Tyler Muth’s Blog

Technology with a focus on Oracle, Application Express and Linux

mod_rewrite and APEX part 2

Posted by Tyler Muth on August 13, 2008

Here’s another Apache mod_rewrite example that I would love to get some feedback on from the community.

RewriteCond %{REQUEST_URI}%{QUERY_STRING} !/pls/(apex|builder)/f?p=4155:.*
RewriteCond %{REQUEST_URI}%{QUERY_STRING} /pls/(apex|builder)/f?p=(4[0-9]{3}:.*)
RewriteCond %{REMOTE_ADDR}        !^(127\.0\.0\.1|192\.168\.1\.[0-9]{1,3})$
RewriteRule /pls/(apex|builder)/ - [F]
  1. Any request for a 4000 series application (the APEX dev environment) on either the “apex” or “builder” DAD…
  2. …Not coming from either localhost or a 192.168.1.x address…
  3. Return a 403 “Forbidden” page.

This is a simple way to protect your development environment from people that don’t belong there.  The runtime-only installation option introduced in APEX 3.1 is even more secure, but there may be users on previous versions or that do not want to use the runtime only option.  Thoughts?

About these ads

4 Responses to “mod_rewrite and APEX part 2”

  1. Christopher Beck said

    Tyler,

    Think you need to change Line 2 to this:

    RewriteCond %{REMOTE_ADDR} !^(127\.[0]{1,3}\.[0]{1,3}\.[0]{1,2}1|192\.168\.[0]{1,2}1\.[0-9]{1,3})$

    basically 192.168.1.1 and 192.168.001.01 are the same thing so you need to handle the possibility of leading zeros.

    chris.

  2. Tyler Muth said

    Thanks to Joel Kallman for pointing out that Application 4155 is used for end-user password resets and should be exempt from this policy. I added line 1 to account for this.

  3. Tyler,

    This is a fairly secure method and we have used the same rules a few times. In general I have favored using Apache as reverse proxy for external traffic to deny the traffic I don’t want, but that has challenges of its own. This works well and does not require any additional hardware, network configs or installations. Nice post.

    Anton

  4. Eאשט said

    Hello Tyler,

    It would be much appreciated if you can assist on this one :

    An example for re-writing the root (index.html) to another url (/pls/apex…)

    Regards
    Etay G

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

Join 87 other followers

%d bloggers like this: