Web Application Firewalls bring an extra protection layer for our applications open to the public. It has capabilities to filter out malicious and unwanted traffic with many inbuilt features. In this blog we are going to create a WAF for a simple scenario on Oracle Cloud Infrastructure (OCI).
Learn more about OCI WAF from here.
Here’s the scenario – We assume that you already have an application deployed on computes (or any other) and it can be accessible via a public load balancer. In case you are not familiar with this please read my previous blogs;
Create Load balancer: https://cloudnavigations.com/how-load-balancer-works/
Create Connectivity: https://cloudnavigations.com/oracle-cloud-infrastructure-simple-connectivity/
The WAF we are creating is going to block a named country from accessing the application. This is one of the capabilities of WAF and simply to showcase the creation steps.
Architecture
As in figure 1, we have a load balancer for the applications deployed on computes. Our target is to add a WAF, so that we can introduce additional security layers.
Step-by-Step Activities
Firstly we can check what is the output for load balancer. As in figure 2, when we type the public IP on a web browser it reflects a simple web application. One the WAF is configured to block the current country it should not appear for the public of the mentioned country.
The Web Application Firewall service can be found under the ‘Identity and Security’ section in OCI console.
Click on ‘Create WAF policy’ button to initiate our process of creating the WAF.
Creating WAF policy has six stages and the first one starts with providing a name and the actions. As for this scenario we accept the default actions.
In our example we are an ‘access control’ to eliminate Internet traffic from a certain country. For this, we need to ‘enable access control’ by clicking the check box and start creating a rule by clicking on ‘Add access rule’ button.
We need to provide a suitable name and select the country we need to block. Since I’m based in Malaysia, I picked it so that I can see it myself.
We are not considering enabling any rates, so can ignore this step.
Similarly, we are avoiding protections as well.
In the step ‘select enforcement point’, we need to select the previously created load balancer from the drop down list. From here, our rules will be applied to the load balancer.
Last step is to review and confirm by clicking the ‘create WAF policy’ button.
Now, let’s test the impact of WAF by accessing our load balancer from a web browser. Yes, it’s now blocked and shows error as in figure 12.
This concludes the short explanation of creating a WAF on Oracle Cloud Infrastructure (OCI) and creating a rule on it to block traffic from selected countries.