Use the instructions below to transfer your Web Application Security WAF service to Oracle Cloud Infrastructure WAF.
Review Existing Web Application Security Settings to Prepare for Migration
Reviewing existing WAF traffic settings is critical to a successful migration when the policies are recreated in Oracle Cloud Infrastructure. To review existing settings, refer to Web Application Firewall. Please ensure you take note of current configuration settings to be used later on upon policy creation in Oracle Cloud Infrastructure.
Route Off the Web Application Security WAF Service
Routing off the service is required in order to prevent downtime to your web application while you create your policies in OCI. To route off your WAF service, update your hostname to point to your origin. You can accomplish this by navigating to your DNS provider, removing the target CNAME for Oracle Cloud Security, and adding in your origin hostname or IP addresses directly.
Delete the Existing Web App
Use the following steps to remove the web app from your account.
- From the Administration dashboard, select Web Apps. A new window appears.
- Click the actions icon beside the web app you want to remove. A drop-down menu appears.
- Select Delete from the drop-down menu.
- Type "delete" into the confirmation field, and then click YES, I understand the consequences, delete this webapp.
Create a WAF Policy in Oracle Cloud Infrastructure
- Sign into your OCI account at https://cloud.oracle.com/en_US/sign-in.
- Open the navigation menu. Under Governance and Administration, go to Security and click WAF Policies.
- Click Create WAF Policy.
- In the Create WAF Policy dialog box, enter the following:
- Policy Name: A unique name for the policy. Avoid entering confidential information.
- Primary Domain: The fully qualified domain name (FQDN) of the application where the policy will be applied.
- Additional Domains: (Optional) Subdomains where the policy will be applied.
- WAF Origin: The host or IP address of the public internet facing application that is being protected by the application.
- Origin Name: A unique name for the origin. Avoid entering confidential information.
- URI: The IPv4 address or fully qualified domain name (FQDN) of the origin. The URI can be a full URI, not just a host/IP.
- HTTPS Port: The port used for secure HTTP connection. The default port is 443.
- HTTP Port: The HTTP port the origin listens on. The default port is 80.
- Header(s): (Optional)
- Header Name: The name displayed in the HTTP request header and the header value that can be added and passed to the origin server with all requests.
- Header Value: Specifies the data requested by the header.
- Tags: Optionally, you can apply tags. If you have permissions to create a resource, you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you are not sure if you should apply tags, skip this option (you can apply tags later) or ask your administrator.
- Click Create WAF Policy. The WAF Policy overview appears. You can access Origin Management, Access Control, WAF, Bot Management, Alerts, and any unpublished changes. While the policy is being created, no changes can be made until the process has completed. Expect the policy to become active within 15 minutes of creation.
A CNAME target is generated for each policy. The CNAME target is a hyphenated version of your FQDN within the Oracle Cloud Infrastructure domain (for example, myapp-mydomain-com.oraclecloud.net).
- In your DNS zone, update the CNAME record entry with the value of the CNAME target that is generated. This enables traffic to be routed through the WAF before the application. This value is presented soon after you publish your policy the first time on the main page of the policy.
For more information on managing your WAF service, see Managing WAF Policies.
Cancel Dyn Web Application Security Service
Please send an email to email@example.com notifying Dyn that you want to cancel your accounts.
Contact the Oracle Dyn Migration Team with Questions
For any questions regarding steps for migration please contact firstname.lastname@example.org and include the following information:
- Company Name.
- Web Application Firewall Applications to be migrated.
- The OCID for your Oracle Cloud Infrastructure tenancy. See Where to Find Your Tenancy's OCID.
- Any other pertinent information or questions.