started with Edge Policies.

Note

Using a WAF Edge policy may cause conflicts with access control lists (ACLs). For example, if your WAF provides various source IPs, it may block legitimate requests coming from applications whose IPs are not included in the ACL for Oracle Integration.
Before you set up a WAF policy, you must:
  • Choose a custom hostname for your instance.
  • Register the hostname with either the Oracle Cloud Infrastructure DNS or your DNS provider.
  • Obtain an SSL certificate from a certificate authority (CA) for your hostname. If you use a hostname certificate whose CA isn't in the Oracle Integration trust store, you must also upload the certificate to your Oracle Integration instance; otherwise, an exception is thrown in the scenarios the instance calls itself.
  1. Create a WAF edge policy, configuring the following settings:
    • Primary domain: Enter the custom hostname for your instance.
    • Origin name: Enter a unique name for your Oracle Integration instance origin.
    • URI: Enter the original Oracle Integration URL.
    • (In the advanced origin options) Header name: Enter Host.
    • Header value: Enter your original Oracle Integration URL.
  2. After the policy becomes active (within 15 minutes of creation), enable HTTPS support and upload your SSL certificate, starting with step 5 (showing the WAF settings). Configure the following settings:
    • Enable HTTPS support: Enable this option.
    • Select or upload your SSL certificate.

    Do not select the following options:

    • Self signed certificate
    • HTTP to HTTPS redirect
    • Enable SNI
    • Any advanced options