R12.2 Apps DBA. Powered by Blogger.

ORA-24247: network access denied by access control list (ACL)

No comments :
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at line 6


Solution:
create user C##username identified by username;
grant connect to c##username;
grant execute on utl_http to c##username;
conn c##username/passwd
Declare
V_req utl_http.req;
V_resp utl_http.resp;
Begin
V_req:=utl_http.begin_request('http://133.231.231.1');
V_resp:=utl_http.get_response(v_req);
Utl_http.end_response(v_resp);
End;
/
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-24247: network access denied by access control list (ACL)
ORA-06512: at line 6
BEGIN 
DBMS_NETWORK_ACL_ADMIN.create_acl ( 
acl => 'dev_acl_file.xml', 
description => 'deving ACL functionality',
principal => 'C##username', 
is_grant => TRUE, 
privilege => 'connect', 
start_date => SYSTIMESTAMP, 
end_date => NULL);
COMMIT;
END;
/
PL/SQL procedure successfully completed.
BEGIN 
DBMS_NETWORK_ACL_ADMIN.assign_acl ( 
acl => 'dev_acl_file.xml', 
host => '133.*', 
lower_port => NULL, 
upper_port => NULL); 
COMMIT; 
END; 
 /
PL/SQL procedure successfully completed.
Example: 
BEGIN

dbms_network_acl_admin.assign_acl (
acl => '/sys/acls/OracleEBS.xml',
host => ‘apdba3.apdba.com’, 
lower_port => 80,
upper_port => 80
);
END;
/
Form data dictionary
col acl format a50
col host format a50
set lines 200
col principal format a10
col privilege format a10
select acl,host from dba_network_acls;
ACL                                                            HOST
-------------------------------------------------- --------------------------------------------------
/sys/acls/dev_acl_file.xml                           155.*
select acl,principal,privilege,is_grant from dba_network_acl_privileges where ACL='/sys/acls/dev_acl_file.xml';
ACL                                                PRINCIPAL              PRIVILEGE    IS_GR
-------------------------------------------------- ---------- ---------- --------------------------
/sys/acls/dev_acl_file.xml               C##username           connect             true
Now all hosts in range of IP address 155.* have been assigned this ACL. “host” parameter can also have a value of ‘*’ to assign ACL to all IP addresses, or can have a value like ‘155.168.231.12’ to assign ACL to a single host. “lower_port” and “upper_port” parameters in DBMS_NETWORK_ACL_ADMIN.assign_acl are used to restrict access to only a specific range of ports.
Now try executing UTL_HTTP again as user C##username
Declare
V_req utl_http.req;
V_resp utl_http.resp;
Begin
V_req:=utl_http.begin_request('http://155.255.255.1');
V_resp:=utl_http.get_response(v_req);
Utl_http.end_response(v_resp);
End;
/
PL/SQL procedure successfully completed.
Same ACL can be assigned to more hosts or a range of IP addresses.  
BEGIN 
DBMS_NETWORK_ACL_ADMIN.assign_acl ( 
acl => 'dev_acl_file.xml', 
host => '186.29.38.*', 
lower_port => NULL, 
upper_port => NULL); 
COMMIT; 
END; 
 /
PL/SQL procedure successfully completed.
select acl,host from dba_network_acls;
ACL                                          HOST
------------------------------------- --------------------------------------------------
/sys/acls/dev_acl_file.xml        186.29.38.*
/sys/acls/dev_acl_file.xml        155.*

No comments :

Post a Comment

Note: only a member of this blog may post a comment.

Subscribe to: Post Comments ( Atom )