If you’re using an Autonomous Database Serverless (ADB-S) and attempting to call HTTP (not HTTPS) endpoints, encountering the ORA-01031 error is common. While your first step might be to check the Access Control List (ACL) or grant permissions to the user calling the package, this alone won’t resolve the issue. Here’s how to fix it:
From the Docs:
- Public Endpoints: Only HTTPS is allowed. HTTP connections are disallowed.
- Private Endpoints: Both HTTPS and HTTP_PROXY connections are permitted. HTTP connections remain disallowed for both public and private endpoints.
- Port Restrictions: For public endpoints, only port 443 is allowed. This restriction does not apply to private endpoints.
For more details, refer to the Oracle Documentation.
Solutions:
Adjust Your Application: Configure your application to expose the endpoint using the HTTPS protocol on port 443.
OR
Move to a Private Subnet (Recommended): Transition your Autonomous Database to a private subnet with a NAT Gateway and update the ACL accordingly.After moving the database to the private subnet and configuring routes to use the NAT Gateway, update the ROUTE_OUTBOUND_CONNECTIONS parameter:
- Enable Private Endpoint Routing:
ALTER DATABASE PROPERTY SET ROUTE_OUTBOUND_CONNECTIONS = ‘PRIVATE_ENDPOINT’;
- Disable Private Endpoint Routing(if you want to revert to default):
ALTER DATABASE PROPERTY SET ROUTE_OUTBOUND_CONNECTIONS = ”;
- Update the ACL (just an example):
begin
dbms_network_acl_admin.create_acl (
acl => 'acl_ai.xml',
description => 'Enable ACL to XYZ Host',
principal => 'USER_THAT_NEEDS_ACL',
is_grant => TRUE,
privilege => 'connect',
start_date => null,
end_date => null
);
dbms_network_acl_admin.add_privilege (
acl => 'acl_ai.xml',
principal => 'USER_THAT_NEEDS_ACL',
is_grant => TRUE,
privilege => 'resolve',
start_date => null,
end_date => null
);
dbms_network_acl_admin.assign_acl (
acl => 'acl_ai.xml',
host => '*.YOUR_DOMAIN',
lower_port => 80,
upper_port => 80
);
commit;
end;
/