OCI Web Application Firewall

OracleSecurity

Layer-7 protection against OWASP Top 10 attacks (SQLi, XSS, RCE), bot traffic, and DDoS at the application layer. Edge-deployed for global protection or regional for backend-fronted apps.

Jurisdictional exposure

Provider HQ
USAustin, USA

Subject to CLOUD Act, FISA-702, DPF

Region locations
APACEEAEUUKUSOther58 regions across 6 jurisdictions
Sovereign option
Yes — 12 sovereign-flagged regions available

Attributes

Ga Year
2019

Sub-services (3)

Managed Rule Sets

Oracle-maintained protection signatures against OWASP Top 10 and known CVEs

Bot Management

Reputation-based and behavioural detection for bad bots; CAPTCHA challenges

Rate Limiting

Per-IP / per-token rate limits to defend against credential-stuffing and scraping

Compliance & Certifications

This service is attested for the following frameworks. Always verify with the provider before relying on a specific compliance posture.

Where this runs

58 regions
27 countries
12sovereign
Sovereign regions (12)
  • EU Sovereign Spain (Madrid) · MadridOracle EU Sovereign Cloud
  • EU Sovereign Germany (Frankfurt) · FrankfurtOracle EU Sovereign Cloud
  • US Gov East (Ashburn) · AshburnOracle US Government Cloud
  • US Gov West (Phoenix) · PhoenixOracle US Government Cloud
  • US Federal (Ashburn) · AshburnOracle US Government Cloud
  • US Federal (Chicago) · ChicagoOracle US Government Cloud
  • US Federal (Phoenix) · PhoenixOracle US Government Cloud
  • US DoD East · AshburnOracle DoD Cloud (US)
  • US DoD Central · ChicagoOracle DoD Cloud (US)
  • US DoD West · PhoenixOracle DoD Cloud (US)
  • UK Government (London) · LondonOracle UK Government Cloud
  • UK Government (Newport) · NewportOracle UK Government Cloud
Commercial regions (46)

Europe (12)

  • France South (Marseille)
  • France Central (Paris)
  • Germany Central (Frankfurt)
  • Italy Northwest (Milan)
  • Italy North-West (Turin)
  • Netherlands Northwest (Amsterdam)
  • Serbia Central (Jovanovac)
  • Spain Central (Madrid)
  • Sweden Central (Stockholm)
  • Switzerland North (Zurich)
  • UK South (London)
  • UK West (Newport)

North America (8)

  • Canada Southeast (Montreal)
  • Canada Southeast (Toronto)
  • Mexico Northeast (Monterrey)
  • Mexico Central (Querétaro)
  • US East (Ashburn)
  • US Midwest (Chicago)
  • US West (Phoenix)
  • US West (Salt Lake City)

South America (5)

  • Brazil East (São Paulo)
  • Brazil Southeast (Vinhedo)
  • Chile Central (Santiago)
  • Chile West (Valparaíso)
  • Colombia Central (Bogotá)

Asia (11)

  • India South (Hyderabad)
  • India West (Mumbai)
  • Indonesia Central (Batam)
  • Japan Central (Osaka)
  • Japan East (Tokyo)
  • Malaysia Central (Kulai)
  • Malaysia West 2 (Kulai)
  • Singapore (Singapore)
  • Singapore West
  • South Korea North (Chuncheon)
  • South Korea Central (Seoul)

Oceania (2)

  • Australia Southeast (Melbourne)
  • Australia East (Sydney)

Middle East (6)

  • Israel Central (Jerusalem)
  • Saudi Arabia West (Jeddah)
  • Saudi Arabia Northwest (NEOM)
  • Saudi Arabia Central (Riyadh)
  • UAE Central (Abu Dhabi)
  • UAE East (Dubai)

Africa (2)

  • Morocco Central (Casablanca)
  • South Africa Central (Johannesburg)

Tags

Equivalent services on other platforms

Alibaba Web Application FirewallAlibaba

Managed WAF protecting web apps from OWASP Top 10 attacks, bot traffic, API abuse, and data scraping, with global and China regional deployment, custom rule engine, and unified consoles across Anti-DDoS and Security Center

AWS WAFAWS

Web application firewall that protects against common exploits with managed rule groups, custom rules, rate-based rules, Bot Control, and CAPTCHA challenges

AWS ShieldAWS

Managed DDoS protection service with always-on Standard tier for CloudFront and Route 53 edge, and Advanced tier adding 24/7 DDoS Response Team access, cost protection, and enhanced Layer 7 detection

Azure DDoS ProtectionAzure

Managed Distributed Denial-of-Service protection for Azure resources with always-on traffic monitoring, adaptive real-time tuning, cost-guarantee protection against scale-out attacks, and integration with Azure Monitor for attack analytics and telemetry

Cloudflare Bot ManagementCloudflare

Machine-learning bot classification at the edge — scores every request 1-99 and exposes that to WAF rules. Distinguishes search-engine crawlers, scrapers, credential-stuffing tools, and headless browsers without breaking legitimate automation.

Cloudflare API ShieldCloudflare

API-specific security layer — schema validation, mTLS client authentication, rate-limiting per JWT subject, sensitive-data detection in responses, and API discovery / inventory that auto-surfaces unknown endpoints.

Cloudflare WAFCloudflare

L7 web application firewall protecting against OWASP Top 10 risks with Cloudflare-managed rule sets, custom expression-based rules, exposed-credentials detection, rate-limiting integration, and machine-learning attack-score signals tuned across the global traffic graph

Cloud Temple Anti-DDoSCloud Temple

Volumetric and application-layer DDoS protection for services hosted on Cloud Temple, with sub-second detection and automated mitigation across the SecNumCloud-qualified perimeter

Gcore WAAPGcore

Web application and API protection with OWASP rule sets, bot management, API schema enforcement, and rate limiting — delivered at the CDN edge with a single configuration surface

Cloud ArmorGCP

Edge DDoS protection and web application firewall with managed rule sets for OWASP Top 10, adaptive bot protection, and reCAPTCHA Enterprise integration

Huawei Web Application FirewallHuawei

Managed web application firewall with OWASP Top 10 rule sets, bot management, anti-crawler, CC (challenge-collapsar) attack mitigation, custom rule engine, and regional deployment with integrated DDoS protection

Web Application FirewallT Cloud

L7 web application firewall protecting against OWASP Top 10 risks — SQL injection, XSS, command injection — with managed rule sets, custom rules, IP allow/block lists, and bot-detection heuristics tuned for OTC-hosted apps

Pricing

Pricing model:usage-based