Secure Oracle E-Business Suite 12.2 with Allowed Redirects

By: Elke Phelps | Product Management Director

A redirect is an HTTP response status code "302 Found" and is common method for redirecting a URL. Client redirects are a potential attack vector. The Oracle E-Business Suite 12.2.4+ Allowed Redirects feature allows you to define a whitelist of allowed redirects for your Oracle E-Business Suite 12.2 environment. Allowed Redirects is enabled by default with Oracle E-Business Suite 12.2.6.

When the Allowed Redirects feature is enabled, redirects to sites that are not configured in your whitelist are not allowed. This feature provides defense against unknown and potentially damaging sites. This is an example of an attack that the Allowed Redirect feature will prevent if properly configured:

Your users will see an error message if a redirect is blocked by Allowed Redirects:

Note: Allowed Redirects will only block navigation to sites that happen via client redirects. It is not intended to prevent other methods for accessing external sites.

Where can I learn more?

Related Articles

References

Join the discussion

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha
 

Visit the Oracle Blog

 

Contact Us

Oracle

Integrated Cloud Applications & Platform Services