Skip to Main Content
Forums

APEX

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

internal and external facing applicaitons on same infrastructure

jsmith88Oct 26 2011 — edited Oct 26 2011
I'm looking for suggestions on the best way to architect an apex production environment where you may have two or three apps open to the public and 10 or more for internal access only. All of the apps (regardless of public or private) are running on the same APEX instance, DB, app tier and web tier.

We are using the APEX Listener on Weblogic for the app tier with an OHS webserver and Load Balancer in front of everything.
The Load Balancer houses all of our certificates and has the ability to perform iRules to make more friendly urls.
Our approach is to assign each app (ie https://someurl.com/apex/f?p=APPID) a static IP from the load balancer and then firewall public/private based on APPID to prevent internal only apps from being reached outside the network.
Unfortunately the iRule friendly url rewrite isn't able to mask the APPID from the URL (https://someurl.com/apex/f?p=200) which currently allows anyone the ability to change the APPID parameter of the URL and cycle through all the apps regardless of the firewall rule in place to prevent it from being publicly accessible.
For example, if we have the following apps deployed and the only one which is allowed open to the internet is app 100, the url rewrite isn't able to mask APPID of 100 (or the APP Alias if used).
Publicly accessible:
https://someurl.com/apex/f?p=100 (192.168.25.100)

Internal only access:
https://somedifferenturl.com/apex/f?p=200 (192.168.25.200)
https://anotherurl.com/apex/f?p=250 (192.168.25.250)
https://subdomain.someurl.com/apex/f?p=300 (192.168.25.300)

I could navigate to the publicly accessible url https://someurl.com/apex/f?p=100 and change the APPID for one of (200,250,300) and still access those apps which should not be open to the internet.
from the internet browsing directly to https://somedifferenturl.com/apex/f?p=200 or https://anotherurl.com/apex/f?p=250 or https://subdomain.someurl.com/apex/f?p=300 would all result in a page not found error since their ip's are not accessible directly from the internet.

What is the best practice to overcome the above scenario and utilize shared infrastructure for internal and external facing applications? Is mod_rewrite my only other option to accomplish this setup and bypass the load balancer?
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Nov 23 2011
Added on Oct 26 2011
#apex-discussions, #weblogic
1 comment
1,131 views