Adding a Web Application Firewall Request Protection Rule

Add a request protection rule to a web application firewall policy.

Using the Console

  1. Open the navigation menu and click Identity & Security. Under Web Application Firewall, click Policies.

    Alternatively, open the Web Application Firewall page and click Policies under Resources.

    The WAF Policies page appears.

  2. Select the Compartment from the list.

    All the WAF policies in that compartment are listed in tabular form.

  3. (Optional) Apply one or more of the following Filters to limit the WAF policies displayed:
    • State

    • Name

    • Policy Type: Select WAF Policy.

  4. Select the WAF policy to which you want to add a request protection rule.
    The WAF Policy Details dialog box appears.
  5. Click Protections under Resources.

    The Protections list appears.

  6. Select the Request Protection Rules tab.
  7. Click Manage Request Protection Rules.

    The Manage Request Protection Rules dialog box appears.

  8. Click Add Request Protection Rule.

    The Add Request Protection Rule dialog box appears.

    Complete the following:

    • Name: Enter the name of the request protection rule.

    • Conditions: Specify the prerequisite conditions that need to be met for the rule action to occur. See Understanding Conditions for more information on how to author the conditions for your access rule.

    • Rule Action: Select an existing rule to be followed when the preceding conditions are met, or select Create New Action to add one. See Actions for Web Application Firewalls for more information.

    • Body Inspection: Click Enable Body Inspection to allow the HTTP request body to undergo inspection to ensure that request body content conforms to all the specified protection capabilities in the protection rule. See HTTP Request Body Inspection for more information.

    • Protection Capabilities list: Displays all protection capabilities associated with the protection rule and their information. This information includes the key number, the capability name, collaborative status, any applied tags, and the action used.

      Note

      Protection capabilities are not necessarily run in the order they are listed here.

      Click Choose Protection Capabilities to open the Choose Protection Capabilities dialog box. Complete the following:

      • Filter by Tags: Select one or more filters to limit the protection capabilities displayed.

      • Filter by Version: Select one or more versions to limit the protection capabilities displayed.

      • Reset All Filters: Click to remove all user-inputted filters.

      • Protections list: Check each protection that you want to apply to the rule.

      Click Choose Protection Capabilities to apply the protections you selected to the rule. The Choose Protection Capabilities dialog box closes.

      Click the the Actions menu (Actions Menu) for a protection capability entry and select any of the following commands:

      • View and Edit Protection Capability Settings: Click to open the View and Edit Protection Capability Settings dialog box. Here you can view setting information such as allowed HTTP methods, header information, and argument information.

        Click Edit to update the following settings:

        • Allowed HTTP Methods: Select the HTTP methods allowed by the protection capability 911100: Restrict HTTP Request Methods.

        • Maximum HTTP Request Header Length: Enter the maximum header length allowed in an HTTP request by the protection capability 9200024: Limit length of request header size.

        • Maximum HTTP Request Headers: Enter the maximum number of headers allowed in an HTTP request by the protection capability 9200014: Limit Number of Request Headers.

        • Maximum Number of Arguments: Enter the maximum number of arguments allowed by the protection capability 920380: Number of Arguments Limits.

        • Maximum Single Argument Length: Enter the maximum argument length allowed by the protection capability 920370: Limit argument value length.

        • Maximum Total Argument Length: Enter the maximum total combined length of all arguments allowed by the protection capability 920390: Limit arguments total length.

        Click Save Changes. The View and Edit Protection Capabilities Settings dialog box is closed and your updates saved.

      • Change Action: Check one or more protections from the list and click Change Action to open the Change Action dialog box. Here you can select a different action for the protection capabilities you selected. See Actions for Web Application Firewalls for more information.

      • Delete: Check one or more protections from the list and click Delete. Confirm the deletions when prompted. All the protections you checked are now deleted.

    For each entry in the Protection Capabilities list, you can select the following from the Actions menu (Actions Menu):

    • View Details: Opens the Capability Details dialog box. Here you can view the name, description, version, and collaborative status of the protection capability.

    • Change Action: Opens the Change Action dialog box. Here you can select a different action for the protection capability. See Actions for Web Application Firewalls for more information.

    • Exclusions: Opens the Exclusions dialog box. Here you can specify the types of request that the protection rules bypass. If a request matches any of the set exclusions, the protection rules are run for that request. Select the type and corresponding value for each exclusion entry. Click +Additional Exclusion to add another exclusion to the protection capability. Click X to delete an exclusion. Click Save Changes when done.

    • Override Weight and Threshold: Opens the Override Weight and Threshold dialog box. Here you can view the Default Collaborative Capability Weight and Default Collaborative Capability Threshold information. Check Override weights and threshold to override any of the default values. Click Save Changes.

  9. Click Add Request Protection Rule.

    The Add Request Protection Rule dialog box closes and the request protection rule you added is included in the Request Protection Rules list.

  10. Click Save Changes in the Manage Request Protection Rules dialog box.

The rule you created appears in the list of request protection rules and is available for use.