Oracle Cloud Infrastructure Documentation

Adding a Response Control Rule to a Web Application Firewall Policy

Add a response control rule to allow, check, and return HTTP responses for all matched requests for web application firewall policy.

Using the Console

  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.

    Alternatively, open the Web Application Firewall page and click Policies under Resources.

    The WAF Policies page appears.

  2. Select the Compartment from the list.

    All the WAF policies in that compartment are listed in tabular form.

  3. (Optional) Apply one or more of the following Filters to limit the WAF policies displayed:

    • State

    • Name

    • Policy Type: Select WAF Policy.

  4. Select the WAF policy to which you want to add an access rule to a response control.
    The WAF Policy Details dialog box appears.
  5. Click Access Control under Resources.

    The Access Control list appears.

  6. Select the Response Control tab.
  7. Click Manage Response Control.

    The Manage Response Control dialog box appears.

  8. Click Add Access Rule.

    The Add Access Rule dialog box appears.

    Complete the following:

    • Name: Enter the name of the access rule.

    • Conditions: Specify the prerequisite conditions that need to be met for the rule action to occur.

    • Rule Action: Select an existing rule to be followed when the preceding conditions are met, or select Create New Action to add one.

      • Pre-configured Check Action: Allows the running of rules and generates a log message documenting the result.

      • Pre-configured Allow Action: Skips all remaining rules in the current module.

      • Pre-configured 401 Response Code Action: Returns a defined HTTP response. The response code configuration (headers and response page body) determines the HTTP response that is returned when this action is run.

        Click Show Header Details to display the HTTP response headers specified in the selected Return HTTP response action.

        Click Show Response Page Body Details to display the HTTP response body specified in the selected "Return HTTP response" action.

      See Actions for Web Application Firewalls for a complete description and explanation of how to use actions in a WAF policy.

    The access rule you created is added to the list of rules and is available for use.

  9. Click Add Access Rule.

    The Add Access Rule dialog box closes.

  10. Click Save Changes in the Manage Response Control dialog box.

The rule you created appears in the list of access rules for the response control and is available for use.