Skip Navigation
Expand
Collapse
Submit a Service Request
Contact Information for Technical Support

My Service Notifications
Restricting computers or hosts that can access Oracle Policy Automation Hub, interviews and web service end-points
Answer ID 8452   |   Last Review Date 12/15/2019

Can I restrict which computers (hosts) or IP addresses are allowed to access Intelligent Advisor Hub, interviews and web service end-points?

Environment:

Intelligent Advisor

Resolution:

Provided that you have identified all of the hosts/IP address ranges that are to be permitted/denied access, Technical Support can configure your site(s) to restrict access to only those hosts/addresses that have been safelisted.

When submitting a service request to configure your sites, please note that valid safelist entires must comply with the following formats:

Valid entries to these settings include domain names with wildcards (*.mycompany.com), or specific IP addresses (216.136.229.72),  or IP subnet masks (216.136.229.0/255.255.255.0). You cannot use wildcards with IP addresses, just domain names. When specifying a subnet mask or range of hosts, the /255.255.255.0 component indicates that you mean to allow all possible values for the entire 216.136.229.x range of addresses.

You cannot use wildcards (*) to specify a range of IP addresses, i.e. 1.2.3.* or 1.2.3*.

It is possible to specify a comma separated list of the above values, such as:

216.136.229.72, 216.136.229.0/255.255.255.0

Instead of or in addition to an IP address range, a domain may be entered and should be included at the end of the list of IP addresses.

216.136.229.72, 216.136.229.0/255.255.255.0, *.domain.com

Note:  When using a domain name, a network operation must execute a DNS reverse lookup. This will result in connection delays and may induce a noticeable performance degradation of the Service Cloud Application. Whenever possible, please refrain from using a domain name.

Note: To determine your IP, visit https://cx.rightnow.com/app/utils/whatsmyip. Private IP addresses such as 192.168.0.0, 10.0.0.0, or 172.16.0.0 may not be used.
 
Oracle B2C Service Technical Support staff might, on an as needed bases, add IP addresses they use in order to access to your site for troubleshooting purposes. If you have question regarding IP addresses please create a Service Request.

Specifying both allowed and denied entries is permitted. However, it is important to understand their interaction.  The defined behavior for entries follows the order directive as Order Allow,Deny (See: https://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order).  This directive defines the interaction as follows:  First, all Allow directives are evaluated; at least one must match, or the request is rejected. Next, all Deny directives are evaluated. If any matches, the request is rejected. Last, any requests which do not match an Allow or a Deny directive are denied by default.

Was this answer helpful?

Still have questions?

Notify Me
Forgot your username or password?
The page will refresh upon submission. Any pending input will be lost.