1. Using Oracle Database Exadata Express Cloud Service
  2. Manage Vanity URLs for Exadata Express Hosted Applications
  3. Configure Vanity URLs
  4. Configure an IP Whitelist Policy

Configure an IP Whitelist Policy

By default, your Oracle Cloud Infrastructure Load Balancing Classic (LBaaS) instance permits inbound traffic from all internet clients. Therefore, all internet clients are able to reach APEX applications and REST services hosted in your Exadata Express instance. To limit access to your Exadata Express instance only to a few trusted clients, such as your company office or your other SaaS or PaaS instances, you must define an IP whitelist policy in your LBaaS instance. This step is optional.

To configure an IP whitelist:
  1. Access your LBaaS instance through the service console.
  2. Click the Policies page.
  3. Create a new Resource Access Control Policy.

    • For Disposition, select Deny-All to restrict access to everybody unless their IP address is explicitly defined in this policy.

    • For Permitted Clients, enter the list of IP addresses or CIDR ranges identifying clients to accept requests.

  4. Open the Listeners page and edit the listener you created in Configure Oracle Cloud Infrastructure Load Balancing Classic Instance.

    • For Policies, select Resource Access Control Policy created in Step 3 in addition to the existing Trusted Certificate Policy.

  5. From the Exadata Express service console, open the Vanity URL dialog and select Disable Application Express and REST access using the default oraclecloudapps.com URL. Save the vanity URL configuration.
You have successfully configured an IP whitelist policy for your LBaaS instance and Exadata Express instance. Clients who are not listed in this policy receive a 403 Forbidden error when they attempt to access your vanity URL.

See Also:

Creating Policies for a Load Balancer in Using Oracle Cloud Infrastructure Load Balancing Classic