Oracle Cloud Infrastructure Documentation

Adding a Firewall to a Web Application Firewall Policy

Add a firewall to a web application firewall (WAF) policy to create a logical link between the policy and an enforcement point, such as a load balancer.

    1. On the Policies list page, select the WAF policy that you want to add the firewall to. If you need help finding the list page or the policy, see Listing Web Application Firewall Policies.
    2. On the WAF policy's details page, under Policy, select Firewalls.
    3. Select Add firewalls.
    4. In the Add firewalls panel, enter the following information:

      • Firewall name: Enter the name of the firewall.

      • Create in compartment: Select the compartment that contains the firewall you are creating.

      • Load balancer: Select the load balancer. Select Change compartment to select a load balancer from a different compartment

      • Enable WAF logs: Select this option to generate logs that contain WAF security events.

        Logging is an option in the Web Application Firewall service. Standard limits, restrictions, and rates apply when enabling the logging features. See Oracle Cloud Infrastructure Logging.

      • WAF logs: (Optional) Apply the following configurations to all WAF logs that you enabled. You can update these settings later for individual log files in the log details See Logs and Log Groups.

        • Compartment: Select the compartment where the WAF logs reside.

        • Log group: Select the log group.

        • Log retention: Select the length of time log entries are retained in the log file.

      • Show tagging: (Optional) Add one or more tags to the firewall.

        If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, skip this option or ask an administrator. You can apply tags later.

    5. Select Add firewalls.

  • Use the oci waf web-app-firewall create-for-load-balancer command and required parameters to add a firewall to a web application firewall policy:

    oci waf web-app-firewall create-for-load-balancer --compartment-id compartment_ocid --load-balancer-id load_balancer_id --web-app-firewall-policy-id web_app_firewall_policy_ocid [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateWebAppFirewall operation to create a web application firewall policy firewall.