top of page

Part 4: Building a short end-to-end environment in OCI

In Part 3 - https://www.letsdosometech.com/post/part-3-building-a-short-end-to-end-environment-in-oci we have covered the building of Compute instances, Load balancer, DB System


Areas covered so far -


- Building Compartments. ( Completed in Part 1 )

- Building VCN’s. ( Completed in Part 2 )

- Building Compute instances. ( Completed in Part 3 )

- Building Load Balancer. ( Completed in Part 3 )

- Building DB Systems. ( Completed in Part 3 )

- Create domain zones.

- Create WAF.

- Create VCN Flow logs.

- Create Load balancer Logging.

- Create object storage & replication policies.

- Create resources in secondary region.

- Create DRG’s in both regions.

- Remote peering connections.

- Validate connectivity between both regions.


Let's start this part with managing Domain zones and creating WAF.


Domain Zones:


Pre-requisite & Assumptions:

  • There's already a domain bought through any 3rd party provider, for example - GoDaddy.

Agenda:

We are going to create a domain zone in OCI and alter the name servers in GoDaddy with the name servers created in OCI to have the domain hosted in OCI.


Let's start with creating a zone in OCI -

Networking -> DNS Management -> Zones


Step 1: Create a Zone manually -



Once created, we can find the complete details of the zone -


Step 2: Gather the name server details under this zone.

Step 3: Logon to the domain provider and steer to the Managing Domain page where we get the name server details.

Step 4: Replace the name server details in the Domain Server page with the details from the zone hosted in OCI.

Step 5: Once updated, the domain is now hosted in zones in OCI.


Add this domain to the load balancer created for Tomcat:


Create an A record for the DNS to point to the IP of Load Balancer -


Publish the changes


Following would be the details once updated -



Now let's try hitting the URL which we just tagged to the LB ( sample.solofalcon.com )



Tada !! We are now able to tag it successfully. This is how we host a zone and create a record, tag it to one of our Load balancers.


Web Application Firewall:


Next, let's talk about adding a WAF policy to the Load balancer for making it secure from rogue connections. In this article, we shall take a small example of restricting the access to the LB/site from a specific country (India in our example) and see whether tagging the policy have restricted the users to access the site.


Steer to Identity & Security -> WAF and create as follows -



Add an access rule with condition for connections from country India.


Propose the action of "401 unauthorized"


Add protection rules, capabilities as required. Here I am just adding two basic capabilities which are SQL Injections & Cross site scripting attempts.




Now, as all the rules are ready let's tag it to a resource which is our LB in this case and publish the policy



Once the policy is set, let's try hitting the URL and see what we get -




Here we go !! We are getting the expected error as we have restricted the access form India ( from where we are trying to access the URL) and the WAF policy works.



Let's meet back in the next part of the article to talk about VCN flow logs, LB logs & many more.


Rest of the parts can be accessed through -


Comments


Drop Me a Line, Let Me Know What You Think

Thanks for submitting!

copyrights @letsdosometech.com

bottom of page