Oracle Application Server 10.1.3

How do we secure OAS administration em console and not expose it to the outside world. Or in other words how do we hide certain pages from displaying.

Something like it should be accessible only by localhost and not by the domain name or the ip.

Thanks

You should be able to set the site to listen on 127.0.0.1 by following this section of the documentation

Creating the Web Site Configuration File

The key information defined in a Web site configuration file includes the following:

• The Web context for each application bound to the site, which is appended to the URL used to access the site (for example, /em).
• The protocol the site uses. In an OPMN-managed environment, this value will be overridden by the protocol specified in opmn.xml.
• The port the site listens on. In an OPMN-managed environment, this value will be overridden by the port range specified in opmn.xml.
• The location of the access log file, which tracks user access to the site.

The most straightforward way to create a new configuration file is to make a copy of the default Web site configuration file, default-web-site.xml, which is located in the ORACLE_HOME/j2ee/instance/config directory. Name the file according to the following convention:

webSiteName-web-site.xml

The typical configuration file includes a root element containing attributes that specify the following:

• host: The host for this Web site, as either a DNS host name or an IP address. If a server has multiple IP addresses, you can use the ALL setting to listen to all the IP addresses.

• port: The Web site listener port.

• display-name: The for-display name of the Web site.

• virtual-hosts: Any additional domains bound to this Web site.