Oracle Web Application Firewall (WAF)

Protect applications from malicious and unwanted internet traffic with a cloud-based, PCI-compliant, global web application firewall service. By combining threat intelligence with consistent rule enforcement on Oracle Flexible Load Balancer, Oracle Cloud Infrastructure Web Application Firewall strengthens defenses and protects internet-facing application servers and internal applications.

Watch a demonstration of OCI Web Application Firewall (5:25)

Overview
FAQ

WAF features

Integrated threat intelligence

Adopt a layered defense (edge and in-region) security strategy with a web application firewall that aggregates threat intelligence from multiple sources including WebRoot BrightCloud® and more than 250 predefined OWASP, application, and compliance-specific rules.

Extensive policy controls

Protect applications deployed in Oracle Cloud Infrastructure, on-premises, and in multicloud environments with access controls based on geolocation data, whitelisted and blacklisted IP addresses, HTTP URL, and HTTP header.

Active bot management

Identify and block malicious bot traffic with an advanced set of verification methods, including JavaScript, CAPTCHA, device fingerprinting, and human interaction algorithms.

Flexible enforcement

Obtain the flexibility to enforce WAF protection at the OCI edge closest to end users, as well as on internal and external load balancers closest to OCI applications. Protects the application infrastructure and workloads no matter where they reside: in OCI, on-premises, multicloud, and anywhere in between.

Protect Fusion Applications from web exploits

Monitor and detect malicious HTTP and HTTPS traffic sources to safeguard Fusion Applications, workloads, APIs, and critical data from distributed denial-of-service and common web attacks, including the OWASP Top 10 vulnerability risks. By including Oracle Cloud Infrastructure WAF as part of Fusion security, we are further extending our existing defense-in-depth architecture to SaaS applications.

Simplified and flexible pricing

Evaluate Oracle Cloud Infrastructure Web Application Firewall today. OCI customers, excluding Government customers, will not be charged for the first WAF instance and usage up to 10 million requests per month. In addition, OCI customers, excluding Government customers, get one flexible load balancer instance and the first 10 Mbps of load balancer bandwidth for free.

Oracle Web Application Firewall successes

Discover how customers use Oracle Cloud Infrastructure Web Application Firewall.

Global Energy-From-Waste Firm taps OCI for Secure PeopleSoft migration.

Watch the video (2:48)

Read the story (PDF)

October 17, 2022

Employing Defense-in-Depth Security Strategy Using WAF for Fusion

David B. Cross, Oracle SVP SaaS Security, Praveen Kollaikal, Oracle VP SaaS Security, Miranda Jimenez, Oracle Product Marketing Manager

The Web Application Firewall (WAF) for Fusion further strengthens layer-7 security and safeguards both public- and private-facing Fusion applications from incoming traffic, reducing the associated risks. By including WAF as part of Fusion security, we’re further extending our existing defense-in-depth architecture, where a variety of security controls are already deployed.

Read the complete post

Featured blogs

View all

WAF resources

Oracle Cloud Free Tier

Build, test and deploy applications on Oracle Cloud—for free. Sign up once, get access to two free offers.

Start with Oracle Cloud Free Tier

Oracle Cloud Infrastructure Web Application Firewall

Get the latest documentation for Oracle Cloud Infrastructure Web Application Firewall.

See the latest documentation

Join a community of peers

Cloud Customer Connect is Oracle's premier online cloud community. With more than 200,000 members, it's designed to promote peer-to-peer collaboration and sharing of best practices, product updates, and feedback.

Join today