10 Oracle Web Cache

This chapter describes issues associated with Oracle Web Cache. It includes the following topics:

10.1 Configuration Issues and Workarounds

This section describes configuration issues and their workarounds. It includes the following topics:

10.1.1 Reset the Random Password Generated in the Oracle Portal, Forms, Reports and Discoverer Install Types

For enhanced security, no default hard-coded passwords are used for managing Oracle Web Cache.

When you install the Oracle Web Tier installation type, the Oracle Universal Installer prompts you to choose a password. The Web Cache Administrator page of the Oracle Universal Installer prompts you to enter a password for the administrator account. The administrator account is the Oracle Web Cache administrator authorized to log in to Oracle Web Cache Manager and make configuration changes through that interface.

When you install the Oracle Portal, Forms, Reports and Discoverer installation type, the prompt for the administrator password is missing. Instead, the Oracle Portal, Forms, Reports and Discoverer install type uses a random value chosen at install time.

No matter the installation type, before you begin configuration, change the passwords for these accounts to a secure password. If you are configuring a cache cluster, all members of the cluster must use the same password for the administrator account.

To change the password, use the Passwords page of Fusion Middleware Control, as described in Section 5.2, "Configuring Password Security," of the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache.

10.1.2 Running Oracle Web Cache Processes as a Different User Is Not Supported

Running Oracle Web Cache as a user other than the installed user through the use of the webcache_setuser.sh setidentity command is not supported for this release. Specifically, you cannot change the user ID with the following sequence:

  1. Change the process identity of the Oracle Web Cache processes in the Process Identity page using Oracle Web Cache Manager (Properties > Process Identity).

  2. Use the webcache_setuser.sh script as follows to change file and directory ownership:

    webcache_setuser.sh setidentity <user_ID> 
    

    where <user_ID> is the user you specified in the User ID field of the Process Identity page.

  3. Restart Oracle Web Cache using opmnctl.

    Oracle Web Cache will start and then immediately shut down.

    In addition, messages similar to the following appear in the event log:

    [2009-06-02T21:22:46+00:00] [webcache] [ERROR:1] [WXE-13212] [logging] [ecid: ] 
    Access log file /scratch/webtier/home/instances/instance1/diagnostics/logs/WebCache/webcache1/access_log could not be opened.
    [2009-06-02T21:22:46+00:00] [webcache] [WARNING:1] [WXE-13310] [io] [ecid: ] 
    Problem opening file /scratch/webtier/home/instances/instance1/config/WebCache/webcache1/webcache.pid (Access Denied).
    [2009-06-02T21:22:46+00:00] [webcache] [ERROR:1] [WXE-11985] [esi] [ecid: ] 
    Oracle Web Cache is unable to obtain the size of the default ESI fragment page 
    /scratch/webtier/home/instances/instance1/config/WebCache/webcache1/files/esi_fragment_error.txt.
    [2009-06-02T21:22:46+00:00] [webcache] [WARNING:1] [WXE-11905] [security]
    [ecid: ] SSL additional information: The system could not open the specified file. 
    

For further information about the webcache_setuser.sh script, see Section 5.9, "Running webcached with Root Privilege," of the Oracle Fusion Middleware Administrator's Guide for Oracle Web Cache.

10.1.3 Processing Order of Request Filters Is Incorrect

Both Fusion Middleware Control and Oracle Web Cache Manager display the request filters in the following order:

  1. Privileged IP

  2. Client IP

  3. Method

  4. URL

  5. Header

  6. Query String

  7. Format

Instead, Oracle Web Cache processes the filters in the following order, where the Header request filter follows the Client IP filter:

  1. Privileged IP

  2. Client IP

  3. Header

  4. Method

  5. URL

  6. Query String

  7. Format

For example, a deny by the Header filter type would occur before a deny by the Method or URL filter.