Categories
- All Categories
- Oracle Analytics and AI Learning Hub
- 34 Oracle Analytics and AI Sharing Center
- 22 Oracle Analytics and AI Lounge
- 276 Oracle Analytics and AI News
- 47 Oracle Analytics and AI Videos
- 16.1K Oracle Analytics and AI Forums
- 6.3K Oracle Analytics and AI Idea Labs
- Oracle Analytics and AI User Groups
- 99 Oracle Analytics and AI Trainings
- 16 Oracle Analytics and AI Challenge
- Find Partners
- For Partners
OAS DV embed fails behind HTTPS WAF due to mixed content (HTTP JS includes)
Hello,
I have Oracle Analytics Server (OAS) where a DV workbook is embedded into an OAS dashboard.
Everything works fine when accessing OAS directly via http://server:9502.
We placed a WAF in front of OAS and now access it via an HTTPS URL.
The WAF terminates HTTPS and forwards traffic to OAS over HTTP (9502).
OAS itself has no SSL configured.
When accessing the dashboard through the HTTPS WAF URL, the DV embed fails due to mixed content errors:
- The page is loaded over HTTPS
- embedding.js generates HTTP URLs for additional JS resources
- Browsers block these HTTP includes
It seems OAS generates resource URLs based on its internal HTTP protocol, not the external HTTPS request.
Questions:
- Is there a supported way to tell OAS it is behind an HTTPS reverse proxy / WAF?
- Can OAS be configured to always generate HTTPS URLs for DV embedded resources?
Thanks in advance.
Answers
-
Hi,
Did you configure your WAF with the extra headers to let OAS know it is acting as ssl offloading proxy in front of your OAS?
Typically the header "WL-Proxy-SSL" with a value of "true" should be used to tell OAS that your proxy (your WAF) is doing the SSL job and terminate the SSL connection there.
If you didn't configure your OAS to be used with a proxy in front, you can find all the steps required, including the handling of the SSL that you are facing, in
0
