Subscribe to Our Youtube Channel
Related Manuals for Oracle HTTP Server B12255-01
Summary of Contents for Oracle HTTP Server B12255-01
- Page 1 Oracle® HTTP Server Administrator’s Guide 10g Release 1 (10.1) Part No. B12255-01 December 2003...
- Page 2 The information contained in this document is subject to change without notice. If you find any problems in the documentation, please report them to us in writing. Oracle Corporation does not warrant that this document is error-free. Except as may be expressly permitted in your license agreement for these Programs, no part of these Programs may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Oracle Corporation.
-
Page 3: Table Of Contents
Oracle HTTP Server Modules ..................... 1-3 Oracle HTTP Server Support......................1-5 Oracle HTTP Server Management ....................1-6 Starting, Stopping, and Restarting Oracle HTTP Server ............1-6 Starting Oracle HTTP Server....................... 1-6 Stopping Oracle HTTP Server ....................1-7 Restarting Oracle HTTP Server ....................1-7 Oracle HTTP Server Concepts Understanding Oracle HTTP Server Directory Structure............ - Page 4 ServerSignature ..........................3-3 ServerTokens ..........................3-3 ServerAlias............................. 3-3 Specifying File Locations ........................3-4 CoreDumpDirectory........................3-4 DocumentRoot ..........................3-4 ErrorLog ............................3-5 LockFile ............................3-5 PidFile............................. 3-5 ScoreBoardFile..........................3-5 ServerRoot............................3-6 Managing Server Processes Oracle HTTP Server Processing Model ..................4-2...
- Page 5 Running Oracle HTTP Server as Root ..................4-2 Additional Security Considerations ..................4-3 Handling Server Processes........................ 4-4 ServerType............................. 4-4 Group ............................. 4-4 User..............................4-4 Limiting the Number of Processes and Connections ..............4-5 StartServers............................ 4-5 ThreadsPerChild........................... 4-5 MaxClients............................. 4-5 MaxRequestsPerChild........................4-6 MaxSpareServers ..........................
- Page 6 PID File ............................6-8 Piped Log ............................6-8 Rewrite Log............................ 6-9 Script Log ............................6-9 SSL Log............................6-9 Transfer Log........................... 6-9 Oracle HTTP Server Modules List of Modules............................ 7-2 mod_access ............................7-3 mod_actions ............................7-3 mod_alias.............................. 7-3 mod_asis ............................... 7-3 mod_auth ..............................
- Page 7 mod_headers............................7-10 mod_imap............................7-10 mod_include ............................7-10 mod_info............................. 7-11 mod_isapi ............................7-11 mod_log_agent ..........................7-11 mod_log_config ..........................7-11 mod_log_referer ..........................7-11 mod_mime............................7-12 mod_mime_magic..........................7-12 mod_mmap_static ..........................7-12 mod_negotiation ..........................7-12 mod_onsint............................7-13 Benefits of mod_onsint ......................7-13 Implementation Differences for mod_onsint ................. 7-14 mod_ossl .............................
- Page 8 User Authentication and Authorization..................8-9 Using mod_auth to Authenticate Users ................8-9 Using mod_ossl to Authenticate Users ................8-10 Enabling SSL......................... 8-10 Security Services Implemented Within Oracle HTTP Server ..........8-12 Using mod_ossl........................... 8-12 Using mod_ossl Directives....................8-13 Using mod_proxy Directives ..................... 8-30 Using mod_ossl Directives to Configure Client Authentication ........
- Page 9 Sending Proxy Sensitive Requests to Oracle HTTP Server Behind a Firewall ....9-3 Oracle HTTP Server Version Number..................9-3 Apache v2.0 Support with Oracle Database, 10g Release 1 (10.1) ......... 9-3 Applying Apache Security patches to Oracle HTTP Server........... 9-3 Supporting PHP..........................
- Page 10 mod_perl 1.26 License....................... B-10 Perl Artistic License........................B-11 Preamble ..........................B-11 Definitions ........................... B-12 mod_dav............................. B-15 FastCGI .............................. B-17 FastCGI Developer’s Kit License ..................... B-17 Module mod_fastcgi License....................B-18 Jaxen..............................B-20 The Jaxen Software License ...................... B-20 Expat ..............................B-22 Expat License..........................
-
Page 11: Send Us Your Comments
Oracle HTTP Server Administrator’s Guide, 10g Release 1 (10.1) Part No. B12255-01 Oracle Corporation welcomes your comments and suggestions on the quality and usefulness of this document. Your input is an important part of the information used for revision. Did you find any errors? -
Page 13: Preface
Preface This guide describes how to administer the Oracle HTTP Server. This preface contains these topics: Intended Audience Documentation Accessibility Organization Related Documentation Conventions xiii... -
Page 14: Intended Audience
Accessibility of Links to External Web Sites in Documentation documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control. Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites. -
Page 15: Organization
Chapter 1, "Oracle HTTP Server Overview" This chapter describes the Oracle HTTP Server, highlighting the differences between the Oracle distribution and the open source Apache product on which it is based. It also explains how to start, stop and restart the server. -
Page 16: Related Documentation
Chapter 9, "Frequently Asked Questions" This chapter provides answers to frequently asked questions about Oracle HTTP Server. Chapter A, "Oracle HTTP Server Configuration Files" This appendix lists commonly used Oracle HTTP Server configuration files. Chapter B, "Third Party Licenses" This appendix includes the Third Party License for all the third party products included with Oracle Database. -
Page 17: Conventions
Conventions This section describes the conventions used in the text and code examples of this documentation set. It describes: Conventions in Text Conventions in Code Examples Conventions for Windows Operating Systems Conventions in Text We use various conventions in text to help you more quickly identify special terms. The following table describes those conventions and provides examples of their use. - Page 18 Back up the datafiles and control files in the font names, net service names, and connect /disk1/oracle/dbs directory. identifiers, as well as user-supplied The department_id, department_name, database objects and structures, column and location_id columns are in the names, packages and classes, usernames hr.departments table.
- Page 19 Convention Meaning Example Horizontal ellipsis points indicate either: CREATE TABLE ... AS subquery; That we have omitted parts of the code that are not directly related to SELECT col1, col2, ... , coln FROM the example employees; That you can repeat a portion of the code Vertical ellipsis points indicate that we SQL>...
- Page 20 Example Choose Start > How to start a program. To start the Database Configuration Assistant, choose Start > Programs > Oracle - HOME_ NAME > Configuration and Migration Tools > Database Configuration Assistant. File and directory File and directory names are not case c:\winnt"\"system32 is the same as...
- Page 21 All subdirectories are not under a top level ORACLE_HOME directory. There is a top level directory called ORACLE_BASE that by default is C:\oracle. If you install the latest Oracle release on a computer with no other Oracle software installed, then the default setting for the first Oracle home directory is...
- Page 22 xxii...
-
Page 23: Oracle Http Server Overview
Oracle HTTP Server Overview This chapter describes the Oracle HTTP Server, highlighting the differences between the Oracle distribution and the open source Apache product on which it is based. It also explains how to start, stop and restart the server. -
Page 24: Oracle Http Server Features
Oracle HTTP Server Features Oracle HTTP Server Features Oracle HTTP Server is the Web server component of Oracle Database. It is based on Apache HTTP Server, version 1.3.28. It is a robust, reliable Web server, preconfigured to do the following:... -
Page 25: Oracle Http Server Components
These components provide the extensive list of features that Oracle HTTP Server offers when handling client requests. Following are the major components: HTTP Listener: Oracle HTTP Server is based on an Apache HTTP listener to serve client requests. An HTTP server listener handles incoming requests and routes them to the appropriate processing utility. - Page 26 Oracle HTTP Server Components Table 1–1 Oracle HTTP Server Modules (Cont.) Module Oracle Support Notes mod_auth_db Disabled. Not shipped by Oracle. mod_auth_dbm mod_auth_digest Disabled. Experimental MD5 authentication; not shipped by Oracle. mod_autoindex mod_cern_meta mod_certheaders mod_cgi mod_define UNIX systems only. mod_digest...
-
Page 27: Oracle Http Server Support
Oracle HTTP Server Support Oracle provides technical support for the following Oracle HTTP Server features and conditions: Modules included in the Oracle distribution, except as noted in the table in Table 1–1, "Oracle HTTP Server Modules". Modules from any other source, including the Apache Software Foundation, are not supported by Oracle. -
Page 28: Oracle Http Server Management
Starting, Stopping, and Restarting Oracle HTTP Server Oracle HTTP Server is managed by Oracle Process Manager and Notification Server (OPMN). You must always use the opmnctl utility to start, stop and restart Oracle HTTP Server. Otherwise, the configuration management infrastructure cannot detect or communicate with the Oracle HTTP Server processes, and problems may occur. -
Page 29: Stopping Oracle Http Server
Restarting Oracle HTTP Server Restarting Oracle HTTP Server performs a graceful restart, which is invisible to clients. In a graceful restart, on UNIX, a USR1 signal is sent. When the process receives this signal, it tells the children to exit after processing the current request. - Page 30 Starting, Stopping, and Restarting Oracle HTTP Server 1-8 Oracle HTTP Server Administrator’s Guide...
-
Page 31: Oracle Http Server Concepts
Oracle HTTP Server Concepts This chapter introduces you to the Oracle HTTP Server directory structure, and configuration files, configuration file syntax, modules, and directives. Topics discussed are: Understanding Oracle HTTP Server Directory Structure Accessing Configuration Files Configuration Files Syntax Understanding Modules... -
Page 32: Understanding Oracle Http Server Directory Structure
A-1 Configuration Files Syntax Oracle HTTP Server contains one directive for each line. The back-slash “\” can be used as the last character on a line to indicate that the directive continues onto the next line. There must be no other characters or white space between the back-slash and the end of the line. -
Page 33: Understanding Modules
Classes of Directives Understanding Modules Oracle HTTP Server is a modular server. Modules extend the basic functionality of the Web server, and support integration between Oracle HTTP Server and other Oracle Database components. Oracle HTTP Server includes Apache modules as well as Oracle HTTP Server modules. -
Page 34: Scope Of Directives
It is important to note that <Directory /> operated on the whole file system, where as <Directory dir> refers to absolute directories. <Directory> containers cannot be nested inside each other, but can refer to directories in the document root that are nested. 2-4 Oracle HTTP Server Administrator’s Guide... -
Page 35: Directorymatch
<Location> sections are processed in the order that they appear in the configuration file, after the <Directory> sections and .htaccess files are read, and after the sections. <Location> accepts wildcard directories and <Files> regular expressions with the tilde character. Oracle HTTP Server Concepts 2-5... -
Page 36: Locationmatch
Generally, <Limit> should not be used unless needed. It is useful only for restricting directives to particular methods. <Limit> is frequently used with other containers, and it is contained in any of them. <LimitExcept> Restrict access controls to all HTTP methods except the named ones. 2-6 Oracle HTTP Server Administrator’s Guide... -
Page 37: Virtualhost
Each virtual host can have its own name, IP address, and error and access logs. Within a <VirtualHost> container, you can set up a large number of individual servers run by a single invocation of the Oracle HTTP Server. With virtual hosting, you can specify a replacement set of the server-level configuration directives that define the main host, and are not allowed in any other container. - Page 38 About .htaccess Files 2-8 Oracle HTTP Server Administrator’s Guide...
-
Page 39: Specifying Server And File Locations
Specifying Server and File Locations This chapter explains how to set Oracle HTTP Server and server administrator options, and specifies file locations. Topics discussed are: Setting Server and Administrator Functions Specifying File Locations Documentation from the Apache Software Foundation is referenced when applicable. -
Page 40: Setting Server And Administrator Functions
Setting Server and Administrator Functions Setting Server and Administrator Functions The following set basic Oracle HTTP Server and administrator functions. They are located in the “Main Server Configuration” portion of the file. httpd.conf "httpd.conf File Structure" on page A-2 See Also:... -
Page 41: Serveradmin
Setting Server and Administrator Functions ServerAdmin Creates an email address that is included with every default error message that clients encounter. It is useful to create a separate email address for this. “ServerAdmin directive” in the Apache Server See Also: documentation. -
Page 42: Specifying File Locations
Sets the directory from which httpd serves files. Unless matched by a directive like Alias, the server appends the path from the requested URL to the document root to make the path to the document for static content. “DocumentRoot directive” in the Apache Server See Also: documentation. 3-4 Oracle HTTP Server Administrator’s Guide... -
Page 43: Errorlog
To verify if your architecture requires a scoreboard file, run Oracle HTTP Server and see if it creates the file named by the directive. If your architecture requires it then you must ensure that this file is not used at the same time by more than one invocation of the server. -
Page 44: Serverroot
Specifies the directory that contains the conf and logs subdirectories. If the server is started with the -f option, then you will have to specify ServerRoot. “ServerRoot directive” in the Apache Server See Also: documentation. 3-6 Oracle HTTP Server Administrator’s Guide... -
Page 45: Managing Server Processes
Managing Server Processes This chapter provides an overview of the Oracle HTTP Server processes, and provides information on how to regulate, and monitor these processes. Topics discussed are: Oracle HTTP Server Processing Model Handling Server Processes Limiting the Number of Processes and Connections... -
Page 46: Oracle Http Server Processing Model
Oracle HTTP Server Processing Model Oracle HTTP Server Processing Model Once Oracle HTTP Server is started, the system is ready to listen for and respond to http(s) requests. The request processing model is different on UNIX and Windows. After installation, the main httpd parent process, as well as the child processes, run as the user who installed Oracle Database. -
Page 47: Additional Security Considerations
ORACLE_HOME\Apache\modplsql\cache on Windows. Finally, given that the cached content might contain sensitive data, the final contents of the file-system cache should be protected. So, although Oracle HTTP Server might run as “nobody”, access to the system as this user should be well-protected. -
Page 48: Handling Server Processes
It is recommended that you set up a new user for running the server. This is applicable to UNIX only. “User directive” in the Apache Server documentation. See Also: 4-4 Oracle HTTP Server Administrator’s Guide... -
Page 49: Limiting The Number Of Processes And Connections
MaxClients MaxRequestsPerChild MaxSpareServers MinSpareServers StartServers Sets the number of child server processes created when Oracle HTTP Server is started. The default is set at 5. This is applicable to UNIX only. “StartServers directive” in the Apache Server See Also: documentation. -
Page 50: Maxrequestsperchild
The default is set at 5. This is applicable to UNIX only. “MinSpareServers directive” in the Apache Server See Also: documentation. 4-6 Oracle HTTP Server Administrator’s Guide... -
Page 51: Getting Information About Processes
Getting Information about Processes Getting Information about Processes There are several ways to monitor Oracle HTTP Server processes. Use the performance monitor on Windows, or the ps utility on UNIX. Oracle Application Server 10g Performance Guide and your See Also: operating system documentation for more information. - Page 52 Getting Information about Processes 4-8 Oracle HTTP Server Administrator’s Guide...
-
Page 53: Managing The Network Connection
Readers using this guide in PDF or hard copy formats will Note: be unable to access third-party documentation, which Oracle provides in HTML format only. To access the third-party documentation referenced in this guide, use the HTML version of this guide and click the hyperlinks. -
Page 54: Specifying Listener Ports And Addresses
Specifying Listener Ports and Addresses Specifying Listener Ports and Addresses When Oracle HTTP Server is started, by default, it listens for requests on port 7777 (non-SSL). If port 7777 is occupied, Oracle HTTP Server listens on the next available port number between a range of 7777-7877. Thus, if port 7777 is busy, it would listen on port 7778, and so on. -
Page 55: Bindaddress
Then, you can set Port to be the port that is being used by the front end server, and Listen to the port that Oracle HTTP Server is actually listening to. By doing this, redirects or other URLs generated by Oracle HTTP Server point to the front-end server rather than directly to Oracle HTTP Server. -
Page 56: Managing Interaction Between Server And Network
The amount of time between receipt of TCP packets on a POST or PUT request. The amount of time between ACKs on transmissions of TCP packets in responses. The default is set at 300 seconds. “TimeOut directive” in the Apache Server See Also: documentation. 5-4 Oracle HTTP Server Administrator’s Guide... -
Page 57: Managing Connection Persistence
file. httpd.conf KeepAlive KeepAliveTimeout MaxKeepAliveRequests See Also: Oracle Application Server 10g Performance Guide "httpd.conf File Structure" on page A-2 KeepAlive Enables a single connection to accept multiple requests from the same client. The default is set to “On”. “KeepAlive directive” in the Apache Server See Also: documentation. -
Page 58: Configuring Reverse Proxies And Load Balancers
Configuring Reverse Proxies and Load Balancers Configuring Reverse Proxies and Load Balancers By default, Oracle Database installs using the local hostname as set up by directive in Oracle HTTP Server. Most Web sites tend to have a ServerName specific hostname or domain name for their Web server. However, this is not possible out of the box because with the ServerName directive, Oracle HTTP Server is instantiated with the local host. - Page 59 Configuring Reverse Proxies and Load Balancers "Running Oracle HTTP Server as Root" on page 4-2 for See Also: instructions on running Oracle HTTP Server with ports lesser than 1024. Managing the Network Connection 5-7...
- Page 60 Configuring Reverse Proxies and Load Balancers 5-8 Oracle HTTP Server Administrator’s Guide...
-
Page 61: Configuring And Using Server Logs
Configuring and Using Server Logs This chapter discusses Oracle Diagnostic Logging, log formats, and describes various log files and their locations. Topics discussed are: Using Oracle Diagnostic Logging Specifying Log Formats Specifying Log Level Specifying Log Files Documentation from the Apache Software Foundation is referenced when applicable. -
Page 62: Using Oracle Diagnostic Logging
Oracle Diagnostic Logging. Overview Oracle HTTP Server enables you to choose the format in which you want to generate log messages. You can either continue to generate log messages in the legacy Apache message format, or generate log messages using ODL, which complies with the new Oracle-wide standards for generating log messages. - Page 63 Using Oracle Diagnostic Logging OraLogSeverity [module_name <msg_type>[:msg_level] Enables you to set message severity. The message severity specified with this directives is interpreted as the lowest message severity that is desired, and all messages of that severity level and higher will be logged. OraLogSeverity may be specified multiple times.
- Page 64 If a message level is not specified, then the level defaults to the lowest severity. If the entire directive is omitted, then the value of the global Apache LogLevel directive is used and translated to the corresponding Oracle message type and the lowest level within the corresponding range, as listed in Table 6–2:...
-
Page 65: Specifying Log Formats
OraLogDir <bus stop dir> Specifies the path to the directory which contains all log files. This directory must exit. Default: UNIX: ORACLE_HOME/Apache/Apache/logs/oracle Windows: ORACLE_HOME\Apache\Apache\logs\oracle Specifying Log Formats LogFormat specifies the information included in the log file, and the manner in which it is written. -
Page 66: Specifying Log Level
Informational messages that “Server seems busy, (you may need to Information describe possible problems and increase StartServers, or possible solutions to those Min/MaxSpareServers)...” problems. Debug-level messages. “Opening config file...” Debug 6-6 Oracle HTTP Server Administrator’s Guide... -
Page 67: Specifying Log Files
Specifying Log Files Specifying Log Files The log files are discussed in the subsequent sections: Access Log CustomLog Error Log PID File Piped Log Rewrite Log Script Log SSL Log Transfer Log It is important to periodically rotate the log files by moving or deleting existing logs on a moderately busy server. -
Page 68: Error Log
See Also: Piped Log Oracle HTTP Server is capable of writing error and access log files through a pipe to another process, rather than directly to file. This increases the flexibility of logging, without adding code to the main server. In order to write logs to a pipe, replace the file name with the pipe character “|”, followed by the name of the executable which... -
Page 69: Rewrite Log
“Script Log” in the Apache Server documentation. See Also: SSL Log When Oracle HTTP Server starts in SSL mode, it creates ssl_engine_log and ssl_request_log in UNIX: ORACLE_HOME/Apache/Apache/logs Windows: ORACLE_HOME\Apache\Apache\logs ssl_engine_log tracks SSL and protocol issues, where as ssl_request_log records user activity. - Page 70 Specifying Log Files 6-10 Oracle HTTP Server Administrator’s Guide...
-
Page 71: Oracle Http Server Modules
(mods) included in the Oracle HTTP Server. The modules extend the basic functionality of the Web server, and support integration between Oracle HTTP Server and other Oracle Database components. Documentation from the Apache Software Foundation is referenced when applicable. -
Page 72: List Of Modules
List of Modules List of Modules Table 7–1 lists all the Oracle HTTP Server modules discussed in this chapter. Table 7–1 Oracle HTTP Server Modules Oracle HTTP Server Modules mod_access mod_actions mod_alias mod_asis mod_auth mod_auth_anon mod_auth_db mod_auth_dbm mod_auth_digest mod_autoindex mod_cern_meta... -
Page 73: Mod_Access
Enables sending files that contain their own HTTP headers. It is not supported by Oracle. Module mod_asis” in the Apache Server See Also: documentation. mod_auth Enables user authentication with files based user lists. Module mod_auth in the Apache Server See Also: documentation. Oracle HTTP Server Modules 7-3... -
Page 74: Mod_Auth_Anon
Uses Berkeley DB files to provide user authentication. This module is disabled in the Oracle HTTP Server and is not supported by Oracle. mod_auth_dbm Uses DBM files to provide user authentication. This module is not supported by Oracle. -
Page 75: Mod_Certheaders
Oracle HTTP Server using HTTP headers. The information is transferred from the headers to the standard CGI environment variable, which mod_ossl or mod_ssl populates if the SSL connection is terminated by Oracle HTTP Server. It also enables certain requests to be treated as HTTPS requests even though they are received through HTTP. - Page 76 SSL_SERVER_S_DN_G SSL-Server-S-DN-G SSL_CLIENT_S_DN_S SSL-Client-S-DN-S SSL_SERVER_S_DN_S SSL-Server-S-DN-S SSL_CLIENT_S_DN_D SSL-Client-S-DN-D SSL_SERVER_S_DN_D SSL-Server-S-DN-D SSL_CLIENT_S_DN_UID SSL-Client-S-DN-Uid SSL_SERVER_S_DN_UID SSL-Server-S-DN-Uid SSL_CLIENT_S_DN_Email SSL-Client-S-DN-Email SSL_SERVER_S_DN_Email SSL-Server-S-DN-Email SSL_CLIENT_I_DN SSL-Client-I-DN SSL_SERVER_I_DN SSL-Server-I-DN SSL_CLIENT_I_DN_C SSL-Client-I-DN-C SSL_SERVER_I_DN_C SSL-Server-I-DN-C SSL_CLIENT_I_DN_ST SSL-Client-I-DN-ST SSL_SERVER_I_DN_ST SSL-Server-I-DN-ST SSL_CLIENT_I_DN_L SSL-Client-I-DN-L SSL_SERVER_I_DN_L SSL-Server-I-DN-L 7-6 Oracle HTTP Server Administrator’s Guide...
- Page 77 SSL-Client-A-Key SSL_SERVER_A_KEY SSL-Server-A-Key mod_certheaders can be used to instruct Oracle HTTP Server to treat certain requests as if they were received through HTTPS even though they were received through HTTP. This is useful when Oracle HTTP Server is front-ended by a reverse proxy or load balancer, which acts as a termination point for SSL requests, and forwards the requests to Oracle HTTP Server through HTTPS.
-
Page 78: Mod_Cgi
The Define directive has the status Extension, which means that it is not compiled into the server by default. This module requires the Extended API (EAPI). Oracle HTTP Server always has EAPI-enabled. This module is available on UNIX systems only. -
Page 79: Mod_Dir
Module mod_dir in the Apache Server documentation. See Also: mod_dms Enables you to monitor performance of site components with Oracle’s Dynamic Monitoring Service (DMS). Oracle Application Server 10g Performance Guide See Also: mod_env Enables you to control the environment for CGI scripts and SSI (Server Side Includes) pages by passing, setting, and unsetting environment variables. -
Page 80: Mod_Expires
Module mod_headers in the Apache Server See Also: documentation. mod_imap Enables server-side image map processing. This module is not supported by Oracle. mod_include Provides a filter that processes documents for SSI (Server Side Includes) directives. Module mod_include in the Apache Server See Also: documentation. -
Page 81: Mod_Info
Enables serving of Internet Server extensions (such as .dll modules). It is available on the Windows platform only, and is not supported by Oracle. mod_log_agent Enables logging of client user agents. It is deprecated; you should use mod_log_ instead of mod_log_agent. -
Page 82: Mod_Mime
Maps a list of files into memory, useful for frequently requested files that are not changed often. This module is not supported by Oracle. mod_negotiation Enables the server for content negotiation (selection of documents based on the client’s capabilities). -
Page 83: Mod_Onsint
first shutting down the child processes leaves Oracle HTTP Server in an inconsistent state that can only be fixed by manually killing all of the orphaned child processes. Until this is done, a new Oracle HTTP Server instance cannot be started since the orphaned child processes still occupy the ports Oracle HTTP Server wants to use. -
Page 84: Implementation Differences For Mod_Onsint
Server, Release 2 (9.0.2), other than the loading of the module. There is only an optional directive called OpmnHostPort that can be set. This directive enables you to specify a hostname and port that OPMN should use for pinging the Oracle HTTP Server instance that mod_onsint is running in. If OpmnHostPort is not specified, mod_onsint chooses an HTTP port automatically. -
Page 85: Mod_Ossl
This Oracle module enables strong cryptography for Oracle HTTP Server. It is a plug-in to Oracle HTTP Server that enables the server to use SSL. It is very similar to the OpenSSL module, mod_ssl. However, in contrast to the OpenSSL module, mod_ossl is based on the Oracle implementation of SSL, which supports SSL, version 3, and is based on Certicom and RSA Security technology. -
Page 86: Database Usage Notes
The following section contains information about using Perl to access the database. Perl scripts access databases using the DBI/DBD driver for Oracle. The DBI/DBD driver is part of Oracle Database. It calls Oracle Callable Interface (OCI) to access the databases. -
Page 87: Testing Database Connection
##### Perl script start ###### use DBI; print "Content-type: text/plain\n\n"; $dbh = DBI->connect("dbi:Oracle:", "scott/tiger", "") || die $DBI::errstr; $stmt = $dbh->prepare("select * from emp order by empno")|| die $DBI::errstr; $rc = $stmt->execute() || die $DBI::errstr; while (($empno, $name) = $stmt->fetchrow()) { print "$empno $name\n"; } warn $DBI::errstr if $DBI::err;... - Page 88 This release of DBD::Oracle supports SQL NCHAR datatypes and provides driver extension functions to specify the character form for data binding. The following script shows an example to access SQL NCHAR data: Example 7–3 Sample Script to Access SQLNCHAR Data # declare to use the constants for character forms use DBD::Oracle qw(:ora_forms);...
-
Page 89: Mod_Plsql
Example 7–5 Default Character Form for a Database Handle $dbh->func( ORA_NCHAR , 'set_default_form' ); mod_plsql This Oracle module connects the Oracle HTTP Server to an Oracle database, enabling you to create Web applications using Oracle stored procedures. In order to access a Web-enabled PL/SQL application, configure a PL/SQL Database Access Descriptor (DAD) for mod_plsql. -
Page 90: Creating A Dad
HTTP Server to enable mod_plsql to handle the request for the virtual path defined by the named Location SetHandler pls_handler Additional Oracle HTTP Server directives that are allowed in the context of a <Location> directive. Typically, the following directives are used: Order deny,allow... -
Page 91: Configuration Files
This file contains the LoadModule directive to load mod_plsql into Oracle HTTP Server, any global setting for mod_plsql, and include directives for dads.conf and cache.conf. This file is included by the Oracle HTTP Server configuration file ORACLE_HOME/Apache/Apache/conf/oracle_apache.conf on UNIX or ORACLE_HOME\Apache\Apache\conf\oracle_apache.conf on Windows,... -
Page 92: Dads.conf
They are discussed in detail in later sections. While specifying a value for a configuration parameter, follow Oracle HTTP Server conventions for specifying values. For instance, if a value has white spaces in it, enclose the value with double quotes. -
Page 93: Dads.conf
Table 7–3 mod_plsql Configuration Files and Parameters (Cont.) Configuration File Parameters dads.conf PlsqlAfterProcedure PlsqlAlwaysDescribeProcedure PlsqlAuthenticationMode PlsqlBeforeProcedure PlsqlBindBucketLengths PlsqlBindBucketWidths PlsqlCGIEnvironmentList PlsqlCompatibilityMode PlsqlDatabaseConnectString PlsqlDatabasePassword PlsqlDatabaseUserName PlsqlDefaultPage PlsqlDocumentPath PlsqlDocumentPath PlsqlDocumentProcedure PlsqlDocumentTablename PlsqlErrorStyle PlsqlExclusionList PlsqlFetchBufferSize PlsqlInfoLogging PlsqlMaxRequestsPerSession PlsqlNLSLanguage PlsqlPathAlias PlsqlPathAliasProcedure PlsqlSessionCookieName PlsqlSesssionStateManagement PlsqlTransferMode PlsqlUploadAsLongRaw Oracle HTTP Server Modules 7-23... -
Page 94: Cache.conf
PlsqlCacheEnable PlsqlCacheMaxAge PlsqlCacheMaxSize PlsqlCacheTotalSize plsql.conf This file contains the LoadModule directive to load mod_plsql into the Oracle HTTP Server, global settings for mod_plsql, and include directives for dads.conf and cache.conf. Refer to plsql.README located in ORACLE_ Note: HOME/Apache/modplsql/conf for detailed description of plsql.conf. - Page 95 Windows: ORACLE_HOME\Apache\modplsql\logs as configured by PlsqlLogDirectory. This parameter should be set to “Off” unless recommended by Oracle support to debug problems with mod_plsql. To view more details about the internal processing of mod_plsql, set this directive to “On”. This causes mod_plsql to start logging for every request that is processed.
- Page 96 DAD Parameters This section describes all the DAD level parameters that can be specified in the dads.conf file. Besides these directives, you can also specify additional Oracle HTTP Server directives that can be specified in the context of a <Location> directive, such as:...
- Page 97 The following parameters are discussed in detail in the subsequent sections: PlsqlAfterProcedure PlsqlAlwaysDescribeProcedure PlsqlAuthenticationMode PlsqlBeforeProcedure PlsqlBindBucketLengths PlsqlBindBucketWidths PlsqlCGIEnvironmentList PlsqlCompatibilityMode PlsqlDatabaseConnectString PlsqlDatabasePassword PlsqlDatabaseUserName PlsqlDefaultPage PlsqlDocumentPath PlsqlDocumentProcedure PlsqlDocumentTablename PlsqlErrorStyle PlsqlExclusionList PlsqlFetchBufferSize PlsqlInfoLogging PlsqlMaxRequestsPerSession PlsqlNLSLanguage PlsqlPathAlias PlsqlPathAliasProcedure PlsqlSessionCookieName PlsqlSesssionStateManagement PlsqlTransferMode PlsqlUploadAsLongRaw Oracle HTTP Server Modules 7-27...
- Page 98 Value Syntax PlsqlAlwaysDescribeProcedure On/Off Default Example PlsqlAlwaysDescribeProcedure Off Notes: For all purposes, except for debugging, you should leave this parameter set to “Off”. In older versions of the product, this parameter was called always_desc. 7-28 Oracle HTTP Server Administrator’s Guide...
- Page 99 (GlobalOwa, CustomOwa, PerPackageOwa) are used by very few PL/SQL applications. The SingleSignOn mode is supported only for Oracle Application Server releases, and is used by Oracle Application Server Portal and Oracle Application Server Single Sign-On. If the DAD is not using the Basic authentication, then you must include a valid username/password in the DAD configuration.
- Page 100 PlsqlBindBucketLengths number of elements in a collection bind. While executing PL/SQL statements, the Oracle database maintains a cache of PL/SQL statements in the shared SQL area, and attempts to reuse the cached statement if the same statement is executed again. Oracle's matching criteria requires that the statement texts be identical, and that the bind variable data types match.
- Page 101 PlsqlBindBucketWidths number of elements in a collection bind. While executing PL/SQL statements, the Oracle database maintains a cache of PL/SQL statements in the shared SQL area, and attempts to reuse the cached statement if the same statement is executed again.
- Page 102 You can only specify one environment variable for each directive. You can add CGI environment variables from the Oracle HTTP Server environment by specifying the variable name. To remove a CGI environment variable, set it equal to nothing. To add your own name-value pair, use the syntax myname=myvalue.
- Page 103 PlsqlCompatibilityMode plsql. This parameter is supported only for Oracle Application Server releases, and is used when you are using mod_plsql with an older version of Oracle Application Server Portal. In such situations, if you are running mod_plsql against a pre-9.0.2 version of Oracle Application Server Portal, this should be set to 1.
- Page 104 Specifies the connection to an Oracle database. PlsqlDatabaseConnectString Category Value Syntax PlsqlDatabaseConnectString stringServiceNameFormat/SIDFormat/TNSFormat/NetServiceNameFormat, where string can be one of the following based on the second argument: ServiceNameFormat: HOST:PORT:SERVICE_NAME format where HOST is the hostname running the database, PORT is the port number the TNS listener is listening on, SERVICE_NAME is the database service name.
- Page 105 If the database is running in the same Oracle home, or the environment variable “TWO_TASK” is set (called “LOCAL” on Windows NT), this parameter need not be specified. If the database is running in a separate Oracle home, then this parameter is mandatory. If you have problems connecting to the database: Check the username and password information in the DAD.
- Page 106 DAD passwords are obfuscated by running the “dadTool.pl” script located in ORACLE_HOME/Apache/modplsql/conf. Following are the steps to obfuscate DAD passwords: If necessary, switch user to the Oracle software owner user, typically oracle using the following command: $su - oracle...
- Page 107 On Windows, include $ORACLE_HOME/bin in your PATH, for example: set PATH=%ORACLE_HOME%\bin;%PATH% Change directory to the mod_plsql configuration directory for the current release of Oracle HTTP Server: cd $ORACLE_HOME/Apache/modplsql/conf Invoke the following Perl script to obfuscate DAD password: perl dadTool.pl -o...
- Page 108 Example PlsqlDefaultPage myschema.mypackage.home Notes: You can also use Oracle HTTP Server Rewrite rules to achieve the same effect as you get by setting this configuration parameter. In older versions of the product, this parameter was called default_page. 7-38 Oracle HTTP Server Administrator’s Guide...
- Page 109 Notes: Omit this parameter for applications that do not perform document uploads or downloads. Oracle HTTP Server mod_plsql User’s Guide See Also: In older versions of the product, this parameter was called document_path. Specifies the procedure to call when a document PlsqlDocumentProcedure download is initiated.
- Page 110 ApacheStyle: This is the default mode. In this mode, mod_plsql indicates to Oracle HTTP Server the HTTP error that was encountered. Oracle HTTP Server then generates the error page. This can be used with the Oracle HTTP Server ErrorDocument directive to produce customized error messages.
- Page 111 If this parameter is overridden, the defaults are no longer in effect. In that case, you must explicitly add the default list to the list of excluded patterns. Category Value Syntax PlsqlExclusionList string multiline/#NONE# Default dbms_* utl_* owa_* owa.* htp.* htf.* Oracle HTTP Server Modules 7-41...
- Page 112 To add a pattern to the defaults, you must specify the default list with the pattern you have added (as in the example in the table). In older versions of the product, this parameter was called exclusion_list. Oracle HTTP Server mod_plsql User’s Guide for more See Also: information regarding security.
- Page 113 Apache’s “info” logging level. If the Apache’s logging level is not at least set to this high, this setting will be ignored. Category Value Syntax PlsqlInfoLogging InfoDebug Default Empty Example PlsqlInfoLogging InfoDebug This logging setting is useful for debugging problems in your PL/SQL application. Oracle HTTP Server Modules 7-43...
- Page 114 If the middle tier character set matches that of the database, then no alter session call is issued by mod_plsql. Category Value Syntax PlsqlNLSLanguage string Default None Example PlsqlNLSLanguage America_America.UTF8 7-44 Oracle HTTP Server Administrator’s Guide...
- Page 115 PlsqlPathAlias url Notes: For applications that do not use path aliasing,this parameter may be omitted. Oracle HTTP Server mod_plsql User’s Guide for more See Also: details about path aliasing functionality. In older versions of the product, this parameter was called pathalias.
- Page 116 In older versions of the product, this parameter was called pathaliasproc. Specifies the cookie name PlsqlSessionCookieName whenPlsqlAuthenticationMode is set to SingleSignOn. This parameter is supported only for Oracle Application Server releases, and is used by the Oracle Application Server Portal and Oracle Application Server Single Sign-On. Category Value Syntax...
- Page 117 PlsqlSessionStateManagement StatelessWithResetPackageState Notes: In older versions of the product, this configuration parameter was called stateful. An older value of stateful=no or stateful=STATELESS_RESET corresponds to PlsqlSessionStateManagement StatelessWithResetPackageState. An older value of stateful=STATELESS_FAST_RESET corresponds to PlsqlSessionStateManagement StatelessWithFastResetPackageState. Oracle HTTP Server Modules 7-47...
- Page 118 file extensions for field. A value of '*' in this field causes all documents to be uploaded as LONGRAW. Category Value Syntax PlsqlUploadAsLongRaw string multiline Default None Example PlsqlUploadAsLongRaw jpg, PlsqlUploadAsLongRaw gif 7-48 Oracle HTTP Server Administrator’s Guide...
- Page 119 Notes: For applications that do not do document uploads or downloads, this parameter may be omitted. Oracle HTTP Server mod_plsql User’s Guide for more See Also: details about upload and download processes and the structure of the restrictions on the document table format.
- Page 120 Specifies the directory where cache files are written out by PlsqlCacheDirectory mod_plsql. This directory must exist or else Oracle HTTP Server will not start. On UNIX, this directory must have write permissions by the owner of the child httpd processes.
- Page 121 This setting is to ensure that the cache system does not contain old content. This setting removes old cache files and makes space for new ones. Category Value Syntax PlsqlCacheMaxAge <number> Default 30 (30 days) Example PlsqlCacheMaxAge 30 Oracle HTTP Server Modules 7-51...
- Page 122 10 megabytes = 10485760 bytes Category Value Syntax PlsqlCacheTotalSize <number> Default 20971520 (20 MB) Example PlsqlCacheTotalSize 20971520 In older versions, this parameter was called “total_size” and resided in the “[PLSQL Cache]” section of ORACLE_ HOME/Apache/modplsql/cfg/cache/cfg. 7-52 Oracle HTTP Server Administrator’s Guide...
-
Page 123: Mod_Proxy
8-30 mod_rewrite Oracle HTTP Server provides mod_rewrite as a tool for URL manipulation. A rewriting engine based on a regular-expression parser is used by mod_rewrite to rewrite requested URLs. The granularity of URL manipulations can be affected by the formats of server variables, environment variables, HTTP headers, and time stamps. - Page 124 You can work around the problem by making sure that rules will capture more than one slash (/). To fix the earlier example, you should use this replacement: RewriteRule ^/+somepath(.*) /otherpath$1 [R] 7-54 Oracle HTTP Server Administrator’s Guide...
-
Page 125: Mod_Rewrite Directives
/dev/null to prevent logging. This can slow down the server with no advantage. RewriteLogLevel Sets the verbosity level of the rewriting log file. The default level 0 means no logging, while 9 or more means that practically all actions are logged. Oracle HTTP Server Modules 7-55... - Page 126 ## /abc/def/.htaccess - - per-dir config file for directory /abc/def # /abc/def is the physical path of /xyz, RewriteEngine On RewriteBase /xyz RewriteRule ^oldstuff\.html$ newstuff.html Example 7–6, a request to /xyz/oldstuff.html gets correctly rewritten to the physical file /abc/def/newstff.html. 7-56 Oracle HTTP Server Administrator’s Guide...
-
Page 127: Rewrite Rules Hints
“.” works form one character only. To enable redirection of all URLs beginning with “demo”, irrespective of subsequent characters, use the rewrite rule as follows: RewriteRule ^/demo* /alldemos [R, NC] In the preceding example, ^ means the beginning, * means any character after demo. Oracle HTTP Server Modules 7-57... -
Page 128: Redirection Examples
In each of these cases, you should ensure that the requested resources are indeed available in the redirected location. The mod_rewrite module does not ensure the existence of the requested resource in the new location. 7-58 Oracle HTTP Server Administrator’s Guide... -
Page 129: Mod_Setenvif
This module attempts to correct misspelled or miscapitalized URLs. Module mod_speling in the Apache Server See Also: documentation. mod_status This module displays an HTML page of server activity and performance. Module mod_status in the Apache Server See Also: documentation. Oracle HTTP Server Modules 7-59... -
Page 130: Mod_Unique_Id
This module tracks user activity by creating a log. Module mod_usertrack in the Apache Server See Also: documentation. mod_vhost_alias This module enables dynamically configured mass virtual hosting. Module mod_vhost_alias in the Apache Server See Also: documentation. 7-60 Oracle HTTP Server Administrator’s Guide... -
Page 131: Managing Security
Managing Security This chapter provides an overview of Oracle HTTP Server security features and configuration information for setting up a secure Web site using them. Topics discussed are: About Oracle HTTP Server Security Classes of Users and Their Privileges Resources Protected... -
Page 132: About Oracle Http Server Security
About Oracle HTTP Server Security Security can be organized into the three categories of authentication, authorization, and confidentiality. Oracle HTTP Server provides support for all three of these categories. It is based on the Apache Web server, and its security infrastructure is... -
Page 133: Classes Of Users And Their Privileges
Resources Protected Classes of Users and Their Privileges Oracle HTTP Server authorizes and authenticates users before allowing them to access, or modify resources on the server. Following are two classes of users that access the server using Oracle HTTP Server, and their privileges. -
Page 134: Authentication And Authorization Enforcement
Authentication and Authorization Enforcement Authentication and Authorization Enforcement Oracle HTTP Server provides user authentication and authorization at two stages: Host-based Access Control (stage one): This is based on the details of the incoming HTTP request and its headers, such as IP addresses or host names. -
Page 135: Access Control For Virtual Hosts
Authentication and Authorization Enforcement If you want to match objects at the file system level, then you must use <Directory> or <Files>. If you want to match objects at the URL level, then you must use <Location>. Allowing or restricting access based on a host name for Note: Internet access is not considered a very good method of providing security, because host names are easy to spoof. -
Page 136: Using Mod_Access And Mod_Setenvif For Host-Based Access Control
Authentication and Authorization Enforcement Using mod_access and mod_setenvif for Host-based Access Control Using host-based access control schemes, you can control access to restricted areas based on where HTTP requests originate. Oracle HTTP Server uses mod_access to perform host-based access control. mod_access provides... - Page 137 Authentication and Authorization Enforcement Controlling Access by Domain Name Domain name-based access control can be used with IP address-based access control to solve the problem of IP addresses changing without warning. When you combine these methods, if an IP address changes, then the secure areas of your site are still protected because the domain names you want to keep out will still be denied access.
- Page 138 HTTP version 1.0 or earlier, then use the syntax shown in Example 8–7: Example 8–7 Controlling Access with SetEnv SetEnvIf Request_Protocol ^HTTP/1.1 http_11_ok <Directory /http1.1only/> order deny,allow deny from all allow from env=http_11_ok </Directory> "Scope of Directives" on page 2-4 See Also: 8-8 Oracle HTTP Server Administrator’s Guide...
-
Page 139: User Authentication And Authorization
User Authentication and Authorization Basic authentication prompts for a user name and password before serving an HTTP request. When a browser requests a page from a protected area, Oracle HTTP Server responds with an unauthorized message (status code 401) containing a WWW-Authenticate: header and the name of the realm configured by the... -
Page 140: Using Mod_Ossl To Authenticate Users
HTTPS uses the URL scheme https:// rather than http://, and its default communication port is 4443. mod_ossl is a plug-in to Oracle HTTP Server that enables the server to use SSL. mod_ossl replaces mod_ssl in the Oracle HTTP Server distribution. Oracle no longer supports mod_ssl. - Page 141 You can verify if SSL was enabled successfully by navigating to the SSL port, for example: HTTPS://hostname:4443 The preceding steps enable SSL for Oracle HTTP Server Note: using a default insecure certificate. To achieve completely secure SSL communication with Oracle HTTP Server, obtain and configure a real certificate within mod_ossl.
-
Page 142: Security Services Implemented Within Oracle Http Server
HTTPS protocol connections to Oracle Database. It enables secure connections between Oracle HTTP Server and a browser client by using an Oracle-provided encryption mechanism over SSL. It may also be used for authentication over the Internet through the use of digital certificate technology. -
Page 143: Using Mod_Ossl Directives
The server will not start if these directives are used. Caution: Using mod_ossl Directives To configure SSL for your Oracle HTTP Server, enter the mod_ossl directives you want to use in the httpd.conf file. The following directive are described in subsequent sections:... - Page 144 Security Services Implemented Within Oracle HTTP Server SSLSessionCacheTimeout SSLVerifyClient SSLWallet SSLWalletPassword Specifies if SSL accelerator is used. Currently only nFast card is SSLAccelerator supported. Category Value Valid Values yes/no Syntax SSLAccelerator yes|no Default SSLAccelerator no Context server configuration Specifies the file where you can assemble the Certificate SSLCARevocationFile Revocation Lists (CRLs) from CAs (Certificate Authorities) that you accept...
- Page 145 Security Services Implemented Within Oracle HTTP Server Specifies the directory where PEM-encoded Certificate SSLCARevocationPath Revocation Lists (CRLs) are stored. These CRLs come from the CAs (Certificate Authorities) that you accept certificates from. If a client attempts to authenticate itself with a certificate that is on one of these CRLs, then the certificate is revoked and the client cannot authenticate itself with your server.
- Page 146 Aliases All ciphers using Diffie-Hellman key exchange There are restrictions if export versions of browsers are Note: used. Oracle module, mod_ossl, supports RC4-40 encryption only when the server uses 512 bit key size wallets. 8-16 Oracle HTTP Server Administrator’s Guide...
- Page 147 Security Services Implemented Within Oracle HTTP Server Table 8–4 Cipher Suites Supported in Oracle Advanced Security 9i Data Cipher Suite Authentication Encryption Integrity SSL_RSA_WITH_3DES_EDE_CBC_ 3DES EDE CBC SSL_RSA_WITH_RC4_128_SHA RC4 128 SSL_RSA_WITH_RC4_128_MD5 RC4 128 SSL_RSA_WITH_DES_CBC_SHA DES CBC SSL_DH_anon_WITH_3DES_EDE_ DH anon 3DES EDE CBC...
- Page 148 Specifies where the SSL engine log file will be written. (Error messages SSLLog will also be duplicated to the standard Oracle HTTP Server log file specified by the ErrorLog directive.) Place this file at a location where only root can write, so that it cannot be used for symlink attacks.
- Page 149 Security Services Implemented Within Oracle HTTP Server Specifies the verbosity degree of the SSL engine log file. SSLLogLevel Category Value Valid Values The levels are (in ascending order, where each level is included in the levels preceding it): none: No dedicated SSL logging is done. Messages of type ’error’...
- Page 150 Uses a file for locking. The process ID (PID) of the Oracle HTTP Server parent process is appended to the filename to ensure uniqueness. If the filename does not begin with a slash (/), it is assumed to be relative to ServerRoot.
- Page 151 Security Services Implemented Within Oracle HTTP Server Controls various runtime options on a per-directory basis. In general, SSLOptions if multiple options apply to a directory, the most comprehensive option is applied (options are not merged). However, if all of the options in an SSLOptions directive are preceded by a plus (’+’) or minus (’-’) symbol, then the options are merged.
- Page 152 Security Services Implemented Within Oracle HTTP Server Category Value Valid Values (for StrictRequire: Denies access when, according to directives, access should be SSLOptions SSLRequireSSL SSLRequire continued) forbidden. Without StrictRequire, it is possible for a ’Satisfy any’ directive setting to override the SSLRequire...
- Page 153 Valid Values builtin: when the server is started, mod_ossl prompts for a password for each wallet. This cannot be used when Oracle HTTP Server is managed by OPMN. No user interaction is allowed when Oracle HTTP Server is started by OPMN.
- Page 154 Security Services Implemented Within Oracle HTTP Server Denies access unless an arbitrarily complex boolean expression is SSLRequire true. The expression must match the following syntax (given as a BNF grammar notation): Category Value expr ::= "true" | "false" "!" expr expr "&&"...
- Page 155 Security Services Implemented Within Oracle HTTP Server Table 8–5 lists the standard variables for varname. SSLRequire Table 8–5 Standard Variables for SSLRequire Varname Standard Variables Standard Variables Standard Variables HTTP_USER_AGENT PATH_INFO AUTH_TYPE HTTP_REFERER QUERY_STRING SERVER_SOFTWARE HTTP_COOKIE REMOTE_HOST API_VERSION HTTP_FORWARDED REMOTE_IDENT...
- Page 156 Security Services Implemented Within Oracle HTTP Server Table 8–6 SSL Variables for SSLRequire Varname (Cont.) SSL Variables SSL Variables SSL Variables SSL_CLIENT_I_DN_O SSL_CLIENT_I_DN_ST SSL_CLIENT_I_DN_L SSL_CLIENT_I_DN_T SSL_CLIENT_I_DN_OU SSL_CLIENT_I_DN_CN SSL_CLIENT_I_DN_S SSL_CLIENT_I_DN_I SSL_CLIENT_I_DN_G SSL_CLIENT_I_DN_Email SSL_CLIENT_I_DN_D SSL_CLIENT_I_DN_UID SSL_CLIENT_CERT SSL_CLIENT_CERT_ SSL_CLIENT_ROOT_CERT CHAIN_n SSL_CLIENT_VERIFY SSL_CLIENT_M_VERSION SSL_SERVER_M_VERSION...
- Page 157 Security Services Implemented Within Oracle HTTP Server Specifies the global/interprocess session cache storage type. SSLSessionCache The cache provides an optional way to speed up parallel request processing. Category Value Valid Values none: disables the global/interprocess session cache. Produces no impact on functionality, but makes a major difference in performance.
- Page 158 Value Syntax SSLWallet wrl The format of wrl is: file:path to wallet Example SSLWallet file:/etc/ORACLE/WALLETS/server Other values of wrl may be used as permitted by the Oracle SSL product. Default None Context server configuration, virtual host 8-28 Oracle HTTP Server Administrator’s Guide...
- Page 159 The obfuscated password is created with the command line tool iasobf. If you must use a regular wallet, Oracle recommends that you use the obfuscated password instead of a cleartext password. "Using the iasobf Utility"...
-
Page 160: Using Mod_Proxy Directives
Security Services Implemented Within Oracle HTTP Server Using mod_proxy Directives The following directives are for support only: mod_proxy SSLProxyCache SSLProxyCipherSuite SSLProxyProtocol SSLProxyWallet SSLProxyWalletPassword Specifies whether the proxy cache will be used. The proxy will SSLProxyCache use the same session as the SSL server uses. - Page 161 Context server configuration, virtual host SSLProxyWalletPassword has been deprecated. A Note: warning message is generated in the Oracle HTTP Server log if this directive is used. For secure wallets, Oracle recommends that you get a SSO wallet instead. Refer to the Oracle Application Server 10g Security Guide for information on SSO wallet.
-
Page 162: Using Mod_Ossl Directives To Configure Client Authentication
Security Services Implemented Within Oracle HTTP Server Using mod_ossl Directives to Configure Client Authentication This section provides instructions on how you can use the directives mentioned earlier to set up configurations that enable you to use client certificates for authenticating clients. Following are some scenarios: Authenticating clients based on certificates when all clients are known. -
Page 163: Using The Iasobf Utility
If you are using an Oracle Wallet that has been created with Auto Login enabled (an SSO wallet), then you do not need to use this utility. However, if you must use a regular wallet with a password, then Oracle recommends that you use the... - Page 164 Security Services Implemented Within Oracle HTTP Server 8-34 Oracle HTTP Server Administrator’s Guide...
-
Page 165: Frequently Asked Questions
Frequently Asked Questions This chapter provides answers to frequently asked questions about Oracle HTTP Server. “Frequently Asked Questions” in the Apache Server See Also: documentation. Documentation from the Apache Software Foundation is referenced when applicable. Note: Readers using this guide in PDF or hard copy formats will be unable to access third-party documentation, which Oracle provides in HTML format only. -
Page 166: Offering Https To Isp (Virtual Host) Customers
Oracle HTTP Server with ports lesser than 1024. Using Oracle HTTP Server as Cache You can use the Oracle HTTP Server as a cache by setting the ProxyRequests to “On” and CacheRoot directives. “ProxyRequests and CacheRoot directives” in the See Also: Apache Server documentation. -
Page 167: Using Different Language And Character Set Versions Of Document
Oracle HTTP Server is based on Apache version 1.3.28. Apache v2.0 Support with Oracle Database, 10g Release 1 (10.1) Oracle Database, 10g Release 1 (10.1) is still based on the 1.3.x stack from Apache organization. Applying Apache Security patches to Oracle HTTP Server... -
Page 168: Supporting Php
Oracle HTTP Server, you might be asked to reproduce the problem without mod_php. Use PHP in a CGI mode, in which case support of the rest of the Oracle HTTP Server stack would not be an issue. Creating Application Name Space that Works Across Firewalls and Clusters The general idea is that all servers in a distributed Web site should agree on a single URL namespace. -
Page 169: Protecting Web Site From Hackers
Protecting Web Site From Hackers There are many attacks, and new attacks are invented everyday. Following are some general guidelines for securing your site. You can never be completely secure, but you can avoid being an easy target. Use a commercial firewall between your ISP and your Web server. Recognize, however, that not all hackers are outside your organization. - Page 170 9-6 Oracle HTTP Server Administrator’s Guide...
- Page 171 Oracle HTTP Server Configuration Files This appendix lists commonly used Oracle HTTP Server configuration files. Files discussed are: httpd.conf opmn.xml Documentation from the Apache Software Foundation is referenced when applicable. Readers using this guide in PDF or hard copy formats will...
-
Page 172: Httpd.conf
IDs it should use, and location of other files. Because the server configuration file is the main file that the server starts with, Oracle HTTP Server does not include any directive that says where to locate it. The location is passed on command line when the server starts. -
Page 173: Main Server Configuration
This is section three of the httpd.conf file.It contains parameters specific to virtual hosts, which override some of the main server configuration defaults. Figure A–1 illustrates the file structure of the httpd.conf file. Figure A–1 httpd.conf File Oracle HTTP Server Configuration Files A-3... -
Page 174: Mime.types
UNIX: ORACLE_HOME/Apache/Apache/conf Windows: ORACLE_HOME\Apache\Apache\conf "mod_mime" on page 7-12 See Also: dms.conf dms.conf enables you to monitor performance of site components with Oracle’s Dynamic Monitoring Service (DMS). It is located at: UNIX: ORACLE_HOME/Apache/Apache/conf Windows: ORACLE_HOME\Apache\Apache\conf Oracle Application Server 10g Performance Guide See Also: A-4 Oracle HTTP Server Administrator’s Guide... -
Page 175: Oracle_Apache.conf
Java Server Pages. It is located at: UNIX: ORACLE_HOME/Apache/jsp/conf Windows: ORACLE_HOME\Apache\jsp\conf plsql.conf plsql.conf configures and loads the PL/SQL module. It is located at: UNIX: ORACLE_HOME/Apache/modplsql/conf Windows: ORACLE_HOME\Apache\modplsql\conf "mod_plsql" on page 7-19 See Also: Oracle HTTP Server Configuration Files A-5... -
Page 176: Xml.conf
"/private1/oracle/Apache/oradav/conf/moddav.conf" include "/private1/oracle/Apache/jsp/conf/ojsp.conf" include "/private1/oracle/Apache/modplsql/conf/plsql.conf" include "/private1/oracle/xdk/admin/xml.conf" ssl.conf ssl.conf includes the SSL definitions and virtual host container. Out of the box, it is disabled by default. It is located at: UNIX: ORACLE_HOME/Apache/Apache/conf Windows: ORACLE_HOME\Apache\Apache\conf A-6 Oracle HTTP Server Administrator’s Guide... -
Page 177: Opmn.xml
The opmn.xml file is the main configuration file for OPMN. It contains information for the ONS, the PM, and Oracle Database component-specific configuration.The opmn.xml file shows you which Oracle Database components OPMN is managing on your system. It contains Oracle Database component entries arranged in the following hierarchical structure: <ias-component>... - Page 178 A-8 Oracle HTTP Server Administrator’s Guide...
- Page 179 Third Party Licenses This appendix includes the Third Party License for all the third party products included with Oracle Database. Topics discussed are: Apache HTTP Server Apache SOAP DBI Module Perl mod_dav FastCGI Jaxen Expat SAXPath Third Party Licenses B-1...
-
Page 180: Apache Http Server
Apache HTTP Server Apache HTTP Server Under the terms of the Apache license, Oracle is required to provide the following notices. However, the Oracle program license that accompanied this product determines your right to use the Oracle program, including the Apache software, and the terms contained in the following notices do not change those rights. -
Page 181: Apache Soap
Apache SOAP Apache SOAP Under the terms of the Apache license, Oracle is required to provide the following notices. However, the Oracle program license that accompanied this product determines your right to use the Oracle program, including the Apache software, and the terms contained in the following notices do not change those rights. - Page 182 * ==================================================================== * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. B-4 Oracle HTTP Server Administrator’s Guide...
-
Page 183: Dbi Module
DBI Module DBI Module Oracle is required to provide the text of the third-party license, but the third-party program will be subject to the Oracle license, and Oracle will NOT provide warranties and technical support for the third-party technology. This program contains third-party code from DBI. Under the terms of the DBI license, Oracle is required to provide the following notices. - Page 184 Standard Version. make other distribution arrangements with the Copyright Holder. B-6 Oracle HTTP Server Administrator’s Guide...
- Page 185 DBI Module You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version.
- Page 186 THIS PACKAGE IS PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End B-8 Oracle HTTP Server Administrator’s Guide...
-
Page 187: Perl
Perl Perl Oracle is required to provide the text of the third-party license, but the third-party program will be subject to the Oracle license, and Oracle will NOT provide warranties and technical support for the third-party technology. This program contains third-party code from Perl. Under the terms of the Perl license, Oracle is required to provide the following notices. -
Page 188: Mod_Perl 1.26 License
* 3. The end-user documentation included with the redistribution, if any, must include the following acknowledgment: "This product includes software developed by the Apache Software Foundation (http://www.apache.org/)." B-10 Oracle HTTP Server Administrator’s Guide... -
Page 189: Perl Artistic License
Perl Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear. * 4. The names "Apache" and "Apache Software Foundation" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact apache@apache.org. -
Page 190: Definitions
Standard Version. B-12 Oracle HTTP Server Administrator’s Guide... - Page 191 Perl make other distribution arrangements with the Copyright Holder. You may distribute the programs of this Package in object code or executable form, provided that you do at least ONE of the following: distribute a Standard Version of the executables and library files, together with instructions (in the manual page or equivalent) on where to get the Standard Version.
- Page 192 THIS PACKAGE IS PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. The End B-14 Oracle HTTP Server Administrator’s Guide...
-
Page 193: Mod_Dav
Oracle free of charge by Greg Stein under a license similar to the Apache Software Foundation license. The following copyright notice applies to mod_dav and Oracle’s use of mod_dav: Copyright © 1998-2001 Greg Stein. All rights reserved. - Page 194 THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------------------------------------------------------------------------ Greg Stein Last modified: Thu Feb 3 17:34:42 PST 2000 B-16 Oracle HTTP Server Administrator’s Guide...
-
Page 195: Fastcgi
FastCGI FastCGI Oracle is required to provide the text of the third-party license, but the third-party program will be subject to the Oracle license, and Oracle will NOT provide warranties and technical support for the third-party technology. This program contains third-party code from FastCGI. Under the terms of the FastCGI license, Oracle is required to provide the following notices. -
Page 196: Module Mod_Fastcgi License
Documentation have new licensing terms, the new terms must protect Open Market's proprietary rights in the Software and Documentation to the same extent as these licensing terms and must be clearly indicated on the first page of each file where they apply. B-18 Oracle HTTP Server Administrator’s Guide... - Page 197 FastCGI Open Market shall retain all right, title and interest in and to the Software and Documentation, including without limitation all patent, copyright, trade secret and other proprietary rights. OPEN MARKET MAKES NO EXPRESS OR IMPLIED WARRANTY WITH RESPECT TO THE SOFTWARE OR THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
Page 198: Jaxen
Jaxen Jaxen Oracle is required to provide the text of the third-party license, but the third-party program will be subject to the Oracle license, and Oracle will NOT provide warranties and technical support for the third-party technology. This program contains third-party code from Jaxen. Under the terms of the Jaxen license, Oracle is required to provide the following notices. - Page 199 Jaxen THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE Jaxen AUTHORS OR THE PROJECT CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;...
-
Page 200: Expat
Expat Expat Oracle is required to provide the text of the third-party license, but the third-party program will be subject to the Oracle license, and Oracle will NOT provide warranties and technical support for the third-party technology. This program contains third-party code from Expat. Under the terms of the Expat license, Oracle is required to provide the following notices. -
Page 201: Saxpath
SAXPath SAXPath Oracle is required to provide the text of the third-party license, but the third-party program will be subject to the Oracle license, and Oracle will NOT provide warranties and technical support for the third-party technology. This program contains third-party code from SAXPath. Under the terms of the SAXPath license, Oracle is required to provide the following notices. - Page 202 This software consists of voluntary contributions made by many individuals on behalf of the SAXPath Project and was originally created by bob mcwhirter and James Strachan. For more information on the SAXPath Project, please see. */ B-24 Oracle HTTP Server Administrator’s Guide...
- Page 203 Glossary Apache Apache is a public domain HTTP server derived from the National Center for Supercomputing Applications (NCSA). authentication The process of verifying the identity of a user, device, or other entity in a host system, often as a prerequisite to granting access to resources in a system. A recipient of an authenticated message can be certain of the message’s origin (its sender).
- Page 204 A certificate contains the entity’s name, identifying information, and public key. It is also likely to contain a serial number, expiration date, and information about the rights, uses, and privileges associated with the certificate. Finally, it contains information about the certificate authority that issued it. certificate authority A trusted third party that certifies that other entities—users, databases, administrators, clients, servers—are who they say they are.
- Page 205 A database access descriptor (DAD) is a set of values that specify how an application connects to an Oracle database to fulfill an HTTP request. The information in the DAD includes the username (which also specifies the schema and the privileges), password, connect-string, error log file, standard error message,...
- Page 206 Web servers and browsers should take in response to various commands. HTTP is the protocol used between Oracle Database and clients. A password or a table needed to decipher encoded data. LDAP Lightweight Directory Access Protocol.
- Page 207 Oracle Process Manager and Notification Server. Oracle Process Manager and Notification Server Oracle Process Manager and Notification Server (OPMN) manages Oracle HTTP Server processes within an application server instance. It channels all events from different components to all components interested in receiving them.
- Page 208 PL/SQL PL/SQL is Oracle’s proprietary extension to the SQL language. PL/SQL adds procedural and other constructs to SQL that make it suitable for writing applications. plaintext Also called cleartext. Unencrypted data in ASCII format. port A port is a number that TCP uses to route transmitted data to and from a particular program.
- Page 209 public/private key pair A set of two numbers used for encryption and decryption, where one is called the and the other is called the key. Public keys are typically made private key public widely available, while private keys are held by their respective owners. Though mathematically related, it is generally viewed as computationally infeasible to derive the private key from the public key.
- Page 210 Secure Shell Secure Shell (SSH) is a well known protocol and has widely available implementation that provide a secure connection tunneling solution. SSH provides a daemon on both the client and server sides of a connection. Clients connect to the local daemon rather than connecting directly to the server.
- Page 211 X.509 Public keys can be formed in various data formats. The X.509 v3 format is one such popular format. Glossary-9...
- Page 212 Glossary-10...
- Page 213 Index availability, Glossary-1 access log, 6-7 access.conf, A-2 AccessConfig, 8-5 BindAddress, 5-3 AccessFileName, 2-7 block directives, 2-7 ACKS, 5-4 BrowserMatch, 8-8 AddCertHeader, 7-5 AddType, A-4 Advanced Queuing, A-5 aqxml.conf, A-5 CA, Glossary-1 Al16UTF-16, 7-17 cache, 9-2 alert, 6-4, 6-6 cache.conf, 7-22 AllowOverride, 2-7 CacheRoot, 9-2 always_desc, 7-28...
- Page 214 -f, 3-6 cryptography, Glossary-2 restartproc, 1-7 custom log, 6-7 startproc, 1-6 stopproc, 1-7 CompatEnvVars, 8-22 DAD, Glossary-2 components, 1-3 creating, 7-20 CondPattern, 7-54 parameters, 7-26 conf, 3-6 password confidentiality, 8-2 obfuscation, 7-36 configuration files, 2-2, A-1 dads.conf, 7-22, 7-26 access.conf, A-2 dadTool.pl, 7-36 aqxml.conf, A-5 database access descriptor, 7-22, Glossary-3...
- Page 215 DirectoryMatch, 2-5 ScoreBoardFile, 3-5 Files, 2-5 SendBufferSize, 5-4 FilesMatch, 2-5 ServerAdmin, 3-3 Limit, 2-6 ServerAlias, 3-3 LimitExcept, 2-6 ServerName, 3-2 Location, 2-5 ServerRoot, 3-6 LocationMatch, 2-6 ServerSignature, 3-3 VirtualHost, 2-7 ServerTokens, 3-3 CoreDumpDirectory, 3-4 ServerType, 4-4 create name space, 9-4 SimulateHttps, 7-7 Define, 7-8 SSLCACertificateFile, 8-13...
- Page 216 A-3 FAQ, 9-1 Hypertext Transfer Protocol, Glossary-4 Apache 2.0 support, 9-3 Apache security patches, 9-3 offering HTTPS to ISP customers, 9-2 Oracle HTTP Server iasobf, 8-33 version number, 9-3 usage, 8-33 protecting Web site iaspt.conf, A-2 hackers, 9-5...
- Page 217 LDAP, Glossary-4 main server configuration, A-3 lightweight directory access protocol, Glossary-5 management, 1-6 Limit directive, 2-6 managing LimitExcept directive, 2-6 connection persistence, 5-5 limiting network connection, 5-1 connection number, 4-5 server network interaction, 5-4 process number, 4-5 server processes, 4-1 Listen, 5-3 MaxClients, 1-7, 4-5 ListenBackLog, 5-4...
- Page 218 mod_imap, 7-10 mod_plsql, 2-2, 7-19 mod_include, 7-10 always_desc, 7-28 mod_info, 7-11 bind_bucket_lengths, 7-31 mod_isapi, 7-11 cache.conf, 7-49 mod_log_agent, 7-11 PlsqlCacheCleanupTime, 7-50 mod_log_config, 7-11 PlsqlCacheDirectory, 7-50 mod_log_referer, 7-11 PlsqlCacheEnable, 7-51 mod_mime, 7-12 PlsqlCacheMaxAge, 7-51 mod_mime_magic, 7-12 PlsqlCacheMaxSize, 7-52 mod_mmap_static, 7-12 PlsqlCacheTotalSize, 7-52 mod_negotiation, 7-12 configuration files, 7-21 mod_onsint...
- Page 219 document_path, 7-39 mod_access, 7-3 document_proc, 7-40 mod_actions, 7-3 document_table, 7-40 mod_alias, 7-3 pathaliasproc, 7-46 mod_asis, 7-3 PerPackageOwa, 7-29 mod_auth, 7-3 plsql.conf, 7-24 mod_auth_anon, 7-4 PlsqlDMSEnable, 7-24 mod_auth_db, 7-4 PlsqlIdleSessionCleanupInterval, 7-26 mod_auth_dbm, 7-4 PlsqlLogDirectory, 7-25 mod_auth_digest, 7-4 PlsqlLogEnable, 7-25 mod_autoindex, 7-4 sncookiename, 7-46 mod_cern_meta, 7-4 stateful, 7-47...
- Page 220 Oracle HTTP Server iasobf, 8-33 cache, 9-2 version, 1-2 components, 1-3 version number, 9-3 HTTP listener, 1-3 Oracle Process Manager and Notification modules, 1-3 Server, 1-2, A-7, Glossary-5 Perl interpreter, 1-3 oracle_apache.conf, A-5 concepts, 2-1 OraLogDir, 6-5 configuration files, 2-2, A-1...
- Page 221 OraLogSeverity, 6-3 DebugStyle, 7-41 order, 8-4 ModplsqlStype, 7-40 overview, 1-1 PlsqlExclusionList, 7-41 PlsqlFetchBufferSize, 7-42 PlsqlIdleSessionCleanupInterval, 7-26 PlsqlInfoLogging, 7-43 pathaliasproc, 7-46 InfoDebug, 7-43 PEM, 8-14, Glossary-5 PlsqlLogDirectory, 7-25 performance monitor, 4-7 PlsqlLogEnable, 7-25 Perl PlsqlMaxRequestPerSession, 7-44 access database, 7-16 PlsqlNLSLanguage, 7-44 license, B-9 PlsqlPathAlias, 7-45 Perl interpreter, 1-3...
- Page 222 reverse proxies, 5-6 SHA, 8-12, Glossary-7 rewrite log, 6-9 SimulateHttps, 7-7 RewriteBase, 7-56 specifying, 3-4 RewriteEngine, 7-55 file locations, 3-1 RewriteLog, 7-55 listener addresses, 5-2 RewriteLogLevel, 6-9, 7-55 listener ports, 5-2 RewriteOptions, 7-55 log file locations, 6-7 root, 4-2 log files, 6-7 RSA, 8-12, Glossary-7 access log, 6-7 running...
- Page 223 SSLLogLevel, 8-19 third party licenses, B-1 SSLMutex, 8-20 ThreadsPerChild, 4-5 SSLOptions, 8-21 TimeOut, 5-4 CompatEnvVars, 8-22 transfer log, 6-9 ExportCertData, 8-21 FakeBasicAuth, 8-21 OptRenegotiate, 8-22 UseCanonicalName, 3-2 StdEnvVars, 8-21 User, 4-2, 4-4 StrictRequire, 8-22 user authentication, 8-9 SSLPassPhraseDialog, 8-23 mod_auth, 8-9 SSLProtocol, 8-23 mod_ossl, 8-10 SSLProxyCache, 8-30...
- Page 224 Index-12...
Need help?
Do you have a question about the HTTP Server B12255-01 and is the answer not in the manual?
Questions and answers