Oracle Cloud Infrastructure Documentation

Restrict Access Using the Self-Service Allowlist Capabilities

You can restrict access to Oracle Integration and File Server using an allowlist.

Overview

The allowlist restricts access based on the following parameters:

  • Single IP address
  • Classless Inter-Domain Routing (CIDR) block (that is, an IP address range)
  • Virtual Cloud Network Oracle Cloud ID (VCN OCID)

Additionally, your organization might have a service gateway. The service gateway lets your virtual cloud network (VCN) privately access Oracle Integration without exposing the data to the public internet.

Only the specified IP addresses and VCN OCIDs can access Oracle Integration and File Server. Users and systems accessing Oracle Integration and File Server from listed VCNs have full access.

Diagram

Description of allowlist-only.png follows

Advantages

  • Easy setup! You can configure your allowlist in just a few minutes, without having to create a custom endpoint.
  • All traffic is supported, including REST, SOAP, and other internet traffic.

Disadvantages

  • The rules allow for all-or-nothing access and don't allow for more nuanced control.

    For instance, all traffic for a particular IP address or range is allowed, even if someone using an allowed IP address passes SQL as a command line parameter.

  • You're limited to 15 access rules.

    However, a CIDR block counts as only 1 entry, so you might not need more than 15 rules.

Tasks to Complete for this Scenario

  1. Add your organization's VCN OCID to the allowlist. The VCN must be in the same region as Oracle Integration and should have a service gateway.

    When you add the VCN OCID to the allowlist, all resources on the VCN can access Oracle Integration

  2. For all partner networks and applications, add their IP addresses or address ranges to the allowlist.

    You need all the IP addresses for all applications and systems that require access to Oracle Integration and File Server. Make sure you consider all partner systems and SaaS applications when compiling the list. For example, if a CRM platform requires access, you must add the individual or range of IP addresses for the platform.

    When you add the IP addresses or address ranges to the allowlist, you grant full access to the user interface and integrations for your network.

  3. Enable loopback so that Oracle Integration and File Server can call themselves.

    For example, enabling loopback allows Oracle Integration to call its own REST APIs.