WAF in OCI
tags :
WAF in OCI #
WAF protects applications from malicious and unwanted internet traffic. WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer’s applications.
WAF provides you with the ability to create and manage rules for internet threats including Cross-Site Scripting (XSS), SQL Injection, and other OWASP-defined vulnerabilities. Access rules can limit based on geography or the signature of the request.
Types of policies #
WAF policy #
is a regional solution that works as a plug-in for your load balancer.
Edge policy #
is a global solution. To use this solution, allowlist Oracle nodes throughout the world and use DNS to point your application to the CNAME that we provide.
WAF Concepts #
Describes concepts associated with a web application firewall (WAF).
Access Control #
Access control encompasses request and response controls.
Action #
Actions are objects that represent one of the following:
Allow #
An action, which upon matching rule, skips all remaining rules in the current module.
Check #
An action which does not stop the execution of rules in current module. Instead it generates a log message documenting result of rule execution.
Return HTTP response #
An action which returns a defined HTTP response.
Condition #
Each rule accepts a JMESPath expression as the condition. HTTP requests or HTTP responses (depending on the type of rule) trigger WAF rules.
Firewall #
The Firewall resource is a logical link between a WAF policy and an enforcement point, such as a Load balancer
Network Address List #
Network address lists are collections of individual public IP addresses and CIDR IP ranges or private IP addresses used by WAF policies.
Origin #
Your web application’s origin host server.
Protection Rule #
Protection rules are sets of protection capabilities that are used to determine if traffic should be logged, allowed, or blocked. The WAF will observe traffic to your web application. To view a list of available WAF rules, see Protection Capabilities.
Rate Limiting #
Rate limiting allows inspection of HTTP connection properties and limits the frequency of requests for a given key.
Request Control #
Request control allows inspection of HTTP request properties and the return of a defined HTTP response.
Request Protection Rules #
Request protection rules enable the checking of HTTP requests for malicious content and the return of a defined HTTP response.
Response Control #
Response control allows inspection of HTTP response properties and the return of a defined HTTP response.
Web Application Firewall (WAF) #
WAF is a Payment Card Industry (PCI) compliant, global security service that protects applications from malicious and unwanted internet traffic.
Protection Capabilities #
A collaborative capability key with ID 9420000 - SQL Injection (SQLi) Collaborative Group - SQLi Filters Categories checks the incoming HTTP request for certain types of SLQ injections. This collaborative capability is made up of several capabilities, such as 9421000, 9421400, 9421600, each with a default weight value of 4.
If this collaborative capability is enabled (9420000), for every incoming HTTP request, WAF runs each individual capability (9421000, 9421400, 9421600) that makes up the collaborative capability separately, to find matched capabilities.
After the rules are processed, the matched capabilities are used, their weights are added (in this case is 4+4+4 = 12), and the sum is checked against the threshold (10). Because the HTTP request matched the individual capabilities that make up the collaborative capability (9420000), the collaborative capability is marked as triggered. If logging is configured, the matched capability is logged. Depending on how the capability is configured, an HTTP response is returned.