Forum Stats

  • 3,838,561 Users
  • 2,262,383 Discussions
  • 7,900,687 Comments

Discussions

FRM-92103 & FRM-92104 Error when using AKAMAI

Peco
Peco Member Posts: 5 Green Ribbon
edited Jun 1, 2022 1:26PM in Forms

Dears,

we have a web application developed through Oracle Forms that must be exposed in the web through a Web Application Firewall from AKAMAI. Unfortunately, with AKAMAI implemented, we are not able to perform the login to the application obtaining error FRM-92104 as per below image (without AKAMAI we are able to connect). We are using AKAMAI standard setup already working with a lot of other application (oracle apex included).

Consider that we have no Load Balancer in place. Can anyone help us? Is it possible in your opinion to run an Oracle Form APP with AKAMAI WAF as protection layer?

Error FRM-92104 is obtained after we configured the retries parameter in http.d conf. Without the insertion of those retries parameter the error obtained is FRM-92103.

Answers

  • Michael Ferrante-Oracle
    Michael Ferrante-Oracle Senior Principal Product Manager USMember Posts: 7,309 Employee

    ...retries parameter in http.d conf

    Can you be specific as to what you changed, how you changed it, what you changed it to, and where you changed it?

    Also, please indicate exactly which Forms version are you using. Include the complete version and not something like "12c", "10g" etc.

    If you have security software (or any software or proxy) that is altering the contents of the URL or cookies set by the app request, a failure like this could occur.


    Michael Ferrante

    Senior Principal Product Manager

    Oracle

    Twitter: @OracleFormsPM

  • Peco
    Peco Member Posts: 5 Green Ribbon
    edited Jun 6, 2022 3:05PM

    Dear Michael,

    first of all thank you for your reply! Please find below the info required:

    • Weblogic is version 12.2.1.4

    We modified standard Weblogic mod_wl_ohs.conf and httpd.con file following suggestions mentioned at this links recovered in the oracle community:

    Even without this modification the error occurred with AKAMAI WAF implemented only.

    You wrote "If you have security software (or any software or proxy) that is altering the contents of the URL or cookies set by the app request, a failure like this could occur". Does it mean that we are losing our time trying to publish an Oracle Forms app with AKAMAI WAF Implemented? Can we make it works in your opinion?

    Thank you!

  • Michael Ferrante-Oracle
    Michael Ferrante-Oracle Senior Principal Product Manager USMember Posts: 7,309 Employee

    You wrote "If you have security software (or any software or proxy) that is altering the contents of the URL or cookies set by the app request, a failure like this could occur". Does it mean that we are losing our time trying to publish an Oracle Forms app with AKAMAI WAF Implemented? Can we make it works in your opinion?

    As I stated, you likely have an issue where security software is altering the requests OR a network configuration issue. It is certainly possible something else is causing the problem but based on the limited information you provided, I would start by investigating my suggestions.

    Also, you still have not explained what you mean by this statement:

    retries parameter in http.d conf

    There is no "retries" parameter, that I know of which can be set in an OHS .conf file.


    Michael Ferrante

    Senior Principal Product Manager

    Oracle

    Twitter: @OracleFormsPM

  • Peco
    Peco Member Posts: 5 Green Ribbon

    Dear Michael,

    We added the network retries in formsweb.cfg (not in http.d conf sorry). Then we modified http.d and ohs.conf files as described in previous post. In summary we obtain below results:

    • With AKAMAI implemented and no network retries we obtained error FRM-92103.
    • With AKAMAI implemented and network retries added in formsweb.cfg we obtained error FRM-92104
    • Without AKAMAI we have never errors (regardless the modification we did on formsweb.cfg, httpd.conf and OHS.conf files).

    Considering above we assume that the issue is due to AKAMAI but the setup done with AKAMAI is the same we use with all other oracle products. Is there any setup we should implement in our forms or weblogic configuration that could help us to solve this issue in your opinion? Should we consider to use another way to "protect" our application?

    Thank you again!

    Marco Pecoraro

  • Michael Ferrante-Oracle
    Michael Ferrante-Oracle Senior Principal Product Manager USMember Posts: 7,309 Employee

    Sorry, but I cannot comment on AKAMAI as I am not familiar with it or how it works. If you are unfamiliar with troubleshooting network issues, you should contact them as they may be able to assist. My suspicion is that they are either removing or changing cookies we set or removing or changing other session information we set. As an example, JSESSIONID is send to the client upon creating the session on the server (after the initial request). If this is removed or altered, an error like what you are seeing is likely. Consider that the sessionID is used to ensure that the request is returned to the correct server and the correct process running on that server. Without that information the request becomes orphaned and you end up with an error as you indicated. I am not saying this IS the cause of your issue. I am just saying it is possible.


    Michael Ferrante

    Senior Principal Product Manager

    Oracle

    Twitter: @OracleFormsPM

  • Peco
    Peco Member Posts: 5 Green Ribbon

    Thank you again for the precious information you gave us! I will check and let you know.

    In the meantime only one final question in case we are not able to solve. How do you suggest we could protect the web exposure of our Oracle APP Forms without AKAMAI?

    Thank you again! I really appreciate your effort in helping us.

    Marco

  • Michael Ferrante-Oracle
    Michael Ferrante-Oracle Senior Principal Product Manager USMember Posts: 7,309 Employee

    Again, I know nothing about AKAMAI so I cannot compare what it does to an alternative. However, I can offer these tips to ensure the highest degree of security:

    • Be sure to enable SSL/TLS
    • Be sure you are using the latest version of the Fusion Middleware software (currently 12.2.1.4)
    • Ensure you regularly install the quarterly security patches (CPU) if available. There are separate patches for each component (e.g. Forms, WLS, OHS, Java, etc), so be sure to carefully review availability.
    • Be sure to install the Forms QPR as they are released (quarterly). You can follow this Community Forum thread for the latest information, without having to log into MyOracleSupport: https://community.oracle.com/tech/developers/discussion/4494579/oracle-forms-12-2-1-4-patch-availability-news
    • If you use a proxy server (e.g. OHS or similar) in front of WLS, be sure that users cannot access WLS directly. Be sure that all managed server ports are blocked, to include the Admin Server.



    Michael Ferrante

    Senior Principal Product Manager

    Oracle

    Twitter: @OracleFormsPM

  • Peco
    Peco Member Posts: 5 Green Ribbon

    Thanks a lot Michael!

    I wil write if further support is needed.

    Best regards,

    Marco