My Oracle Support Banner

Restricting Access To The AS Console To A Given IP Address Range Is Not Working (Doc ID 886783.1)

Last updated on MARCH 23, 2020

Applies to:

Enterprise Manager for Fusion Middleware - Version 10.1.2.0.2 to 10.1.2.3.0
Information in this document applies to any platform.

Symptoms

For security reasons you may want to restrict the access to the Application Server Console (AS Console) page so just client browsers from a specified Internet Protocol Address (IP address) range can connect to it.

Following the Chapter 6 - Configuration File Descriptions from the Oracle® Application Server Containers for J2EE Servlet Developer's Guide 10g Release 2 (10.1.2) to set it up the configuration is not working as expected.  The restriction only works for the first  IP address, but does not work for the whole range.

e.g. These are the lines you need to add to <ORACLE_HOME>/sysman/j2ee/application-deployments/em/default/orion-web.xml  to restrict access to AS Console to localhost and ip1 to ip2, according to the documentation.

<access-mask default="deny">
<ip-access ip="<ip1>" netmask="<ip>" mode="allow"/>
<host-access domain="localhost" mode="allow"/>
</access-mask>



 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.