Oracle Waf4Saas with LBAC
We’re seeking clarification on how geo-location restrictions behave in WAF4SaaS under different configuration scenarios:
Scenario 1: If we configure WAF4SaaS to “allow access” only from Canada, will access from all other countries be automatically blocked by default, even if they are not explicitly listed?
Scenario 2: If a client wants to block access specifically from France and Japan, will WAF4SaaS restrict only those two countries and allow access from all other locations by default?
The reason is we have LBAC enabled and access to the expense module is Public, meaning that they can access this anywhere. If Waf4Saas is enabled in that instance, will users still be able to log in and access the expense module from ANYWHERE in that instance?