Securing OIDDAS at OAS 10g

March 11, 2008  |  dba, security

Oracle Application Server is one of the most complete application servers on the market. Here, I work with Forms, Reports and SSO. Our customers rely on Internet to run our apps, but as you know Internet is a space somehow like Bronx in the 80’s.

I tried to find a solution to forbid access to oiddas (Oracle Directory Services) beside the access on the local server. I tried some posts at OTN but that couldn’t find anything… So i figure a solution my self! It relies on Apache Directives:

Go to the Enterprise Manager page of the infrastructure and at the HTTP Server Administration edit the httpd.conf and add this:

...

Order deny, allow
Deny from all
Allow from localhost, servername

...

I hope this can help anyone out there.


1 Comment


  1. With the webcache in the DMZ the webcache passes its own ip back to the infrastructure, so this effectively blocks everything even attempted access from localhost since it’s rewrote to go through the webcache.

    Since the infrastructure is behind the firewall anyway it would be ideal if we could stop this at the webcache, but the oracle webcache site mapping seems to happen before apache gets a chance to process it with a location directive.

Leave a Reply