Oracle Cloud Infrastructure Documentation

Editing a Web Application Firewall Request Protection Rule

Update a request protection rule contained within a web application firewall policy.

Using the Console

  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.

    Alternatively, open the Web Application Firewall page and click Policies under Resources.

    The WAF Policies page appears.

  2. Select the Compartment from the list.

    All the WAF policies in that compartment are listed in tabular form.

  3. (Optional) Apply one or more of the following Filters to limit the WAF policies displayed:

    • State

    • Name

    • Policy Type: Select WAF Policy.

  4. Select the WAF policy whose request protection rule you want to edit.
    The WAF Policy Details dialog box appears.
  5. Click Protections under Resources.

    The Protections list appears.

  6. Select the Request Protection Rules tab.
  7. Click Manage Request Protection Rules.

    The Manage Request Protection Rules dialog box appears. All existing request protection rules associated with the web application firewall policy are displayed in tabular format.

  8. Check one or more request protection rules and click Action to apply an action to all the selected rules. You can select one of the following options:

    • View and Edit Rules Settings: Displays the View and Edit Rules Settings dialog box. Here you can apply the following settings to any request protection rule that has HTTP body inspection enabled:

      • Maximum Number of Bytes Allowed: Specify the number of bytes in each HTTP message body that undergoes inspection. Value ranges from 0 - 8192.
      • Action Taken if Limit Has Been Exceeded: Select an action from the list that occurs if the size of the message body exceeds your specified maximum number of bytes allowed. The pre-defined actions are:

        • Inspect Partial Body and Continue: The body is inspected to the specified size limit. No further action is taken if that limit is exceeded. This selection is equal to the "None" selection.

        • Preconfigured 401 Response Code Action: This is a dynamic action. Each time you can define a different set of actions, but they all are going to be with the "Return HTTP Response" type.

        • Return HTTP Response: This option is disabled.

        You can also create a custom action. See Actions for more information.

      Click Save Changes. The View and Edit Rules Settings dialog box closes.

    • Enable Body Inspection: Enables inspection of the HTTP message body.

    • Disable Body Inspection: Disables inspection of the HTTP message body.

    • Delete: Removes the selected request protection rules from the web application firewall policy.

    See Request Protection Rules for more information on the HTTP body inspection feature.

  9. Click Edit next to the request protection rule you want to edit.

    The Edit Request Protection Rule dialog box appears.

  10. Edit the request protection rule settings. See Adding a Web Application Firewall Request Protection Rule for descriptions of each setting.
    You can apply edits to multiple selected request protection rules using the Actions menu in the Request Protection Rules list. Check those request protection rules in the list that you want to edit. Click Actions and apply one of the following actions:

    • View and Edit Rules Settings: Displays a dialog box where you can specify settings that apply to all selected protection request rules

    • Enable Body Inspection: Enables HTTP message body inspection for all selected protection request rules.

    • Disable Body Inspection: Disables HTTP message body inspection for all selected protection request rules.

  11. Click Save Changes.

    The Edit Request Protection Rules dialog box closes.

  12. Click Save Changes in the Manage Request Protection Rules dialog box.

The updates you made are present in the details of the request protection rule.