Adding a Request Control Rule to a Web Application Firewall Policy
Add a request control rule to allow, check, and return HTTP requests to a web application firewall (WAF) policy.
Using the Console
- Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.
- On the Policies page, select the compartment that contains the policy.
- (Optional) Filter the listed policies by name, status, policy type (WAF policy), or creation date.
- Click the name of the WAF policy to which you want to add an access rule to a request control.
- On the policy details page, under Policy, click Access control.
- On the Request control tab, click Manage request control.
- In the Manage request control dialog box, click Add access rule.
-
In the Add rule dialog box, complete the options as follows:
-
Name: Enter a name for the access rule.
-
Conditions: Specify the prerequisite conditions that must be met for the rule action to occur.
-
Rule Action: Select an existing rule to follow when the preceding conditions are met, or select Create new action to add one.
- Preconfigured Check Action: Allows the running of rules and generates a log message documenting the result.
- Preconfigured Allow Action: Skips all remaining rules in the current module.
- Preconfigured 401 Response Code Action: Returns a defined HTTP response. The response code configuration (headers and response page body) determines the HTTP response that's returned when this action is run.
-
Click Show header details to display the HTTP response headers specified in the selected Return HTTP response action.
-
Click Show response page body details to display the HTTP response body specified in the selected "Return HTTP response" action.
For more information, see Actions for Web Application Firewalls.
-
- Click Add access rule.
- In the Manage request control dialog box, click Save changes.