Learn with Halim

Halim, a Georgia Tech graduate Senior Database Engineer/Data Architect based in Atlanta, USA, is an Oracle OCP DBA and Developer, Certified Cloud Architect Professional, and OCI Autonomous Database Specialist. With extensive expertise in database design, configuration, tuning, capacity planning, RAC, DG, scripting, Python, APEX, and PL/SQL, he combines technical mastery with a passion for innovation. Notably, Halim secured 16th place worldwide in PL/SQL Challenge Cup Playoff on the year 2010.

Saturday, December 7, 2024

Installing Oracle Apex in AWS EC2 server

Will write steps for Installing Oracle Apex in AWS EC2 server

CS6515 - Guidelines

Guidelines

GAtech OMSCS - How to success?

Will write a details about this course and guidelines to complete successfully

Thursday, October 12, 2023

403 forbidden error in oracle apex 20.2.1 does not support Cross Origin Sharing request

Can not access to oracle apex. faced below issue when tried to login from ORDS on development mode.

403 Forbidden

The request cannot be processed because this resource does not support Cross Origin Sharing requests, or the request Origin is not authorized to access this resource. If ords is being reverse proxied, ensure the front end server is propagating the host name, for mod_proxy ensure ProxyPreserveHost oi set ON.

Solution:

Application ORDS is configured to access only with https://, so we have added below parameter in ORDS defaults.xml (ords/conf/ords/defaults.xml) configuration file and restarting ORDS. it resolved the issue.

<entry key="security.forceHTTPS">true</entry>

Application configured with ORDS in Weblogic server.

Just FYI-

From ORDS 20.4 onwards we can use this below parameter for cross origin sharing request

<entry key="security.externalSessionTrustedOrigins">http://example.com,https://example.com:8443</entry>

For more info-

Cross-Origin Resource Sharing Feature

https://docs.oracle.com/en/database/oracle/oracle-rest-data-services/22.1/orddg/migrating-mod_plsql-ords.html#GUID-ACAAB207-8475-403E-A757-304D7E76B2EF

Wednesday, February 1, 2023

403 Forbidden Access to the procedure named: apex is denied or wwv_flow.accept is denied

403 Forbidden Access to the procedure named: apex is denied.

Access to the procedure named: wwv_flow.accept is denied.

Failed to load resource the server responded wwv_flow.accept

Failed to load resource: the server responded with a status of 403 (Forbidden)

Background:

Oracle APEX version 20.2 (probably same for 19.2 onwards) and ORDS 17.4 and later

Apex (version 20.2) application was running fine from last 1.5 years without any issues. Before 2 days of the incident, deployed a new apex application on the same APEX instance, it is running on ORDS (18.1) which is deployed in Weblogic application server.

Suddenly, faced above issues when tried to login in URL:port/ORDS, user also faced Error: Forbidden. When tried to login. so totally struck everything. No one know what happened! Nothing changed!

Found the Cause:

After a marathon research, we found that there was a security feature in APEX (on ORDS) kicked off - "security.requestValidationFunction">wwv_flow_epg_include_modules.authorize (This is reside in file defaults.xml on ORDS/conf location in apps server ). Learned that, this property and DB function work as whitelisting entries. Means it activates the whitelist of callable procedures which ships with Oracle Application Express and prohibits calls to other procedures.

As per Oracle, when a database pool is configured to use the APEX_PUBLIC_USER, ORDS automatically sets or checks the value of the property security.requestValidationFunction on xml config file (ords/conf/ords/defaults.xml) as below.

<entry key="security.requestValidationFunction">wwv_flow_epg_include_modules.authorize</entry>

<entry key="security.validationFunctionType">plsql</entry>

We found that database package wwv_flow_epg_include_modules (in schema apex_200200) and function authorize is empty. So when validating this property nothing got passed to ORDS from APEX instance.

Solution:

For temporary solution,

1) we made this property empty with this below command.

u01/ords$ java -jar ords.war set-property security.requestValidationFunction ""

2) 2) and then bounce or stop/start the ORDS service deployment in Weblogic server by login in Admin console.

You may remove these two lines from this above default.xml files

<entry key="security.requestValidationFunction">wwv_flow_epg_include_modules.authorize</entry>

<entry key="security.validationFunctionType">plsql</entry>

Then bounce the ORDS.

For details: An Oracle REST Data Services deployment configuration contains several security related parameters. In a configuration for Oracle Application Express, Oracle recommends to set the parameter security.requestValidationFunction to wwv_flow_epg_include_modules.authorize. This activates the white list of callable procedures which ships with Oracle Application Express and prohibits calls to other procedures. This can be extended using the validation functions shipped with Oracle Application Express. https://docs.oracle.com/en/database/oracle/application-express/19.2/htmdb/web-listener-security.html

https://joelkallman.blogspot.com/2016/07/securing-application-express-when-using_24.html

https://www.promatis.at/en/2022/07/13/lessons-learned-while-upgrading-apex-and-ords-to-22-1/

https://oracle-base.com/articles/misc/oracle-rest-data-services-ords-database-authentication

https://forums.oracle.com/ords/apexds/post/403-forbidden-access-to-the-procedure-named-wwv-flow-accept-5111