Oracle Cloud Infrastructure Documentation

Adding a Response Control Rule to a Web Application Firewall Policy

Add a response control rule to allow, check, and return HTTP responses for all matched requests for web application firewall policy.

Using the Console

  1. On the Policies list page, select the WAF policy that you want to add the rule to. If you need help finding the list page or the policy, see Listing Web Application Firewall Policies.
  2. On the WAF policy's details page, under Policy, select Access control.
  3. Under Access control, select Response Control.
  4. Select Manage response control.
  5. In the Manage response control window, select Add access rule.

  7. In the Add access rule panel, enter the following information:

    • Name: Enter the name of the access rule.

    • Conditions: Specify the prerequisite conditions that need to be met for the rule action to occur.

    • Rule Action: Select an existing rule to be followed when the preceding conditions are met, or select Create New Action to add one.

      • Pre-configured Check Action: Allows the running of rules and generates a log message documenting the result.

      • Pre-configured Allow Action: Skips all remaining rules in the current module.

      • Pre-configured 401 Response Code Action: Returns a defined HTTP response. The response code configuration (headers and response page body) determines the HTTP response that is returned when this action is run.

        • Select Show Header Details to display the HTTP response headers specified in the selected Return HTTP response action.
        • Select Show Response Page Body Details to display the HTTP response body specified in the selected "Return HTTP response" action.

      For a complete description and explanation of how to use actions in a WAF policy, see Actions for Web Application Firewalls.

  8. Select Add access rule.
  9. In the Manage response control window, select Save changes.