Dear fellow experts ;-)
Maybe one of you already had this constellation or maybe one of you knows someone who knows someone.... ?!
Everything on Windows Server (this one resides within the DMZ, so half in/on the Internet)
Oracle DB SE2 18
APEX 19.2 in PDB
ORDS 18 on Tomcat 8
We have an APEX app already running on this server, accessible from outside at https://
This is where our firewall also comes into play, which only allows a whitelist of IPs to access this URL.
Now there should be a second site for another new project: https://
This should then forward to the corresponding APEX app and page ... (yes, I know, using a reverse proxy would be "nicer" & better, but not possible without a "real" web server in front of the Tomcat; planned for future migration of whole DMZ server)
That would be this: https://
So now to the real problems:
The firewall should now continue for the first URL (let through only whitelisted IPs), but
on the other hand let the 2nd URL through without any restrictions.
The firewall now has problems distinguishing the two URLs merely based on the parameters (i.e. APP-ID). A custom app within the FW that analyzes the parameters for further filtering could be set up, but this is at the expense of performance. This is surely bad practice, we want to avoid this in any case.
My idea was:
I simply clone the ords.war/apex.war, rename it to e.g. newapp.war and deploy it on the Tomcat. So I would have a different URL.
So far so good, BUT I can still access the 1st app from the 2nd (new) URL by changing the parameters: https://
Thus, firewall policies would get overridden somehow, because a blocked IP would be able to access the 1st app through the 2nd URL!
Is there a way to prevent this or to configure the apps and/or workspace(s) that you can no longer access the other apps from the 2nd URL (2nd war file)?