Oracle Cloud Infrastructure Web Application Firewall (WAF) is a cloud-based security service that protects web applications from malicious internet traffic and common web attacks. The service operates through the following key functionalities: - Implements threat intelligence aggregation from multiple sources including WebRoot BrightCloud - Enforces over 250 predefined rules covering OWASP, application, and compliance-specific requirements - Provides access control mechanisms based on geolocation, IP addresses, HTTP URLs, and headers - Features bot management capabilities using JavaScript verification, CAPTCHA, device fingerprinting, and human interaction detection - Enables protection deployment at both OCI edge locations and on internal/external load balancers - Supports applications hosted in Oracle Cloud Infrastructure, on-premises environments, and multi-cloud setups The WAF service includes: - PCI compliance capabilities - Integration with Oracle Flexible Load Balancer - Protection for both HTTP and HTTPS traffic - Defense against OWASP Top 10 vulnerabilities - Monitoring and detection of malicious traffic sources - Support for protecting Oracle Fusion Applications - Layer-7 security controls for public and private-facing applications The service operates on a flexible pricing model with initial free tier offerings for non-government customers, including the first WAF instance and usage up to 10 million requests per month.