Oracle Cloud Infrastructure Documentation

Adding a Web Application Firewall Action

Add an action to a web application firewall (WAF) policy.

Using the Console

  1. On the Policies page, select the compartment that contains the policy.
  2. (Optional) Filter the listed policies by name, status, policy type (WAF policy), or creation date.
  3. Click the name of the WAF policy to which you want to add an action.
  4. On the policy details page, under Policy, click Actions.
  5. Click Manage actions.
  6. In the Manage actions dialog box, click Add action.
  7. In the Add action dialog box, complete the options as follows:

    • Action name: Enter a name for the action.

    • Action type: Specify the action type:
      • Allow: Skips all remaining rules in the current module.
      • Check: Doesn't stop the running of rules. Instead it generates a log message that documents the result of running the rules.
      • Return HTTP response: Returns a defined HTTP response.

        If you select this type, then provide the following values:

    • Response code: Select the HTTP response.

    • Headers: Enter optional header information:

      • Header name: Enter the name of the header.

        Header value: Enter the associated value of the header.

        Click + Another header to display another header row where you can enter a header name and value pair. Click X to delete the associated header row.

    • Response page body: Provides details about an error, including the cause and further instructions, if needed.

      Enter the HTTP response body, for example a JSON error response:
      {"code":"403","message":"Forbidden"}

      You can enable Dynamic text support to add variables in the page body. The following variable is supported:

      RequestID

      The request ID can help you with tracking and managing a request by providing a unique request identifier exposed in HTTP request and response headers.

      When the request ID is enabled, the default header name X-Request-Id is included in the HTTP request header from the load balancer to the backend and HTTP header responses.

      The following example provides an HTTP response body with dynamic text support enabled:

      {"code":"403","message":"Forbidden","RequestId":"${http.request.id}"}
  8. Click Add action.
  9. In the Manage actions dialog box, click Save changes.