Oracle Cloud Infrastructure Documentation

Adding a Request Control Rule to a Web Application Firewall Policy

Add a request control rule to allow, check, and return HTTP requests to a web application firewall (WAF) policy.

Using the Console

  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.
  2. On the Policies page, select the compartment that contains the policy.
  3. (Optional) Filter the listed policies by name, status, policy type (WAF policy), or creation date.
  4. Click the name of the WAF policy to which you want to add an access rule to a request control.
  5. On the policy details page, under Policy, click Access control.
  6. On the Request control tab, click Manage request control.
  7. In the Manage request control dialog box, click Add access rule.
  8. In the Add rule dialog box, complete the options as follows:

    • Name: Enter a name for the access rule.

    • Conditions: Specify the prerequisite conditions that must be met for the rule action to occur.

    • Rule Action: Select an existing rule to follow when the preceding conditions are met, or select Create new action to add one.
      • Preconfigured Check Action: Allows the running of rules and generates a log message documenting the result.
      • Preconfigured Allow Action: Skips all remaining rules in the current module.
      • Preconfigured 401 Response Code Action: Returns a defined HTTP response. The response code configuration (headers and response page body) determines the HTTP response that's returned when this action is run.

      • Click Show header details to display the HTTP response headers specified in the selected Return HTTP response action.

      • Click Show response page body details to display the HTTP response body specified in the selected "Return HTTP response" action.

        For more information, see Actions for Web Application Firewalls.

  9. Click Add access rule.
  10. In the Manage request control dialog box, click Save changes.