Skip Headers
Oracle® Traffic Director Configuration File Reference
11g Release 1 (11.1.1.7)

Part Number E21038-03
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

3 Elements in server.xml

This chapter describes the elements in the server.xml file in alphabetical order.

3.1 List of Elements

This section describes the elements in the server.xml file in alphabetical order.

3.1.1 access-log

The access-log element configures the settings for the access log. This element can appear zero or more times within the server element and zero or more times within the virtual-server element. For more information, see Section 3.1.22, "server", and Section 3.1.36, "virtual-server".

Table 3-1 describes the subelements of access-log.

Table 3-1 access-log Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the server writes to this access log. Default Value: true.

name

0 or 1

The name that uniquely identifies the access log. If you specify a name, the server does not automatically write to this access log. Instead, you explicitly configure this access log in an obj.conf AddLog directive.

file

1

The file name of the access log. If a relative path is used, it is relative to the server's config directory, for example, ../logs/access.log.

format

0 or 1

The format of the access log entries. The default format is an extended custom log format. For more information about access log format, see Appendix B, "Using the Custom Access-Log File Format".


3.1.2 access-log-buffer

The access-log-buffer element configures the settings for access log buffering subsystem. This element can appear zero or one time within the server element. For more information, see Section 3.1.22, "server".

Table 3-2 describes the subelements of access-log-buffer.

Table 3-2 access-log-buffer Subelements

Element Occurrences Description

direct-io

0 or 1

Specifies if the file system cache access log writes. Default value: false. It indicates that the file system write to a cache. Setting the value to true indicates that the file system should not to write to a cache. The setting is purely advisory; either the server or the operating system may choose to ignore it.

enabled

0 or 1

Specifies whether the server buffers the access log entries. Default value: true.

buffer-size

0 or 1

The size (in bytes) of individual access log buffers. The value can be from 4096 to 1048576.

max-buffers

1

Specifies the maximum number of access-log buffers per server. Values: 1 to 65536.

max-buffers-per-file

0 or 1

Specifies the maximum number of access-log buffers per access-log file.

max-age

0 or 1

The maximum time (in seconds) to buffer a given access log entry. The value can be from 0.001 to 3600.


See Also:

access-log, event, log

3.1.3 cluster

The cluster element defines the cluster to which the server belongs. This element can appear zero or one time within the server element. For more information, see Section 3.1.22, "server".

Table 3-3 describes the subelements of cluster.

Table 3-3 cluster Subelements

Element Occurrences Description

local-host

1

Defines the network address of an instance. The value is the host value from an instance element. For more information, see Section 3.1.11, "instance".

instance

1 or more

Defines a member of the server cluster. For more information, see Section 3.1.11, "instance".

failover-group

0 or more

Defines the configuration of a failover group. For more information, see Section 3.1.7, "failover-group"


3.1.4 dns

The dns element configures how the server uses the domain name system (DNS). This element can appear zero or one time within the server element. For more information, see Section 3.1.22, "server".

Table 3-4 describes the subelements of dns.

Table 3-4 dns Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the server does DNS lookups. Default value: false.

async

0 or 1

Specifies whether the server uses its own asynchronous DNS resolver, instead of the Operating System's synchronous resolver. Default value: true.

timeout

0 or 1

Specifies the duration (in seconds) after which the asynchronous DNS lookups should time out. The value can be from 0.001 to 3600.


See Also:

dns-cache

3.1.5 dns-cache

The dns-cache element configures the DNS cache. This element can appear zero or one time within the server element. For more information, see Section 3.1.22, "server".

Table 3-5 describes the subelements of dns-cache.

Table 3-5 dns-cache Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the server writes to a cache for DNS lookup results. Default value: true.

max-age

0 or 1

Specifies the duration (in seconds) for which the entries must be kept in the cache. The value can be from 1 to 31536000.

max-entries

0 or 1

Specifies the maximum number of DNS lookup results to write to the cache. The value can be from 32 to 32768.


See Also:

dns

3.1.6 event

The event element configures a recurring event. The element can appear zero or more times within the server element. For more information, see Section 3.1.22, "server".

Table 3-6 describes the subelements of event.

Table 3-6 event Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the event is enabled at run time. Default value: true.

time

0 or more

Configures a specific time when the event occurs. For more information, see Section 3.1.33, "time".

interval

0 or 1

Specifies the interval (in seconds) at which the event occurs. The value can be from 60 to 86400.

rotate-log

0 or 1

Rotates the log files. Default value: false.

rotate-access-log

0 or 1

Rotates the access log files. Default value: false.

command

0 or more

The command to execute to get an event to run.

reconfig

0 or 1

Dynamically reconfigures the server. Default value: false.

restart

0 or 1

Restarts the server. Default value: false.

description

0 or 1

The description of the event. The value of this element is in text format.


See Also:

access-log, log

3.1.7 failover-group

The failover-group element defines a failover group. This element may appear zero or one time within the cluster element. For more information, see Section 3.1.3, "cluster"

Table 3-7 describes the subelements of failover-group.

Table 3-7 failover-group Subelements

Element Occurrences Description

ip

1

Specifies the virtual IP for the failover group. The value must be unique across failover groups in a configuration.

network-prefix

0 or 1

Specifies the subnet mask for the number of bits used to identify the network. Values: positive integer and 24 (max 32) by default for IPV4. Default value: 64 (max 128) for IPV6

router-id

0 or 1

Specifies the router identity for the failover-group. The value must be unique across the failover-groups. It is used to identify the router group of all the participating routers for the same VIP. Values are positive integer. Range of values: 1 to 255. Default value: 255.

failover-instance

1 or more

Defines the instances that are part of the failover-group.

host

1

Specifies the hostname of the administration node where the instance has been created. It must match one of the instance or the host elements in the cluster elements.

priority

0 or 1

Specifies the priority value for the instance. This value identifies whether the instance is the primary or the backup for the failover-group. Values: positive integer. Range of values: 1 to 254. Default value: 250.

network-interface

1

Indicates the network interface on the node where this instance is created on which the VIP is moderated.


3.1.8 health-check

The health-check element configures the parameters that are used to determine the status of each origin-server in an origin-server pool. This element may appear zero or one time within the origin-server-pool element. For more information, see Section 3.1.15, "origin-server-pool"

Table 3-8 describes the subelements of health-check.

Table 3-8 health-check Subelements

Elements Occurrences Description TCP health check on HTTP servers TCP health check on TCP servers

protocol

0 or 1

Specifies the type of connection—HTTP or TCP—that Oracle Traffic Director should attempt with the origin server to determine its health.

TCP: Oracle Traffic Director attempts to open a TCP connection to each origin server. The success or failure of this attempt determines whether Oracle Traffic Director considers the origin server to be online or offline.

HTTP: Oracle Traffic Director sends an HTTP GET or OPTIONS request to each origin server in the pool, and checks the response to determine the availability and health of the origin server.

Default value: HTTP.

Valid

Valid; HTTP is not a valid value for origin-server-pool elements that specify tcp in the type subelement.

interval

0 or 1

Specifies the time interval (in seconds) between successive health check operations. Default value: 30.

Valid

Valid

failover-threshold

0 or 1

Indicates the number of consecutive failures for marking a server down. It is indicated by a positive integer. The maximum possible value is 256. Default value: 3.

Valid

Valid

timeout

0 or 1

Specifies the timeout value for a connection. It is indicated by a positive integer and in seconds. Default value: 5.

Valid

Valid

request-method

0 or 1

Specifies the method that is used during HTTP health check operations. Default value: OPTIONS.

Ignored

Ignored

request-uri

0 or 1

Specifies the URI that is used for HTTP health check operations. Default value: "/".

Ignored

Ignored

response-code-match

0 or 1

Indicates a modified regular expression that is used to specify what type of response status codes are acceptable for a healthy origin server. The expression is a union of three character patterns that contain only digits or 'x'. 'x' represents a digit, for example, the following three expressions are valid:
200, 2xx|304,
1xx|2xx|3xx|4xx
.

Also, if the parameter is not specified, all other codes except 5xx server error are considered acceptable. This is applicable only when protocol is HTTP.

Ignored

Ignored

response-body-match

0 or 1

A regular expression that is used to match the HTTP response body to determine the origin server's health. This is applicable only when protocol is HTTP.

Ignored

Ignored

response-body-match-size

0 or 1

Specifies the maximum length of the response body that should match. Default value: 2048.

Ignored

Ignored

dynamic-server-discovery

0 or 1

Specifies if the server should dynamically discover Oracle WebLogic Server cluster nodes and add them to the pool. Default value: false.

Valid for HTTP Health Check

Ignored


3.1.9 http

The http element configures the settings for the miscellaneous HTTP protocol options. This element can appear zero or one time within the server element. For more information, see Section 3.1.22, "server".

Table 3-9 describes the subelements of http.

Table 3-9 http Subelements

Element Occurrences Description

version

0 or 1

Specifies the highest HTTP protocol version the server supports. The default HTTP version string is HTTP/1.1.

server-header

0 or 1

Specifies the server header information such as server software and version. The default server header is Oracle-Traffic-Director/11.1.1.6.0.

body-buffer-size

0 or 1

Specifies the maximum size (in bytes) of the request body content that OTD will expose using the $body variable in obj.conf. The value can be from 0 to 2147483647. Default value: 1024.

Note: All values must specify units.

request-header-buffer-size

0 or 1

Specifies the size (in bytes) of the buffer used to read HTTP request headers. The value can be from 0 to 2147483647.

strict-request-headers

0 or 1

Indicates whether the server rejects certain malformed HTTP request headers. Default value: false.

max-request-headers

0 or 1

Specifies the maximum number of header fields in an HTTP request header. The value can be from 1 to 512.

output-buffer-size

0 or 1

Specifies the size (in bytes) of the buffer for HTTP responses. The value can be from 0 to 2147483647.

max-unchunk-size

0 or 1

Specifies the maximum size (in bytes) of a chunked HTTP request body that the server will unchunk. The value can be from 0 to 2147483647.

unchunk-timeout

0 or 1

Specifies the maximum time (in seconds) that the server waits for a chunked HTTP request body to arrive. The value can be from 0 to 3600, or -1 for no timeout.

io-timeout

0 or 1

Specifies the maximum time (in seconds) that the server waits for an individual packet. The value can be from 0 to 3600, or -1 for no timeout.

request-header-timeout

0 or 1

Specifies the maximum time (in seconds) that the server waits for a complete HTTP request header. The value can be from 0 to 604800, or -1 for no timeout.

request-body-timeout

0 or 1

Specifies the maximum time (in seconds) that the server waits for a complete HTTP request body. The value can be from 0 to 604800, or -1 for no timeout.

favicon

0 or 1

Specifies whether the server replies to requests for favicon.ico with its own built-in icon file. Default value: true.

etag

0 or 1

Controls if the server includes an Etag header field in its responses. Default value: true.

ecid

0 or 1

Specifies whether the server generates, propagates, and logs the execution context. The value of the ECID is a unique identifier that can be used to correlate individual events as being part of the same request execution flow. For example, events that are identified as being related to a particular request typically have the same ECID value. However, the format of the ECID string itself is determined by an internal mechanism that is subject to change; therefore, you should not have or place any dependencies on that format. ECID is defined as a part of the execution context. The execution context consists of ECID and RID. You may also refer to the whole execution context, which is the combination of ECID and RID, as just ECID. Default value: true.

websocket-strict-upgrade

0 or 1

Enables/disables strict RFC 6455 adherence during the WebSocket upgrade request. Default value: false.


3.1.10 http-listener

The http-listener element configures an HTTP listener. This element can appear zero or more times within the server element. For more information, see Section 3.1.22, "server".

Table 3-10 describes the subelements of http-listener.

Table 3-10 http-listener Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the HTTP listener is enabled to accept connection requests. Default value: true.

name

1

Specifies the name that uniquely identifies the HTTP listener.

ip

0 or 1

Specifies an IP address to listen. The value of this element is a specific IP address or an asterisk * to listen on all IP addresses.

port

1

Specifies the port to listen. The value of this element is the port number.

acceptor-threads

0 or 1

Specifies the number of threads dedicated to accept connections received by this listener. The value can be from 1 to 128.

server-name

1

Specifies the default server name. Tells the server what to put in the host name section of any URLs it sends to the client. This affects URLs the server automatically generates; it doesn't affect the URLs for directories and files stored in the server. This name should be the alias name if your server uses an alias. If a colon and port number are appended, that port will be used in URLs that the server sends to the client.

Values: The value can include a scheme (for example, prefix http://) and port suffix (for example, :80)

blocking-io

0 or 1

Specifies whether the server uses blocking I/O. Default value: false.

family

0 or 1

Specifies the socket family that is used to connect to the origin server. Values: inet, inet6, inet-sdp, and default. inet and inet6 represent IPV4 and IPV6 protocols respectively. inet-sdp is used for Sockets Direct Protocol (SDP). Default value: inet.

handle-protocol-mismatch

0 or 1

Indicates whether the server responds to SSL or non-SSL protocol mismatches in client requests. Default value: true, meaning the server will attempt to detect SSL or non-SSL protocol mismatches and send an HTTP redirect or SSL alert when a mismatch is detected.

listen-queue-size

0 or 1

Specifies the size (in bytes) of the listen queue. The value of this element can be from 1 to 1048576.

receive-buffer-size

0 or 1

Specifies the size (in bytes) of the operating system socket receive buffer. The value of this element can be from 1 to 1048576.

send-buffer-size

0 or 1

Specifies the size (in bytes) of the operating system socket send buffer. The value of this element can be from 1 to 1048576.

default-virtual-server-name

1

Specifies the name of the virtual server that processes request that do not match a host. The value of this element is the name value from a virtual-server element. For more information, see Section 3.1.36, "virtual-server".

ssl

0 or 1

Configures SSL/TLS. For more information, see Section 3.1.24, "ssl".

description

0 or 1

Specifies the description of the HTTP listener. The value of this element must be in text format.

blocking-accept

0 or 1

Enables/disables blocking of the server listen socket while retaining client end points as non blocking (useful when MaxProcs > 1). Default value: false.


3.1.11 instance

The instance element defines a member of a server cluster. This element can appear one or more times within the cluster element. For more information, see Section 3.1.3, "cluster".

Table 3-11 describes the subelements of instance.

Table 3-11 instance Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the instance is enabled at run time. Default value: true.

host

1

The network address of the instance. The value is the host name or the IP address.


See Also:

cluster

3.1.12 keep-alive

The keep-alive element configures the settings for the keep-alive subsystem. This element can appear zero or one time within the server element. For more information, see Section 3.1.22, "server".

Table 3-12 describes the subelements of keep-alive.

Table 3-12 keep-alive Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the keep-alive subsystem is enabled at runtime. Default value: true.

threads

0 or 1

Specifies the number of keep alive subsystem threads. The value can be from 1 to 128. Default value: 1.

max-connections

0 or 1

Specifies the maximum number of concurrent keep alive connections that the server supports. The value can be from 1 to 1048576. Default value: 200.

timeout

0 or 1

Specifies the timeout (in seconds) after which an inactive keep alive connection can be used. The value can be from 0.001 to 3600. Default value: 30 seconds.

poll-interval

0 or 1

Specifies the interval (in seconds) between polls. The value can be from 0.001 to 1. Default value: .001.


3.1.13 localization

The localization element defines a method by which the server chooses a language with which it presents information to the client. This element may appear zero or one time within the server element, and zero or one time within the virtual-server element. For more information, see Section 3.1.22, "server", and Section 3.1.36, "virtual-server".

Table 3-13 describes the subelement of localization.

Table 3-13 localization Subelements

Element Occurrences Description

default-language

0 or 1

The default language with which the messages and content are displayed. The value is a language tag.

negotiate-client-language

0 or 1

Specifies whether the server uses the accept-language HTTP header to negotiate the content language with clients. Default value: false.


3.1.14 log

The log element configures the logging subsystem. This element can appear zero or one time within the server element. For more information, see Section 3.1.22, "server".

Table 3-14 describes the subelements of log.

Table 3-14 log Subelements

Element Occurrences Description

log-stdout

0 or 1

Specifies whether the server logs data that applications write to stdout. Default value: true.

log-stderr

0 or 1

Specifies whether the server logs data that applications write to stderr. Default value: true.

log-virtual-server-name

0 or 1

Specifies whether the server includes the virtual server name in log messages. Default value: false.

create-console

0 or 1

Specifies if the server creates a console window (Windows only). Default value: false.

log-to-console

0 or 1

Specifies whether the server writes log messages to the console. Default value: true.

log-to-syslog

0 or 1

Specifies whether the server writes log messages to syslog. Default value: false.

archive-command

0 or 1

This is executed after the server rotates a log file. The program is passed the post-rotation file name of the log file as an argument. A program command line, for example: gzip

log-level

0 or 1

Specifies the log verbosity for the server as a whole. Values: INCIDENT_ERROR:1, NOTIFICATION:1, ERROR:1, ERROR:16, ERROR:32, WARNING:1, TRACE:1, TRACE:16 TRACE:32. Default value: NOTIFICATION:1

log-file

0 or 1

Specifies the name and location of the log file. Value: User defined name and location. Default value: ../logs/server.log


3.1.15 origin-server-pool

The origin-server-pool element configures a pool of origin servers that are used for load balancing requests. This element may appear zero or more times within the server element. For more information, see Section 3.1.22, "server".

Table 3-15 describes the subelements of origin-server-pool.

Table 3-15 origin-server-pool Subelements

Element Occurrences Description

name

1

Specifies the name by which the server pool is identified.

load-distribution

0 or 1

The load-balancing method that should be used for distributing requests to the origin-server pool. Values: round-robin, least-connection-count, and least-response-time. Default value: least-connection-count.

For more information about the various load-balancing methods, see the section Modifying an Origin-Server Pool in the Oracle Traffic Director Administrator's Guide.

type

1

Indicates the kind of requests that are handled by every server in the server pool. Values: http, https and tcp. Default: http.

family

0 or 1

Specifies the socket family that is used to connect to the origin server. Values: inet, inet6, inet-sdp, and default. inet and inet6 represent IPV4 and IPV6 protocols respectively. inet-sdp is used for Sockets Direct Protocol (SDP). Default value: inet.

origin-server

0 or more

Represents an origin server that belongs to the server pool.

health-check

0 or 1

Specifies the health check settings for the sever pool


3.1.16 origin-server

The origin-server element defines a member of a server pool. This element may appear zero or more times within the origin-server-pool element. For more information see, Section 3.1.15, "origin-server-pool"

Table 3-16 describes the subelements of origin-server.

Table 3-16 origin-server Subelements

Element Occurrences Description

host

1

Specifies the host name or the IP address of the origin server.

port

0 or 1

Specifies the port number of the origin server. Value: Integer. 80 is the default port if the origin server pool type is HTTP. 443 is the default port if the origin server pool type is HTTPS.

weight

0 or 1

Specifies the load distribution weight for the origin server. The value is an integer. Default value: 1.

enabled

0 or 1

Specifies whether requests can be routed to the origin server. Default value: true.

backup

0 or 1

Specifies whether the origin sever is a backup server. Requests will be sent to the backup origin server only when none of the primary (non-backup) origin servers is available. Default value: false.

max-connections

0 or 1

Specifies the maximum number of concurrent connections to the server. Values: 0 to 20480. Default value: 0. The value 0 indicates no limit.

ramp-up-time

0 or 1

The time (in seconds) that Oracle Traffic Director should take to ramp up the request sending rate to the full capacity of this origin server. Default value: Any positive integer. If max-connections is set to 0, ramp-up-time is ignored.


3.1.17 pkcs11

The pkcs11 element configures the PKCS #11 subsystem. This element may appear zero or one time within the server element. For more information, see Section 3.1.22, "server".

Table 3-17 describes the subelements of pkcs11.

Table 3-17 pkcs11 Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the server initializes PKCS #11 tokens, prompting for personal identification numbers (PINs) as necessary. Default value: true if SSL is enabled and false if SSL is not enabled.

crl-path

0 or 1

Specifies the directory that contains dynamically updated CRL files. The value is the name of the directory. If a relative path is used, it is relative to the server's config directory.

token

0 or more

Configures a PKCS #11 token. For more information, see Section 3.1.34, "token".


See Also:

ssl, http-listener

3.1.18 pkcs11 bypass

The pkcs11 bypass element instructs the NSS to bypass the PKCS#11 layer during SSL/TLS processing, thereby improving performance.

During startup, the server automatically verifies each token, holding a server key, to assess if they support PKCS#11 bypass. If the tokens support bypass in the current configuration the PKCS#11 layer is bypassed; otherwise the bypass is disabled. Thus, the server automatically takes advantage of the performance benefits of pkcs11 bypass whenever possible.

In certain unique circumstances, you can disable PKCS#11 bypass manually by using the server.xml element <allow-bypass>.

<pkcs11>
 <enabled>1</enabled>
 <allow-bypass>0</allow-bypass>
</pkcs11>

3.1.19 property

The property element defines a name-value pair. The effect of defining a property name-value pair depends on the context in which the property element appears.

Table 3-18 describes the subelements of property.

Table 3-18 property Subelements

Element Occurrences Description

name

1

The name of the property.

value

1

The value of the property.

encoded

0 or 1

Specifies if the property value was encoded using the uunencode algorithm. Default value: false.

encrypted

0 or 1

Specifies if the property value is encrypted. Default value: false.

description

0 or 1

The description of the property.


See Also:

variable

3.1.20 proxy-cache

The proxy-cache element configures the HTTP reverse proxy cache configuration. This element can appear zero or one time within the server element. For more information, see Section 3.1.22, "server".

Table 3-19 describes the subelements of proxy-cache.

Table 3-19 proxy-cache Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether response caching is enabled. Default value: true.

max-heap-space

0 or 1

Specifies the maximum number (in bytes) of heap that is used for caching response objects. Values: 0 to 1099511627776 (1024 GB). Default value: 10485760 (10 MB).

max-heap-object-size

0 to 1

Specifies the maximum size of objects that should be cached. Objects larger than the specified size are not cached. Values: 0 to 214783647. Default value: 524288 (512 KB).

replacement

0 to 1

Specifies the algorithm for cache replacement. Values: lru, lfu, and false. Default value: lru.

  • lru (Least Recently Used): Oracle Traffic Director discards the least recently used entry first.

  • lfu (Least Frequently Used): Oracle Traffic Director discards the least frequently used entry first.

  • false: Cache replacement is disabled.

max-entries

0 to 1

Specifies the maximum number of entries in the cache. The range is 1 to 1073741824. Default value: 1024.


3.1.21 qos-limits

The qos-limits element configures the QoS limits. This element may appear zero or one time within the server element and zero or one time within the virtual-server element. For more information, see Section 3.1.22, "server" and Section 3.1.36, "virtual-server".

Table 3-20 describes the subelements of qos-limits.

Table 3-20 qos-limits Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the QoS limits are enforced at runtime. Default value: true.

max-bps

0 or 1

Specifies the maximum transfer rate (bytes/second). Range of value: 1 to 2147483647

max-connections

0 or 1

Specifies the maximum number of concurrent connections. Range of value: 1 to 1048576


3.1.22 server

The server element defines a server. This is the root element, and there can be only one server element in the server.xml file.

Table 3-21 describes the subelements of server.

Table 3-21 server Subelements

Element Occurrences Description

cluster

0 or 1

The server cluster to which the server belongs. For more information, see Section 3.1.3, "cluster".

log

0 or 1

Configures the logging subsystem. For more information, see Section 3.1.14, "log,".

user

0 or 1

The account the server runs as (UNIX only). The value is the user account. If the server is started as root, any UNIX account can be specified. If the server is started by a non-root account, only that non-root account can be specified.

temp-path

0 or 1

The directory where the server stores its temporary files. If a relative path is used, it is relative to the server's config directory. The directory must be owned by the account that the server runs as.

variable

0 or more

Defines a variable for use in expressions, log formats, and obj.conf parameters. For more information, see Section 3.1.35, "variable".

localization

0 or 1

Configures localization. For more information, see Section 3.1.13, "localization".

http

0 or 1

Configures the HTTP protocol options. For more information, see Section 3.1.9, "http".

keep-alive

0 or 1

Configures the HTTP keep-alive subsystem. For more information, see Section 3.1.12, "keep-alive".

thread-pool

0 or 1

Configures the HTTP request processing threads. For more information, see Section 3.1.32, "thread-pool".

pkcs11

0 or 1

Configures the PKCS #11 subsystem. For more information, see Section 3.1.17, "pkcs11".

stats

0 or 1

Configures the statistics collection subsystem. For more information, see Section 3.1.27, "stats".

dns

0 or 1

Configures the server's use of DNS. For more information, see Section 3.1.4, "dns".

dns-cache

0 or 1

Configures the DNS cache. For more information, see Section 3.1.5, "dns-cache".

ssl-session-cache

0 or 1

Configures the SSL/TLS session cache. For more information, see Section 3.1.26, "ssl-session-cache".

access-log-buffer

0 or 1

Configures the access log buffering subsystem. For more information, see Section 3.1.2, "access-log-buffer".

snmp

0 or 1

Configures SNMP. For more information, see Section 3.1.23, "snmp".

access-log

0 or more

Configures an HTTP access log for the server. For more information, see Section 3.1.1, "access-log".

http-listener

0 or more

Configures an HTTP listener. For more information, see Section 3.1.10, "http-listener".

virtual-server

0 or more

Configures a virtual server. For more information, see Section 3.1.36, "virtual-server".

event

0 or more

Configures a recurring event. For more information, see Section 3.1.6, "event".

origin-server-pool

0 or more

Configures a pool of origin servers that are used for handling load balancing requests. For more information, see Section 3.1.15, "origin-server-pool"

proxy-cache

0 or 1

Defines the HTTP reverse proxy caching configuration mechanism. For more information, see Section 3.1.20, "proxy-cache"

qos-limits

0 or 1

Specifies information related to QoS settings. For more information, see Section 3.1.21, "qos-limits"

tcp-thread-pool

0 or 1

Configures the TCP request processing threads. For more information, see Section 3.1.31, "tcp-thread-pool"

tcp-access-log

0 or 1

Configures TCP access log for the server. For more information, see Section 3.1.28, "tcp-access-log"

tcp-listener

0 or more

Configures a TCP listener. For more information, see Section 3.1.29, "tcp-listener"

tcp-proxy

0 or more

Configures a TCP service. For more information, see Section 3.1.30, "tcp-proxy"

webapp-firewall-ruleset

0 or more

Specifies the path to a file containing the Web Application Firewall (WAF) module rules. For more information, see Section 3.1.37, "webapp-firewall-ruleset"


3.1.23 snmp

The snmp element configures the server's SNMP subagent. This element can appear zero or one time within the server element. For more information, see Section 3.1.22, "server".

Table 3-22 describes the subelements of snmp.

Table 3-22 snmp Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the SNMP agent is enabled. If enabled, the SNMP subagent gathers information about the server and passes the information to the master agent. Default value: true.

description

0 or 1

(Optional) Specifies the description of the server. The value must be in text format.

organization

0 or 1

(Optional) Specifies the name of the organization responsible for the server. The value must be in text format.

location

0 or 1

(Optional) Specifies the location of the server. The value must be in text format.

contact

0 or 1

(Optional) Specifies the contact information of the person responsible for the server. The value must be in text format.


See Also:

stats

3.1.24 ssl

The ssl element configures the SSL/TLS settings. This element can appear zero or one time within the http-listener element. For more information, see Section 3.1.10, "http-listener".

Table 3-23 describes the subelements of ssl.

Table 3-23 ssl Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether SSL support is enabled for the listener. Default value: true.

server-cert-nickname

0 or more

Specifies the nickname of the certificate that the server presents to the clients. You can specify zero or one RSA certificate, and zero or one ECC certificate.

ssl3

0 or 1

Specifies whether SSL3 connections are accepted. Default value: true.

tls

0 or 1

Specifies whether TLS connections are accepted. Default value: true.

tls-rollback-detection

0 or 1

Specifies whether the server detects and blocks TLS version rollback attacks. Default value: true.

ssl3-tls-ciphers

0 or 1

Configures the SSL3 and TLS cipher suites. For more information, see Section 3.1.25, "ssl3-tls-ciphers".

client-auth

0 or 1

Specifies the method of client certificate authentication. The value can be required, optional, or false. When you choose required option, the server requests the client for a certificate; if the client does not provide a certificate, the connection is closed. When you choose optional option, the server requests the client for a certificate, but does not require it. The connection is established even if the client does not provide a certificate. Default value: false. The client authentication is disabled by default.

client-auth-timeout

0 or 1

Indicates the duration (in seconds) after which a client authentication handshake fails. The value can be from 0.001 to 3600.

max-client-auth-data

0 or 1

Specifies the number of characters of authentication data that the server can buffer. The value can be from 0 to 2147483647.

tls-session-tickets-enabled

0 or 1

Specifies whether TLS session Ticket Extension feature is enabled. Default value: false.

strict-sni-vs-host-match

0 or 1

Server Name Indication (SNI) is a feature that improves the SSL and TLS protocols. It permits the client to request the domain name before the certificate is committed to by the server. This is essential for using TLS in virtual hosting mode. Default value: false. If the value is false, the default certificate is sent to clients which do not support SNI extension. If the value is true, and if for the HTTP listener, at least one of the virtual servers has certificates, then Oracle® Traffic Director returns a 403 Forbidden error if any of the following conditions is fulfilled:

  • The client did not send the SNI host extension

  • The request did not have the Host header

  • The SNI host extension sent by the client did not match the Host header in the HTTP


3.1.25 ssl3-tls-ciphers

The ssl3-tls-ciphers element configures SSL3 and TLS cipher suites. This element can appear zero or one time within the ssl element. For more information, see Section 3.1.24, "ssl".

Table 3-24 describes the subelements of ssl3-tls-ciphers.

Table 3-24 ssl3-tls-ciphers Subelements

Element Occurrences Description

SSL_RSA_WITH_RC4_128_MD5

0 or 1

Specifies whether SSL_RSA_WITH_RC4_128_MD5 cipher suite is enabled at runtime. Default value: true.

SSL_RSA_WITH_RC4_128_SHA

0 or 1

Specifies whether SSL_RSA_WITH_RC4_128_SHA cipher suite is enabled at runtime. Default value: true.

SSL_RSA_WITH_3DES_EDE_CBC_SHA

0 or 1

Specifies whether SSL_RSA_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. Default value: true.

SSL_RSA_WITH_DES_CBC_SHA

0 or 1

Specifies whether SSL_RSA_WITH_DES_CBC_SHA cipher suite is enabled at runtime. Default value: false.

SSL_RSA_EXPORT_WITH_RC4_40_MD5

0 or 1

Specifies whether SSL_RSA_EXPORT_WITH_RC4_40_MD5 cipher suite is enabled at runtime. Default value: false.

SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5

0 or 1

Specifies whether SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 cipher suite is enabled at runtime. Default value: false.

SSL_RSA_WITH_NULL_MD5

0 or 1

Specifies whether SSL_RSA_WITH_NULL_MD5 cipher suite is enabled at runtime. Default value: false.

SSL_RSA_WITH_NULL_SHA

0 or 1

Specifies whether SSL_RSA_WITH_NULL_SHA cipher suite is enabled at runtime. Default value: false.

SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA

0 or 1

Specifies whether SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. Default value: true.

SSL_RSA_FIPS_WITH_DES_CBC_SHA

0 or 1

Specifies whether SSL_RSA_FIPS_WITH_DES_CBC_SHA cipher suite is enabled at runtime. Default value: false.

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

0 or 1

Specifies whether TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA cipher suite is enabled at runtime. Default value: false.

TLS_ECDH_RSA_WITH_AES_128_CBC_SHA

0 or 1

Specifies whether TLS_ECDH_RSA_WITH_AES_128_CBC_SHA cipher suite is enabled at runtime. Default value: true.

TLS_ECDH_RSA_WITH_RC4_128_SHA

0 or 1

Specifies whether TLS_ECDH_RSA_WITH_RC4_128_SHA cipher suite is enabled at runtime. Default value: true.

TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA

0 or 1

Specifies whether TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. Default value: true.

TLS_ECDH_RSA_WITH_AES_256_CBC_SHA

0 or 1

Specifies whether TLS_ECDH_RSA_WITH_AES_256_CBC_SHA cipher suite is enabled at runtime. Default value: true.

TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

0 or 1

Specifies whether TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA cipher suite is enabled at runtime. Default value: true.

TLS_ECDH_ECDSA_WITH_RC4_128_SHA

0 or 1

Specifies whether TLS_ECDH_ECDSA_WITH_RC4_128_SHA cipher suite is enabled at runtime. Default value: true.

TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA

0 or 1

Specifies whether TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. Default value: true.

TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA

0 or 1

Specifies whether TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA cipher suite is enabled at runtime. Default value: true.

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

0 or 1

Specifies whether TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA cipher suite is enabled at runtime. Default value: true.

TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

0 or 1

Specifies whether TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA cipher suite is enabled at runtime. Default value: false.

TLS_RSA_EXPORT1024_WITH_RC4_56_SHA

0 or 1

Specifies whether TLS_RSA_EXPORT1024_WITH_RC4_56_SHA cipher suite is enabled at runtime. Default value: false.

TLS_RSA_WITH_AES_128_CBC_SHA

0 or 1

Specifies whether TLS_RSA_WITH_AES_128_CBC_SHA cipher suite is enabled at runtime. Default value: true.

TLS_RSA_WITH_AES_256_CBC_SHA

0 or 1

Specifies whether TLS_RSA_WITH_AES_256_CBC_SHA cipher suite is enabled at runtime. Default value: true.

TLS_ECDHE_ECDSA_WITH_NULL_SHA

0 or 1

Specifies whether TLS_ECDHE_ECDSA_WITH_NULL_SHA cipher suite is enabled at runtime. Default value: false.

TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA

0 or 1

Specifies whether TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. Default value: true.

TLS_ECDHE_ECDSA_WITH_RC4_128_SHA

0 or 1

Specifies whether TLS_ECDHE_ECDSA_WITH_RC4_128_SHA cipher suite is enabled at runtime. Default value: true.

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA

0 or 1

Specifies whether TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA cipher suite is enabled at runtime. Default value: true.

TLS_ECDHE_RSA_WITH_NULL_SHA

0 or 1

Specifies whether TLS_ECDHE_RSA_WITH_NULL_SHA cipher suite is enabled at runtime. Default value: false.

TLS_ECDHE_RSA_WITH_RC4_128_SHA

0 or 1

Specifies whether TLS_ECDHE_RSA_WITH_RC4_128_SHA cipher suite is enabled at runtime. Default value: false.

TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

0 or 1

Specifies whether TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA cipher suite is enabled at runtime. Default value: false.

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA

0 or 1

Specifies whether TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA cipher suite is enabled at runtime. Default value: false.

TLS_RSA_WITH_CAMELLIA_128_CBC_SHA

0 or 1

Specifies whether cipher suite is enabled or not. The cipher suite is implicitly disabled if this element is omitted. The cipher suite is enabled if the element is present while the value is not specified. Default value: false.

TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

0 or 1

Specifies whether cipher suite is enabled or not. The cipher suite is implicitly disabled if this element is omitted. The cipher suite is enabled if the element is present while the value is not specified. Default value: false.

TLS_RSA_WITH_SEED_CBC_SHA

0 or 1

Specifies whether cipher suite is enabled or not. The cipher suite is implicitly disabled if this element is omitted. The cipher suite is enabled if the element is present while the value is not specified. Default value: false


3.1.26 ssl-session-cache

The ssl-session-cache element configures the SSL/TLS session cache. This element can appear zero or one time within the server element. For more information, see Section 3.1.22, "server".

Table 3-25 describes the subelements of ssl-session-cache.

Table 3-25 ssl-session-cache Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the server writes SSL/TLS sessions to the cache. Default value: true.

max-entries

0 or 1

Specifies the maximum number of SSL/TLS sessions that are written to the cache by the server. The value can be from 1 to 524288.

max-ssl3-tls-session-age

0 or 1

Specifies the maximum amount of time (in seconds) a SSL/TLS session is written to the cache. The value can be from 5 to 86400.


3.1.27 stats

The stats element configures the statistics collection subsystem. This element can appear zero or one time within the server element. For more information, see Section 3.1.22, "server".

Table 3-26 describes the subelements of stats.

Table 3-26 stats Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the server collects the statistics. Default value: true.

interval

0 or 1

Specifies the interval (in seconds) at which statistics are updated. The value can be from 0.001 to 3600.

profiling

0 or 1

Specifies whether the performance buckets used to track NSAPI function execution time are enabled at runtime. Default value: true.


See Also:

snmp

3.1.28 tcp-access-log

The tcp-access-log element configures the settings for the TCP access log. If the tcp-access-log element is missing TCP access logging is disabled. For more information, see Section 3.1.22, "server".

Table 3-27 describes the subelements of tcp-access-log.

Table 3-27 tcp-access-log Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether TCP access logging is enabled. If the element is enabled, the server writes a log entry for every request received by TCP listeners. Default value: true.

file

1

Specifies the filename of the access log file (absolute path or path relative to the server's config directory).


3.1.29 tcp-listener

The tcp-listener element configures a TCP listener. For more information, see Section 3.1.22, "server".

Table 3-28 describes the subelements of tcp-listener.

Table 3-28 tcp-listener Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the TCP listener is enabled to accept connection requests. Default value: true.

name

1

Specifies the name that uniquely identifies the TCP listener.

ip

0 or 1

Specifies the IP address to listen. The value of this element is a specific IP address or an asterisk * to listen on all IP addresses.

port

1

Specifies the port to listen. The value of this element is the port number.

family

0 or 1

Specifies the socket family that is used to connect to the origin server. Values: inet, inet6, inet-sdp and default. inet and inet6 represent IPV4 and IPV6 protocols respectively. inet-sdp is used for Sockets Direct Protocol (SDP). Default value: inet.

acceptor-threads

0 or 1

Specifies the number of threads dedicated to accept connections received by this listener. The value can be from 1 to 128. Default value: 1 per CPU.

tcp-proxy-name

1

Specifies the name of the TCP proxy that processes requests received by the listener.

listen-queue-size

0 or 1

Specifies the size (in bytes) of the listen queue. Value: 1 to 1048576.

receive-buffer-size

0 or 1

Specifies the size (in bytes) of the operating system socket receive buffer. Value: 1 to 1048576.

send-buffer-size

0 or 1

Specifies the size (in bytes) of the operating system socket send buffer. Value: 1 to 1048576.

ssl

0 or 1

Configures SSL/TLS. For more information, see Section 3.1.24, "ssl".

description

0 or 1

Specifies the description of the TCP listener. The value of this element must be in text format.

blocking-accept

0 or 1

Enables/disables blocking of the server listen socket, while retaining client end points as non-blocking (useful when MaxProcs > 1). Default value: false.


3.1.30 tcp-proxy

The tcp-proxy element is used to support LDAP/T3 listeners. For more information, see Section 3.1.22, "server".

Table 3-29 describes the subelements of tcp-proxy.

Table 3-29 tcp-proxy Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the TCP service is enabled. Default value: true.

name

1

A name that uniquely identifies the TCP proxy.

session-idle-timeout

0 or 1

Specifies the maximum timeout (in seconds) that the server waits while receiving/sending data Default value: 300

origin-server-pool-name

0 or 1

Specifies the name of a server pool that provides the TCP service. The value must be a name value from an origin-server-pool element.


3.1.31 tcp-thread-pool

The tcp-thread-pool element configures the threads used to process WebSocket requests and requests received by TCP listeners. For more information, see Section 3.1.22, "server".

Table 3-30 describes the subelements of tcp-thread-pool.

Table 3-30 tcp-thread-pool Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the pool is enabled. Default value: true.

threads

0 or 1

Specifies the number of TCP/WebSocket request processing threads. The value can be from 1 to 512. Default value: 1 per CPU.

max-connections

0 or 1

Specifies the maximum number of connection pairs that the server will support. The value can be from 1 to 1048576. Default value: 200.

timeout

0 or 1

Specifies the idle timeout (in seconds), after which connection pairs will be closed. The value will be overridden by the tcp or WebSocket subsystem. The value can be from 0.001 to 3600. Default value: 300 seconds.

stack-size

0 or 1

Specifies the stack size (in bytes) for each thread. The value can be from 8192 to 67108864, or 0. Default value: 32768.

poll-interval

0 or 1

Specifies the interval (in seconds) between polls. The value can be from 0.001 to 1. Default value: 0.010 seconds.

buffer-size

0 or 1

Specifies the size of the buffer (in bytes), used by each connection for transferring data. The value can be from 1 to 1048576. Default value: 16384.


3.1.32 thread-pool

The thread-pool element configures the threads used to process HTTP requests. This element can appear zero or one time within the server element. For more information, see Section 3.1.22, "server".

Table 3-31 describes the subelements of thread-pool.

Table 3-31 thread-pool Subelements

Element Occurrences Description

min-threads

0 or 1

Specifies the minimum number of HTTP request processing threads. The value can be from 1 to 4096.

max-threads

0 or 1

Specifies the maximum number of HTTP request processing threads.

The default value is based on the number of processors. For example, if there are 1 or 2 processors, the default value is 256. Similarly, if there are 3 or 4 processors, the default value is 512. The default value is never more than quarter of the maximum number of file descriptors available for the process.

stack-size

0 or 1

Specifies the stack size (in bytes) for HTTP request processing threads. The value can be from 8192 to 67108864.

queue-size

0 or 1

Specifies the maximum number of concurrent HTTP connections that can be queued for processing. The value can be from 1 to 1048576.


See Also:

http, keep-alive

3.1.33 time

The time element schedules when an event occurs. This element can appear zero or more times within the event element. For more information, see Section 3.1.6, "event".

Table 3-32 describes the subelement of time.

Table 3-32 time Subelements

Element Occurrences Description

time-of-day

1

Specifies the time when the event occurs. The value must be in the hh:mm format.

day-of-week

0 or 1

Specifies the day of the week. The value can be Sun, Mon, Tue, Wed, Thu, Fri, or Sat.

day-of-month

0 or 1

Specifies the day of month. The value can be from 1 to 31.

month

0 or 1

Specifies the name of the month. The value can be Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, or Dec.


3.1.34 token

The token element configures a PKCS #11 token. This element can appear zero or more times within the pks11 element. For more information, see Section 3.1.17, "pkcs11".

Table 3-33 describes the subelements of token.

Table 3-33 token Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the server initializes this PKCS #11 token, prompting for a PIN if necessary. Default value: true.

name

1

The name of the token. The server's built-in token is named internal.

pin

0 or 1

The PIN required to initialize the token.

pin-encrypted

0 or 1

Specifies whether the property value is encoded or not. Default value: false.


3.1.35 variable

The variable element defines a variable for use in expressions, log formats, and obj.conf parameters. This element can appear zero or more times within the server element, and zero or more times within the virtual-server element. For more information, see Section 3.1.22, "server", and Section 3.1.36, "virtual-server".

Table 3-34 describes the subelements of variable.

Table 3-34 List of variable Subelements

Element Occurrences Description

name

1

Specifies the name of the variable. The value must be in text format.

value

1

Specifies the value of the variable. The value must be in text format.

description

0 or 1

The description of the variable. The value must be in text format.


3.1.36 virtual-server

The virtual-server element configures an HTTP virtual server. Each server typically has at least one virtual server. This element can appear zero or more times within the server element. For more information, see Section 3.1.22, "server".

Table 3-35 describes the subelements of virtual-server.

Table 3-35 virtual-server Subelements

Element Occurrences Description

enabled

0 or 1

Specifies whether the virtual server is enabled at runtime. Default value: true.

name

1

A name that uniquely identifies the virtual server.

http-listener-name

0 or more

The name of a HTTP listener associated with one or more of the virtual server's host name. The value is the name from an http-listener element. For more information, see Section 3.1.10, "http-listener".

host

0 or more

Indicates the host name that the virtual-server services. The values can be a host name or a wildcard. For more information about wildcards, see Section A.5, "Wildcard Patterns"

canonical-server-name

0 or 1

The canonical name of the virtual server. Requests using a different name are redirected to the canonical name. The value is a host name or URL prefix.

object-file

1

The obj.conf file that controls request processing for virtual server. Default value: default-virtual-server-name-obj.conf, and the user can specify any valid file

default-object-name

0 or 1

The name of the root obj.conf object. Default value: default.

localization

0 or 1

Configures localization. For more information, see Section 3.1.13, "localization".

access-log

0 or more

Configures an HTTP access log for the virtual server. For more information, see Section 3.1.1, "access-log".

log-file

0 or 1

Specifies the log file for the virtual server. The value is the log file name, for example, ../logs/errors.

variable

0 or more

Defines an obj.conf variable for the virtual server. For more information, see Section 3.1.35, "variable".

description

0 or 1

The description of the virtual server.

server-cert-nickname

0 or 1 RSA certificate or 1 ECC certificate

Specifies the nickname of the certificate that the server presents to the clients. Values: zero or one for RSA and zero or one for ECC

qos-limits

0 or 1

Specifies information related to QoS settings.

webapp-firewall-ruleset

0 or multiple

Specifies the path to a file containing Web Application Firewall (WAF) rules or configuration.


3.1.37 webapp-firewall-ruleset

The webapp-firewall-ruleset element configures the path to a web application firewall configuration file, which contains ModSecurity rules/configuration directives. The path may be an absolute path or a relative path. If a relative path is used, it is relative to the server's config directory. The file name component may contain wildcard characters to specify multiple files within the given directory.

The webapp-firewall-ruleset element may be present at the virtual-server level as well as at the server level and can appear zero or more times within the server and virtual-server elements. Configuration settings at the virtual-server level take precedence over the server level. However some configuration directives can only be specified at the server level. The scope of these directives is considered to be Main. Similarly, scope of directives that can be specified at either server level or virtual-server level is considered to be Any. Note that if a directive with Main scope is specified within the virtual-server level configuration file, then an error will be logged and the server will fail to start. For information about the scope of different directives, see the Web Application Firewall section in the Oracle Traffic Director Administrator's Guide.

Note:

For information about various web application firewall use cases, see the appendix, Web Application Firewall Examples and Use Cases in the Oracle Traffic Director Administrator's Guide.