Connect to Oracle using HTTP tunneling

You can use HTTP tunneling to connect the ODBC driver to an Oracle database when direct access is restricted, such as when the database server is behind a firewall or when data is transmitted over a public network.

HTTP tunneling creates a network link between the remote client (such as a user’s computer) and the Oracle database server. If needed, a proxy server can act an intermediary.

When the Oracle server is behind a firewall, the client can’t connect directly to the database port. If the firewall allows HTTP connections, the ODBC driver can establish a connection using a web server configured for HTTP tunneling. The driver supports tunneling through a PHP script.

A common scenario for HTTP tunneling is remote access to a website’s database when only HTTP traffic (typically on port 80) is allowed. In this case, you can deploy the tunnel.php script (provided with the driver) to the web server. The script enables access to the database server through an HTTP tunnel.

The script must be accessible via HTTP. To verify this, open the script URL in a web browser. The script file location: C:\Program Files (x86)\Devart\ODBC\Oracle\http\tunnel.php.

The web server must support PHP version 5 or later.

Configure HTTP tunneling

1. Open ODBC Data Source Administrator, select your DSN, and click Configure.

2. Select Security Settings > HTTP and HTTPS Options.

3. Select Use HTTP and HTTPS.

4. Fill out the fields with the connection details:

• URL – The URL of the PHP script used for tunneling.
• Authentication Type – The HTTP authentication type for accessing the protected directory containing the tunneling script: Basic or Bearer Token.
• User Name – For Basic authentication, the username for the protected directory containing the tunneling script.
• Password – For Basic authentication, the password for the protected directory containing the tunneling script.
• HTTP Token – For Bearer Token authentication, the token used to access the protected directory containing the tunneling script.

5. Optional: To skip verifying the server certificate during an SSL handshake, select Trust Server Certificate.

HTTP tunneling options

Sample connection string (HTTP tunneling)

DRIVER=Devart ODBC Driver for Oracle;Direct=True;Host=myHost;Service Name=myServiceName;User ID=myUsername;Password=myPassword;Use Http=True;Url=https://host/folder/tunnel.php;Http User Name=myHttpUsername;Http Password=myHttpPassword

Use a proxy server

If the HTTP tunneling server isn’t directly accessible from the client, configure proxy server settings in addition to enabling HTTP tunneling.

1. Open ODBC Data Source Administrator, select your DSN, and click Configure.

2. Select Security Settings > HTTP and HTTPS Options.

3. Under Proxy Options, fill out the fields with the proxy server details:

• Host Name – The hostname or IP address of the proxy server.
• Port – The port used by the proxy server.
• User Name – The username for proxy authentication.
• Password – The password for proxy authentication.

Proxy options

Sample connection string (HTTP tunneling with a proxy)

DRIVER=Devart ODBC Driver for Oracle;Direct=True;Host=myHost;Service Name=myServiceName;User ID=myUsername;Password=myPassword;Use Http=True;Url=https://host/folder/tunnel.php;Http User Name=myHttpUsername;Http Password=myHttpPassword;Proxy Host Name=myProxyHost;Proxy Port=myProxyPort;Proxy User Name=myProxyUsername;Proxy Password=myProxyPassword

Alternative

An alternative tunneling method is SSH forwarding. However, SSH is primarily designed to encrypt traffic rather than bypass firewalls. For configuration instructions, see Connect to Oracle using SSH.

Tip

Tunneling or encryption increases CPU and bandwidth usage. For better performance, use a direct connection whenever possible.