Select the region and compartment where the policy should be maintained.
Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.
Click Create WAF Policy.
Look at the bottom of the Basic Information page for the following:
Use legacy workflow here if you need to secure your non-OCI web applications.
Click the link to display the Create Edge Policy dialog box.
Complete the following:
Name: A unique name for the policy.
Domains:
Primary Domain: The fully qualified domain name (FQDN) of the application where the policy will be applied.
Additional Domains: (Optional) Subdomains where the policy will be applied. There isn't a limit on the number of domains that can be added.
Note
Wildcard domains are accepted, however, only as additional domains and only through the API and CLI.
WAF Origin: The host or IP address of the public internet facing application that is being protected by the application.
Origin Name: A unique name for the origin.
URI: Enter the public facing endpoint (IPv4 or FQDN) of the application.
HTTPS Port: The port used for secure HTTP connection. The default port is 443.
HTTP Port: The HTTP port the origin listens on. The default port is 80.
Headers: (Optional)
Header Name: The name displayed in the HTTP request header and the header value that can be added and passed to the origin server with all requests.
Header Value: Specifies the data requested by the header.
Tags: If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.
Click Create WAF Policy. The WAF Policy overview appears. Expect the policy to become active within 15 minutes of creation.
Updates to your WAF policy appear in the list to be published in Unpublished Changes. Pending changes do not persist across browser sessions. Once you publish changes, it cannot be edited until changes propagate to the edge nodes.
In the WAF Policy overview,
click Unpublished Changes.
In the Unpublished Changes list, click the drop-down arrow beside an unpublished change to review the change.
Click Publish All.
In the Publish Changes dialog box, click Publish All.
Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.
Apply one or more of the following Filters to limit the
edge policies displayed:
State
Name
Policy Type: Select Edge
Policy.
Find the WAF policy in the list, click the Actions menu (), and then click Move Resource to a Different Compartment.
Choose the destination compartment from the list.
Click Move Resource.
Using the CLI 🔗
Open a command prompt and run the following command to get the details of a WAAS policy:
oci waas waas-policy get --waas-policy-id <policy_ocid>
This can be useful in retrieving the necessary information when opening a ticket with Oracle Cloud Infrastructure support. For more information about how to access and use the CLI, see Command Line Interface (CLI).