Oracle Cloud Infrastructure Web Application Firewall is a regional-based and edge enforcement service that is attached to an enforcement point, such as a load balancer or a web application domain name. WAF protects applications from malicious and unwanted internet traffic. WAF can protect any internet facing endpoint, providing consistent rule enforcement across a customer's applications. In this post, WAF works as a reverse proxy between the client and your website server. The real IP addresses of your website server are hidden from the visitors, and only the IP addresses of WAF are visible to them. The IP address of the web server is already mapped with DNS mapping.
Create WAF Policy
WAF Origin is basically the host or IP address of the public internet facing application that is being protected by the application.
This takes time. Once it is created successfully, you will get the below screen.
Now test your application. Reference:-https://docs.oracle.com/en-us/iaas/Content/WAF/Concepts/gettingstarted.htm
Publish the changes.
Next, modify the security lists of the webserver to recieve the requests from WAF. At this moment, we would need the IPV4 address of the WAF. If you scroll above, when we tested the application, we had recieved one IPV4 address. If I check the IP address for WAF server, it gives me the CIDR value with reference 192.29.50.64 and thus i used 192.29.0.0/16.
In the browser now, test it
We can verify the logs from WAF
Response code is 200.
I hope this post will be helpful for someone. In the next post, we will see how we can use Access Control in WAF for OCI. Till then, happy learning cloud.
