Web Application Firewall In Oracle Cloud Infrastructure
Introduction
In today’s digital universe, web applications are the backbone of numerous businesses and services. Securing this application from cyber threats and attacks has become a high priority. To overcome these kinds of challenges, Oracle Cloud Infrastructure(OCI) offers a powerful and robust Web Application Firewall (WAF) solution. In this blog, we will explore the significance of WAF in OCI, its features, benefits, and how it can safeguard your web applications from malicious activities.
What is Web Application Firewall (WAF)?
A Web Application Firewall (WAF) is a security tool designed to protect web applications from various cyber threats, including cross-site scripting (XSS), SQL injection, and other crypto mining. By filtering, monitoring, and controlling web access requests, a WAF acts as a shield between web applications and potential attackers, mitigating potential risks and ensuring data integrity and confidentiality.
Why is WAF important in OCI?
Oracle Cloud Infrastructure’s WAF provides an essential layer of protection for your web applications hosted on the OCI platform. It complements the security measures implemented by traditional firewalls and intrusion detection systems, focusing specifically on web application layer vulnerabilities like HTTPS. Here’s why a Web application Firewall is crucial for your business:
Threat Mitigation: WAF actively identifies and mitigates OWASP’s Top Ten threats, such as injection attacks, XSS, and malicious bot traffic, protecting your applications from potential crypto mining and unauthorized access.
Scalability: WAF is designed to handle high-traffic and distributed application environments, ensuring that your web applications remain responsive and available even during peak loads.
Real-time Monitoring: The WAF in OCI provides real-time monitoring and logging of web application access, giving you valuable insights into potential threats and attacks on your applications.
Simplified Management: With easy-to-use configuration options and customizable rule sets, managing WAF policies in OCI becomes straightforward, allowing you to tailor protection based on your specific application needs.
Key Features of WAF in OCI
Customizable Rule Sets: OCI WAF allows you to create custom rule sets tailored to your application’s security requirements, giving you the flexibility to block, allow, or redirect traffic as needed.
IP Whitelisting and Blacklisting: You can specify IP addresses that are either allowed or blocked from accessing your web applications, adding an extra layer of security to your environment.
Protection Against OWASP Top Ten: WAF in OCI proactively identifies and blocks OWASP Top Ten threats, safeguarding your applications from known vulnerabilities.
Bot Management: OCI WAF can distinguish between legitimate user traffic and malicious bot traffic, ensuring your applications are protected from automated attacks.
SSL Termination: The WAF supports SSL termination, enabling secure communication between the clients and the WAF, even if your backend servers don’t handle SSL encryption.
WAF Policies:
A WAF policy is a predefined set of rules and configurations that administer the behavior of a Web Application Firewall. These rules dictate how the WAF should inspect, filter, and manage incoming web traffic to protect against various types of attacks. WAF policies enable organizations to align their security strategy to the unique requirements of their applications and business needs. There are several components for policies as listed below,
- Access Control:
Access control in a WAF policy involves defining rules and configurations that determine which entities are allowed or denied access to your web applications. This component focuses on managing the incoming traffic and ensuring that only legitimate users, services, or entities are granted access. Access control mechanisms include:
-
- Whitelisting and Blacklisting: Whitelists contain trusted sources that are explicitly allowed to access your application, while blacklists deny access to known malicious or unwanted sources.
- Geolocation-based Rules: You can allow, or block traffic based on the geographic location of the requester. This can be useful for targeting specific regions or preventing access from high-risk areas.
- User-Agent Filtering: Filtering requests based on user-agent headers helps identify and block requests from known malicious bots or user agents associated with certain attacks.
- Rate Limiting:
Rate limiting involves restricting the number of requests that a client or IP address can make within a specific timeframe. This component helps prevent brute-force attacks, scraping, and other types of abuse that can overwhelm your application. Rate limiting can be a crucial defense mechanism to ensure fair usage of your resources and protect against automated attacks.
- Protections:
Protections in a WAF policy encompass predefined rule sets and custom rules designed to safeguard your web applications from a variety of attacks. These rules are categorized based on security concerns and vulnerabilities they address. Common types of protections include:
-
- SQL Injection Protection: Detecting and blocking attempts to inject malicious SQL code into web application inputs to manipulate the database.
- Cross-Site Scripting (XSS) Protection: Preventing the execution of malicious scripts in users’ browsers by filtering or sanitizing input data.
- Cross-Site Request Forgery (CSRF) Protection: Mitigating unauthorized actions performed by users unknowingly through manipulated requests.
- File Inclusion Protection: Detecting and preventing unauthorized inclusion of files or resources from external sources.
- Bot Protection: Identifying and blocking automated bots and malicious crawlers that could be performing harmful actions on your site.
- Actions:
Actions refer to the responses taken by the WAF policy when a request matches one or more protection rules. Actions determine how the policy handles the incoming traffic that triggers a rule. Common actions include:
-
- Preconfigured Check Action: The action doesn’t stop the running of rules. Instead, the action check and generates a log message to verify manually for potential threats.
- Preconfigured Allow Action: The action, upon matching the rule, skips all remaining rules in the current module.
- Preconfigured 401 Response Code Action: Returns a defined HTTP response. The response code configuration determines the HTTP response that’s returned when this action is run.
Implementation of WAF Policies:
- Login to OCI Console, Navigate to Identity & Security, and select WAF.
Creating Policy:
- Select the Compartment and click “Create Policy”.
- Enter Basic Information (like Name and Compartment)
- Click the “Actions” arrow to add to the WAF policy as mentioned before.
- Click Next.
Configure Access Control
Under the “Access Control” section:
- Set up whitelists and blacklists for IP addresses, countries, and user agents to control access to your application.
- Create geolocation-based rules to allow or block traffic from specific regions.
Configure Rate Limiting Rules
In the “Rate Limiting” section:
- Set rate-limiting rules to restrict the number of requests a client or IP address can make within a certain time frame.
- Define limits based on request counts and time intervals.
Implementing Protection Rules
Under the “Protection Rules” section:
- Select predefined rule sets for various types of attacks, such as SQL injection, XSS, CSRF, etc.
- Enable custom rules to address specific threats unique to your application.
Define Actions
In the “Action Rules” section:
- Specify the actions to take when a request matches a protection rule.
- Choose actions as mentioned above.
Enforcement Point
- Under Add Firewalls, select a load balancer contained in the current compartment. Click Change Compartment to select load balancers from a different compartment.
- Click +Additional firewall to display another firewall row in which you can select another load balancer that the firewall is applied to. Click X to delete the associated header row.
Review and Create a Policy
Review the WAF policy settings before you complete the creation process. Each section corresponds to options that have been set up for the policy.
- Review each section for accuracy and completion. Click Edit in any section you want to make changes.
- Click Create WAF policy.
Conclusion
In conclusion, the Oracle Cloud Infrastructure’s Web Application Firewall (WAF) emerges as a pivotal solution in fortifying digital assets against an evolving cyber threat landscape. The array of features, from customizable rule sets to real-time threat intelligence, underscores WAF’s adaptability to diverse security needs. The implementation of WAF policies is a strategic imperative, enabling precise traffic filtering and rule enforcement. As businesses navigate the complexities of the modern online realm, embracing WAF within OCI equips them with a robust defense mechanism.