APPLIES TO:
Oracle WebLogic Server – Version 10.3.6 to 10.3.6
Generic Linux
GOAL:
If there are a lot of webLogic domains to configure, this document provides an example to define connection filter settings using a custom wlst script.
SOLUTION:
Disclaimer: This is an EXAMPLE that worked for the purpose intended. Your use case may be different. This is a custom WLST script that is not intended to be supported by Oracle Support.
set.py
connect(‘<username>,<password>,t3://<ADMIN_IP>:<ADMIN_PORT>);
domainName='<DOMAIN_NAME>’;
edit()
startEdit()
cd (‘/SecurityConfiguration/’+domainName);
cmo.setConnectionLoggerEnabled(true)
cmo.setConnectionFilter(‘weblogic.security.net.ConnectionFilterImpl’)
set (‘ConnectionFilterRules’,jarray.array([\
String(‘<TARGET_IP> <LOCAL_IP> <LOCAL_PORT> allow t3 t3s’),\
String(‘<TARGET_HOST> <LOCAL_IP> <LOCAL_PORT> allow t3 t3s’),\
String(‘0.0.0.0/0 * * deny t3 t3s’)], String));
save()
activate()
exit();
$ cd <DOMAIN_NAME>/bin
$ source ./setDomainENV.sh
$ java weblogic.WLST ./set.py
To check settings in WLS console:
WLS out log:
Accepted Connection:
<Info> <Socket> <BEA-000431> <Accepted Connection: Filtering is set to: “true” Remote Address: “/<REMOTE_IP>” Remote Port: “<REMOTE_PORT>” Local Address: “/<LOCAL_IP>” Local Port: “<LOCAL_PORT>” Protocol: “t3”>
Connection rejected:
<Notice> <Socket> <BEA-000445> <Connection rejected, filter blocked Socket[addr=<REMOTE_IP>,port=<REMOTE_PORT>,localport=<LOCAL_PORT>], weblogic.security.net.FilterException: [Security:090220]rule 3>
