Oracle Cloud Infrastructure Documentation

Adding a Firewall to a Web Application Firewall Policy

Add a firewall to a web application firewall (WAF) policy to create a logical link between the policy and an enforcement point, such as a load balancer.

    1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.
    2. On the Policies page, select the compartment that contains the policy.
    3. (Optional) Filter the listed policies by name, status, policy type (WAF policy), or creation date.
    4. Click the name of the WAF policy to which you want to add a firewall.
    5. On the policy details page, under Policy, click Firewalls.
    6. Click Add firewalls.
    7. In the Add Firewalls dialog box, complete the options as follows:

      • Firewall name: Enter the name of the firewall.

      • Create in compartment: Select the compartment that contains the firewall you are creating.

      • Load balancer: Select the load balancer. Click change compartment to select a load balancer from a different compartment

      • Enable WAF logs: Select this option to generate logs that contain WAF security events.

        Logging is an option in the Web Application Firewall service. Standard limits, restrictions, and rates apply when enabling the logging features. See Oracle Cloud Infrastructure Logging.

    8. (Optional) WAF logs: Apply the following configurations to all WAF logs that you enabled. You can update these settings later for individual log files in the log details See Logs and Log Groups.
      • Compartment: Select the compartment where the WAF logs reside.

      • Log group: Select the log group.

      • Log retention: Select the length of time log entries are retained in the log file.

    9. Click Add firewalls.

  • Use the oci waf web-app-firewall create-for-load-balancer command and required parameters to add a firewall to a web application firewall policy:

    oci waf web-app-firewall create-for-load-balancer --compartment-id compartment_ocid --load-balancer-id load_balancer_id --web-app-firewall-policy-id web_app_firewall_policy_ocid [OPTIONS]

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Run the CreateWebAppFirewall operation to create a web application firewall policy firewall.