Securing Access to Resources
This section describes the additional tasks you must perform to secure access control with the Proxy Server, after enabling distributed administration.
Securing Access to Server Instances
To configure the Proxy Server to control access to server instances, edit the server-root/httpacl/*.proxy-admserv.acl files to specify the user to whom you want to grant access control privileges. For example:
acl "proxy-server_instance"; authenticate (user,group) { database = "default"; method = "basic"; }; deny absolute (all) user != "UserA";
Enabling IP-Based Access Control
If the access control entry that refers to the ip attribute is located in the ACL files related to the Administration Server (gen*.proxy-admserv.acl), complete Steps 1 and 2 below.
If the access control entry that refers to the ip attribute is located in the ACL files related to a server instance, complete only Step 1 below for that particular ACL.
To Enable IP-Based Access Control
-
Edit the server-root/httpacl/gen*.proxy-admserv.acl files to add ip to the authentication list, in addition to user and group, as shown below:
acl "proxy-admserv"; authenticate (user,group,ip) { database = "default"; method = "basic"; };
-
Add the following access control entry:
deny absolute (all) ip !="ip_for_which_access_is_allowed";
For example:
acl "proxy-admserv"; authenticate (user,group,ip) { database = "default"; method = "basic"; }; deny absolute (all) ip !="205.217.243.119";
- © 2010, Oracle Corporation and/or its affiliates