Oracle Web Application Firewall (WAF) service is used to enhance and secure its Oracle Cloud Infrastructure offerings. It monitors the traffic targeting to web application origin and identifies and blocks all malicious traffic.
To apply a Web Application Firewall on any Application using OCI, we need to apply a WAF policy and accordingly make changes in the DNS System. To know more about configuring WAF Policy in OCI click here.
In this post, I am going to cover:
- Overview on WAF in OCI
- How does WAF Work
- Managing WAF Policy in OCI
- Key use cases of WAF
How Does WAF Work
- Oracle Cloud Infrastructure WAF acts as a reverse proxy that inspects all traffic flows or requests before they arrive at the origin web application.
- It also inspects any request going from the web application server to the end-user.
Managing WAF Policy in OCI
OCI offers many services to manage WAF Policy.
(1) Origin Management
An origin is an endpoint ( an IP address) of the application protected by the WAF. An origin can be an Oracle Cloud Infrastructure load balancer public IP address. A load balancer IP address can be used for high availability to an origin.
(2) Protection Rules
Protection rules match web traffic to rule conditions defined in WAF Policy and determine what actions need to be taken when the conditions are met.
It also recommends some Protection rules which are most likely to be checked with the web traffic (like Malware Detection)
To know about supported Protection Rules click here.
(3) Access Rules
We can define explicit actions for requests coming from various sources and check them against the conditions defined in WAF Policy. Conditions use various operations and regular expressions. Such as Region, IP address, URL, etc.
For eg: We don’t want traffic from Brazil to access our Application.
We can also Whitelist some trusted IP addresses that can access the application even it belongs to a blocked region.
(4) Bot Management
Non-human traffic makes up most of the traffic to sites. Bot Manager is used for detecting and block, or direct, non-human traffic that may interfere with Web Application. The Bot Manager features resist bots from price scraping, vulnerability scanning, comment spam, brute force attacks, and application-layer DDoS attacks. We can also whitelist good bots.
(5) Logs
Logs display the details of each logged event within a specified time frame and enable you to understand what rules and countermeasures are triggered by requests and are used as a basis to move request handling into block mode. It can come from Access Control, Protection Rules, or Bot events.
Key Use Cases
Some of the use cases for a Web Application Firewall.
- Protection against cyberattacks.
- Access Control for Data Privacy Standards
- Integration with existing management systems.
- Bot Management
- Hybrid and multi-cloud protection.
Conclusion
It is necessary to protect and monitor the web application from any threat and secure it by any unwanted and harmful traffic. In order to do so, we use a Web Application Firewall which resists the unwanted traffic to access the web application. In this post, I have covered the Overview on WAF, How to manage WAF in OCI, and some use cases of WAF. I hope it will help you understand the concept of WAF in OCI.
WAF is also covered in our OCI Architect Professional [1z0-997] Certification training. To know more about this training click here.
Related/Further Readings
- Oracle Cloud Infrastructure 2019 Architect Professional | 1Z0-997
- [1Z0-997]Oracle Cloud Infrastructure (OCI) Architect Professional Certification: Step by Step Hands-On Lab
- Traffic Management in OCI
Next Task For You
In our OCI Architect Professional [1Z0-997] Certification training, we cover the Web Application Firewall in Design for Security & Compliance module. In this module, we also cover the Security Overview, Identity & Access Management (IAM), Key Management Service (KMS), Data Safe.
For the list of Hands-On guide click here.
The post Web Application Firewall (WAF) in Oracle Cloud (OCI) appeared first on Oracle Trainings.