10g (9.0.4)
Part Number B10401-01
 Home |
 Solution Area |
 Contents |
 Index |
| Oracle Application Server Web Cache Administrator's Guide 10g (9.0.4) Part Number B10401-01 |
|
This chapter provides instructions for establishing specialized configurations for OracleAS Web Cache, including configuring OracleAS Web Cache for HTTPS protocol requests, multiple origin servers, a cache hierarchy, and a cache cluster.
This chapter contains these topics:
To provide more security for your Web site, you can configure OracleAS Web Cache to receive HTTPS protocol browser requests and send HTTPS requests to the origin server. HTTPS uses the Secure Sockets Layer (SSL) to encrypt and decrypt user page requests as well as the pages that are returned by the OracleAS Web Cache and origin servers.
Typically, HTTP requests to origin servers use port 80 and HTTPS requests use port 443.
|
See Also:
Oracle HTTP Server Administrator's Guide for information about enabling SSL on the Oracle HTTP Server |
You can also configure OracleAS Web Cache to send traffic to the application Web server through an HTTP or HTTPS listening port.
To configure HTTPS support, perform these tasks:
To support HTTPS for OracleAS Web Cache, you must create a wallet on the OracleAS Web Cache server for each supported site. Wallets are needed to support the following HTTPS requests:
Each site that uses the HTTPS protocol requires at least one wallet. One wallet can be shared among all the HTTPS listening ports, or a separate wallet can be created for each HTTPS listening port.
For OracleAS Web Cache to use the wallet, OracleAS Web Cache must be started by the user that created the wallet.
For detailed instructions on creating a wallet, see the Oracle Application Server 10g Security Guide. The following provides the basic steps in creating a wallet for use by OracleAS Web Cache:
owm from $ORACLE_HOME/bin.
When the cache server process starts, OracleAS Web Cache opens the wallet as one of these users.
If you are using OracleAS Web Cache in a standalone environment, you must take special actions to enable wallets to open on Windows. See "Enabling Wallets to Open on Windows" for more information.
Note:
By default, wallets are stored in the following locations:
To configure HTTPS protocol support between browsers and OracleAS Web Cache, you must configure an HTTPS listening port for OracleAS Web Cache:
Select Require Client-Side Certificate to enable OracleAS Web Cache to require browsers to provide SSL certificates.
A client-side certificate is a method for verifying the identity of the client. It binds information about the client user to the user's public key and must be digitally signed by a trusted CA.
This wallet is used for browser requests for sites hosted by OracleAS Web Cache.
By default, wallets are stored in /etc/ORACLE/WALLETS/user_name on UNIX and in %USERPROFILE%\ORACLE\WALLETS on Windows operating systems. Oracle Corporation recommends entering the location, even if the default is being used.
If each site is configured with a separate wallet, the OracleAS Web Cache listening port can share the same wallet as specified in the Origin Server Wallet page (Origin Servers, Sites, and Load Balancing > Origin Server Wallet).
"Task 6: Configure OracleAS Web Cache with Listening Ports for Incoming Browser Requests" for information about adding ports
See Also:
To configure HTTPS ports for administration, invalidation, and statistics monitoring requests:
Select Require Client-Side Certificate to enable OracleAS Web Cache to require browsers to provide SSL certificates.
A client-side certificate is a method for verifying the identity of the client. It binds information about the client user to the user's public key and must be digitally signed by a trusted CA.
This wallet is used for administration, invalidation, and statistics monitoring of HTTPS requests for sites hosted by OracleAS Web Cache.
By default, wallets are stored in /etc/ORACLE/WALLETS/user_name on UNIX and in %USERPROFILE%\ORACLE\WALLETS on Windows. Oracle Corporation recommends entering the location, even if the default is being used.
If each site is configured with a separate wallet, these ports can share the same wallet established for the OracleAS Web Cache listening port in "Task 2: Configure HTTPS Listening Ports and Wallet Location for the Cache" and specified in the Listen Ports page (Ports > Listen Ports) and the Origin Server Wallet page (Origin Servers, Sites, and Load Balancing > Origin Server Wallet).
"Task 8: Configure OracleAS Web Cache with Operations Ports" describes how to add a port.
Oracle Application Server 10g Administrator's Guide for information about updating the port numbers for other Oracle Application Server components
See Also:
You must create a site that will accept HTTPS requests.
In the Port field, enter the number of the HTTPS listening port. This site will use the wallet defined for that port.
In the HTTPS Only Prefix field, enter the URL prefix for which only HTTPS requests will be served. If all traffic must be restricted to HTTPS, enter "/ " for the entire site.
You can configure HTTPS protocol support between OracleAS Web Cache and origin servers. When you use the Oracle HTTP Server as the origin server, requests from an OracleAS Web Cache server configured with an HTTPS listening port are passed on a secure (SSL) connection. It is not necessary to configure an HTTPS port for an Oracle HTTP Server.
However, for other origin servers, you must configure an HTTPS port to secure the connection from OracleAS Web Cache to the origin server.
To configure HTTPS protocol support between OracleAS Web Cache and origin servers:
Then, you specify the location of the wallet for OracleAS Web Cache communication to the origin server.
This wallet manages OracleAS Web Cache authentication data, such as keys, certificates, and trusted certificates needed by the Secure Sockets Layer (SSL). By default, wallets are stored in /etc/ORACLE/WALLETS/user_name on UNIX and %USERPROFILE%\ORACLE\WALLETS on Windows.
If each site is configured with a separate wallet, HTTPS requests from OracleAS Web Cache to the origin server can share the same wallet as established for the OracleAS Web Cache listening ports. This is the default wallet.
Oracle Corporation recommends entering the location, even if the default is being used.
To specify the wallet location:
The Origin Server Wallet page appears.
The Edit Origin Server Wallet dialog box appears.
You must map the site for HTTPS requests to the origin server:
You can require that clients send certificates (client-side certificates) to the cache to verify the identity of the client.
With client-side certificates, the browser sends the certificate to the cache during the SSL handshake. Then, the server processes the request for the document. If the requested document is not stored in the cache, the cache forwards the request to the application Web server, a peer cache (in a cluster), or a subordinate cache (in a hierarchy). To transfer information about the client-side certificate to another cache or to the application Web server, OracleAS Web Cache adds HTTP headers to the request. The headers begin with the string SSL-Client-Cert.
Note the following points about using client-side certificates:
403: Forbidden.
To use client-side certificates, you must enable an HTTPS listening port. If you have a cache cluster, you must enable HTTPS listening ports for all cluster members. In addition, take the following steps:
The Listen Ports page is displayed.
Accept SSL client certificates encoded in SSL-Client-Cert HTTP headers
If it is not, click Edit.
The Special Security Header Configuration dialog box is displayed.
Route requests that contain SSL client certificates to cache cluster peers
If it is not, click Edit.
The Cluster Security Configuration dialog box is displayed.
Accept SSL client certificates encoded in SSL-Client-Cert HTTP headers
If it is not, click Edit.
The Special Security Header Configuration dialog box is displayed.
Route requests that contain SSL client certificates to cache cluster peers
If it is not, click Edit.
The Cluster Security Configuration dialog box is displayed.
You can also specify that an entire site require client-side certificates:
You can restrict a URL or set of URLs for a site to permit only HTTPS requests.
To allow only HTTPS traffic for a URL or a set of URLs:
If all traffic must be restricted to HTTPS, enter "/" for the entire site.
To apply changes, in the OracleAS Web Cache Manager main window, click Apply Changes.
Then, you must restart the cache or admin server processes, using the opmnctl utility or webcachectl utility (for standalone installations) on the computer on which OracleAS Web Cache software is installed and configured.
To use the opmnctl utility to restart both processes, enter the following command:
opmnctl startproc ias-component=WebCache
This section describes additional configuration options available for cache hierarchy deployments. This section contains the following topics:
See Also:
In a distributed cache hierarchy, the central cache stores content from application Web servers, and the remote cache stores content from the central cache. The central cache acts as an origin server to the remote cache.
To configure a distributed cache hierarchy, perform the tasks in "Tasks for Setting Up OracleAS Web Cache" for each cache. When performing the tasks, take special care to perform the following:
When content from the central cache becomes invalid, an invalidation message is sent to its cache. In addition, the central cache propagates the invalidation message to the remote caches.
Table 8-1 shows the example settings for the deployment depicted in "Deploying a Distributed Cache Hierarchy".
In an ESI cache hierarchy, a provider cache stores content from an ESI provider site, and a subscriber cache stores content from the origin servers for a local site and contacts provider caches for ESI fragments. The provider cache acts as an origin server to the subscriber cache.
To configure an ESI cache hierarchy, perform the tasks in "Tasks for Setting Up OracleAS Web Cache" for each cache. When performing the tasks, take special care to perform the following:
When content from the provider cache becomes invalid, an invalidation message is sent to its cache. In addition, the provider cache propagates the invalidation message to the subscriber cache.
Table 8-2 shows the example settings for the deployment depicted in Figure 8-1.
In a cache hierarchy, each cache cluster member acts as an independent cache. Invalidation messages are propagated from each central or provider cache cluster member to the respective remote or subscriber caches. This configuration can result in the same invalidation message being propagated multiple times by cache cluster members.
If your deployment uses a Load Balancer to distribute requests among cache cluster members, you can optionally configure the cache cluster members to act as one cache and to receive only one set of propagated invalidation messages.
To configure cache cluster members to act as one cache for the purposes of hierarchical caching:
webcache.xml file.
CLUSTERINFO element.
<CLUSTERINFO NAME="CLUSTER_IP" VALUE="IP_address" /> <CLUSTERINFO NAME="CLUSTER_NORM_PORT" VALUE="web_cache_listening_Port" /> <CLUSTERINFO NAME="CLUSTER_INV_PORT" VALUE="web_cache_invalidation_port" /> <CLUSTERINFO NAME="CLUSTER_INV_SSL" VALUE="SSL_version" />
Table 8-3 describes how to enter values for the subelements.
| Subelement | Description |
|---|---|
|
|
Enter the IP address of the cache. |
|
|
Enter the listening port of the cache. See Also: "Task 6: Configure OracleAS Web Cache with Listening Ports for Incoming Browser Requests" |
|
|
Enter the invalidation port of the cache. See Also: "Task 8: Configure OracleAS Web Cache with Operations Ports" |
|
|
If the invalidation port is configured for HTTPS, configure the correct SSL version: |
For example, if a cache cluster has members webche1-host, webche2-host, and webche3-host, you cans configure webche2-host, and webche3-host with settings for webche1-host as follows:
<CLUSTERINFO NAME="CLUSTER_IP" VALUE="130.35.45.41" /> <CLUSTERINFO NAME="CLUSTER_NORM_PORT" VALUE="4000" /> <CLUSTERINFO NAME="CLUSTER_INV_PORT" VALUE="4001" /> <CLUSTERINFO NAME="CLUSTER_INV_SSL" VALUE="NONE" />
This configuration enables the cache cluster to acts as one logic cache and only webche1-host to receive the propagated invalidation messages.
opmnctl restartproc ias-component=WebCache
To increase the availability and scalability of your Web site, you can configure multiple instances of OracleAS Web Cache to run as members of a cache cluster.
To configure a cache cluster, you specify the general cluster information in the Clustering page of the OracleAS Web Cache Manager and add two or more OracleAS Web Cache instances to the cache cluster.
A cache cluster uses one configuration that is propagated from the current cache (the cache to which your browser is connected) to all cluster members. The configuration contains settings that are the same for all cluster members as well as cache-specific settings for each cluster member.
The following settings pertain to all members of a cluster:
The following settings are specific to each member of the cluster:
Because a cache cluster contains two or more instances of OracleAS Web Cache, you must have two or more instances of OracleAS Web Cache installed on one or more nodes before you configure a cache cluster. The instances must be the same version of OracleAS Web Cache.
To configure a cache cluster, perform these tasks:
In addition, see the following information about configuring clusters:
To configure the settings for a cache cluster:
The Clustering page appears. The General Cluster Information section displays the default clusterwide values for failover and invalidation propagation. The Cluster Members table displays the current cache (the cache to which you are connected) as the only cluster member. OracleAS Web Cache ignores the cluster information if there is only one cluster member.
The Edit General Cluster Information dialog box appears.
OracleAS Web Cache considers a request to another cache cluster member to have failed if:
500 Internal Server Error, 502 Bad Gateway, 503 Service Unavailable, or 504 Gateway Timeout.
For each failed request, OracleAS Web Cache increments the failure counter for that cluster member. This counter is kept separately by each cluster member. When a request is successfully processed by a cluster member, OracleAS Web Cache resets the failure counter.
When the failover threshold is met, OracleAS Web Cache considers the cache cluster member to have failed. OracleAS Web Cache recalculates the relative capacity of the remaining cache cluster members. It then reassigns ownership of cache content.
When a cache cluster member is down, OracleAS Web Cache starts polling the cache cluster member. It does this by sending requests to the URL specified in the Ping URL field. When OracleAS Web Cache receives a success response from the cache cluster member, it considers that cache cluster member to be up again. It recalculates the relative capacity of the cache cluster members and it reassigns ownership of cache content.
Use a URL that is cacheable and that you can guarantee is stored in each cache. The default is "/".
The Edit Cluster Member dialog box appears.
This field is used in two different ways:
The connections are used to receive requests for owned content from other cache cluster members. The number of connections are divided among the other cluster members. For example, in a three-cache cluster, if the capacity of Cache_A is 50, Cache_B can open 25 connections to Cache_A and Cache_C can open 25 connections to Cache_A.
More connections are used when another cache cluster member contains little or no data in its cache, such as when it is initially started, when it recovers from a failure, or after invalidation. During this time, the cluster member sends many of the requests to its peers, the owners of the content. In most cases, these requests are satisfied more quickly than requests to the origin server. Having a higher number of connections increases performance during this time and shortens the time it takes to fully load the cache. After a cache is fully loaded, fewer of the connections are used. There is no overhead for unused connections.
The capacity of a cache cluster member is weighted against the total capacity of all active cache cluster members. When you set the capacity, OracleAS Web Cache assigns a percentage of the ownership array to the cluster member, indicating how much of the cached content will be owned by the cluster member. The percentage is calculated using the following formula:
cluster_member_capacity / total_capacity_of_all_active_cluster_members
For example, if cache cluster member Cache_A has a capacity of 100 and cache cluster member Cache_B has a capacity of 300, for a total capacity of 400, Cache_A is assigned 25 percent of the ownership array and Cache_B is assigned 75 percent of the ownership array. That means that Cache_A owns 25 percent of the cached content.
Note that in calculating the relative capacity, OracleAS Web Cache considers the capacity of active cluster members; it does not consider the capacity of cluster members that it has determined to have failed.
In most cases, a capacity of 100 is a reasonable number to use as a starting point.
If you assign a capacity of 0 to a cluster member, that cluster member will not receive requests from other cluster members. However, that cluster member will forward requests to other cluster members, the owners of the content.
If you assign a capacity of 0 to all cluster members, no requests will be forwarded between cluster members. With this setup, you can propagate the configuration and invalidation across all cache cluster members, simplifying the administration of many caches. See "Configuring Administration and Invalidation-Only Clusters" for more information.
You now have one cache, the current cache, in the cluster. However, the cluster information is ignored until you have more than one OracleAS Web Cache instance in the cluster.
Before you can add a cache to the cluster, the following conditions must be met:
To add another cache to the cluster:
The Clustering page appears.
The Add Cache to Cluster dialog box appears.
The administration port is the listening port for administrative requests.
Step 13 in "Task 1: Configure Cache Cluster Settings" for more information about capacity
See Also:
The cache is now part of the cluster and is listed in the Cluster Member table.
OracleAS Web Cache adds the cache-specific information from the new cache cluster members to the cluster configuration.
You can add more OracleAS Web Cache instances to the cluster at any time by choosing Add. You can modify the settings for a cache cluster member by choosing Edit Selected. You can delete a cache cluster member, other than the current cache, by choosing Delete Selected.
In a cache cluster, all cache cluster members must be able to determine which origin server established the session, although the request was routed originally through only one cache cluster member. To configure session binding in a cache cluster, you specify that OracleAS Web Cache adds a cookie that tracks session information so that it can be read by all cluster members. OracleAS Web Cache includes a Set-Cookie response-header in the response so that subsequent requests from the client include the cookie. The cookie provides information so that any of the cluster members can resolve the binding regardless of which cache handled the initial request.
|
See Also:
|
When you modify the cluster and click Apply Changes, OracleAS Web Cache adds the cache-specific information from the new cache cluster members to the configuration. For those changes to take affect in all cluster members, you must propagate the configuration and restart the cache server process of the cluster members.
To propagate the configuration to new cluster members:
The Cache Operations page appears. The Operation Needed column indicates the caches to which the configuration should be propagated.
(Alternatively, you can propagate the configuration to one cluster member at a time. Click Selected cache in the Operate On field, and then click Propagate.)
When the operation completes, the Operation Needed column in the Cache Operations page indicates the cluster members that need to be restarted.
(Alternatively, you can restart one cluster member at a time.) Choose Selected cache in the Operate On field and then click Restart.)
When the operation completes, the Operation Needed column in the Cache Operations page indicates that no operations are needed. The cache cluster is ready to use.
To remove a cache from a cluster, you must not only make sure that remaining cluster members no longer include that cache in cluster, but that the removed cache no longer considers itself to be part of the cluster. To remove a cache from a cluster, take the following steps:
ias_admin or administrator user.
All remaining caches in the cluster no longer consider the removed cache to be part of the cluster. However, the removed cache still considers itself to be part of the cluster. To remedy that situation, take the next steps.
ias_admin or administrator user.
The Clustering page appears. The Cluster Members section still shows all members of the cluster.
You can configure a cluster that supports propagating the configuration and invalidation requests across all cache cluster members, but that does not forward requests between cache cluster members. That is, in processing requests, each cluster member acts as an individual cache and does not request documents from its peer cluster members. However, configuration changes and invalidation requests can be propagated to cluster members.
This configuration can be used to simplify administration of many caches. It may be needed in a cluster where members are separated by a firewall. For example, you can have a cluster where two caches are located on either side of a firewall that separates the intranet from internet. (The network settings of such a setup--of sending internet traffic to one cache and intranet traffic to another--is beyond the scope of this document.)
To manage these caches as a cluster and avoid sharing contents between the caches, take the following steps:
A client, such as a browser, can send information about its IP address in a header in a request. However, because a client could use a false IP address in the header, allowing a cache to forward that information to another cache or to the origin server can be a potential security problem. By default, OracleAS Web Cache removes any IP header information forwarded from a client and replaces it with a header that contains the correct IP address of the client. (In this case, a client can be a browser or another cache in a hierarchy.)
In a cache hierarchy, OracleAS Web Cache must be able to preserve the information that is forwarded from one cache to another in the hierarchy or from a cache to the origin server.
To configure these settings:
If the value is NO, OracleAS Web Cache removes any ClientIP request-header forwarded from the client and replaces it with a header that contains the correct IP address.
If the value is YES, OracleAS Web Cache accepts the header received from the client and can forward it to another cache or the origin server.
Because the provider cache received the header from the subscriber cache, it can safely forward it to the origin server.
If the central cache receives requests from both browsers and other caches in the hierarchy, OracleAS Web Cache cannot distinguish which is a browser and which is another cache. In this case, if you specify YES, a false IP address could potentially be forwarded from a browser. However, correct information would be forwarded from another cache. If you specify NO, a false IP address could not be forwarded from a browser. However, the information forwarded from another cache would contain the IP address of the cache, not of the original client.
Using OracleAS Web Cache, you can monitor the response time of your applications by viewing information about how quickly the responses are delivered to the end users. From the time a user enters the Web site until they exit, you can monitor which URLs they view and view reports about the response times the end user has experienced.
To configure OracleAS Web Cache for end-user performance monitoring, configure a network load balancer for a deployment supporting multiple OracleAS Web Cache servers. The network load balancer enables OracleAS Web Cache to receive requests from the same browsers.
You can enable end-user performance monitoring for a specific cache or for a site. Take the following steps:
Note the following:
If a request does not match any of the sites for which monitoring is enabled, the request will not be monitored.
When end-user performance monitoring is enabled for a cache, OracleAS Web Cache monitors all requests that are routed through the cache. When end-user performance monitoring is enabled for a site, OracleAS Web Cache monitors all of the Web pages on your Web site and provides you with information about how the pages are responding to customer requests.
"Gathering End-User Performance Data" for information about gathering the data
See Also:
Using the OracleAS Web Cache Manager, for each site, you can further refine which Web pages are monitored, by specifying regular expressions or path substrings. Take the following steps:
The Create End-User Performance Monitoring Rule page is displayed.
The substring is interpreted literally, including reserved regular expression characters. These characters include periods (.), question marks (?), asterisks (*), brackets ([]), curly braces ({}), carets (^), dollar signs ($), and backslashes (\).
For example, if you enter a substring of down, any of the following URLs match the expression:
http://www.company.com/wireless/downloads/index.htm http://www.company.com/support/updown.htm http://www.company.com/support/shutdown_gdlines.htm
^" to denote the start of the URL and "$" to denote the end of the URL.
Regular expression syntax is based on the POSIX 1003 extended regular expressions for URLs, as supported by Netscape Proxy Server 2.5.
When using POSIX regular expression, keep the following syntax rules in mind:
^/a/b/.*\.gif$ will match GIF files under /a/b or any of its subdirectories. /a/b/.*\.gif, on the other hand, could match /x/y/a/b/c/d.gift.
.) to match any one character
?) to match zero or one occurrence of the character that it follows
*) to match zero or more occurrences of the pattern that it follows
\) to escape any special characters, such as periods (\.), question marks (\?), or asterisks (\*)
For example, to monitor all URLs beginning with /machine/doc and ending in .gif, enter the following expression:
^/machine/doc/.*\.gif$
For a regular expression that matches documents or a subset of documents that you do not want to monitor, give the rule that specifies Don't Monitor a higher priority than the rule that specifies Monitor. For example, if you want all URLs containing /cec/cstage?ecaction=ecpassthru to be monitored except for /cec/cstage?ecaction=ecpassthru2, you would enter the rules in the following order:
If the order were reversed, all documents starting with /cec/cstage?ecaction=ecpassthru would be monitored, including /cec/cstage?ecaction=ecpassthru2.
Many of the topologies described in Chapter 5 use hardware load balancers to provide support for virtual IP addresses and IP failover and to distribute incoming requests.
Certain operating systems provide similar support, which can increase the availability of OracleAS Web Cache, particularly in cache clusters.
When the operating system detects a failure of one of the caches, automatic IP takeover is used to distribute the load to the remaining caches in the cluster configuration. Because requests are sent to the virtual IP address, not to a specific host, requests can be served even if one of the hosts is unreachable.
In addition, some operating systems provide load balancing for incoming requests. You can configure the operating system to balance the load of incoming requests across caches on multiple nodes.
Note that a network load balancer does not provide all the features, such as a firewall, that a hardware load balancer may provide, but if those needs are already met, you could consider using a network load balancer.
The following section, "Configuring Microsoft Network Load Balancing" describes how to configure a network load balancer on one operating system. Refer to your operating system documentation for more information.
On certain Windows platforms, you can use the Microsoft Network Load Balancing (NLB) component of the operating system instead of a hardware load balancer. NLB is part of the Microsoft clustering offerings and is available on the following platforms:
You configure the hosts as a cluster and you configure the operating system to provide load balancing. Then, you configure NLB for hosts that are running Web Cache in a cache cluster, taking the following steps for each host:
Note that Port Rules must be identical for all hosts in the cluster.
For more information about Microsoft Network Load Balancing, see the Microsoft documentation at:
http://www.microsoft.com
By default, OracleAS Web Cache provides the following limits for HTTP request header field:
Oracle Corporation recommends setting the header size to a lower value than the default to ensure security and prevent denial-of-service attacks from malicious browsers.
If the length of the request is larger than the allowed limit, OracleAS Web Cache sends an error to the client and reports the WXE-11356 error to the event log:
Total request header length exceeds configured maximum. A forbidden error response is returned to the client.
Oracle Corporation recommends setting the individual header size based on how large an application sets HTTP requests header fields.
If the length of the request is larger than the allowed limit, OracleAS Web Cache sends an error to the client and reports the WXE-11355 error to the event log:
Single request header length exceeds configured maximum. A forbidden error response is returned to the client.
To modify the default header limits:
The Security page appears.
The HTTP Request Header Limits dialog box appears.
On UNIX, webcached must run as the root privilege in the following cases:
opmnctl or webcachectl user does not match the configured user in the Process Identity page (Properties > Process Identity) of OracleAS Web Cache Manager.
To run webcached with the root privilege:
Oracle Corporation recommends running OracleAS Web Cache using a restricted user, such as nobody/nobody.
To establish the process identity of a restricted user:
The Process Identity page appears in the right pane.
The Change Process Identity dialog box appears.
webcache_setuser.sh script as follows to run OracleAS Web Cache as a different user, such as nobody/nobody, and add set-user ID permission to the webcached executable:
webcache_setuser.sh setidentity <user_ID>
where <user_ID> is the user you specified in the New User ID field of the Process Identity page.
For example, to run OracleAS Web Cache as nobody/nobody, enter:
webcache_setuser.sh setidentity nobody
|
See Also:
"Script for Setting File Permissions on UNIX" for further information about the |
|
 Copyright © 2002, 2003 Oracle Corporation. All Rights Reserved. |
|