3.4.2 Configuring HTTP Protocol Attributes
Determine HTTPS requirements for an Oracle APEX instance and all related applications.
Note:
Require HTTPS makes APEX unreachable by the HTTP protocol. Before enabling this setting, ensure that the HTTPS protocol is enabled and configured correctly on your server.
- About SSL
Secure Sockets Layer (SSL) is a protocol for managing the security of data transmitted on the Internet. For web applications, SSL is implemented by using the HTTPS protocol. Oracle recommends running APEX applications using SSL (HTTPS protocol) to prevent any sensitive data from being sent over an unencrypted (cleartext) communication channel. - Requiring HTTPS
Configure both the APEX instance and all related applications to require HTTPS by configuring the Require HTTPS and Require Outbound HTTPS attributes. - Reversing Require HTTPS
If you enable Require HTTPS, an Instance administrator can disable it by running the following SQL statements. - Reversing Require Outbound HTTPS
If you enable Require Outbound HTTPS, an Instance administrator can disable it by running the following SQL statements. - Configuring Additional Response Headers
Enter additional HTTP response headers that APEX should send on each request, for all applications.
Parent topic: Configuring Security
3.4.2.1 About SSL
Secure Sockets Layer (SSL) is a protocol for managing the security of data transmitted on the Internet. For web applications, SSL is implemented by using the HTTPS protocol. Oracle recommends running APEX applications using SSL (HTTPS protocol) to prevent any sensitive data from being sent over an unencrypted (cleartext) communication channel.
Parent topic: Configuring HTTP Protocol Attributes
3.4.2.2 Requiring HTTPS
Configure both the APEX instance and all related applications to require HTTPS by configuring the Require HTTPS and Require Outbound HTTPS attributes.
Important:
If you enable Require HTTPS, it makes APEX unreachable by the HTTP protocol. Before enabling this setting, ensure that the HTTPS protocol is enabled and configured correctly on your server.
To require HTTPS in APEX:
- Sign in to APEX Administration Services.
- Click Manage Instance.
- Under Instance Settings, click Security.
- Under HTTP Protocol, configure the following:
- Click Apply Changes.
Parent topic: Configuring HTTP Protocol Attributes
3.4.2.3 Reversing Require HTTPS
If you enable Require HTTPS, an Instance administrator can disable it by running the following SQL statements.
To reverse Require HTTPS:
Parent topic: Configuring HTTP Protocol Attributes
3.4.2.4 Reversing Require Outbound HTTPS
If you enable Require Outbound HTTPS, an Instance administrator can disable it by running the following SQL statements.
To reverse Require Outbound HTTPS:
Parent topic: Configuring HTTP Protocol Attributes
3.4.2.5 Configuring Additional Response Headers
Enter additional HTTP response headers that APEX should send on each request, for all applications.
To configure additional response headers:
Parent topic: Configuring HTTP Protocol Attributes