About Allowlists
An allowlist lets you limit inbound access to Oracle Integration and File Server. Only requests from specified locations are passed through to Oracle Integration. Allowlist restrictions are in addition to the standard authorization mechanisms, such as user credentials, which are always in place.
An Allowlist Manages Inbound Access
The allowlist restricts only inbound access to Oracle Integration and/or File Server. If you want to control outbound access to Oracle Integration, see Configure a Private Endpoint for Your Instance.
Your instance allowlist lets you manage inbound access to Oracle Integration and/or File Server for the following entities:
- Your organization's VCN, through the service gateway, if you have one
- Specified partner networks and applications, specified by IP addresses or CIDR blocks
- SOAP requests
- REST requests that aren't handled by an API gateway, if you're using one
- If you're using an API gateway:
- Design-time, Visual Builder, and Process Automation bypass the API gateway, meaning the API gateway doesn't redirect those access points.
- Add the API gateway's VCN to the Oracle Integration allowlist. The API gateway manages access for all REST traffic in that VCN. Only calls from APIs deployed to the API gateway are passed through to Oracle Integration. See Manage Integration Endpoints Using API Gateway.
Allow Access from Specified Network Sources
An allowlist restricts access to any of the following network sources:
- Single IP address
- Classless Inter-Domain Routing (CIDR) block (that is, an IP address range)
- Virtual Cloud Network Oracle Cloud ID (VCN OCID)
Only the specified IP addresses, CIDR blocks, and VCN OCIDs can access Oracle Integration and File Server. Users and systems accessing Oracle Integration and File Server from listed VCNs have full access.
Additionally, your organization might have a service gateway. The service gateway lets your VCN privately access Oracle Integration without exposing the data to the public internet.
Things to Keep in Mind
- All or nothing
The rules allow for all-or-nothing access and don't allow for more nuanced control.
For example, if an IP address or CIDR block is allowlisted, all traffic from that location is granted access, even if someone using an allowed IP address passes SQL as a command line parameter.
- Number of access rules
You're limited to 15 access rules for Oracle Integration and 15 for File Server.
However, a CIDR block counts as only 1 entry, so you might not need more than 15 rules.
- File Server
You must enable File Server before you can create rules for File Server.