Oracle Cloud Infrastructure Documentation

Adding a Firewall to a Web Application Firewall Policy

Add a firewall to a web application firewall (WAF) policy to create a logical link between the policy and an enforcement point, such as a load balancer.

You can generate security logs for your firewalls after you create your WAF policy. We recommend enabling security logs as it provides valuable insight into your WAF performance. For more information, see Setting Up Firewall Logging.

Configure your load balancer with an HTTP listener. Fore more information, see Listeners for Load Balancers.

    1. On the Policies list page, select the policy that you want to work with. If you need help finding the list page or the policy, see Listing Web Application Firewall Policies.
      The policy's details page opens.
    2. From the details page, select Firewalls.
      The Firewalls list opens. All firewalls are displayed in a table.
    3. From the Actions menu (three dots) for the firewall, select Add firewalls.
      The Add firewalls panel opens.

    Firewall

    Enter the following information:

    • Firewall name: Enter the name of the firewall.
    • Create in compartment: Select the compartment that contains the firewall you are creating.
    • Load balancer compartment: Select the compartment containing the load balancer you want from the list.
    • Load balancer: Select the load balancer from the list.

    Tags

    If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.

    Select Add firewalls.

    The firewall you created appears in the Firewalls list.

  • Use the oci waf web-app-firewall create-for-load-balancer command and required parameters to add a firewall to a web application firewall policy:

    oci waf web-app-firewall create-for-load-balancer --compartment-id compartment_ocid --load-balancer-id load_balancer_id --web-app-firewall-policy-id web_app_firewall_policy_ocid [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateWebAppFirewall operation to create a web application firewall policy firewall.