By default, anybody can view the showjobs within the rwservlet. The showjobs page shows a list of all of the reports that were run on the specific reports server (see example below):
If you do not want unauthorized users from viewing this page, and you only wish to have users from a specific IP address to view this, you can control who can view the showjobs page within OHS. You can do so by following the steps below:
1. Go to %ORACLE_INSTANCE%\config\OHS\ohs1\moduleconf ($ORACLE_INSTANCE/config/OHS/ohs1/moduleconf) in Linux
2. Make a backup of reports_ohs.conf
3. Using either a text editor or EM FMW Control (Web Tier, right-click on ohs1, go to Administration –> Advanced Configuration, then select “reports_ohs.conf”), open up reports_ohs.conf.
4. Below the last </Location> tag, add the following:
<Location /reports/rwservlet/showjobs>
SetHandler weblogic-handler
WebLogicHost server.domain.com
WebLogicPort 9002
Order deny,allow
Deny from all
Allow from 10.1.1.10 server.domain.com
</Location>
NOTE: Edit the WebLogicHost with your PC/server name. Also, add the IP addresses or PC/server hostnames in the “Allow from” which will have access to the showjobs page. Separate each IP address or hostname with spaces.
5. If using a text editor, save and close the file. If you are using EM, click “Apply” to save all changes.
6. Restart OHS using either OPMNCTL or EM.
After configuring the steps above, only the PCs or servers in the “Allow from” line will be allowed to view the showjobs. Here is what happens when a PC not in the “Allow from” exceptions list tries to access the showjobs page:
NOTE: You are welcome to apply the same steps above for any of the other rwservlet commands such as showenv.
IMPORTANT: This security only works when using OHS. Using port 9002 will NOT have this restriction.
Source: Oracle Support note 261645.1