{"id":5164,"date":"2014-07-02T10:50:49","date_gmt":"2014-07-02T10:50:49","guid":{"rendered":"https:\/\/pitss.org\/us\/?p=5164"},"modified":"2017-05-15T11:19:23","modified_gmt":"2017-05-15T15:19:23","slug":"how-to-prevent-unauthorized-users-from-viewing-the-reports-showjobs-in-rwservlet","status":"publish","type":"post","link":"https:\/\/pitss.org\/us\/2014\/07\/02\/how-to-prevent-unauthorized-users-from-viewing-the-reports-showjobs-in-rwservlet\/","title":{"rendered":"How to Prevent Unauthorized Users from Viewing the Reports Showjobs in Rwservlet"},"content":{"rendered":"

By default, anybody can view the showjobs within the rwservlet. The showjobs page shows a list of all of the reports that were run on the specific reports server (see example below):<\/p>\n

\"image\"<\/a><\/p>\n

If you do not want unauthorized users from viewing this page, and you only wish to have users from a specific IP address to view this, you can control who can view the showjobs page within OHS. You can do so by following the steps below:<\/p>\n

1. Go to %ORACLE_INSTANCE%\\config\\OHS\\ohs1\\moduleconf ($ORACLE_INSTANCE\/config\/OHS\/ohs1\/moduleconf) in Linux<\/p>\n

2. Make a backup of reports_ohs.conf<\/p>\n

3. Using either a text editor or EM FMW Control (Web Tier, right-click on ohs1, go to Administration \u2013> Advanced Configuration, then select \u201creports_ohs.conf\u201d), open up reports_ohs.conf.<\/p>\n

4. Below the last <\/Location> tag, add the following:<\/p>\n

<\/a><Location \/reports\/rwservlet\/showjobs<\/b>>
\nSetHandler weblogic-handler
\nWebLogicHost server.domain.com
\nWebLogicPort 9002<\/span><\/p>\n

Order deny,allow
\nDeny from all
\nAllow from 10.1.1.10 server.domain.com<\/p>\n

<\/Location><\/span><\/p>\n

NOTE: Edit the WebLogicHost with your PC\/server name. Also, add the IP addresses or PC\/server hostnames in the \u201cAllow from\u201d which will have access to the showjobs page. Separate each IP address or hostname with spaces.<\/p>\n

\"image\"<\/a><\/p>\n

5. If using a text editor, save and close the file. If you are using EM, click \u201cApply\u201d to save all changes.<\/p>\n

6. Restart OHS using either OPMNCTL or EM.<\/p>\n

After configuring the steps above, only the PCs or servers in the \u201cAllow from\u201d line will be allowed to view the showjobs. Here is what happens when a PC not in the \u201cAllow from\u201d exceptions list tries to access the showjobs page:<\/p>\n

\"image\"<\/a><\/p>\n

NOTE: You are welcome to apply the same steps above for any of the other rwservlet commands such as showenv.<\/strong><\/p>\n

IMPORTANT: This security only works when using OHS. Using port 9002 will NOT have this restriction.<\/strong><\/p>\n

Source: Oracle Support note 261645.1<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

By default, anybody can view the showjobs within the rwservlet. The showjobs page shows a list of all of the reports that were run on the specific reports server (see example below): If you do not want unauthorized users from viewing this page, and you only wish to have users from a specific IP address […]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,36],"tags":[11,16,41,25,37],"class_list":["post-5164","post","type-post","status-publish","format-standard","hentry","category-install-config","category-reports","tag-11g","tag-11gr2","tag-configuration","tag-customer-support-request","tag-reports"],"_links":{"self":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts\/5164","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/comments?post=5164"}],"version-history":[{"count":4,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts\/5164\/revisions"}],"predecessor-version":[{"id":9133,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/posts\/5164\/revisions\/9133"}],"wp:attachment":[{"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/media?parent=5164"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/categories?post=5164"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pitss.org\/us\/wp-json\/wp\/v2\/tags?post=5164"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}