ORA-24247: network access denied by access control list (ACL), ORA-29273: HTTP request failed, Error during ACL configuration

ORA-24247: network access denied by access control list (ACL), ORA-29273: HTTP request failed, Error during ACL configuration.

The oracle database (11g) introduced a new security measure called Access Control Lists (ACL) and by default all network access is blocked.

The below errors are common during ACL configuration -

ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1577
ORA-24247: network access denied by access control list (ACL) 
 . . .

There are so many reasons for the same.

Reason - May be related to smtp_out_server’s ip. Check the smtp_out_server’s ip and also telnet the smtp_out_server ip with port number for checking the port connectivity.

[oracle@testdb ~]$ telnet 172.16.20.18 25
Trying 172.16.20.18...
Connected to 172.16.20.18.
Escape character is '^]'.

Reason - May be related to the right privileges. Execute below query from SYS user.

grant execute on UTL_TCP to <username>;
grant execute on UTL_SMTP to <username>;
grant execute on UTL_MAIL to <username>;
grant execute on UTL_HTTP to <username>;
grant execute on UTL_INADDR to <username>;


Reason - Check the network and ACL assignments. If not, execute the assign acl query. 
SQL> SET linesize 135
SQL> col HOST for a15
SQL> col ACL for a45
SQL> SELECT host, lower_port, upper_port, acl  FROM   dba_network_acls;
HOST                     LOWER_PORT    UPPER_PORT     ACL
----------------------  -----------------  --------------- ---------------------------------------------
172.16.20.18           25                                             /sys/acls/utl_mail_test.xml

 If not then execute below query in SYS user-

begin
            dbms_network_acl_admin.assign_acl(
            acl  => 'utl_mail_test.xml',
            host => '172.16.20.18',
             lower_port  => 25,
            upper_port  => NULL
            );
            commit;
end;
/

Reason - In some error to fix the issue, the ACL is assigned as the actual address now: www.<host name>.com. Execute below query in SYS user.

begin
            dbms_network_acl_admin.assign_acl(
            acl  => 'utl_mail_test.xml',
            host => 'www.<host name>.com',
            lower_port  => NULL,
            upper_port  => NULL
              );
            commit;
end;
/

select sys.utl_http.request('http://www.<host name>.com') from dual;

<expected http pages>


Reason - There is no ACL configured for local wallet access. To resolve this also create an ACL for wallet access, execute below query in SYS user.

     begin
            dbms_network_acl_admin.create_acl (
            acl         => 'wallet_acl.xml',
            description => 'Wallet ACL',
            principal   => '<DB USER>',
            is_grant    => TRUE,
            privilege   => 'use-client-certificates');
  
            dbms_network_acl_admin.assign_wallet_acl(
            acl         => 'wallet_acl.xml',
            wallet_path =>’ /u01/wallet');
            end;
            /
      Commit;

Note: - It is also possible to add these privileges to an existing ACL, but using a separate XML context allows you to separate network access from wallet access.

 

Some more articles you might also be interested in :-

   Create and configure ACL in oracle database

   The common errors during ACL configuration

   Remove ACL and Privileges

 


Comments

Post a Comment

Popular posts from this blog

Remove ACL and privileges, Drop ACL in oracle

Image
  Remove ACL and privileges, Drop ACL in oracle See the Network and ACL assignments as below -                                    o    Unassign ACL           begin              dbms_network_acl_admin.unassign_acl(              acl   => 'utl_mail_test.xml',              host => '172.16.20.18',                lower_port   => 25,              upper_port   => NULL              );              commit;          end; ...
Read more

Create and configure ACL in oracle database, Network Access control list (ACL), smtp_out_server - SMTP outgoing mail server

Image
Create and configure ACL in oracle database, Network Access control list (ACL), smtp_out_server - SMTP outgoing mail server. Access control lists are created and manipulated using the DBMS_Network_ACL_Admin and DBMS_Network_ACL_Utility packages. ACLs are used to control access by users to external network services and resources from the database through PL/SQL network utility packages including UTL_TCP, UTL_HTTP, UTL_SMTP, UTL_MAIL and UTL_INADDR. Follow the below steps to configure ACL. o    Activate UTL_MAIL              Execute below query in SYS user.                SQL> @?/rdbms/admin/utlmail.sql                               Package created.                               Synonym created.    ...
Read more

Distributed transaction, Oracle Distributed Transactions, distributed transaction in oracle

Distributed transaction, Oracle Distributed Transactions, distributed transaction in oracle A distributed transaction modifies data related to two or more databases, it contains DML statements than span many nodes. For a distributed transaction to be successful all or none of the database nodes involved in the transaction need to commit or rollback the whole transaction. Note the difference between a distributed and a remote transaction; a remote transaction contains one or more DML statements that are executed on the SAME remote node, consider the examples below:- Example of Distributed transaction: insert into table@remotesite; insert into mytable: --local table commit;   Example of Remote transaction: insert into table@remotesite; commit;   Database links are used to communicate between the databases performing distributed transactions. In a distributed environment, it is fundamental that the global name of a database is unique in the network so that eac...
Read more