An origin is an endpoint (typically an IP address) of the application protected by the WAF. An origin can be an Oracle Cloud Infrastructure load balancer public IP address. A load balancer IP address can be used for high availability to an origin. Multiple origins can be defined, but only a single origin can be active for a WAF.
You can set HTTP headers for outbound traffic from the WAF to the origin server. These name value pairs are then available to the application.
To secure your WAF, you must configure your servers to accept traffic from the WAF servers. Configure your origin's ingress rules to only accept connections from the following CIDR ranges:
Click Add Origin.
In the Add Origin dialog box, enter the following:
Click Add Origin. The origin is added to the Origin Management list. You can now configure WAF rules.
You can add multiple origins to your WAF policy and load balance them accordingly using the orgins
and originGroups
field of the UpdateWaasPolicy operation in the WAAS API.
Click the name of the WAF Policy you want to edit the origin for. The WAF Policy overview appears.
For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.
UpdateWaasPolicy
method and leave the origin field
empty upon update.
Each origin has a unique name (key). The name of the origin to be used by the WAF must be referenced in the wafConfig
portion of the settings. For example, if you have the following origins in your configuration:
{ "compartmentId": "ocid1.compartment.oc1..aaaaatsdfssdfsdsdfsgxz", "lifecycleState": "ACTIVE", "displayName": "myWAFprotectedApp", "origins": { "primaryorigin": { "httpPort": 80, "httpsPort": 443, "uri": "67.205.161.231", "customHeaders": [] }, "secondaryorigin": { "httpPort": 80, "httpsPort": 443, "uri": "54.175.154.7", "customHeaders": [ { "name": "OriginHeader", "value": "true" }, { "name": "OriginHeader2", "value": "true" } ] }
Then within the wafConfig
, the origin in use would be referenced by name:
"wafConfig": { "deviceFingerprintChallenge": {"isEnabled": false}, "origin": "secondaryorigin", "whitelists": [],
In this example, the WAF is actively using secondaryorigin
.
About Oracle | Contact Us | Legal Notices | Terms of Use | Privacy | Document Conventions |
Copyright © , Oracle and/or its affiliates. All rights reserved.