{"id":151,"date":"2007-06-01T13:55:00","date_gmt":"2007-06-01T17:55:00","guid":{"rendered":"http:\/\/onlineappsdba.com\/?p=151"},"modified":"2007-10-03T14:56:56","modified_gmt":"2007-10-03T18:56:56","slug":"url-firewall-in-dmzself-service-setup-url_fwconf","status":"publish","type":"post","link":"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/","title":{"rendered":"URL Firewall in DMZ\/Self Service Setup (url_fw.conf)"},"content":{"rendered":"

In Self Service or DMZ Setup (from 11.5.10) you might have noticed new configuration file url_fw.conf under $IAS_ORACLE_HOME\/Apache\/Apache\/conf . In today’s post We’ll understand requirement of this file , building blocks of this file, mod_rewrite module of apache and regular expressions.<\/p>\n

Overview of url_fw.conf file is required ?<\/strong><\/p>\n

This file is delievered by patch 3942483 (included in 11.5.10) and called by Apache\/Webserver configuration file httpd.conf .<\/p>\n

This file uses mod_rewrite module of Apache to allow\/disallow URL’s matched by regular expression.<\/p>\n

Why I need this file<\/strong> – > This file provide extra security for DMZ or Self Service implementation accessible over internet. Only few URL’s opened\/allowed by this file are accessible thus protecting secured URL which should not be accessible via internet.<\/p>\n

On what basis its decided to include url_fw.conf <\/strong>-> If node trust level<\/strong> is marked as external<\/em> (Three type of Node Trust level for a node , External, Internal, Administration) then Autoconfig includes url_fw.conf file in httpd.conf<\/p>\n

What is mod_rewrite and where to get more information<\/strong> -> mod_rewrite is URL Rewrite Engine in Apache (on which Oracle-Apache or Oracle HTTP Server or Web Server in Apps). mod_rewrite is powerful tool for URL manipulation like to<\/p>\n

– Restrict Access to directories and files
\n– Conditional redirection of access
\n– Relocating Servers, File System or Directories
\n– Regeneration of static pages based on HTTP Header Variable<\/p>\n

For more information on mod_rewrite module of apache visit http:\/\/httpd.apache.org\/docs\/1.3\/mod\/mod_rewrite.html<\/a><\/p>\n

How to debug mod_rewite issues<\/strong> ?
\nIf you think some of URL’s (complete url or partial – gif, jpg, html or jsp file) are blocked by above URL Firewall and you wish to know which file is blocked , you can enable logging by adding following directive in url_fw.conf<\/p>\n

RewriteLog “\/your_log_directory\/rewrite.log”
\nRewriteLogLevel 7<\/strong><\/p>\n

By default logging is disabled , logLevel value is from 0-10 (0 means no logging and 10 is log everything which records all steps mod_rewrite is doing in background) a sensible value is 6 or 7 and you will see in log what URL is blocked and by what rule; so that if you think user should have access to that URL you can grant access on that resource by adding new rule in url_fw.conf<\/p>\n

Sample url_fw.conf value and its meaning<\/strong> –
\nRewriteRule ^\/$ \/OA_HTML\/AppsLocalLogin.jsp [R,L]
\nor
\nRewriteRule ^\/OA_HTML\/jsp\/fnd\/fndhelp.jsp$ – [L]<\/p>\n

Here first rule is saying that when user type \/ i.e. after hostname , domainname and port number and then \/; redirect user to \/OA_HTML\/AppsLocalLogin.jsp and stop applying any rewrite rule after that.<\/p>\n

In second rule; – which means don’t do any thing and present User same url as mentioned in left side i.e. \/OA_HTML\/jsp\/fnd\/fndhelp.jsp<\/p>\n

here [R,L] in end <\/strong>
\nR- Means Rewrite
\nL – Last rewrite rule (No more rule to apply after this)<\/p>\n

In order to understand above rules , you should know regular expression <\/strong>and here few tips\/meta characters on regular expressions<\/p>\n

1) . (dot) means matches any characters
\n2) [] specifies a class
\ni.e.
\n—> [a-z] matches any lower case characters from a to z
\n—>[a-zA-Z0-9] matches any character upper or lower case from a to z and numeric 0 to 9
\n—> [abc$] matches a or b or c or $
\n—> [^0-9] matches anything except digit 0 to 9 . Here ^ is negation<\/p>\n

Meta Characters in Regular Expressions<\/strong><\/p>\n

^ -> Matches Start of a line
\n$ -> Matches End of line<\/p>\n

like<\/p>\n

^appsdba -> Matches any line starting with appsdba
\nappsdba$ -> Matches any line ending with appsdba
\n^appsdba$ -> Matches any line which consist of just one word appsdba<\/p>\n

Quantifiers for Characters<\/strong>
\n–> ? matches zero or one instance of character
\n–> + matches one or more instance of character
\n–> * matches zero or more instance of character<\/p>\n

For Example
\nappsdba<\/span>? matches appsdb<\/span> or appsdba<\/span>
\nappasdba<\/span>+ matches appsdba<\/span>, appsdbaa<\/span>, appsdbaaa<\/span> and so on
\nappsdba<\/span>* matches appsdb<\/span>, appsdba<\/span>, appsdbaa<\/span>, appsdbaaa<\/span> and so on<\/p>\n

Few error messages related to URL Firewall are
\n<\/strong>— Access to requested URL has been blocked by the url<\/span> firewall
\n— Gone URL you are looking for is blocked by url<\/span> Firewall
\n— Error in opening up attachments or date picker in iStore<\/span>, iRec<\/span>, iProc<\/span>
\n— FW<\/span>-1 at Firewall-2: Access denied<\/p>\n

For more information on DMZ and E-Business Suite visit Steven Chan’s post at<\/p>\n

http:\/\/blogs.oracle.com\/schan\/2006\/05\/17<\/a><\/p>\n

Please leave your comments about anything and things you wish to see on this blog.
\n<\/span><\/strong>
\nFew things on Users Request, coming soon on Oracle Applications R12 <\/span><\/strong>
\n— Startup<\/span> \/ Shutdown scripts and changes in scripts with 11i version
\n— New Top INSTANCE_TOP and its advantages in Oracle Apps Release 12<\/p>\n

http:\/\/teachMeOracle.com\/forum<\/p>\n","protected":false},"excerpt":{"rendered":"

In Self Service or DMZ Setup (from 11.5.10) you might have noticed new configuration file url_fw.conf under $IAS_ORACLE_HOME\/Apache\/Apache\/conf . In […]<\/p>\n","protected":false},"author":115,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[37],"tags":[64,62,63,460,462],"class_list":["post-151","post","type-post","status-publish","format-standard","hentry","category-security","tag-apps-11i","tag-dmz","tag-firewall","tag-r12","tag-security"],"yoast_head":"\nURL Firewall in DMZ\/Self Service Setup (url_fw.conf) -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"URL Firewall in DMZ\/Self Service Setup (url_fw.conf) -\" \/>\n<meta property=\"og:description\" content=\"In Self Service or DMZ Setup (from 11.5.10) you might have noticed new configuration file url_fw.conf under $IAS_ORACLE_HOME\/Apache\/Apache\/conf . In […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/\" \/>\n<meta property=\"article:published_time\" content=\"2007-06-01T17:55:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2007-10-03T18:56:56+00:00\" \/>\n<meta name=\"author\" content=\"Masroof Ahmad\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Masroof Ahmad\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/\",\"url\":\"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/\",\"name\":\"URL Firewall in DMZ\/Self Service Setup (url_fw.conf) -\",\"isPartOf\":{\"@id\":\"https:\/\/onlineappsdba.com\/#website\"},\"datePublished\":\"2007-06-01T17:55:00+00:00\",\"dateModified\":\"2007-10-03T18:56:56+00:00\",\"author\":{\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb\"},\"breadcrumb\":{\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/onlineappsdba.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"URL Firewall in DMZ\/Self Service Setup (url_fw.conf)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/onlineappsdba.com\/#website\",\"url\":\"https:\/\/onlineappsdba.com\/\",\"name\":\"\",\"description\":\"Oracle Implementation & Training Experts\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/onlineappsdba.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb\",\"name\":\"Masroof Ahmad\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/onlineappsdba.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g\",\"caption\":\"Masroof Ahmad\"},\"url\":\"https:\/\/onlineappsdba.com\/index.php\/author\/masroof\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"URL Firewall in DMZ\/Self Service Setup (url_fw.conf) -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/","og_locale":"en_US","og_type":"article","og_title":"URL Firewall in DMZ\/Self Service Setup (url_fw.conf) -","og_description":"In Self Service or DMZ Setup (from 11.5.10) you might have noticed new configuration file url_fw.conf under $IAS_ORACLE_HOME\/Apache\/Apache\/conf . In […]","og_url":"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/","article_published_time":"2007-06-01T17:55:00+00:00","article_modified_time":"2007-10-03T18:56:56+00:00","author":"Masroof Ahmad","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Masroof Ahmad","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/","url":"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/","name":"URL Firewall in DMZ\/Self Service Setup (url_fw.conf) -","isPartOf":{"@id":"https:\/\/onlineappsdba.com\/#website"},"datePublished":"2007-06-01T17:55:00+00:00","dateModified":"2007-10-03T18:56:56+00:00","author":{"@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb"},"breadcrumb":{"@id":"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/onlineappsdba.com\/index.php\/2007\/06\/01\/url-firewall-in-dmzself-service-setup-url_fwconf\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/onlineappsdba.com\/"},{"@type":"ListItem","position":2,"name":"URL Firewall in DMZ\/Self Service Setup (url_fw.conf)"}]},{"@type":"WebSite","@id":"https:\/\/onlineappsdba.com\/#website","url":"https:\/\/onlineappsdba.com\/","name":"","description":"Oracle Implementation & Training Experts","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/onlineappsdba.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/909a876ed58d400faf82caf81d61bfdb","name":"Masroof Ahmad","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/onlineappsdba.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/10f9db7bdbbd7f9ccfbe9b2d208e5978fc28315e9c704383e639a926ea0fce5f?s=96&d=mm&r=g","caption":"Masroof Ahmad"},"url":"https:\/\/onlineappsdba.com\/index.php\/author\/masroof\/"}]}},"_links":{"self":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts\/151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/users\/115"}],"replies":[{"embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/comments?post=151"}],"version-history":[{"count":0,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/posts\/151\/revisions"}],"wp:attachment":[{"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/media?parent=151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/categories?post=151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/onlineappsdba.com\/index.php\/wp-json\/wp\/v2\/tags?post=151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}