Below are the detailed steps to
fulfill the connection filtering in
2-
Apply the post-patches
3-
Only Allow Access to Oracle WebLogic Server
Administration Ports from Trusted Hosts
If you have applied the Critical Patch Update (CPU) released in
April 2019, then you can use the context variable
s_wls_admin_console_access_nodes to
specify the trusted hosts used by administrators that require access to the
Oracle WebLogic Server Administration Console and Fusion Middleware Control.
Set this context variable to a list of trusted hosts that are allowed to access
the consoles using the Oracle WebLogic Server Administration ports.
Note: If you
cannot list the specific host names or IP addresses for all your trusted hosts,
then you can use alternative methods to allow access to the Oracle WebLogic
Server Administration ports. See Alternative Methods to Allow Access to
Oracle WebLogic Server Administration Ports from Trusted Hosts for Oracle
E-Business Suite Release 12.2, My Oracle Support Knowledge Document
2542826.1.
If you do not configure the
s_wls_admin_console_access_nodes context
variable as described in the following steps, or use one of the alternative
methods to specify trusted hosts, then you will not be able to access the
Oracle WebLogic Server Administration Console or Fusion Middleware Control.
A. Log in to the
primary node of the Oracle E-Business Suite instance.
B. Start the Oracle
WebLogic Admin Server from the run file system, if it is not already running.
cd $ADMIN_SCRIPTS_HOME
-bash-4.4$ adadminsrvctl.sh start
You are running adadminsrvctl.sh version 120.10.12020000.11
Enter the WebLogic Admin password:
Enter the APPS Schema password:
Starting WLS Admin Server...
C. Take a backup of the
run file system context file.
cp $CONTEXT_FILE $CONTEXT_FILE-bkp
D. Edit the run file
system context file to set the value for the
s_wls_admin_console_access_nodes context
variable to the list of trusted hosts that are allowed to access the Admin
Server. For each host, specify either the fully qualified domain name or the IP
address. Use commas to separate the hosts in the list. For example:
<s_wls_admin_console_access_nodes oa_var="s_wls_admin_console_access_nodes">admin-ws1.example.com,admin-ws2.example.com</s_wls_admin_console_access_nodes>
Note: When you add the fully qualified domain name
or the IP address for a host to the list in the
s_wls_admin_console_access_nodes context variable,
ensure that the host name is resolvable from all application tier nodes of the
Oracle E-Business Suite instance.
E. Run AutoConfig.
cd $ADMIN_SCRIPTS_HOME
-bash-4.4$ adautocfg.sh
Enter the APPS Schema password:
F. Stop and restart the
Oracle WebLogic Admin Server.
cd $ADMIN_SCRIPTS_HOME
-bash-4.4$ adadminsrvctl.sh stop
You are running adadminsrvctl.sh version 120.10.12020000.11
Enter the WebLogic Admin password:
Enter the APPS Schema password:
Stopping WLS Admin Server...
-bash-4.4$ adadminsrvctl.sh start
You are running adadminsrvctl.sh version 120.10.12020000.11
Enter the WebLogic Admin password:
Enter the APPS Schema password:
Starting WLS Admin Server...
Note: You will be able to access the Oracle
WebLogic Server Administration Console after restarting the Oracle WebLogic
Admin Server.
G. Run the fs_clone
operation (
adop phase=fs_clone) to synchronize the changes in this setting
to the patch file system.
After
you save this configuration, which allows access only to trusted hosts, you
will be able to access the Oracle WebLogic Server Administration Console and
Fusion Middleware Control only from client browsers executed from the hosts
specified in the preceding steps.
Note: If you need to make changes
without having access to the Oracle WebLogic Server Administration Console, you
can update or remove the connection filter rules by editing the
$EBS_DOMAIN_HOME/config/config.xml file.
However, changes added this way will be overwritten by the next AutoConfig run.