Oracle HTTP Server Administrator'S Manual Download Page 139 | Manualshive

Page: 139 / 224

background image

Authentication and Authorization Enforcement

Managing Security

8-9

User Authentication and Authorization

Basic authentication prompts for a user name and password before serving an
HTTP request. When a browser requests a page from a protected area, Oracle HTTP
Server responds with an unauthorized message (status code 401) containing a

WWW-Authenticate:

header and the name of the realm configured by the

configuration directive,

AuthName

. When the browser receives this response, it

prompts for a user name and password. After the user enters a user name and
password combination, the browser sends this information back to the server in an
Authorization header. In the authorization header message, the user name and
password are encoded as a base 64 encoded string.

User authorization involves checking the authenticated user against an access
control list that is associated with a specific server resource such as a file or
directory. To configure user authorization, place the

require

directive in the

httpd.conf

file, usually within a virtual host container. User authorization is

commonly used in combination with user authentication. After the server has
authenticated a user’s user name and password, then the server compares the user
to an access control list associated with the requested server resource. If Oracle
HTTP Server finds the user or the user’s group on the list, then the resource is made
available to that user.

Using mod_auth to Authenticate Users

User authentication is based on user names and passwords that are checked against
a list of known users and passwords. These user name and password pairs may be
stored in a variety of forms, such as a text file, database, or directory service. Then
configuration directives are used in

httpd.conf

to configure this type of user

authentication on the server.

mod_auth

uses the

AuthUserFile

directive to set up

basic authentication. It supports only files.

Any authentication scheme that you devise requires that you use a combination of
the configuration directives listed in

Table 8–1

.

Table 8–1

Directives Descriptions

Directive Name

Description

AuthName

Defines the name of the realm in which the user names and
passwords are valid. Use quotation marks if the name includes
spaces.

AuthType

Specifies the authentication type. Most authentication modules use
basic authentication, which transmits user names and passwords in
clear text. This is not recommended.

«
...
137
138
139
140
141
...
»

Summary of Contents for HTTP Server

Page 1: ...Oracle HTTP Server Administrator s Guide 10g Release 1 10 1 Part No B12255 01 December 2003 ...

Page 2: ...purpose without the express written permission of Oracle Corporation If the Programs are delivered to the U S Government or anyone licensing or using the programs on behalf of the U S Government the following notice is applicable Restricted Rights Notice Programs delivered subject to the DOD FAR Supplement are commercial computer software and use duplication and disclosure of the Programs includin...

Page 3: ...le HTTP Server Components 1 3 Oracle HTTP Server Modules 1 3 Oracle HTTP Server Support 1 5 Oracle HTTP Server Management 1 6 Starting Stopping and Restarting Oracle HTTP Server 1 6 Starting Oracle HTTP Server 1 6 Stopping Oracle HTTP Server 1 7 Restarting Oracle HTTP Server 1 7 2 Oracle HTTP Server Concepts Understanding Oracle HTTP Server Directory Structure 2 2 Accessing Configuration Files 2 2...

Page 4: ...k Directives 2 7 About htaccess Files 2 7 3 Specifying Server and File Locations Setting Server and Administrator Functions 3 2 ServerName 3 2 UseCanonicalName 3 2 ServerAdmin 3 3 ServerSignature 3 3 ServerTokens 3 3 ServerAlias 3 3 Specifying File Locations 3 4 CoreDumpDirectory 3 4 DocumentRoot 3 4 ErrorLog 3 5 LockFile 3 5 PidFile 3 5 ScoreBoardFile 3 5 ServerRoot 3 6 4 Managing Server Processe...

Page 5: ...on about Processes 4 7 5 Managing the Network Connection Specifying Listener Ports and Addresses 5 2 BindAddress 5 3 Port 5 3 Listen 5 3 Managing Interaction Between Server and Network 5 4 ListenBackLog 5 4 SendBufferSize 5 4 TimeOut 5 4 Managing Connection Persistence 5 5 KeepAlive 5 5 KeepAliveTimeout 5 5 MaxKeepAliveRequests 5 5 Configuring Reverse Proxies and Load Balancers 5 6 6 Configuring a...

Page 6: ... 6 9 7 Oracle HTTP Server Modules List of Modules 7 2 mod_access 7 3 mod_actions 7 3 mod_alias 7 3 mod_asis 7 3 mod_auth 7 3 mod_auth_anon 7 4 mod_auth_db 7 4 mod_auth_dbm 7 4 mod_auth_digest 7 4 mod_autoindex 7 4 mod_cern_meta 7 4 mod_certheaders 7 5 mod_cgi 7 8 mod_define 7 8 mod_digest 7 8 mod_dir 7 9 mod_dms 7 9 mod_env 7 9 mod_example 7 9 mod_expires 7 10 mod_fastcgi 7 10 ...

Page 7: ...ation Differences for mod_onsint 7 14 mod_ossl 7 15 mod_perl 7 15 Database Usage Notes 7 16 Using Perl to Access the Database 7 16 Testing Database Connection 7 17 Using SQL NCHAR Datatypes 7 17 mod_plsql 7 19 Creating a DAD 7 20 Configuration Files 7 21 plsql conf 7 21 dads conf 7 22 cache conf 7 22 Configuration Parameters 7 22 plsql conf 7 24 dads conf 7 26 cache conf 7 49 mod_proxy 7 53 mod_re...

Page 8: ...od_setenvif for Host based Access Control 8 6 User Authentication and Authorization 8 9 Using mod_auth to Authenticate Users 8 9 Using mod_ossl to Authenticate Users 8 10 Enabling SSL 8 10 Security Services Implemented Within Oracle HTTP Server 8 12 Using mod_ossl 8 12 Using mod_ossl Directives 8 13 Using mod_proxy Directives 8 30 Using mod_ossl Directives to Configure Client Authentication 8 32 U...

Page 9: ...tecting Web Site From Hackers 9 5 A Oracle HTTP Server Configuration Files httpd conf A 2 httpd conf File Structure A 2 Global Environment A 2 Main Server Configuration A 3 Virtual Hosts A 3 mime types A 4 dms conf A 4 oracle_apache conf A 5 aqxml conf A 5 ojsp conf A 5 plsql conf A 5 xml conf A 6 ssl conf A 6 opmn xml A 7 B Third Party Licenses Apache HTTP Server B 2 The Apache Software License B...

Page 10: ...11 Preamble B 11 Definitions B 12 mod_dav B 15 FastCGI B 17 FastCGI Developer s Kit License B 17 Module mod_fastcgi License B 18 Jaxen B 20 The Jaxen Software License B 20 Expat B 22 Expat License B 22 SAXPath B 23 The SAXPath License B 23 Glossary Index ...

Page 11: ...st If you find any errors or have any other suggestions for improvement please indicate the document title and part number and the chapter section and page number if available You can send com ments to us in the following ways Electronic mail infodev_us oracle com FAX 650 506 7227 Attn Server Technologies Documentation Manager Postal service Oracle Corporation Server Technologies Documentation 500...

Page 12: ...xii ...

Page 13: ...xiii Preface This guide describes how to administer the Oracle HTTP Server This preface contains these topics Intended Audience Documentation Accessibility Organization Related Documentation Conventions ...

Page 14: ...up to facilitate access by the disabled community Standards will continue to evolve over time and Oracle is actively engaged with other market leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers For additional information visit the Oracle Accessibility Program Web site at http www oracle com accessibility Accessibility of Li...

Page 15: ...des an overview of the Oracle HTTP Server processes and provides information on how to regulate and monitor these processes Chapter 5 Managing the Network Connection This chapter provides information about specifying IP addresses and ports and managing server interaction and network connection persistence Chapter 6 Configuring and Using Server Logs This chapter discusses Oracle Diagnostic Logging ...

Page 16: ...n set Related Documentation For more information see these Oracle resources Oracle Database Documentation Library Oracle Database Platform Specific Documentation on Oracle Database Disk 1 Printed documentation is available for sale in the Oracle Store at http oraclestore oracle com To download free release notes installation documentation white papers or other collateral please visit the Oracle Te...

Page 17: ...clause you create an index organized table Italics Italic typeface indicates book titles or emphasis Oracle9i Database Concepts Ensure that the recovery catalog and target database do not reside on the same disk UPPERCASE monospace fixed width font Uppercase monospace typeface indicates elements supplied by the system Such elements include parameters privileges datatypes RMAN keywords SQL keywords...

Page 18: ...hese elements as shown Enter sqlplus to open SQL Plus The password is specified in the orapwd file Back up the datafiles and control files in the disk1 oracle dbs directory The department_id department_name and location_id columns are in the hr departments table Set the QUERY_REWRITE_ENABLED initialization parameter to true Connect as oe user The JRepUtil class implements these methods lowercase i...

Page 19: ...which you must supply particular values CONNECT SYSTEM system_password DB_NAME database_name UPPERCASE Uppercase typeface indicates elements supplied by the system We show these terms in uppercase in order to distinguish them from terms you define Unless terms appear in brackets enter them in the order and with the spelling shown However because these terms are not case sensitive you can enter the...

Page 20: ...ystem32 is the same as C WINNT SYSTEM32 C Represents the Windows command prompt of the current hard disk drive The escape character in a command prompt is the caret Your prompt reflects the subdirectory in which you are working Referred to as the command prompt in this manual C oracle oradata Special characters The backslash special character is sometimes required as an escape character for the do...

Page 21: ...efault is C oracle If you install the latest Oracle release on a computer with no other Oracle software installed then the default setting for the first Oracle home directory is C oracle orann where nn is the latest release number The Oracle home directory is located directly under ORACLE_BASE All directory path examples in this guide follow OFA conventions Refer to Oracle9i Database Getting Start...

Page 22: ...xxii ...

Page 23: ...TTP Server Features Oracle HTTP Server Components Oracle HTTP Server Support Oracle HTTP Server Management Starting Stopping and Restarting Oracle HTTP Server Documentation from the Apache Software Foundation is referenced when applicable Note Readers using this guide in PDF or hard copy formats will be unable to access third party documentation which Oracle provides in HTML format only To access ...

Page 24: ...r processes provide a request ID which enhances request tracking through various components by attaching a request ID to each request This provides more detailed information allowing you to see how much time a particular request spends in any component or layer enable securing of transactions with Secure Sockets Layer SSL technology execute Perl scripts in the same process as the Oracle HTTP Serve...

Page 25: ...nts Perl Interpreter A persistent Perl runtime environment embedded in Oracle HTTP Server through mod_perl Oracle HTTP Server Modules Table 1 1 identifies the modules shipped with Oracle HTTP Server Modules extend the basic functionality of the Web server and support integration between Oracle HTTP Server and other Oracle Database components Note that the list differs from the Apache open source d...

Page 26: ...i Yes mod_define Yes UNIX systems only mod_digest Yes mod_dir Yes mod_dms Yes Oracle module mod_env Yes mod_example No mod_expires Yes mod_fastcgi Yes mod_headers Yes mod_imap No mod_include Yes mod_info Yes mod_isapi No Windows systems only Not shipped by Oracle mod_log_agent No Deprecated mod_log_config Yes mod_log_referer Yes Deprecated mod_mime Yes mod_mime_magic Yes mod_mmap_static No mod_neg...

Page 27: ...undation are not supported by Oracle Problems that can be reproduced within an Apache configuration consisting only of supported Oracle Apache modules Use of the included Perl interpreter within the supported Apache configuration mod_onsint Yes Oracle module mod_ossl Yes Oracle module mod_perl Yes mod_plsql Yes Oracle module mod_proxy Yes mod_rewrite Yes mod_setenvif Yes mod_so Yes mod_speling Yes...

Page 28: ...Oracle HTTP Server Otherwise the configuration management infrastructure cannot detect or communicate with the Oracle HTTP Server processes and problems may occur To determine the state of Oracle HTTP Server use the following command opmnctl status The processes are listed with their current state such as Up or Down Starting Oracle HTTP Server To start Oracle HTTP Server use the startproc command ...

Page 29: ...ssing the current request Children that are not servicing requests exit immediately The parent re reads the configuration files and re opens the log files replacing the children with new children in accordance with the settings it finds when re reading the configuration files It always observes the process creation settings MaxClients MaxSpareServers MinSpareServers specified and takes the current...

Page 30: ...Starting Stopping and Restarting Oracle HTTP Server 1 8 Oracle HTTP Server Administrator s Guide ...

Page 31: ...ing Configuration Files Configuration Files Syntax Understanding Modules Classes of Directives Scope of Directives About htaccess Files Documentation from the Apache Software Foundation is referenced when applicable Note Readers using this guide in PDF or hard copy formats will be unable to access third party documentation which Oracle provides in HTML format only To access the third party documen...

Page 32: ... Apache Apache conf Windows ORACLE_HOME Apache Apache conf Some of these files are read only once when the server starts or is reloaded whereas some files are read every time a related file or directory is requested The configuration files which are read only once are called server wide configuration files Configuration Files Syntax Oracle HTTP Server contains one directive for each line The back ...

Page 33: ...er directory See Also Chapter 7 Oracle HTTP Server Modules on page 7 1 Table 2 1 Classes and Directives Class Context Where Used global server configuration Inside server configuration files but only outside of container directives directives such as VirtualHost that have a start and end directive per server server configuration virtual host Inside server configuration files both outside for the m...

Page 34: ...cussed in detail in subsequent sections Directory DirectoryMatch Files FilesMatch Location LocationMatch Limit LimitExcept VirtualHost Directory It is used to enclose a group of directives that apply only to the named directory and subdirectories of that directory Any directory that is allowed in a directory context may be used The directory is either the full path to a directory or a wildcard str...

Page 35: ...ied file name Files sections are processed in the order that they appear in the configuration file after the Directory sections and htaccess files are read but before Location sections Note that the Files directives can be nested inside Directory sections to restrict the portion of the file system to which they apply FilesMatch Provides access control by filename just as the Files directive does H...

Page 36: ...ub string Limit Limit method defines a block according to the HTTP method of the incoming request The following example limits the application of the directives that follow scripts that use the specified method Limit POST PUT OPTIONS order deny allow deny from all allow from 127 0 0 192 168 Limit Generally Limit should not be used unless needed It is useful only for restricting directives to parti...

Page 37: ...l hosting you can specify a replacement set of the server level configuration directives that define the main host and are not allowed in any other container Block Directives Specify a condition which must be true in order for directives within to take effect IfModule and IfDefine are block directives rather than container directives because they do not limit the scope of the directives they conta...

Page 38: ...About htaccess Files 2 8 Oracle HTTP Server Administrator s Guide ...

Page 39: ...ing Server and Administrator Functions Specifying File Locations Documentation from the Apache Software Foundation is referenced when applicable Note Readers using this guide in PDF or hard copy formats will be unable to access third party documentation which Oracle provides in HTML format only To access the third party documentation referenced in this guide use the HTML version of this guide and ...

Page 40: ...r to set a hostname that can be used to create redirection URLs through which you can access directories without having to use a at the end UseCanonicalName Determines which hostname and port to use when redirecting the URL to the same server on This is the default setting Server uses the hostname and port values set in ServerName and Port off Server uses the hostname and port that you specify in ...

Page 41: ...ent off Footer and mailto reference are not created ServerTokens Controls server information which is returned to clients such as in error messages This information includes a description of the generic operating system type of the server and compiled in modules min imal provides information such as server name and version OS provides information such as server name version and operating system fu...

Page 42: ...fies the directory in which the server dumps core The default is the ServerRoot directory This directive is applicable to UNIX only DocumentRoot Sets the directory from which httpd serves files Unless matched by a directive like Alias the server appends the path from the requested URL to the document root to make the path to the document for static content See Also httpd conf File Structure on pag...

Page 43: ...File Enables you to set and change the location of the PID file to which the server records the process identification number If the filename does not begin with a slash then it is assumed to be relative to the ServerRoot ScoreBoardFile Required in some architectures to set a file that the server uses to communicate between the parent and children processes To verify if your architecture requires ...

Page 44: ...dministrator s Guide ServerRoot Specifies the directory that contains the conf and logs subdirectories If the server is started with the f option then you will have to specify ServerRoot See Also ServerRoot directive in the Apache Server documentation ...

Page 45: ...ling Server Processes Limiting the Number of Processes and Connections Getting Information about Processes Documentation from the Apache Software Foundation is referenced when applicable Note Readers using this guide in PDF or hard copy formats will be unable to access third party documentation which Oracle provides in HTML format only To access the third party documentation referenced in this gui...

Page 46: ...run Oracle HTTP Server as root perform the following steps 1 Shutdown Oracle HTTP Server using the following command UNIX ORACLE_HOME opmn bin opmnctl verbose stopproc ias component HTTP_Server Windows ORACLE_HOME opmn bin opmnctl verbose stopproc ias component HTTP_Server 2 Change to root user Navigate to ORACLE_HOME Apache Apache bin on UNIX or ORACLE_HOME Apache Apache bin on Windows and execut...

Page 47: ...l pl script located in ORACLE_HOME Apache modplsql conf If your PL SQL application is using the file system caching functionality in mod_ plsql then the httpd processes should have read and write privileges to the cache directory through the parameter PlsqlCacheDirectory in ORACLE_ HOME Apache modplsql conf cache conf on UNIX or ORACLE_ HOME Apache modplsql conf cache conf on Windows By default th...

Page 48: ... specify the User and Group under which the servers answer requests Group Specifies the group under which the server answers requests In order to use this directive the standalone server must be run initially as root It is recommended that you create a new group for running the server This is applicable to UNIX only User Specifies the user ID to which the server answers requests Run the standalone...

Page 49: ...es created when Oracle HTTP Server is started The default is set at 5 This is applicable to UNIX only ThreadsPerChild Controls the maximum number of child threads handling requests The default is set at 50 This is applicable to Windows only MaxClients Limits the number of requests that can be dealt with at one time The default and recommended value is 150 This is applicable to UNIX only See Also h...

Page 50: ...equest The parent process kills off idle child processes that exceed the value set for this directive The default is set at 10 This is applicable to UNIX only MinSpareServers Sets the minimum number of idle child server processes An idle process is one which is running but not handling a request The parent process will create new children at the maximum rate of one process for each second if there...

Page 51: ...eral ways to monitor Oracle HTTP Server processes 1 Use the performance monitor on Windows or the ps utility on UNIX 2 Use mod_status for server status By default it is available from localhost only See Also Oracle Application Server 10g Performance Guide and your operating system documentation for more information ...

Page 52: ...Getting Information about Processes 4 8 Oracle HTTP Server Administrator s Guide ...

Page 53: ...ging Interaction Between Server and Network Managing Connection Persistence Configuring Reverse Proxies and Load Balancers Documentation from the Apache Software Foundation is referenced when applicable Note Readers using this guide in PDF or hard copy formats will be unable to access third party documentation which Oracle provides in HTML format only To access the third party documentation refere...

Page 54: ...enerated at install time and is not updated thereafter If you restart Oracle HTTP Server the information in this file becomes inaccurate You can change the Oracle HTTP Server listener port SSL and non SSL after installation If you make a port change then you have to also update other components to use the new port number You can specify the server to listen to more than one port selected addresses...

Page 55: ...g or proxy server Then you can set Port to be the port that is being used by the front end server and Listen to the port that Oracle HTTP Server is actually listening to By doing this redirects or other URLs generated by Oracle HTTP Server point to the front end server rather than directly to Oracle HTTP Server Listen Specifies an IP port that Oracle HTTP Server should listen on Multiple Listen di...

Page 56: ... open up but do not complete the task SendBufferSize Increases the TCP buffer size to the number of bytes specified thereby improving performance TimeOut Sets the maximum time in seconds that the server waits for the following The total amount of time it takes to receive a GET request The amount of time between receipt of TCP packets on a POST or PUT request The amount of time between ACKs on tran...

Page 57: ...r a subsequent request before closing a KeepAlive connection Once a request has been received the timeout value specified by the TimeOut directive applies The default is set at 15 seconds MaxKeepAliveRequests Limits the number of requests allowed for each connection when KeepAlive is on If it is set to 0 unlimited requests will be allowed The default is set at 100 See Also Oracle Application Serve...

Page 58: ... following changes in the httpd conf file Port 80 Listen 7777 Listen 80 Virtual Hosts This section is mandatory for URLs that are generated by the PL SQL packages of the Oracle Portal and various other components These entries dictate that the server should listen on port 7777 but will assert that it is using port 80 so that self referential URLs generated specify www oracle com 80 This will creat...

Page 59: ...uring Reverse Proxies and Load Balancers Managing the Network Connection 5 7 See Also Running Oracle HTTP Server as Root on page 4 2 for instructions on running Oracle HTTP Server with ports lesser than 1024 ...

Page 60: ...Configuring Reverse Proxies and Load Balancers 5 8 Oracle HTTP Server Administrator s Guide ...

Page 61: ...ic Logging Specifying Log Formats Specifying Log Level Specifying Log Files Documentation from the Apache Software Foundation is referenced when applicable Note Readers using this guide in PDF or hard copy formats will be unable to access third party documentation which Oracle provides in HTML format only To access the third party documentation referenced in this guide use the HTML version of this...

Page 62: ...view Oracle HTTP Server enables you to choose the format in which you want to generate log messages You can either continue to generate log messages in the legacy Apache message format or generate log messages using ODL which complies with the new Oracle wide standards for generating log messages Configuring Oracle HTTP Server To enable Oracle HTTP Server to use ODL enter the directives specified ...

Page 63: ...e The IfModule directive also makes use of this internal name The module structure derives the module name from the value of the _FILE_ macro without path prefix of the file which defines the module structure If a module name is not supplied the OraLogSeverity directive is applied globally If the module name is specified then the directive overrides the global directive value of all the messages o...

Page 64: ...L_ ERROR 10 Logs all messages of type internal error of levels 1 10 OraLogSeverity WARNING 7 Logs all messages of type internal error of all levels Logs all messages of type error of all levels Logs all messages of type warning of levels 1 7 OraLogSeverity WARNING For messages from other sources Logs all messages of type internal error of all levels Logs all messages of type error of all levels Lo...

Page 65: ...t is the Common Log Format CLF The CLF format is host ident authuser date request status bytes host This is the client domain name or its IP number ident If IdentityCheck is enabled and the client machine runs identd then this is the client identity information authuser This is the user ID for authorized user date This is the date and time of the request in the day month year hour minute second fo...

Page 66: ...couldn t determine user name from uid Critical Critical conditions socket Failed to get a socket exiting child Error Error conditions Premature end of script headers Warning Warning conditions child process 1234 did not exit sending another SIGHUP Notice Normal but significant condition httpd caught SIGBUS attempting to dump core in Information Informational messages that describe possible problem...

Page 67: ...es are opened Access Log The server access log records all requests processed by the server The location and content of the access log is controlled by the CustomLog directive The LogFormat directive can be used to simplify the selection of the contents of the logs CustomLog The CustomLog directive is used to log requests to the server A log format is specified and the logging can optionally be ma...

Page 68: ...istrator for restarting and terminating the daemon If the process dies or is killed abnormally then it is necessary to kill the children httpd processes Piped Log Oracle HTTP Server is capable of writing error and access log files through a pipe to another process rather than directly to file This increases the flexibility of logging without adding code to the main server In order to write logs to...

Page 69: ...ACLE_HOME Apache Apache logs Windows ORACLE_HOME Apache Apache logs ssl_engine_log tracks SSL and protocol issues where as ssl_request_log records user activity Use the SSLLogFile directive to control output Transfer Log Transfer Log specifies the file in which to store the log of accesses to the site If it is not explicitly included in the conf file then no log is generated The server typically l...

Page 70: ...Specifying Log Files 6 10 Oracle HTTP Server Administrator s Guide ...

Page 71: ... between Oracle HTTP Server and other Oracle Database components Documentation from the Apache Software Foundation is referenced when applicable Note Readers using this guide in PDF or hard copy formats will be unable to access third party documentation which Oracle provides in HTML format only To access the third party documentation referenced in this guide use the HTML version of this guide and ...

Page 72: ...od_auth_db mod_auth_dbm mod_auth_digest mod_autoindex mod_cern_meta mod_certheaders mod_cgi mod_define mod_digest mod_dir mod_dms mod_env mod_example mod_expires mod_fastcgi mod_headers mod_imap mod_include mod_info mod_isapi mod_log_agent mod_log_config mod_log_referer mod_mime mod_mime_magic mod_mmap_static mod_negotiation mod_onsint mod_ossl mod_perl mod_plsql mod_proxy mod_rewrite mod_setenvif...

Page 73: ...RLs and filesystem paths and URL redirection capabilities mod_asis Enables sending files that contain their own HTTP headers It is not supported by Oracle mod_auth Enables user authentication with files based user lists See Also Module mod_access in the Apache Server documentation See Also Module mod_actions in the Apache Server documentation See Also Module mod_alias in the Apache Server document...

Page 74: ... module is not supported by Oracle mod_auth_digest Uses MD5 Digest Authentication to provide user authentication This module is not supported by Oracle mod_autoindex Generates directory indexes automatically mod_cern_meta Emulates CERN Conseil Europeen pour le Recherche Nucleaire HTTPD metafile semantics Metafiles are additional HTTP headers that can be produced for each file the server accesses i...

Page 75: ...ule libexec mod_ certheaders so Windows LoadModule certheaders_module modules ApacheModuleCertHeaders dll 2 Specify which headers should be translated to CGI environment variables This can be achieved by using the AddCertHeader directive This directive takes a single argument which is the CGI environment variable that should be populated from a HTTP header on incoming requests For example to popul...

Page 76: ...SSL Server S DN SSL_CLIENT_S_DN_C SSL Client S DN C SSL_SERVER_S_DN_C SSL Server S DN C SSL_CLIENT_S_DN_ST SSL Client S DN ST SSL_SERVER_S_DN_ST SSL Server S DN ST SSL_CLIENT_S_DN_L SSL Client S DN L SSL_SERVER_S_DN_L SSL Server S DN L SSL_CLIENT_S_DN_O SSL Client S DN O SSL_SERVER_S_DN_O SSL Server S DN O SSL_CLIENT_S_DN_OU SSL Client S DN OU SSL_SERVER_S_DN_OU SSL Server S DN OU SSL_CLIENT_S_DN_...

Page 77: ...ERVER_I_DN_O SSL Server I DN O SSL_CLIENT_I_DN_OU SSL Client I DN OU SSL_SERVER_I_DN_OU SSL Server I DN OU SSL_CLIENT_I_DN_CN SSL Client I DN CN SSL_SERVER_I_DN_CN SSL Server I DN CN SSL_CLIENT_I_DN_T SSL Client I DN T SSL_SERVER_I_DN_T SSL Server I DN T SSL_CLIENT_I_DN_I SSL Client I DN I SSL_SERVER_I_DN_I SSL Server I DN I SSL_CLIENT_I_DN_G SSL Client I DN G SSL_SERVER_I_DN_G SSL Server I DN G S...

Page 78: ... defines a variable that can be expanded on any configuration line The Define directive has the status Extension which means that it is not compiled into the server by default This module requires the Extended API EAPI Oracle HTTP Server always has EAPI enabled This module is available on UNIX systems only mod_digest Uses an older version of the MD5 Digest Authentication specification than that us...

Page 79: ...r performance of site components with Oracle s Dynamic Monitoring Service DMS mod_env Enables you to control the environment for CGI scripts and SSI Server Side Includes pages by passing setting and unsetting environment variables mod_example Provides examples and guidance on how to write modules using the Apache API When implemented it demonstrates module callbacks triggered by the server This mo...

Page 80: ...for CGI applications thereby eliminating start up and initialization overhead mod_headers Enables you to merge replace or remove HTTP response headers mod_imap Enables server side image map processing This module is not supported by Oracle mod_include Provides a filter that processes documents for SSI Server Side Includes directives See Also Module mod_expires in the Apache Server documentation Se...

Page 81: ...ad of mod_log_agent This module is not supported by Oracle mod_log_config Provides configurable customizable logging of server activities You can choose the log format and select or exclude individual requests for logging based on characteristics of the requests mod_log_referer Enables logging of documents that reference documents on the server It is deprecated you should use mod_log_config instea...

Page 82: ... mod_mime appears before mod_mime_magic in the configuration file so that mod_mime processes the files first mod_mmap_static Maps a list of files into memory useful for frequently requested files that are not changed often This module is not supported by Oracle mod_negotiation Enables the server for content negotiation selection of documents based on the client s capabilities See Also Module mod_m...

Page 83: ...are sent periodically by mod_onsint as long as the Oracle HTTP Server instance is running Provides functionality that enables Oracle HTTP Server to terminate as a single unit if the parent process fails The parent process is responsible for starting and stopping all of the child processes for an Oracle HTTP Server instance The failure of the parent process without first shutting down the child pro...

Page 84: ...cess as well as sending and receiving ONS messages Callback functions from other modules interested in ONS notifications are made in the child process If a failure of the parent process is detected the mod_onsint terminates the child process effectively shutting down Oracle HTTP Server There is no configuration of mod_onsint needed to provide functionality equivalent to that provided with Oracle H...

Page 85: ...tography for Oracle HTTP Server It is a plug in to Oracle HTTP Server that enables the server to use SSL It is very similar to the OpenSSL module mod_ssl However in contrast to the OpenSSL module mod_ossl is based on the Oracle implementation of SSL which supports SSL version 3 and is based on Certicom and RSA Security technology mod_perl This module embeds the Perl interpreter into the Oracle HTT...

Page 86: ...ext editor 2 Search for PerlModule Apache DBI 3 Uncomment the line PerlModule Apache DBI 4 Restart Oracle HTTP Server using the following commands UNIX ORACLE_HOME opmn bin opmnctl verbose restartproc ias component HTTP_Server Windows ORACLE_HOME opmn bin opmnctl verbose restartproc ias component HTTP_Server Files must be copied to ORACLE_HOME Apache Apache cgi bin Example 7 1 Using Perl to Access...

Page 87: ...atabase Perl script start use DBI print Content type text plain n n dbh DBI connect dbi Oracle scott tiger die DBI errstr stmt dbh prepare select from emp order by empno die DBI errstr rc stmt execute die DBI errstr while empno name stmt fetchrow print empno name n warn DBI errstr if DBI err die fetch error DBI errstr if DBI err stmt finish die can t close cursor dbh disconnect die cant t log off ...

Page 88: ...rm function is provided as a private function that you can invoke with the standard DBI func method It takes an anonymous hash that specifies which placeholder should be associated with which character form The valid values of character form are either ORA_IMPLICIT or ORA_NCHAR Setting the character form to ORA_IMPLICIT causes the application s bound data to be converted to the database character ...

Page 89: ...acter form for a database handle Example 7 5 Default Character Form for a Database Handle dbh func ORA_NCHAR set_default_form mod_plsql This Oracle module connects the Oracle HTTP Server to an Oracle database enabling you to create Web applications using Oracle stored procedures In order to access a Web enabled PL SQL application configure a PL SQL Database Access Descriptor DAD for mod_plsql A DA...

Page 90: ...which directs Oracle HTTP Server to enable mod_plsql to handle the request for the virtual path defined by the named Location SetHandler pls_handler c Additional Oracle HTTP Server directives that are allowed in the context of a Location directive Typically the following directives are used Order deny allow Allow from all AllowOverride None d One or more mod_plsql specific directives For example P...

Page 91: ... the following three configuration files plsql conf dads conf cache conf plsql conf This file contains the LoadModule directive to load mod_plsql into Oracle HTTP Server any global setting for mod_plsql and include directives for dads conf and cache conf This file is included by the Oracle HTTP Server configuration file ORACLE_HOME Apache Apache conf oracle_apache conf on UNIX or ORACLE_HOME Apach...

Page 92: ...on Parameters Table 7 3 contains a list of mod_plsql configuration parameters They are discussed in detail in later sections While specifying a value for a configuration parameter follow Oracle HTTP Server conventions for specifying values For instance if a value has white spaces in it enclose the value with double quotes For example PlsqlNLSLanguage TRADITIONAL CHINESE_TAIWAN UTF8 Also multi line...

Page 93: ...atabasePassword PlsqlDatabaseUserName PlsqlDefaultPage PlsqlDocumentPath PlsqlDocumentPath PlsqlDocumentProcedure PlsqlDocumentTablename PlsqlErrorStyle PlsqlExclusionList PlsqlFetchBufferSize PlsqlInfoLogging PlsqlMaxRequestsPerSession PlsqlNLSLanguage PlsqlPathAlias PlsqlPathAliasProcedure PlsqlSessionCookieName PlsqlSesssionStateManagement PlsqlTransferMode PlsqlUploadAsLongRaw Table 7 3 mod_pl...

Page 94: ...able PlsqlLogEnable PlsqlLogDirectory PlsqlIdleSessionCleanupInterval PlsqlDMSEnable Enables Dynamic Monitoring Service DMS for mod_plsql cache conf PlsqlCacheCleanupTime PlsqlCacheDirectory PlsqlCacheEnable PlsqlCacheMaxAge PlsqlCacheMaxSize PlsqlCacheTotalSize Note Refer to plsql README located in ORACLE_ HOME Apache modplsql conf for detailed description of plsql conf Category Value Syntax Plsq...

Page 95: ...n This causes mod_plsql to start logging for every request that is processed The log files are generated as specified by the PlsqlLogDirectory directive PlsqlLogDirectory Specifies the directory where debug level logs are written out Set the directory name of the location where log files should be generated when logging is enabled To avoid possible confusion about the location of this directory an...

Page 96: ...rn you can increase the value of this parameter for best performance In such a case if the site is accessed frequently enough that the idle session cleanup interval is never reached for a session then the DAD configuration parameter PlsqlMaxRequestsPerSession can be modified so that it is guaranteed that a pooled database session gets recycled on a regular basis For most installations the default ...

Page 97: ...Widths PlsqlCGIEnvironmentList PlsqlCompatibilityMode PlsqlDatabaseConnectString PlsqlDatabasePassword PlsqlDatabaseUserName PlsqlDefaultPage PlsqlDocumentPath PlsqlDocumentProcedure PlsqlDocumentTablename PlsqlErrorStyle PlsqlExclusionList PlsqlFetchBufferSize PlsqlInfoLogging PlsqlMaxRequestsPerSession PlsqlNLSLanguage PlsqlPathAlias PlsqlPathAliasProcedure PlsqlSessionCookieName PlsqlSesssionSt...

Page 98: ...older versions of the product this parameter was called after_proc PlsqlAlwaysDescribeProcedure Specifies whether mod_plsql should describe a procedure before trying to execute it If this is set to On then mod_plsql will always describe a procedure before invoking it Otherwise mod_plsql will only describe a procedure when its internal heuristics have interpreted a parameter type incorrectly Notes ...

Page 99: ...mic authentication the DAD username password parameters must be omitted In older versions of the product this configuration parameter was derived from a combination of enablesso and custom_auth enablesso Yes translates to PlsqlAuthenticationMode SingleSignOn custom_auth Global translates to PlsqlAuthenticationMode GlobalOwa custom_auth Custom translates to PlsqlAuthenticationMode CustomOwa custom_...

Page 100: ...atements the Oracle database maintains a cache of PL SQL statements in the shared SQL area and attempts to reuse the cached statement if the same statement is executed again Oracle s matching criteria requires that the statement texts be identical and that the bind variable data types match Unfortunately the type match for strings is sensitive to the exact byte size specified and for collection bi...

Page 101: ... s matching criteria requires that the statement texts be identical and that the bind variable data types match Unfortunately the type match for strings is sensitive to the exact byte size specified and for collection bindings is also sensitive to the number of elements in the collection Since mod_plsql binds statements dynamically the odds of hitting the shared cache are low and it may fill up wi...

Page 102: ...CGIEnvironmentList Specifies overrides and or additions of CGI environment variables to the default set of environment variables passed down to a PL SQL procedure This is a multi line directive of name value pairs to be added overridden or removed You can only specify one environment variable for each directive You can add CGI environment variables from the Oracle HTTP Server environment by specif...

Page 103: ...1 Notes This parameter enables an old bug in mod_plsql in which mod_plsql incorrectly converted the plus symbol to space characters for document downloads Enabling the first bit in this flag will make it impossible to download documents that have a plus symbol in the document name Category Value Syntax PlsqlCGIEnvironmentList string multiline Default None Example To add a new environment variable ...

Page 104: ...descriptor is a specially formatted description of the destination for a network connection A connect descriptor contains destination service and network route information If the format argument is not specified then mod_plsql assumes that string is either in the HOST PORT SID format or resolvable by Net8 The differentiation between the two is made by the presence of the colon in the specified str...

Page 105: ...and NetServiceNameFormat are synonymous and denote connect descriptors that are resolved by Net The TNSFormat is provided as a convenience so that end users use this to signify that the name resolution happens through the local tnsnames ora For situations where the resolution is through an LDAP lookup as configured in sqlnet ora it is recommended that the format specifier of NetServiceNameFormat b...

Page 106: ...he path to the Oracle home directory for the current release and set the PATH environment variable to include the directory containing the Perl executable and the location of the dadTool pl script On Bourne Bash or Korn Shell ORACLE_HOME new_ORACLE_HOME_path export ORACLE_HOME PATH ORACLE_HOME Apache modplsql conf ORACLE_HOME perl bin PATH export PATH On C or tcsh Shell setenv ORACLE_HOME new_ORAC...

Page 107: ..._HOME bin PATH 4 Change directory to the mod_plsql configuration directory for the current release of Oracle HTTP Server cd ORACLE_HOME Apache modplsql conf 5 Invoke the following Perl script to obfuscate DAD password perl dadTool pl o Notes This is a mandatory parameter except for a DAD that sets PlsqlAuthenticationMode to Basic and uses dynamic authentication For DADs using SingleSignOn authenti...

Page 108: ...s of the product this configuration parameter was called username PlsqlDefaultPage Specifies the default procedure to call if none is specified in the URL Notes You can also use Oracle HTTP Server Rewrite rules to achieve the same effect as you get by setting this configuration parameter In older versions of the product this parameter was called default_page Category Value Syntax PlsqlDatabaseUser...

Page 109: ...pplications that do not perform document uploads or downloads In older versions of the product this parameter was called document_path PlsqlDocumentProcedure Specifies the procedure to call when a document download is initiated This procedure is called to process the download Category Value Syntax PlsqlDocumentPath string Default docs Example PlsqlDocumentPath docs See Also Oracle HTTP Server mod_...

Page 110: ...rors This parameter accepts the following values ApacheStyle This is the default mode In this mode mod_plsql indicates to Oracle HTTP Server the HTTP error that was encountered Oracle HTTP Server then generates the error page This can be used with the Oracle HTTP Server ErrorDocument directive to produce customized error messages ModplsqlStyle mod_plsql generates the error pages usually a short me...

Page 111: ...is is a multi line directive in which each pattern occupies one line The pattern is case insensitive and can accept simple wildcards such as and a z The default patterns excluded from direct URL access are sys dbms_ utl_ owa_ owa htp htf Setting this directive to NONE will disable all protection This is not recommended for a live site however it is sometimes used for debugging purposes If this par...

Page 112: ...tput where each line is of 255 bytes In situations where the response bytes are single bytes the response buffer is populated to the maximum and can pack 255 200 51000 bytes for each round trip However for responses containing multi byte data the byte packing for each row could be less than ideal resulting in lesser bytes getting transferred for each round trip If your application generates large ...

Page 113: ...me a worst case character byte size and do not attempt to pack each row to its maximum In older versions of the product this parameter was called response_array_ size In older versions of the product the default for this parameter was 128 PlsqlInfoLogging Specifies what mode mod_plsql should use to do extra performance logging The mode is InfoDebug This logs more information to the Apache s error_...

Page 114: ...der versions of the product the equivalent to this parameter is reuse Instead of taking a value of Yes or No the new parameter enables you to have finer control over the connection pool reuse in mod_plsql PlsqlNLSLanguage Specifies the NLS_LANG variable for this DAD This parameter overrides the NLS_LANG environment variable When this parameter is set the PL SQL Gateway uses the specified NLS_LANG ...

Page 115: ...ameter was called nls_lang PlsqlPathAlias Specifies a virtual path alias to map to a procedure call This is application specific Notes For applications that do not use path aliasing this parameter may be omitted In older versions of the product this parameter was called pathalias PlsqlPathAliasProcedure Specifies the procedure to call when the virtual path in the URL matches the path alias as conf...

Page 116: ...nd this parameter automatically defaults to the DAD name A session cookie name must be specified only for Oracle Application Server Portal instances that need to participate in a distributed Oracle Application Server Portal environment For those Oracle Application Server Portal nodes you want to seamlessly participate as a federated cluster ensure that the session cookie name for all of the partic...

Page 117: ...ResetPackageState causes mod_plsql to call dbms_session modify_package_state dbms_ session reinitialize at the end of each mod_plsql request This API is a lot faster than the mode of StatelessWithResetPackageState and avoids some latch contention issues but exists only in database versions 8 1 7 2 and higher This mode uses up slightly more memory than the default mode Notes In older versions of th...

Page 118: ...aracter sets from the same DAD In such a case the CHAR mode is useless since it always converts the response data from the database character set to the mod_plsql character set In older versions of the product RAW transfer mode was not supported PlsqlUploadAsLongRaw Specifies the extensions to be uploaded as LONGRAW data type as opposed to using the default BLOB data type The default can be overri...

Page 119: ...od_plsql cache system The following parameters are specified in cache conf file PlsqlCacheCleanupTime PlsqlCacheDirectory PlsqlCacheEnable PlsqlCacheMaxAge PlsqlCacheMaxSize PlsqlCacheTotalSize See Also Oracle HTTP Server mod_plsql User s Guide for more details about upload and download processes and the structure of the restrictions on the document table format See Also This file is relevant only...

Page 120: ...Wednesday at 3 30 PM local time in the afternoon To define monthly frequency the keyword Everymonth is used The cleanup starts at the Saturday of the month at the time defined For example Everymonth 23 00 This causes the cleanup to happen the first Saturday of every month at 11 00 PM local time at night PlsqlCacheDirectory Specifies the directory where cache files are written out by mod_plsql This...

Page 121: ...efit In older versions this parameter is called enabled and resided in the PLSQL Cache section of ORACLE_HOME Apache modplsql cfg cache cfg PlsqlCacheMaxAge Specifies the maximum time in days a cache file can be allowed to reside in a file system cache after which the cached file will be removed for cache maintenance This setting is to ensure that the cache system does not contain old content This...

Page 122: ... cache and Session Cookie cache share this cache space Note that this setting is not a hard limit It might exceed the limit temporarily during normal processing This is normal behavior The cleanup algorithm uses this setting to determine how much to reduce the cache files Therefore the real space limit is the physical storage s available size This parameter takes bytes as values 1 megabytes 104857...

Page 123: ...he subsequent sections mod_rewrite Rules Processing mod_rewrite Directives Rewrite Rules Hints Redirection Examples mod_rewrite Rules Processing Apache processes HTTP in phases A hook for each of these phases is provided by the Apache API mod_rewrite uses two of these hooks the URL to filename translation hook which is used after the HTTP request has been read but before any authorization starts a...

Page 124: ...n does not match the complete set of conditions and the corresponding rule fails If the pattern matches then the next condition is processed until no more conditions are available If all conditions match processing is continued with substituting the URL using Substitution When request seeks a URL with more than one slash for example http yourserver oldpath rqstdrsrc the oldpath may bypass RewriteC...

Page 125: ...orce the configuration of the parent by the children In virtual server context this means that the maps conditions and rules of the main server are inherited In directory context this means that conditions and rules of the htaccess configuration of the parent directory are inherited RewriteLog Sets the name of the file to which the server logs any rewriting action that it performs If the name does...

Page 126: ...e not directly related to physical filename paths In such cases you have to use the RewriteBase directives to specify the correct URL prefix If the URLs of your Web server are not directly related to physical file paths you have to use RewriteBase in every htaccess files where you want to use RewriteRule directives Example 7 6 RewriteBase Directive Assume the following per directory configuration ...

Page 127: ... preceding rewrite rules such as RewriteRule demo 123 alldemos R NC This rewrite rule will not work to redirect from demonstration1 to demos because works form one character only To enable redirection of all URLs beginning with demo irrespective of subsequent characters use the rewrite rule as follows RewriteRule demo alldemos R NC In the preceding example means the beginning means any character a...

Page 128: ...and substitute it after alldemos Redirection Examples For redirecting requests from the DocumentRoot to a directory called newroot set the following mod_rewrite directives RewriteEngine On RewriteRule newroot 1 R For directing requested for files from one directory olddir to another newdir set the following directives RewriteEngine On RewriteRule olddir newdir 1 R In each of these cases you should...

Page 129: ...a request mod_so This module loads executable code and modules into the server at start up time mod_speling This module attempts to correct misspelled or miscapitalized URLs mod_status This module displays an HTML page of server activity and performance See Also Module mod_setenvif in the Apache Server documentation See Also Module mod_so in the Apache Server documentation See Also Module mod_spel...

Page 130: ...ific directories mod_usertrack This module tracks user activity by creating a log mod_vhost_alias This module enables dynamically configured mass virtual hosting See Also Module mod_unique_id in the Apache Server documentation See Also Module mod_userdir in the Apache Server documentation See Also Module mod_usertrack in the Apache Server documentation See Also Module mod_vhost_alias in the Apache...

Page 131: ...opics discussed are About Oracle HTTP Server Security Classes of Users and Their Privileges Resources Protected Authentication and Authorization Enforcement Security Services Implemented Within Oracle HTTP Server See Also For additional information about security refer to Oracle Application Server 10g Security Guide provides an overview of Oracle Database security and its core functionality ...

Page 132: ...on with X 509 client certificates over SSL Based on the Apache model Oracle HTTP Server provides access control authentication and authorization methods that can be configured with access control directives in the httpd conf file When URL requests arrive at Oracle HTTP Server they are processed in a sequence of steps determined by server defaults and configuration parameters The steps for handling...

Page 133: ...zed by modules within Oracle HTTP Server This includes users authenticated by mod_auth and mod_ossl Such users have access to URLs defined in http conf file Resources Protected Oracle HTTP Server is configured to protect resources such as Static content such as static HTML pages graphics interchange format gif files and other static files that Oracle HTTP Server provides directly CGI FastCGI scrip...

Page 134: ...her characteristics such as browser type You use the deny allow and order directives to set this type of access control These restrictions are configured with Oracle HTTP Server configuration directives and can be based on particular files directories or URL formats using the Files Directory and Location container directives as shown in the Example 8 1 Example 8 1 Host based Access Control Directo...

Page 135: ...y contained in a file Example 8 2 shows an excerpt from an httpd conf file which provides the syntax for using AccessConfig this way Example 8 2 Using AccessConfig to Set Up Access Control VirtualHost ip_address_of_host some_domain com virtual host directives AccessConfig conf access conf VirtualHost Note Allowing or restricting access based on a host name for Internet access is not considered a v...

Page 136: ...applications or components Oracle HTTP Server supports four host based access control schemes Controlling Access by IP Address Controlling Access by Domain Name Controlling Access by Network or Netmask Controlling Access with Environment Variables All of these allow you to specify the machines from which access to protected areas is granted or denied Your decision to choose one or more of the host...

Page 137: ...ose that originate from the domain name malicious cracker com or the IP address 141 217 24 range Although this is not a fool proof precaution against domain name or IP address spoofing it protects your site from malicious cracker com even if they change their IP address Controlling Access by Network or Netmask You can control access based on subsets of networks specified by IP address The syntax i...

Page 138: ...ironment Variables BrowserMatch Mozilla netscape_browser Directory mozilla area order deny allow deny from all allow from env netscape_browser Directory Use SetEnvIf when you want to base access on header information contained in the HTTP request For instance if you want to deny access from any browsers using HTTP version 1 0 or earlier then use the syntax shown in Example 8 7 Example 8 7 Controll...

Page 139: ... with user authentication After the server has authenticated a user s user name and password then the server compares the user to an access control list associated with the requested server resource If Oracle HTTP Server finds the user or the user s group on the list then the resource is made available to that user Using mod_auth to Authenticate Users User authentication is based on user names and...

Page 140: ...od_ossl is a plug in to Oracle HTTP Server that enables the server to use SSL mod_ossl replaces mod_ssl in the Oracle HTTP Server distribution Oracle no longer supports mod_ssl Enabling SSL By default SSL is disabled when you install Oracle Database If you want to enable SSL after installation perform the following steps 1 Open opmn xml in a text editor 2 In the ias component id HTTP_Server entry ...

Page 141: ...the following command UNIX ORACLE_HOME opmn bin opmnctl verbose startproc ias component HTTP_Server Windows ORACLE_HOME opmn bin opmnctl verbose startproc ias component HTTP_Server 7 You can verify if SSL was enabled successfully by navigating to the SSL port for example HTTPS hostname 4443 Note The preceding steps enable SSL for Oracle HTTP Server using a default insecure certificate To achieve c...

Page 142: ...connections to Oracle Database It enables secure connections between Oracle HTTP Server and a browser client by using an Oracle provided encryption mechanism over SSL It may also be used for authentication over the Internet through the use of digital certificate technology It supports SSL v 3 0 and provides Encrypted communication between client and server using RSA or DES encryption standards Int...

Page 143: ... SSLVerifyDepth Using mod_ossl Directives To configure SSL for your Oracle HTTP Server enter the mod_ossl directives you want to use in the httpd conf file The following directive are described in subsequent sections SSLAccelerator SSLCARevocationFile SSLCARevocationPath SSLCipherSuite SSLEngine SSLLog SSLLogLevel SSLMutex SSLOptions SSLPassPhraseDialog SSLProtocol SSLRequire SSLRequireSSL SSLSess...

Page 144: ... Certificate Authorities that you accept certificates from These are used for client authentication Such a file is the concatenation of various PEM encoded CRL files in order of preference This directive can be used alternatively or additionally to SSLCARevocationPath Category Value Valid Values yes no Syntax SSLAccelerator yes no Default SSLAccelerator no Context server configuration Category Val...

Page 145: ...te Table 8 3 shows the tags you can use in the string to describe the cipher suite you want Tags are joined together with prefixes to form cipher specification string Category Value Syntax SSLCARevocationPath path to CRL_directory Example SSLCARevocationPath ORACLE_HOME Apache conf ssl crl Default None Context server configuration virtual host Category Value Valid Values none Adds the cipher to th...

Page 146: ...n RC4 RC4 encoding Data Integrity MD5 MD5 hash function Data Integrity SHA SHA hash function Aliases SSLv3 All SSL version 3 0 ciphers Aliases EXP All export ciphers Aliases EXP40 All 40 bit export ciphers only Aliases EXP56 All 56 bit export ciphers only Aliases LOW All low strength ciphers export and single DES Aliases MEDIUM All ciphers with 128 bit encryption Aliases HIGH All ciphers using tri...

Page 147: ..._WITH_RC4_128_MD5 RSA RC4 128 MD5 SSL_RSA_WITH_DES_CBC_SHA RSA DES CBC SHA SSL_DH_anon_WITH_3DES_EDE_ CBC_SHA DH anon 3DES EDE CBC SHA SSL_DH_anon_WITH_RC4_128_MD5 DH anon RC4 128 MD5 SSL_RSA_WITH_3DES_EDE_CBC_ SHA RSA 3DES EDE CBC SHA SSL_DH_anon_WITH_DES_CBC_SHA DH anon DES CBC SHA SSL_RSA_EXPORT_WITH_RC4_40_ MD5 RSA RC4 40 MD5 SSL_RSA_EXPORT_WITH_DES40_ CBC_SHA RSA DES40 CBC SHA SSL_DH_anon_EXP...

Page 148: ...e duplicated to the standard Oracle HTTP Server log file specified by the ErrorLog directive Place this file at a location where only root can write so that it cannot be used for symlink attacks If the filename does not begin with a slash it is assumed to be relative to the ServerRoot If the filename begins with a bar then the string following the bar is expected to be a path to an executable prog...

Page 149: ...to the standard HTTP server log file specified by the ErrorLog directive error Only messages of the type error conditions that stop processing are logged warn Messages that notify of non fatal problems conditions that do not stop processing are logged info Messages that summarize major processing actions are logged trace Messages that summarize minor processing actions are logged debug Messages th...

Page 150: ...sion cache can become garbled file path to mutex Uses a file for locking The process ID PID of the Oracle HTTP Server parent process is appended to the filename to ensure uniqueness If the filename does not begin with a slash it is assumed to be relative to ServerRoot This setting is not available on Windows sem Uses an operating system semaphore to synchronize writes On UNIX it would be a Sys V I...

Page 151: ...ta Enables the following additional CGI SSI variables SSL_SERVER_CERT SSL_CLIENT_CERT SSL_CLIENT_CERT_CHAIN_n where n 0 1 2 These variables contain the Privacy Enhanced Mail PEM encoded X 509 certificates for the server and the client for the current HTTPS connection and can be used by CGI scripts for deeper certificate checking All other certificates of the client certificate chain are provided T...

Page 152: ... or supplies a valid user name and password Thus the combination of SSLRequireSSL or SSLRequire with SSLOptions StrictRequire gives mod_ossl the ability to override a Satisfy any directive in all cases CompatEnvVars Exports obsolete environment variables for backward compatibility to Apache SSL 1 x mod_ssl 2 0 x Sioux 1 0 and Stronghold 2 x Use this to provide compatibility to existing CGI scripts...

Page 153: ...used when Oracle HTTP Server is managed by OPMN No user interaction is allowed when Oracle HTTP Server is started by OPMN exec path to program when the server is started mod_ossl calls an external program configured for each wallet This program is invoked with two arguments servername portnumber and RSA or DSA Syntax SSLPassPhraseDialog type Example SSLPassPhraseDialog exec usr local apache sbin p...

Page 154: ... word word le word word word word gt word word word word ge word word regex word regex wordlist word wordlist word word digit cstring variable function digit 0 9 cstring variable varname Table 8 5 and Table 8 6 list standard and SSL variables These are valid values for varname function funcname funcargs For funcname the following function is available file filename The file function takes one stri...

Page 155: ...HTTP headername SERVER_NAME TIME_MIN THE_REQUEST SERVER_PORT TIME_SEC REQUEST_METHOD SERVER_PROTOCOL TIME_WDAY REQUEST_SCHEME REMOTE_ADDR TIME REQUEST_URI REMOTE_USER ENV variablename REQUEST_FILENAME Table 8 6 SSL Variables for SSLRequire Varname SSL Variables SSL Variables SSL Variables HTTPS SSL_PROTOCOL SSL_CIPHER_ALGKEYSIZE SSL_CIPHER SSL_CIPHER_EXPORT SSL_VERSION_INTERFACE SSL_CIPHER_USEKEYS...

Page 156: ...NT_CERT SSL_CLIENT_CERT_ CHAIN_n SSL_CLIENT_ROOT_CERT SSL_CLIENT_VERIFY SSL_CLIENT_M_VERSION SSL_SERVER_M_VERSION SSL_SERVER_V_START SSL_SERVER_V_END SSL_SERVER_M_SERIAL SSL_SERVER_S_DN_C SSL_SERVERT_S_DN_ST SSL_SERVER_S_DN SSL_SERVER_S_DN_OU SSL_SERVER_S_DN_CN SSL_SERVER_S_DN_O SSL_SERVER_S_DN_I SSL_SERVER_S_DN_G SSL_SERVER_S_DN_T SSL_SERVER_S_DN_D SSL_SERVER_S_DN_UID SSL_SERVER_S_DN_S SSL_SERVER...

Page 157: ...able bytes specifies approximate size inside a shared memory segment in RAM which is established by the path to datafile This hash table synchronizes the local SSL memory caches of the server processes shmcb path to datafile bytes Uses a high performance Shared Memory Cyclic Buffer SHMCB session cache to synchronize the local SSL memory caches of the server processes The performance of shmcb is mo...

Page 158: ... certificate require Client must present a valid certificate Syntax SSLVerifyClient level Default None Context server configuration virtual host Note The level optional_no_ca included with mod_ssl in which the client can present a valid certificate but it need not be verifiable is not supported in mod_ossl Category Value Syntax SSLWallet wrl The format of wrl is file path to wallet Example SSLWall...

Page 159: ...See Also Using the iasobf Utility on page 8 33 Category Value Syntax SSLWalletPassword password If no password is required do not set this directive Note If a wallet created with the Auto Login feature of Oracle Wallet Manager is used then do not set this directive because these wallets do not require passwords Default None Context server configuration virtual host Note SSLWalletPassword has been ...

Page 160: ...he will be used The proxy will use the same session as the SSL server uses SSLProxyCipherSuite Specifies the proxy server s cipher suite SSLProxyProtocol Controls the proxy server s SSL protocol flavors Category Value Syntax SSLProxyCache on off Default SSLProxyCache off Context server configuration virtual host Category Value Syntax SSLCipherSuite cipher spec Default None Context server configura...

Page 161: ...x SSLProxyWallet wrl Default None Context server configuration virtual host Category Value Syntax SSLProxyWalletPassword password Default None Context server configuration virtual host Note SSLProxyWalletPassword has been deprecated A warning message is generated in the Oracle HTTP Server log if this directive is used For secure wallets Oracle recommends that you get a SSO wallet instead Refer to ...

Page 162: ...certificates For example specify the following directives in the httpd conf file SSLVerifyClient require Authenticating for a particular URL based on certificates while allowing arbitrary clients to access the rest of the server To enable this use the per directory reconfiguration feature of mod_ossl Session re negotiation enables an SSL session to be re negotiated with a client after the initial ...

Page 163: ...wallet with a password then Oracle recommends that you use the password obfuscation tool iasobf which is located in ORACLE_ HOME Apache Apache bin to generate an obfuscated wallet password from a cleartext password To generate an obfuscated wallet password the command syntax is iasobf p password The obfuscated password is printed to the terminal The arguments are optional If you do not type them t...

Page 164: ...Security Services Implemented Within Oracle HTTP Server 8 34 Oracle HTTP Server Administrator s Guide ...

Page 165: ...oundation is referenced when applicable See Also Frequently Asked Questions in the Apache Server documentation Note Readers using this guide in PDF or hard copy formats will be unable to access third party documentation which Oracle provides in HTML format only To access the third party documentation referenced in this guide use the HTML version of this guide and click the hyperlinks ...

Page 166: ... as SSLRequireSSL to specify the per customer SSL characteristics Note that each customer can have their own wallet and server certificate If you are using name based virtual hosts for HTTP each customer has a virtual server listening on port 80 of a shared IP address To provide HTTPS for those customers you can add a single shared IP virtual host listening on port 4443 of the shared IP address Al...

Page 167: ... 10g Release 1 10 1 Oracle Database 10g Release 1 10 1 is still based on the 1 3 x stack from Apache organization Applying Apache Security patches to Oracle HTTP Server You cannot apply the Apache security patches to Oracle HTTP Server for the following reasons Oracle tests and appropriately modifies security patches before releasing them to Oracle HTTP Server users In many cases those alerts may ...

Page 168: ...e following app1 login html app1 catalog html app1 dologin jsp app2 orderForm html apps placeOrder jsp We could initially map this namespace to two Web servers by putting app1 on server1 and app2 on server2 Server1 s configuration might look like the following Redirect permanent app2 http server2 app2 Alias app1 myApps application1 Directory myApps application1 Directory Server2 s configuration is...

Page 169: ...all input from Web forms Be especially wary of long input strings and input that contains non printable characters HTML tags or javascript tags Encrypt or randomize the contents of cookies that contain sensitive information For example it should be difficult to guess a valid sessionID to prevent a hacker from hijacking a valid session Check often for security patches for all your system and applic...

Page 170: ...9 6 Oracle HTTP Server Administrator s Guide ...

Page 171: ...e httpd conf opmn xml Documentation from the Apache Software Foundation is referenced when applicable Note Readers using this guide in PDF or hard copy formats will be unable to access third party documentation which Oracle provides in HTML format only To access the third party documentation referenced in this guide use the HTML version of this guide and click the hyperlinks ...

Page 172: ...is located at UNIX ORACLE_HOME Apache Apache conf httpd conf Windows ORACLE_HOME Apache Apache conf httpd conf You should use only this file and not srm conf or access conf because it is must easier to manage a single configuration file httpd conf File Structure httpd conf is arranged in the following sections Global Environment Main Server Configuration Virtual Hosts Global Environment This is se...

Page 173: ...s of the default server Virtual Hosts This is section three of the httpd conf file It contains parameters specific to virtual hosts which override some of the main server configuration defaults Figure A 1 illustrates the file structure of the httpd conf file Figure A 1 httpd conf File See Also Setting Server and Administrator Functions on page 3 2 ...

Page 174: ...is important so that the client knows how to handle the content of the file You can add extra types in the mime type file or add an AddType directive in the configuration file It is located at UNIX ORACLE_HOME Apache Apache conf Windows ORACLE_HOME Apache Apache conf dms conf dms conf enables you to monitor performance of site components with Oracle s Dynamic Monitoring Service DMS It is located a...

Page 175: ...xml conf aqxml conf aqxml conf enables and configures Advanced Queuing It is located at UNIX ORACLE_HOME Apache Apache conf Windows ORACLE_HOME Apache Apache conf ojsp conf ojsp conf configures Java Server Pages It is located at UNIX ORACLE_HOME Apache jsp conf Windows ORACLE_HOME Apache jsp conf plsql conf plsql conf configures and loads the PL SQL module It is located at UNIX ORACLE_HOME Apache ...

Page 176: ...racle Apache Apache conf aqxml conf Directives needed for OraDAV module include private1 oracle Apache oradav conf moddav conf include private1 oracle Apache jsp conf ojsp conf include private1 oracle Apache modplsql conf plsql conf include private1 oracle xdk admin xml conf ssl conf ssl conf includes the SSL definitions and virtual host container Out of the box it is disabled by default It is loc...

Page 177: ... in the following hierarchical structure ias component process type process set ias component This entry represents the Oracle Database component It enables management of the component for processes such as starting and stopping process type This subcomponent of the ias component entry declares the type of process to run by association with a specific PM module process set This sub subcomponent of...

Page 178: ...opmn xml A 8 Oracle HTTP Server Administrator s Guide ...

Page 179: ...rd Party Licenses This appendix includes the Third Party License for all the third party products included with Oracle Database Topics discussed are Apache HTTP Server Apache SOAP DBI Module Perl mod_dav FastCGI Jaxen Expat SAXPath ...

Page 180: ... following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distribution 3 The end user documentation included with...

Page 181: ...binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials ...

Page 182: ...CHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WA...

Page 183: ... All rights reserved You may distribute under the terms of either the GNU General Public License or the Artistic License as specified in the Perl README file Perl Artistic License The Artistic License Preamble The intent of this document is to state the conditions under which a Package may be copied such that the Copyright Holder maintains some semblance of artistic control over the development of...

Page 184: ...main or from the Copyright Holder A Package modified in such a way shall still be considered the Standard Version 3 You may otherwise modify your copy of this Package in any way provided that you insert a prominent notice in each changed file stating how and when you changed that file and provided that you do at least ONE of the following a place your modifications in the Public Domain or otherwis...

Page 185: ...ed this Package s interpreter within an executable of yours by linking this shall be construed as a mere form of aggregation provided that the complete Standard Version of the interpreter is so embedded 6 The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Package but belong to whoever gene...

Page 186: ...ible to the end user of the commercial distribution Such use shall not be construed as a distribution of this Package 9 The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission 10 THIS PACKAGE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES...

Page 187: ...Copyright 1989 2001 Larry Wall All rights reserved This program is free software you can redistribute it and or modify it under the terms of either a the GNU General Public License as published by the Free Software Foundation either version 1 or at your option any later version or b the Artistic License which comes with this Kit This program is distributed in the hope that it will be useful but WI...

Page 188: ... that you provide or offer to provide the Perl source as specified by the GPL The fact that a Perl interpreter and your code are in the same binary file is in this case a form of mere aggregation This is my interpretation of the GPL If you still have concerns or difficulties understanding my intent feel free to contact me Of course the Artistic License spells all this out for your protection so yo...

Page 189: ...IMED IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE ...

Page 190: ...im copies of the source form of the Standard Version of this Package without restriction provided that you duplicate all of the original copyright notices and associated disclaimers 2 You may apply bug fixes portability fixes and other modifications derived from the Public Domain or from the Copyright Holder A Package modified in such a way shall still be considered the Standard Version 3 You may ...

Page 191: ...roduct of your own You may embed this Package s interpreter within an executable of yours by linking this shall be construed as a mere form of aggregation provided that the complete Standard Version of the interpreter is so embedded 6 The scripts and library files supplied as input to or produced as output from the programs of this Package do not automatically fall under the copyright of this Pack...

Page 192: ...e to the end user of the commercial distribution Such use shall not be construed as a distribution of this Package 9 The name of the Copyright Holder may not be used to endorse or promote products derived from this software without specific prior written permission 10 THIS PACKAGE IS PROVIDED AS IS AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING WITHOUT LIMITATION THE IMPLIED WARRANTIES OF...

Page 193: ...lyra org for use in the mod_dav module for Apache http www webdav org mod_dav 4 Products derived from this software may not be called mod_dav nor may mod_dav appear in their names without prior written permission of Greg Stein For written permission please contact gstein lyra org 5 Redistributions of any form whatsoever must retain the following acknowledgment This product includes software develo...

Page 194: ...mod_dav B 16 Oracle HTTP Server Administrator s Guide THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Greg Stein Last modified Thu Feb 3 17 34 42 PST 2000 ...

Page 195: ...less explicitly disclaimed in individual files Open Market permits you to use copy modify distribute and license this Software and the Documentation solely for the purpose of implementing the FastCGI specification defined by Open Market or derivative specifications publicly endorsed by Open Market and promulgated by an open standards organization and for no other purpose provided that existing cop...

Page 196: ...o all files associated with the Software and Documentation unless explicitly disclaimed in individual files Open Market permits you to use copy modify distribute and license this Software and the Documentation solely for the purpose of implementing the FastCGI specification defined by Open Market or derivative specifications publicly endorsed by Open Market and promulgated by an open standards org...

Page 197: ...ERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE IN NO EVENT SHALL OPEN MARKET BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DAMAGES ARISING FROM OR RELATING TO THIS SOFTWARE OR THE DOCUMENTATION INCLUDING WITHOUT LIMITATION ANY INDIRECT SPECIAL OR CONSEQUENTIAL DAMAGES OR SIMILAR DAMAGES INCLUDING LOST PROFITS OR LOST DATA EVEN IF OPEN MARKET HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES TH...

Page 198: ...rms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the disclaimer that follows these conditions in the documentation and or other...

Page 199: ...ING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This software consists of voluntary contributions made...

Page 200: ... 1998 1999 2000 Thai Open Source Software Center Ltd and Clark Cooper Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit pe...

Page 201: ...dification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the disclaimer that follows these conditions in the documentation and or other materials provided wi...

Page 202: ...NTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE This software consists of voluntar...

Page 203: ...hentication is presumed to preclude the possibility that another party has impersonated the sender availability The percentage or amount of scheduled time that a computing system provides application service CA See certificate authority certificate Also called a digital certificate An ITU x 509 v3 standard data structure that securely binds an identity to a public key A certificate is created when...

Page 204: ...ents use these to verify signatures the certificate authority has made A certificate authority might be an external company that offers certificate services or an internal organization such as a corporate MIS department CGI Common Gateway Interface CGI is the industry standard technique for transferring information between a Web server and any program designed to accept and return data that confor...

Page 205: ...ion algorithm Diffie Hellman key negotiation algorithm is a method that lets two parties communicating over an insecure channel to agree upon a random number known only to them Though the parties exchange information over the insecure channel during execution of the Diffie Hellman key negotiation algorithm it is computationally infeasible for an attacker to deduce the random number they agree upon...

Page 206: ...ttributes that describe one particular trait of the object For example if a directory entry describes a person that entry can have attributes such as first name last name telephone number or e mail address failover The ability to reconfigure a computing system to utilize an alternate active component when a similar component fails HTTP See Hypertext Transfer Protocol Hypertext Transfer Protocol Hy...

Page 207: ...and support integration between Oracle HTTP Server and other Oracle Database components one way hash function An algorithm that turns a message into a single string of digits One way means that it is almost impossible to derive the original message from the string of digits The calculated message digest can be compared with the message digest that is decrypted with a public key to verify that the ...

Page 208: ...roxy server rather than directly to the destination server The proxy server forwards the request to the destination server and passes the received information back to the client The proxy server channels all Web traffic at a site through a single secure port this enables an organization to create a secure firewall by preventing Internet access to internal machines while allowing Web access public ...

Page 209: ...encryption technology developed by RSA Data Security The RSA algorithm is based on the fact that it is laborious to factor very large numbers This makes it mathematically unfeasible because of the computing power and time required to decode an RSA key scalability A measure of how well the software or hardware product is able to adapt to future business needs SHA See Secure Hash Algorithm Secure Ha...

Page 210: ... the implementations available do not perform and scale well enough More information on SSH can be obtained from http www ssh org Secure Sockets Layer Secure Sockets Layer SSL is a standard for the secure transmission of documents over the Internet using HTTPS secure HTTP SSL uses digital signatures to ensure that transmitted data is not tampered with SSL See Secure Sockets Layer SSH See Secure Sh...

Page 211: ...Glossary 9 X 509 Public keys can be formed in various data formats The X 509 v3 format is one such popular format ...

Page 212: ...Glossary 10 ...

Page 213: ...pages 9 2 aqxml conf A 5 authentication 8 2 Glossary 1 AuthGroupFile 8 10 AuthName 8 9 authorization 8 2 AuthType 8 9 AuthUserFile 8 9 availability Glossary 1 B BindAddress 5 3 block directives 2 7 BrowserMatch 8 8 C CA Glossary 1 cache 9 2 cache conf 7 22 CacheRoot 9 2 CERN 7 4 certificate Glossary 1 digital Glossary 3 management 8 12 X 509 8 21 certificate authority Glossary 2 certificate revoca...

Page 214: ... IP address 8 6 netmask 8 7 network 8 7 CoreDumpDirectory 3 4 creating DAD 7 20 crit 6 4 critical 6 6 cryptography Glossary 2 custom log 6 7 D DAD Glossary 2 creating 7 20 parameters 7 26 password obfuscation 7 36 dads conf 7 22 7 26 dadTool pl 7 36 database access descriptor 7 22 Glossary 3 database usage notes 7 16 DBI module license B 5 debug 6 4 6 6 DebugStyle 7 41 decryption Glossary 3 Define...

Page 215: ...og 7 55 RewriteLogLevel 6 9 7 55 RewriteOptions 7 55 scope 2 4 ScoreBoardFile 3 5 SendBufferSize 5 4 ServerAdmin 3 3 ServerAlias 3 3 ServerName 3 2 ServerRoot 3 6 ServerSignature 3 3 ServerTokens 3 3 ServerType 4 4 SimulateHttps 7 7 SSLCACertificateFile 8 13 SSLCACertificatePath 8 13 SSLCertificateChainFile 8 13 SSLCertificateFile 8 13 SSLCertificateKeyFile 8 13 SSLLogFile 6 9 SSLRandomSeed 8 13 S...

Page 216: ...requently asked questions 9 1 G GET 5 4 global environment A 2 graceful restart 1 7 Group 4 2 4 4 H hackers 9 5 host based access control 8 4 domain name 8 7 environment variables 8 8 IP address 8 6 mod_access 8 6 mod_setenvif 8 6 netmask 8 7 network 8 7 htaccess files 2 7 HTTP Glossary 4 HTTP listener 1 3 httpd parent process 4 2 httpd conf A 2 global environment A 2 main server configuration A 3...

Page 217: ...t 6 5 logging errors 6 8 LogLevel 6 4 LogLoader 6 2 M main server configuration A 3 management 1 6 managing connection persistence 5 5 network connection 5 1 server network interaction 5 4 server processes 4 1 MaxClients 1 7 4 5 MaxKeepAliveRequests 5 5 MaxRequestsPerChild 4 6 MaxSpareServers 1 7 4 6 MD5 8 12 Glossary 5 message digest Glossary 5 mime types A 4 MinSpareServers 1 7 4 6 mod_access 7 ...

Page 218: ...d_plsql 2 2 7 19 always_desc 7 28 bind_bucket_lengths 7 31 cache conf 7 49 PlsqlCacheCleanupTime 7 50 PlsqlCacheDirectory 7 50 PlsqlCacheEnable 7 51 PlsqlCacheMaxAge 7 51 PlsqlCacheMaxSize 7 52 PlsqlCacheTotalSize 7 52 configuration files 7 21 cache conf 7 22 dads conf 7 22 plsql conf 7 21 configuration parameters 7 22 CustomOwa 7 29 dads conf 7 26 DAD parameters 7 26 PlsqlAfterProcedure 7 28 Plsq...

Page 219: ...d_speling 7 59 mod_ssl 7 15 8 10 mod_status 4 7 7 59 mod_unique_id 7 60 mod_userdir 7 60 mod_usertrack 7 60 mod_vhost_alias 7 60 modplsql 2 2 ModplsqlStyle 7 40 modules 1 3 2 3 7 1 Glossary 5 mod_access 7 3 mod_actions 7 3 mod_alias 7 3 mod_asis 7 3 mod_auth 7 3 mod_auth_anon 7 4 mod_auth_db 7 4 mod_auth_dbm 7 4 mod_auth_digest 7 4 mod_autoindex 7 4 mod_cern_meta 7 4 mod_certheaders 7 5 mod_cgi 7 ...

Page 220: ...concepts 2 1 configuration files 2 2 A 1 configuration files syntax 2 2 directives class 2 3 directives scope 2 4 directory structure 2 2 FAQ 9 1 features 1 2 management 1 6 modules 1 3 2 3 7 1 overview 1 1 process model 4 2 security considerations 4 3 restarting 1 7 security access control for virtual hosts 8 5 authentication 8 4 authorization 8 4 host based access control 8 4 overview 8 2 protec...

Page 221: ...umentPath 7 39 PlsqlDocumentProcedure 7 39 PlsqlDocumentTablename 7 40 PlsqlErrorStyle 7 40 ApacheStyle 7 40 DebugStyle 7 41 ModplsqlStype 7 40 PlsqlExclusionList 7 41 PlsqlFetchBufferSize 7 42 PlsqlIdleSessionCleanupInterval 7 26 PlsqlInfoLogging 7 43 InfoDebug 7 43 PlsqlLogDirectory 7 25 PlsqlLogEnable 7 25 PlsqlMaxRequestPerSession 7 44 PlsqlNLSLanguage 7 44 PlsqlPathAlias 7 45 PlsqlPathAliasPr...

Page 222: ... ServerType 4 4 set_default_form 7 19 set_form 7 19 SetEnvIf 8 8 setupinfo txt 5 2 SHA 8 12 Glossary 7 SimulateHttps 7 7 specifying 3 4 file locations 3 1 listener addresses 5 2 listener ports 5 2 log file locations 6 7 log files 6 7 access log 6 7 custom log 6 7 lot rotation 6 7 PID file 6 8 piped log 6 8 rewrite log 6 9 script log 6 9 SSL log 6 9 transfer log 6 9 log formats 6 5 log level 6 6 se...

Page 223: ...starting 1 6 startproc 1 6 StartServers 4 5 StdEnvVars 8 21 stopping 1 7 stopproc 1 7 StrictRequire 8 22 support 1 5 supporting PHP 9 4 T TCP 5 4 TCP buffer 5 4 TCP SYN 5 4 TestString 7 54 third party licenses B 1 ThreadsPerChild 4 5 TimeOut 5 4 transfer log 6 9 U UseCanonicalName 3 2 User 4 2 4 4 user authentication 8 9 mod_auth 8 9 mod_ossl 8 10 user authorization 8 9 USR1 1 7 UTF8 7 17 utilitie...

Page 224: ...Index 12 ...

Reviews:

No comments

Related manuals for HTTP Server

Brand: UMAX Technologies Pages: 10

ANTI-VIRUS 5.5 - FOR NOVELL NETWARE

Brand: KAPERSKY Pages: 134

Brand: SanDisk Pages: 11

CERTIFICATE 8.0 RELEASE NOTES

Brand: Red Hat Pages: 34

Brand: Hasselblad Pages: 6

Brand: VERITAS Pages: 580

25385 - Capture NX - Mac

Brand: Nikon Pages: 268

Brand: FieldServer Pages: 17

850DP - Phaser Color Solid Ink Printer

Brand: Xerox Pages: 70

Brand: ICP Pages: 6

Brand: LXE Pages: 260

Brand: EAW Pages: 36

SCAN TO PC DESKTOP 10

Brand: Xerox Pages: 4

Brand: Canon Pages: 170

Brand: Art-Tech Pages: 68

Brand: NEC Pages: 27

Digital Signage

Brand: NEC Pages: 29

Brand: NEC Pages: 119

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands