|
|
| |
Parameters for Web Server Plug-ins
The following sections describe the parameters that you use to configure the Apache, Netscape, and Microsoft IIS Web Server plug-ins:
Overview
You enter the parameters for each Web Server Plug-in special configuration files. Each Web Server has a different name for this configuration file and different rules for formatting the file. For details, see the following sections on each plug-in:
Enter Web Server plug-ins parameters as described in the following table.
General Parameters for Web Server Plug-Ins
Note: Parameters are case sensitive. Parameter Default Description Identifies a single instance of WebLogic Server to which HTTP requests should be forwarded. Note: Use only when proxying to a single server instance. To proxy to a WebLogic Server cluster, use the Port at which the WebLogic Server host is listening for WebLogic connection requests. If you are using SSL between the plug-in and WebLogic Server, set this parameter to the SSL listen port (see Configuring the Listen Port) and set the SecureProxy parameter to Note: Use only when proxying to a single server instance. If you are using a WebLogic Server Cluster, use the WebLogicCluster parameter instead of Identifes the WebLogic Server instances to which HTTP requests should be forwarded. The If you are using SSL between the plug-in and WebLogic Server, set the port number to the SSL listen port (see Configuring the Listen Port) and set the SecureProxy parameter to ON. The plug-in does a simple round-robin among all available cluster members. The server list specified in this property is a starting point for the dynamic server list that the server and plug-in maintain. WebLogic Server and the plug-in work together to update the server list automatically with new, failed, and recovered servers. If a mixed set of clusters and single servers is specified, the dynamic list returned for this parameter will return only the clustered servers. You can disable the use of the dynamic cluster list by setting the DynamicServerList parameter to The plug-in directs HTTP requests containing a cookie, URL-encoded session, or a session stored in the POST data to the server in the cluster that originally created the cookie. String trimmed by the plug-in from the beginning of the original URL, before the request is forwarded to WebLogic Server. For example, if the URL is passed to the plug-in for parsing and if Note that if you are newly converting an existing third-party server to proxy requests to WebLogic Server using the plug-in, you will need to change application paths to String that the plug-in prepends to the beginning of the original URL, after PathTrim is trimmed and before the request is forwarded to WebLogic Server. Maximum time in seconds that the plug-in should attempt to connect to the WebLogic Server host. Make the value greater than ConnectRetrySecs. If You can customize the error response by using the ErrorPage parameter. WLDNSRefreshInterval 0 (Lookup once, during startup) Only applies to NSAPI and Apache. If defined in the proxy configuration, specifies number of seconds interval at which WebLogic Server refreshes the server list. Interval in seconds that the plug-in should sleep between attempts to connect to the WebLogic Server host (or all of the servers in a cluster). Make this number less than the To specify no retries, set You can customize the error response by using the ErrorPage parameter. FilterPriorityLevel (Microsoft Internet Information Server only) 2 The values for this parameter are 0 (low), 1 (medium), and 2 (high). The default value is 2. This priority should be set in the iisforward.ini file.This property is used to set the priority level for the iisforward.dll filter in IIS. Priority level is used by IIS to decide which filter will be invoked first, in case multiple filters match the incoming request. Sets the type of logging performed for debugging operations. It is not advisable to switch on these debugging options in production systems. The debugging information is written to the WLLogFile See the Debug parameter Specifies path and file name for the log file that is generated when the Debug parameter is set to WLTempDir See the Debug parameter Specifies the directory where a Also specifies the location of the When both Enables the special query parameter " For example, if you enable " This parameter is strictly for debugging and the format of the output message can change with releases. For security purposes, keep this parameter turned OFF in production systems. (Not available for the Microsoft Internet Information Server Plug-In) If set to If the file does not exist, an You can customize the error response by using the ErrorPage parameter. You can create your own error page that is displayed when your Web server is unable to forward requests to WebLogic Server. 2 (must be greater than 0) Set the timeout for the socket while connecting, in seconds. Defines the amount of time the plug-in waits for a response to a request from WebLogic Server. The plug-in waits for Minimum value: When set to If set to " If you change the name of the WebLogic Server session cookie in the WebLogic Server Web Application, you need to change the If the URI is " This procedure prevents redirects from WebLogic Server. Set the Note for Apache users: If you are using Stronghold or Raven versions, define this parameter inside of a Maximum allowable size of POST data, in bytes. If the content-length exceeds (Apache HTTP Server only) When proxying by MIME type, set the filename pattern inside of an Example when proxying by MIME type: Example when proxying by path: When set to When set to (Microsoft Internet Information Server only) null If This parameter is required if you are proxying by path. You can set multiple strings by separating the strings with commas. For example: (Does not apply to Apache HTTP Server version 1.3.x) The length of time after which an inactive connection between the plug-in and WebLogic Server is closed. You must set The value of this parameter must be less than or equal to the value of the Duration field set in the Administration Console on the Server/HTTP tab, or the value set on the (Does not apply to Apache HTTP Server version 1.3.x) Enables pooling of connections between the plug-in and WebLogic Server. Valid values for the Netscape and Microsoft IIS plug-ins are Valid values for the Apache plugin-in are (Apache HTTP Server only) When set to When set to 10 Valid only if DynamicServerList is set to If a WebLogic Server listed in either the WebLogicCluster parameter or a dynamic cluster list returned from WebLogic Server fails, the failed server is marked as "bad" and the plug-in attempts to connect to the next server in the list. ON When set to There are some implications for setting this parameter to OFF Set this parameter to ON to maintain SSL communication between the plug-in and WebLogic Server when the following conditions exist: When WLProxySSL is set to ON, the location header returned to the client from WebLogic Server specifies the HTTPS protocol. WLExcludePathOrMimeType None Set this parameter to exclude certain requests from proxying. This parameter can be defined locally at the Location tag level as well as globally. When the property is defined locally, it does not override the global property but defines a union of the two parameters.
WebLogicHost
none
WebLogicCluster
instead.
WebLogicPort
none
ON
).WebLogicPort
.
WebLogicCluster
none
WebLogicCluster
parameter specifies the host name and listen port for each server instance specified. The method of specifying the parameter, and the required format vary by plug-in. See the examples in:
OFF
.
PathTrim
null
http://myWeb.server.com/weblogic/foo
PathTrim
has been set to strip off /weblogic
before handing the URL to WebLogic Server, the URL forwarded to WebLogic Server is: http://myWeb.server.com:7001/foo
/foo
to include weblogic/foo
. You can use PathTrim
and PathPrepend in combination to change this path.
PathPrepend
null
ConnectTimeoutSecs
10
ConnectTimeoutSecs
expires without a successful connection, even after the appropriate retries (see ConnectRetrySecs
), an HTTP 503/Service Unavailable
response is sent to the client.
ConnectRetrySecs
2
ConnectTimeoutSecs
. The number of times the plug-in tries to connect before returning an HTTP 503/Service Unavailable
response to the client is calculated by dividing ConnectTimeoutSecs by ConnectRetrySecs
. ConnectRetrySecs
equal to ConnectTimeoutSecs
. However, the plug-in attempts to connect at least twice.
Debug
OFF
/tmp/wlproxy.log
file on UNIX systems and c:\TEMP\wlproxy.log
on Windows NT/2000 systems. You can override this location and filename by setting the WLLogFile parameter to a different directory and file. For Debug to work correctly, the system administrator must ensure that write permission for the tmp or TEMP directory has been set to the user logged on to the server. You can set any of the following logging options (the HFC,HTW,HFW
, and HTC
options may be set in combination by entering them separated by commas, for example "HFC,HTW
"):
ON
. You must create this directory before setting this parameter.
wlproxy.log
will be created. If the location fails, the Plug-In resorts to creating the log file under C:/temp
in Windows and /tmp
in all Unix platforms._wl_proxy
directory for post data files. WLTempDir
and WLLogFile
are set, WLLogFile
will override as to the location of wlproxy.log
. WLTempDir
will still determine the location of _wl_proxy
directory.
DebugConfigInfo
OFF
__WebLogicBridgeConfig
". Use it to get details about configuration parameters from the plug-in.__WebLogicBridgeConfig
" by setting DebugConfigInfo
and then send a request that includes the query string ?__WebLogicBridgeConfig
, then the plug-in gathers the configuration information and run-time statistics and returns the information to the browser. The plug-in does not connect to the WebLogic Server in this case.
StatPath
false
true
, the plug-in checks the existence and permissions of the translated path ("Proxy-Path-Translated") of the request before forwarding the request to WebLogic Server.HTTP 404 File Not Found
response is returned to the client. If the file exists but is not world-readable, an HTTP 403/Forbidden
response is returned to the client. In either case, the default mechanism for the Web server to handle these responses fulfills the body of the response. This option is useful if both the WebLogic Server Web Application and the Web Server have the same document root.
ErrorPage
none
WLSocketTimeoutSecs
HungServerRecoverSecs)
300
HungServerRecoverSecs
for the server to respond and then declares that server dead, and fails over to the next server. The value should be set to a very large value. If the value is less than the time the servlets take to process, then you may see unexpected results. 10
Maximum value: Unlimited
Idempotent
ON
ON
and if the servers do not respond within HungServerRecoverSecs), the plug-ins fail over. OFF
" the plug-ins do not fail over. If you are using the Netscape Enterprise Server Plug-In, or Apache HTTP Server you can set this parameter differently for different URLs or MIME types.
CookieName
JSESSIONID
CookieName
parameter in the plug-in to the same value. The name of the WebLogic session cookie is set in the WebLogic-specific deployment descriptor, in the <session-descriptor> element.
DefaultFileName
none
/
" then the plug-in performs the following steps:DefaultFileName
.DefaultFileName
to the default welcome page of the Web Application in WebLogic Server to which requests are being proxied. For example, If the DefaultFileName
is set to welcome.html
, an HTTP request like "http://somehost/weblogic
" becomes "http://somehost/weblogic/welcome.html
". For this parameter to function, the same file must be specified as a welcome file in all the Web Applications to which requests are directed. For more information, see "Configuring Welcome Pages".Location
block, and not in an IfModule
block.
MaxPostSize
-1
MaxPostSize
, the plug-in returns an error message. If set to -1
, the size of POST data is not checked. This is useful for preventing denial-of-service attacks that attempt to overload the server with POST data.
MatchExpression
none
IfModule
block using the MatchExpression
parameter. <IfModule mod_weblogic.c>
MatchExpression *.jsp WebLogicHost=myHost|paramName=value
</IfModule><IfModule mod_weblogic.c>
MatchExpression /weblogic WebLogicHost=myHost|paramName=value
</IfModule>
FileCaching
ON
ON
, and the size of the POST data in a request is greater than 2048 bytes, the POST data is stored on disk in a temporary file and forwarded to WebLogic Server in chunks of 8192 bytes. Setting FileCaching
to ON
, however, can cause a problem with the progress bar displayed by a browser that indicates the progress of a download. The browser shows that the download has completed even though the file is still being transferred.OFF
and size of the POST data in a request is greater than 2048 bytes, the POST data is stored in memory and sent to WebLogic Server in chunks of 8192 bytes. Setting to OFF
causes problems if the server goes down while processing the request because the plug-in is not able to fail over.
WlForwardPath
WlForwardPath
is set to "/" all requests are proxied. To forward any requests starting with a particular string, set WlForwardPath
to the string. For example, setting WlForwardPath
to /weblogic
forwards all requests starting with /weblogic
to Weblogic Server.WlForwardPath=/weblogic,/bea
.
KeepAliveSecs
30
KeepAliveEnabled
to true
(ON
when using the Apache plug-in) for this parameter to be effective.server
Mbean with the KeepAliveSecs
attribute.
KeepAliveEnabled
true
(Netscape and Microsoft IIS plug-in)ON
(Apache plug-in)
true
and false
.ON
and OFF
.
QueryFromRequest
OFF
ON
, specifies that the Apache plug-in use (request_rec *)r->the request
to pass the query string to WebLogic Server. (For more information, see your Apache documentation.) This behavior is desirable in the following situations:OFF
, the Apache plug-in uses(request_rec *)r->args
to pass the query string to WebLogic Server.
MaxSkipTime
OFF
.MaxSkips
sets the amount of time after which the plug-in will retry the server marked as "bad". The plug-in attempts to connect to a new server in the list each time a unique request is received (that is, a request without a cookie).
OFF
, the plug-in ignores the dynamic cluster list used for load balancing requests proxied from the plug-in and only uses the static list specified with the WebLogicCluster parameter. Normally this parameter should remain set to ON
.OFF
:
WLProxySSL
SSL Parameters for Web Server Plug-Ins
Note: Parameters are case sensitive. Parameter Default Description Set this parameter to This parameter may be set at two levels: in the configuration for the main server and—if you have defined any virtual hosts—in the configuration for the virtual host. The configuration for the virtual host inherits the SSL configuration from the configuration of the main server if the setting is not overridden in the configuration for the virtual host. Name of the file that contains the digital certificates for the trusted certificate authorities for the WebLogic Server proxy plug-in. This parameter is required if the SecureProxy parameter is set to The filename must include the full directory path of the file. Determines whether the host name to which the WebLogic Server proxy plug-in is connecting must match the Subject Distinguished Name field in the digital certificate of the WebLogic Server to which the proxy plug-in is connecting. The ASN.1 Object ID (OID) that identifies which field in the Subject Distinguished Name of the peer digital certificate is to be used to perform the host match comparison. The default for this parameter corresponds to the
SecureProxy
OFF
ON
to enable the use of the SSL protocol for all communication between the WebLogic Server proxy plug-in and WebLogic Server. Remember to configure a port on the corresponding WebLogic Server for the SSL protocol before defining this parameter.
TrustedCAFile
none
ON
.
RequireSSLHostMatch
true
SSLHostMatchOID
22
CommonName
field of the Subject Distinguished Name. Common OID values are:
Configuring Web Applications and Clusters for the Plug-in
Set the following attributes on a cluster or a Web application to configure security for applications accessed via the plug-in.
WeblogicPluginEnabled
—If you set this attribute to true for a cluster or a Web application that receives requests from the HttpClusterServlet
, the servlet will respond to getRemoteAddr
calls with the address of the browser client from the proprietary WL-Proxy-Client-IP
header, instead of returning the Web server address.
ClientCertProxy
Enabled—If you set this attribute to true for a cluster or a Web application that receives requests from HttpClusterServlet
, the plug-in sends client certs to the cluster in the special WL-Proxy-Client-Cert
header, allowing user authentication to be performed on the proxy server.
|
Copyright © 2001 BEA Systems, Inc. All rights reserved.
|