Oracle Database

How to fix EBS weblogic admin console when not accessible after CPU patching

by Marti
1 min read
Nov 5, 2019 12:00:00 AM
With the recent CPU patching on Oracle E-Business suite R12.2, many customers faced issues with accessible weblogic admin console from browser. This security enhancement started with the April 2019 CPU via Patch 29524595 using weblogic connection filters. More details on connection filters can be found here. By default, the weblogic connection filters are turned ON with the above patch and lets only localhost access the URL and denies all other client hosts. The following values in $EBS_DOMAIN_HOME/config/config.xml are responsible for these changes:
<connection-filter-rule>localhost * * allow</connection-filter-rule> <connection-filter-rule>0.0.0.0/0 * * deny</connection-filter-rule>
Oracle suggested providing values to new context file variable "s_wls_admin_console_access_nodes" with the list of trusted hosts for accessing the console. Based on the values, next autoconfig run populates $EBS_DOMAIN_HOME/config/config.xml with allow option. However, it didn't address one of our client requirements to whitelist all the hosts in a subnet for development environments and ended up having a configuration as below in $EBS_DOMAIN_HOME/config/config.xml. MOS 1508748.1 provides detailed steps for making these changes from a weblogic console. Do remember that manual changes to this config file would get overwritten by the next autoconfig run.
<connection-filter-rule>localhost * * allow</connection-filter-rule> <connection-filter-rule>XX.XX.XX.XX/CIDR * wlsport allow http #AC</connection-filter-rule> <connection-filter-rule>0.0.0.0/0 * * deny</connection-filter-rule>

While researching the recent CPU patches for E-Business suite, I came upon a new patch from Oracle - 29781255 - that enables support for CIDR subnet in context variable "s_wls_admin_console_access_nodes" as per MOS: 2542826.1. This functionality was achieved by providing a new version of txkUpdateEBSDomain.pl & txkUpdateEBSDomain.py that gets invoked during autoconfig. The same with MOS: 2542826.1 which provides an option of using SSH tunneling if you have access to an E-Business host to access the weblogic console. So, I hope the above pointers let you configure and access weblogic admin consoles as per your requirement post-EBS security patching.

Oracle Database Consulting Services

Ready to optimize your Oracle Database for the future?

 
On this page
Be Warned: cmclean.sql Is Dangerous!
Oracle

Be Warned: cmclean.sql Is Dangerous!

Jul 18, 2013 12:00:00 AM 5 min read
ORA-12537: TNS:connection closed – When Nothing Else Works!
Oracle

ORA-12537: TNS:connection closed – When Nothing Else Works!

Mar 22, 2021 12:00:00 AM 1 min read
ORA-01156 when adding standy redo log in dataguard configuration
Oracle

ORA-01156 when adding standy redo log in dataguard configuration

Oct 11, 2016 12:00:00 AM 1 min read

Ready to unlock value from your data?

With Pythian, you can accomplish your data transformation goals and more.

Speak with Pythian consultants now →

Follow Us     Pythian-LinkedIn   Pythian-Twitter   Pythian-FB

 

Pythian-logo-White

© 2025 All rights reserved.