Your browser was unable to load all of the resources. They may have been blocked by your firewall, proxy or browser configuration.
Press Ctrl+F5 or Ctrl+Shift+R to have your browser try again.

IP-Adress limitation #23

sellexx-stephan · · author

in the file ...\conf\application.properties are two parameters for ip adress limitation:
ipAddressListAllowed
ipAddressesAllowed

see excerpt of code:
this parameter is limiting access to the integration for the
specified list of ip addresses, e.g.:
ipAddressListAllowed=127.0.0.1,10.10.10.10,192.168.178.31
if the list is empty, ALL addresses are allowed
ipAddressesAllowed=0:0:0:0:0:0:0:1

which of the two parameters is to be used? Or both? what is the difference? Can't find it in the docu.

Thanks for making clear

  • replies 7
  • views 745
  • likes 0
Dietmar Aust daust · · moderators
#2
sellexx-stephan · · author
#3

Thank you for your update.

Now what does the 0:0:0:0:0:0:0:1 in the last line of the block mean? It does not look like an IP address.

Dietmar Aust daust · · moderators
#4
Dietmar Aust daust · · moderators
#5

You can see the ip address that is being tested against here: Greenshot 2021-04-03 13.57.29.png

sellexx-stephan · · author
#6

Thank you, Dietmar Aust

sellexx-stephan · · author
#7

some more feedback:
I had some difficulty about how to find the correct IP-Address to be put in file application.properties, Parameter ipAddressesAllowed. This happened in an installation where both, the Oracle-DB and JRI, are on the same machine.

The problem:
while the line in the Configuration Info (see image above, highlighted in green) gives 127.0.0.1 for localhost, the Oracle-DB, ACL-system, uses the IPv6-address of the host.

Solution which did help me:
tomcat does log the connections: right after the try to open a report I look in the file ...\tomcat\logs\localhost_access_log.yyyy-mm-dd.txt (there ist one file per day having the actual date in its name). In the last line (if there was no other connection inbetween) I recognize the GET to open the report. First entry in that line ist the IP-address which oracle-ACL did use to GET the report from jri. It added this IP address in ipAddressesAllowed, restarted tomcat ... and the report did show up!

Observed under:
Win Server 2016 Standard (in a VMWare VM)
tomcat 9.0.44
JRI 2.7.0
Oracle DB 12c Standard Edition, 12.1.0.2.0

Dietmar Aust daust · · moderators
#8

yes, that would certainly work. It is recorded in the logfile.

I guess I would have run the following statement from within the database (using sqlcl, SQL Developer or something similar):

select httpuritype('http://localhost:8080/jri').getclob() from dual;

This will show the homepage as requested by the database (as a http client).

Cheers
~Dietmar.