This discussion is archived
3 Replies Latest reply: Dec 5, 2012 7:52 PM by Prabodh RSS

restrict applications served by DMZ listener

snmdla Explorer
Currently Being Moderated
Hi,

with an Apex Listener running in the DMZ, how can I restrict the applications available?
It seems that if I open up an instance, all the instance's apps are available to the outside.
We would like to enable only selected applications.

Thanks in advance, Tom
  • 1. Re: restrict applications served by DMZ listener
    Prabodh Guru
    Currently Being Moderated
    Tom,
    with an Apex Listener running in the DMZ, how can I restrict the applications available?
    It seems that if I open up an instance, all the instance's apps are available to the outside.
    We would like to enable only selected applications.>

    Very unlikely that you will be able to block applications using DMZ/Firewall/Router settings. They all work on layer3 and below. You need something that works at the application layer.
    One common way is to use Apache (not necessarily OHS) , located in the DMZ, that is configured to allow/block urls. This can be achieved using the Rewrite rules (aka Reverse Proxy) on Apache.

    Cheers,
  • 2. Re: restrict applications served by DMZ listener
    snmdla Explorer
    Currently Being Moderated
    Prabodh,

    thanks. I feel that the setup of Oracle database with fronted APEX listener, running on glassfish application server, is complex enough :-)

    Wouldn't like to front another component, also because the port if already used by glassfish.

    Would it be possible to check the client IP at application level? I see only instance wide settings for restricting access by IP.

    But, as there may only be one APEX instance per Oracle database, setting up another instance also is no option.

    So the issue is still open ...

    Regards, Tom
  • 3. Re: restrict applications served by DMZ listener
    Prabodh Guru
    Currently Being Moderated
    thanks. I feel that the setup of Oracle database with fronted APEX listener, running on glassfish application server, is complex enough :-)
    Wouldn't like to front another component, also because the port if already used by glassfish.
    >
    If you do not want it then you do not want it. Nothing to do with ports.
    >
    Would it be possible to check the client IP at application level? I see only instance wide settings for restricting access by IP.

    But, as there may only be one APEX instance per Oracle database, setting up another instance also is no option.>
    See http://docs.oracle.com/cd/B14117_01/appdev.101/b10802/w_util.htm#997271 . REMOTE_ADDR contains the client IP.

    Cheers.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points