John’s Oracle Experiences

My everyday experiences with Oracle products

Archive for the ‘Apex’ Category

Protect your public APEX admin site when using an apache reverse proxy

Posted by John Paul van Helvoort on November 20, 2009

To catch all traffic which requests an APEX admin page like 4550 , you can include these RewriteRules in your Apache Reverse Proxy configuration.
When not set on the first entry point ( in this case the reverse proxy ), you might run into the problem that all traffic received on your back-end server seem to come from an internal adres( your reverse proxy server)
and can therefor not be filtered using the build-in security feature in APEX. So be implementing these rules your site can be made more secure again.


# Set Engine on
RewriteEngine On

# 403 error will be thrown if met
# exclude the password change page for apex users
RewriteCond %{REQUEST_URI}%{QUERY_STRING} !/(apex|builder)/f?p=4155:.*
RewriteCond %{REQUEST_URI}%{QUERY_STRING} /(apex|builder)/f?p=(4[0-9]{3}:.*)
# Making it available still from 127.0.0.1 and 10.0.0.x
RewriteCond %{REMOTE_ADDR}        !^(127\.0\.0\.1|10\.0\.0\.[0-9]{1,3})$

# Else , let request go threw
RewriteRule /(apex|builder)/ - [F]

If you want to catch these 403 errors and show a nice error message for it, you can set these lines aswell


  alias /error /srv/www/htdocs/error

  ErrorDocument 403 /error/forbidden.html

Now place a forbidden.html file in /srv/www/htdocs/error/ and you are all set.

Posted in Apache, Apex, Linux | Leave a Comment »

Generating FlashChart interactive reports on Apex fails with Flash Security Error

Posted by John Paul van Helvoort on November 6, 2009

After switching our Embedded Gateway to an Apache front-end using modplsql.
We are faced with an error while loading interactive reports using FlashChart.

As we are using a Reverse Proxy to route the traffic to our internal servers , this is actually the cause of our problem for interactive report to show successfully.

In order to overcome this behavior , we added the following lines to our $ORACLE_APACHE_HOME/ohs/modplsql/dads.conf file in between the “Location” definition:

PlsqlCGIEnvironmentList HTTP_HOST=xxx.yenlo.nl

PlsqlCGIEnvironmentList REQUEST_PROTOCOL=http

xxx.yenlo.nl being our public adres for outside and “http” being our protocol.

Restart your apache services by executing :

[apache] xxx:bin> ./opmnctl stopall
opmnctl: stopping opmn and all managed processes…
[apache] xxx:bin> ./opmnctl startall
opmnctl: starting opmn and all managed processes…

Now your FlashChart should show up successfull again !

Posted in Apex, Application Server | Leave a Comment »