Blog dedicated to Oracle Applications (E-Business Suite) Technology; covers Apps Architecture, Administration and third party bolt-ons to Apps

Sunday, July 20, 2008

Forbidden HTTP-403 in Apache access_log

This morning, I got a call from the DBAs. A new Apache/Forms node was added to an instance. During sanity checks, whenever this node was accessed through this navigation:

System Administration -> PL/SQL ping

the browser showed HTTP-403 and the apache access log showed:

192.168.7.81 - - [20/Jul/2008:01:50:53 -0400] "GET /pls/apps11i/OracleSSWA.Execu
te?E=%7B!38FC0AD8B864E929E00AF2CBA3052B695A3C266C98FB2A33&P= HTTP/1.1" 403 241

192.168.7.81 - - [20/Jul/2008:02:44:18 -0400] "GET /pls/apps11i/fnd_icx_launch.l
aunch?resp_app=FND&resp_key=PS_EOPS_DBA&secgrp_key=STANDARD&start_func=FND_FNDRS
RUN&other_params= HTTP/1.1" 403 244

I checked /etc/resolv.conf and found that the domain was different from the other nodes:

cat /etc/resolv.conf
domain prod.justanexample.com

In other nodes it was cat /etc/resolv.conf
domain justanexample.com

What this means is that whenver the server is trying to identify itself it identifies itself with the new domain name instead of the old one. After adding the line

Allow apps11i.prod.justanexample.com

in httpd_pls.conf and bouncing Apache, the PL/SQL ping succeeded and the error HTTP-403 did not appear.

I asked the DBAs to add the line
Allow apps11i.prod.justanexample.com

in these four .conf files in $IAS_ORACLE_HOME/Apache/Apache/conf/ :

httpd_pls.conf
apps.conf
oprocmgr.conf
trusted.conf

In shared APPL_TOP instances:

cd $IAS_CONFIG_HOME/Apache/Apache/conf
grep apps11i.prod.justanexample.com *.conf  

The above grep command should return these 4 files:
httpd_pls.conf
apps.conf
oprocmgr.conf
trusted.conf

Once this is in place, if you bounce apache and forms, it will start working.

1 comment:

Oracle DBA said...

It is nice article

http://appsoracle.blogspot.com