Oracle Web Application Firewall (WAF)

Protect applications from malicious and unwanted internet traffic with a cloud-based, PCI-compliant, global web application firewall service. By combining threat intelligence with consistent rule enforcement on Oracle Flexible Load Balancer, Oracle Cloud Infrastructure Web Application Firewall strengthens defenses and protects internet-facing application servers and internal applications.

Watch a demonstration of OCI Web Application Firewall (5:25)

WAF features

Integrated threat intelligence

Adopt a layered defense (edge and in-region) security strategy with a web application firewall that aggregates threat intelligence from multiple sources including WebRoot BrightCloud® and more than 250 predefined OWASP, application, and compliance-specific rules.

Extensive policy controls

Protect applications deployed in Oracle Cloud Infrastructure, on-premises, and in multicloud environments with access controls based on geolocation data, whitelisted and blacklisted IP addresses, HTTP URL, and HTTP header.

Active bot management

Identify and block malicious bot traffic with an advanced set of verification methods, including JavaScript, CAPTCHA, device fingerprinting, and human interaction algorithms.

Flexible enforcement

Obtain the flexibility to enforce WAF protection at the OCI edge closest to end users, as well as on internal and external load balancers closest to OCI applications. Protects the application infrastructure and workloads no matter where they reside: in OCI, on-premises, multicloud, and anywhere in between.

Protect Fusion Applications from web exploits

Monitor and detect malicious HTTP and HTTPS traffic sources to safeguard Fusion Applications, workloads, APIs, and critical data from distributed denial-of-service and common web attacks, including the OWASP Top 10 vulnerability risks. By including Oracle Cloud Infrastructure WAF as part of Fusion security, we are further extending our existing defense-in-depth architecture to SaaS applications.

Simplified and flexible pricing

Evaluate Oracle Cloud Infrastructure Web Application Firewall today. OCI customers, excluding Government customers, will not be charged for the first WAF instance and usage up to 10 million requests per month. In addition, OCI customers, excluding Government customers, get one flexible load balancer instance and the first 10 Mbps of load balancer bandwidth for free.

Oracle Web Application Firewall successes

Discover how customers use Oracle Cloud Infrastructure Web Application Firewall.

Covanta logo
IdentityMind logo
Covanta logo

Global Energy-From-Waste Firm taps OCI for Secure PeopleSoft migration.

October 17, 2022

Employing Defense-in-Depth Security Strategy Using WAF for Fusion

David B. Cross, Oracle SVP SaaS Security, Praveen Kollaikal, Oracle VP SaaS Security, Miranda Jimenez, Oracle Product Marketing Manager

The Web Application Firewall (WAF) for Fusion further strengthens layer-7 security and safeguards both public- and private-facing Fusion applications from incoming traffic, reducing the associated risks. By including WAF as part of Fusion security, we’re further extending our existing defense-in-depth architecture, where a variety of security controls are already deployed.

Read the complete post

Featured blogs

View all

WAF resources

Cloud readiness

Oracle Cloud Free Tier

Build, test and deploy applications on Oracle Cloud—for free. Sign up once, get access to two free offers.


Oracle Cloud Infrastructure Web Application Firewall

Get the latest documentation for Oracle Cloud Infrastructure Web Application Firewall.

Customer community

Join a community of peers

Cloud Customer Connect is Oracle's premier online cloud community. With more than 200,000 members, it's designed to promote peer-to-peer collaboration and sharing of best practices, product updates, and feedback.

Cloud learning

Develop Oracle Cloud Security skills

Oracle University provides training and certification organizations can rely on to ensure success, all delivered in a choice of formats.

Additional areas of interest:

Isolated Network Virtualization

See more about the SmartNIC to protect the network

Autonomous Linux

Get to know about the world’s first autonomous OS


Learn how Oracle Cloud Infrastructure is addressing global compliance concerns

Oracle Cloud Infrastructure Regions

See Oracle Cloud Infrastructure Data Center Regions

Get started with WAF

Technical Report

Five Reasons Why You Need a Cloud-Based Web Application Firewall.

Oracle Cloud Infrastructure Security

Read the architecture technical paper.

Oracle Cloud Infrastructure

Oracle Cloud Infrastructure Web Application Firewall report.

Oracle Cloud Infrastructure Security Differentiators

Learn more about Oracle Cloud Infrastructure Security differentiators.