6 Replies Latest reply on Jul 31, 2020 8:11 PM by AndyH

    Ability to block access to apex app from ords

    akin.f

      Hello all,

       

      Is there any way, using ORDS, to block access to one or more apex applications. And if not does anyone have a recommended method for achieving this?

       

      Regards

        • 1. Re: Ability to block access to apex app from ords
          jariola

          akin.f wrote:

           

          Hello all,

           

          Is there any way, using ORDS, to block access to one or more apex applications. And if not does anyone have a recommended method for achieving this?

           

          Regards

          I'm not aware there is way in ORDS.

           

          You can lock APEX application by changing status. Workspace isolation might be what you are looking for.

          Use HTTPD or other web server front of ORDS and you can easily create e.g. rewrite rules to block specific application.

          • 2. Re: Ability to block access to apex app from ords
            Nazbit

            I think that the solution is to do this via apex workspace configuration.

             

            Lets say you have the following setup:

             

            2 x APEX apps in separate workspaces on the same PDB

            APEX App A in workspace A

            APEX App B in workspace B

             

            Set A.domain.com to resolve to ords server A

            Set B.domain.com to resolve to ords server B

             

            By default at this point it will be possible to access both apps from both ords servers which is not what you want.

             

            But then set the "Allow Hostnames" attribute for Workspace A to a.domain.com

            And for workspace B to B.domain.com.

             

            Then I think app A can only be accessed through ords A.

             

            If we tried to access App A through ords server B the hostname will fail validation.

            • 3. Re: Ability to block access to apex app from ords
              EJ-Egyed

              I also do not know of a way to do this using ORDS, but you can build your own hostname validation within APEX if you would like.  One option is to check the hostname that the user is attempting to use upon page load and redirect them if it is incorrect.

               

              As an example, here is a dynamic action I have set up on Page 0 of an APEX application.

               

               

               

              Using this setup, any page that attempts to get accessed in my application will make sure that the hostname is localhost.  If the application attempts to get accessed using a host that is not localhost, then they will be redirected to https://www.oracle.com, but instead, you can just redirect users to the host or URL that they should be using.

               

              If all your pages require authentication then you can just put the validation on the login page so this javascript is not run on every page load if you use page 0.

              • 4. Re: Ability to block access to apex app from ords
                jariola

                EJ-Egyed wrote:

                 

                I also do not know of a way to do this using ORDS, but you can build your own hostname validation within APEX if you would like. One option is to check the hostname that the user is attempting to use upon page load and redirect them if it is incorrect.

                 

                As an example, here is a dynamic action I have set up on Page 0 of an APEX application.

                 

                 

                 

                Using this setup, any page that attempts to get accessed in my application will make sure that the hostname is localhost. If the application attempts to get accessed using a host that is not localhost, then they will be redirected to https://www.oracle.com, but instead, you can just redirect users to the host or URL that they should be using.

                 

                If all your pages require authentication then you can just put the validation on the login page so this javascript is not run on every page load if you use page 0.

                End users can always go around JavaScript solutions. You can do same in server side and use e.g. apex_util.redirect_url

                • 5. Re: Ability to block access to apex app from ords
                  Olafur T

                  Hi,

                   

                  1. Upgrade to APEX 20.1 and get the Friendly urls, modify your app to use the friendly urls.

                  2. Use a dedicated front-end like NGINX or Apache and a single VLAN between it and the weblogic/tomcat running ORDS.

                  3. Put a location block to deliver a 403 for the applications you don't want accessible

                   

                  Something like (nginx syntax):

                  location /ords/workspace/r/mysecretapp {

                    allow 192.168.1.1/24;

                    deny all;

                  }

                   

                  Allows everyone from the 192.168.1.* to access and none other.

                   

                  regards

                  Olafur

                  • 6. Re: Ability to block access to apex app from ords
                    AndyH

                    ORDS can't do this, you'll need to use the web server/proxy server to do this.