darknet, dark net, dark web-3588402.jpg

OCI Web Application Firewall (WAF) : Block a country

Web Application Firewalls bring an extra protection layer for our applications open to the public. It has capabilities to filter out malicious and unwanted traffic with many inbuilt features. In this blog we are going to create a WAF for a simple scenario on Oracle Cloud Infrastructure (OCI).

 Learn more about OCI WAF from here.

Here’s the scenario – We assume that you already have an application deployed on computes (or any other) and it can be accessible via a public load balancer. In case you are not familiar with this please read my previous blogs;

Create Load balancer: https://cloudnavigations.com/how-load-balancer-works/ 

Create Connectivity: https://cloudnavigations.com/oracle-cloud-infrastructure-simple-connectivity/ 

The WAF we are creating is going to block a named country from accessing the application. This is one of the capabilities of WAF and simply to showcase the creation steps. 

Architecture

As in figure 1, we have a load balancer for the applications deployed on computes. Our target is to add a WAF, so that we can introduce additional security layers.

Figure 1: Architecture

Step-by-Step Activities 

Firstly we can check what is the output for load balancer. As in figure 2, when we type the public IP on a web browser it reflects a simple web application. One the WAF is configured to block the current country it should not appear for the public of the mentioned country.

Figure 2: Load balancer output

The Web Application Firewall service can be found under the ‘Identity and Security’ section in OCI console.

Figure 3: Locate WAF

Click on ‘Create WAF policy’ button to initiate our process of creating the WAF.

Figure 4: Create WAF policy

Creating WAF policy has six stages and the first one starts with providing a name and the actions. As for this scenario we accept the default actions.

Figure 5: WAF name

In our example we are an ‘access control’ to eliminate Internet traffic from a certain country. For this, we need to ‘enable access control’ by clicking the check box and start creating a rule by clicking on ‘Add access rule’ button.

Figure 6: Enable Access control

We need to provide a suitable name and select the country we need to block. Since I’m based in Malaysia, I picked it so that I can see it myself.

Figure 7: Create access rule

We are not considering enabling any rates, so can ignore this step.

Figure 8: Rate limiting – ignore

Similarly, we are avoiding protections as well.

Figure 9: Protections – ignore

In the step ‘select enforcement point’, we need to select the previously created load balancer from the drop down list. From here, our rules will be applied to the load balancer.

Figure 10: Add load balancer

Last step is to review and confirm by clicking the ‘create WAF policy’ button.

Figure 11: Confirm and create WAF

Now, let’s test the impact of WAF by accessing our load balancer from a web browser. Yes, it’s now blocked and shows error as in figure 12.

Figure 12: Access load balancer after WAF

This concludes the short explanation of creating a WAF on Oracle Cloud Infrastructure (OCI) and creating a rule on it to block traffic from selected countries.