Oracle Cloud Infrastructure Documentation

Editing a Web Application Firewall Request Protection Rule

Update a request protection rule contained within a web application firewall policy.

Using the Console

  1. On the Policies list page, select the WAF policy that contains the rules that you want to work with. If you need help finding the list page or the policy, see Listing Web Application Firewall Policies.
  2. On the WAF policy's details page, under Policy, select Protections.
  3. Select the Request Protection Rules tab.
  4. Select Manage request protection rules.
    The Manage request protection rules window opens.
  5. To edit multiple rules at once, select the checkboxes for one or more rules, select the Actions menu at the top of the table, and then select one of the following options:

    • View and edit rules settings: Apply the following settings to any request protection rule that has HTTP body inspection enabled:

      • Maximum number of bytes allowed: Specify the number of bytes in each HTTP message body that undergoes inspection. Value ranges from 0 - 8192.
      • Action taken if limit has been exceeded: Select an action from the list that occurs if the size of the message body exceeds your specified maximum number of bytes allowed. The pre-defined actions are:

        • Inspect partial body and continue: The body is inspected to the specified size limit. No further action is taken if that limit is exceeded. This selection is equal to the "None" selection.

        • Pre-configured 401 Response Code Action: This is a dynamic action. Each time you can define a different set of actions, but they all are going to be with the "Return HTTP Response" type.

        • Return HTTP response: This option is disabled.

        You can also create a custom action. For more information, see Actions.

    • Enable body inspection: Enables inspection of the HTTP message body.

    • Disable body inspection: Disables inspection of the HTTP message body.

    • Delete: Removes the selected request protection rules from the web application firewall policy.

    For more information on the HTTP body inspection feature, see Request Protection Rules.

  6. To edit a single rule:
    1. Select Edit for the rule.
    2. In the Edit protection rule window, edit the rule settings. For field descriptions, see Adding a Web Application Firewall Request Protection Rule.
    3. Select Save changes.
      The Edit protection rule window closes.
  7. In the Manage request protection rules window, select Save changes.