The Oracle Cloud Infrastructure WAF should be considered for any internet-facing web application or HTTP-based API.

Oracle Cloud Infrastructure WAF filters out malicious requests to your web application or API. It also gives you more visibility as to the where the traffic is coming from—and Layer 7 DDoS attacks are mitigated, ensuring greater availability.

The bot management solution uses detection techniques such as IP rate limiting, CAPTCHA, device fingerprinting, and human interaction challenges to identify and block bad and/or suspicious bot activity from scraping your website for competitive data. At the same time, the WAF can allow legitimate bot traffic from Google, Facebook, and others to continue to access your web applications as intended.

Oracle Cloud Infrastructure WAF employs an intelligent DNS data-driven algorithm that determines the best global point of presence (POP) to serve a given user in real time. As a result, users are routed around global network issues and potential latency while offering the best possible uptime and service levels.

• Architecture deployment and origin lock down: Restrict traffic to ports 80 & 443, which results in all other connections being dropped.
• Dynamic traffic routing via DNS: Leverage DNS-based traffic-routing algorithms that consider user latency from thousands of global locations to determine the lowest latency routes.
• High availability: When configuring web-application delivery, Oracle Cloud Infrastructure WAF offers several high availability configuration options with the ability to add multiple origin servers. These settings and/or servers will only be used in cases where primary origin servers are offline or not responding correctly to health checks.
• Managing policies: Configure and manage features and functionality within the Oracle Cloud Infrastructure WAF configuration.
• Monitoring and reporting: This functionality gives users the ability to access reporting related to their content library.
• Support: Alert support teams of an issue and escalate a ticket depending on urgency (i.e. sev1, 2, or 3).

Oracle Cloud Infrastructure WAF is available to Universal Credit Model subscribers. Universal Credit Model subscribers can access Oracle Cloud Infrastructure WAF via the Oracle Cloud Infrastructure Console under the Edge Services tab. There is a Getting Started Guide in the documentation that is the ideal place to start.

The Oracle Cloud Infrastructure WAF utilize universal credits model and burn down based on the following metrics:

• Number of requests (higher price with Bot Management enabled)
• Amount of data/traffic egressed from the WAF
• Number of non-Oracle Cloud Infrastructure endpoints (monthly)

Yes. Oracle Cloud Infrastructure WAF is available to Universal Credit Model Subscribers. Customers may choose to leverage only Oracle Cloud Infrastructure WAF to protect non-OCI workloads. There is a small dependency on object storage to leverage the Oracle Cloud Infrastructure console that will show up on your billing.

Yes. Oracle Cloud Infrastructure WAF was designed API-first, so anything you can do in the console is available in the API.

Not as of March 2021. There are some management functions that can only be performed via API. Some of these API-only functions include:

• Threat intelligence
• IP rate limiting
• Sorting access rules
• Certificate management (beyond uploading a single certificate/key)
• Reporting and telemetry (assuming Oracle Cloud Infrastructure public telemetry is not available to you)

We will continue to add these items to the console and publish API, SDK, and Terraform examples for managing these features.

The recommended approach is to use the API to have SIEM consume WAF logs. We do not provide any pre-built plug-ins for SIEM providers today.

Oracle Cloud Infrastructure WAF is a global service that can be configured from any commercial region. It is not limited to that region for data, though. Any Oracle Cloud Infrastructure WAF configuration is added to the global 'edge'.

Oracle currently has a total of 11 edge nodes with the following global footprint*:

• Brazil
• India
• Sydney
• Frankfurt
• Switzerland
• London
• Phoenix
• Ashburn
• Toronto
• Tokyo
• Seoul

*Note that some locations have more than one PoP.

Yes. Oracle Cloud Infrastructure provides unlimited DDoS protection for web applications and services.

DDoS protection is provided by the Oracle Cloud Infrastructure edge network, which is comprised of globally-distributed, high-capacity points of presence (PoPs) that support a wide range of edge applications. Oracle Edge PoPs are located in Oracle Cloud Infrastructure regions and at standalone locations worldwide. Specifically, L7 DDoS attacks are managed by the Oracle Web Application Firewall (WAF), which includes a complete set of access control and bot management features designed to defeat L7 DDoS threats. Oracle WAF is designed to protect against the vast majority of DDoS attacks at each PoP. In the event of an extremely-high-volume L7 DDoS attack, Oracle uses DDoS scrubbing centers, which are globally-distributed to ensure quick response times.

The service is available from the Oracle Cloud Infrastructure console. The customer selects L7 DDoS protection from the console as part of the WAF’s bot management menu. Customers can select one of two options:

1. On-demand: L7 DDoS protection is turned on at the customer's discretion.

2. Always-on: L7 DDoS protection is always on and provides automatic protection.

L7 DDoS mitigation is part of the Oracle Cloud Infrastructure WAF and is activated when users select a range of policy options designed to defeat sophisticated L7 DDoS attacks. Policy options include but are not limited to JavaScript challenges, IP rate limiting, device fingerprinting, and human interaction challenges. These countermeasures are fully automated when the 'always-on' option is selected. Users can also select the 'on-demand' option to manually turn on L7 DDoS protection at their discretion.

L7 DDoS mitigation is part of the Oracle Cloud Infrastructure WAF. This is a metered subscription based on traffic and request volumes. See Oracle's pricing page for more information.

Traffic is automatically routed to the Oracle Cloud Infrastructure edge network via a reverse proxy architecture. The edge network includes globallydistributed PoPs that inspect all HTTP and HTTPS traffic before it arrives at the web application. The PoPs use the activated DDoS countermeasures to automatically eliminate traffic that is identified as coming from malicious botnets.

The Oracle Cloud Infrastructure portal contains consoles with near real-time reporting about alerts, blocked requests, bot mitigations, and logs.

Configure your origin ingress rules to only accept connections from certain CIDR ranges, please refer to Securing Your WAF in the Getting Started Guide to get the updated list.

No, we do not support this feature at this time.

Oracle Cloud Infrastructure WAF supports CRS 3.0.

We suggest using the API, CLI, SDK, or Terraform to script this, however it is not recommended to enable all at the same time.

Please refer to the Web Application Firewall main page for further details.