Oracle Exam 1Z0-1104-23 Topic 1 Question 18 Discussion

SOLUTION:

From the navigation menu, select Identity & Security. Navigate to Web Application Firewall and click Policies under it.

In the left navigation pane, under List Scope, select the working compartment from the drop-down menu.

Click the IAD-SP-PBT-WAF-01_99233424-lab.user01 WAF policy to add a protection rule.

On the policy details page, click Protections under Policy.

In the Protection section on the console, click Manage request protection rules.

Click Add Request Protection Rule.

In the Add protection rule dialog box, enter the following details:

a) Name: WAF-PBT-XSS-Protection

b) Conditions: Do not add any condition.

c) Under Rule action - Action name: Select Create New Action from the drop-down menu.

In the Add Action dialog box, enter the following details:

a) Name: WAF-PBT-XSS-Action

b) Type: Return HTTP Response

c) Response code: Select ''503 Service unavailable'' from the drop-down menu.

d) Response page body: Type ''Service Unavailable: Web Server is secured against XSS attacks.''

e) Click Add action.

Under Protection Capabilities, click Choose protection capabilities.

In the Choose protection capabilities dialog box, complete the following:

a) Filter by tags: Type ''xss'' and press Enter.

b) Filter by version: Latest

c) Protection list: Check all protections. Select the check box in the header to add all.

d) Click Choose protection capabilities.

e) Review and click Add request protection rule.

f) Click Save Changes in the Manage Request Protection Rules dialog box.

The rule you created appears in the list. The WAF policy will update and get back to Active state.