These known issues have been identified in Web Application Firewall.
Unable to add default origin to WAF policy created with the API
- When creating a WAF policy using the API, if you do not specify a default origin, you cannot add the default origin later using the Console or API. This issue does not apply to policies created using the Console.
- Delete the policy that was created without a default origin and create a new policy with the default origin specified.
TLS versions TLS_V1 and TLS_V1_1 have been deprecated
- TLS versions TLS_V1 and TLS_V1_1 have been deprecated and cannot be used in policy configurations. If you use these versions, a validation might occur.
- To work around this issue, update your policy configuration to use versions TLS_V1_2 or TLS_V1_3, or both.
Global DNS change will cause service disruption if new subnets are not whitelisted
- Global DNS changes will be made for all Oracle Web Application Firewall (WAF) customers beginning in December 2019. All customers that have an origin lock-down (using an explicit IP whitelisting) and will not whitelist the new subnets will have downtime and service degradation.
(Action Required) Customers must whitelist the new subnets to avoid service disruption. For the API documentation, see ListEdgeSubnets.
OCI WAF Expansion Whitelist