Maybe you've read my recent blog post on issues with using OCI Load Balancers in combination with E-Business Suite July 2023 security patches: https://promatis.com/de/e-business-suite-july-2023-cpu-breaks-oci-load-balancer-health-check/
Together with Oracle we found a better workaround than the one mentioned in my previous post. It is as simple as:
cp security2_conf_FMW.tmp custom/
Then in that template add the following line under the "#Host header validation" line:
SecRule REQUEST_URI ^/robots.txt$ phase:1,id:100018,nolog,pass,skip:3
This will allow to access the/robots.txt without the Host-Header validation and allows to use that file for a health check. The approach is an autoconfig-customization; the procedure itself is documented here: https://docs.oracle.com/cd/E26401_01/doc.122/e22953/T174296T589913.htm#T590009
Then with that you can change the health check back to:
I assume Oracle will soon deliver an official patch doing a similar thing.