About Oracle Http Server Security - Oracle HTTP Server B12255-01 Administrator's Manual

About Oracle HTTP Server Security

About Oracle HTTP Server Security
Security can be organized into the three categories of authentication, authorization,
and confidentiality. Oracle HTTP Server provides support for all three of these
categories. It is based on the Apache Web server, and its security infrastructure is
primarily provided by the Apache modules,
Oracle modules, mod_ossl. mod_auth provides authentication based on user
name and password pairs, mod_access controls access to the server based on the
characteristics of a request, such as hostname or IP address, mod_ossl provides
confidentiality and authentication with
Based on the Apache model, Oracle HTTP Server provides access control,
authentication, and authorization methods that can be configured with access
control directives in the
HTTP Server, they are processed in a sequence of steps determined by server
defaults and configuration parameters. The steps for handling URL requests are
implemented through a module or plug-in architecture that is common to many
Web listeners.
Figure 8–1
process is handled by a server module depending on how the server is configured.
For example, if basic authentication is used, then the steps labeled "Authentication"
and "Authorization" in
module.
Figure 8–1 Steps for Handling URL Requests in Oracle HTTP Server
8-2 Oracle HTTP Server Administrator's Guide
httpd.conf
shows how URL requests are handled by the server. Each step in this
Figure 8–1
mod_auth
X.509 client certificates over SSL.
file. When URL requests arrive at Oracle
represent the processing of the mod_auth
and mod_access, and the