Table 4-1 Cluster attributes
Attribute
|
Description
|
Range of Values and Default
|
ClientCertProxyEnabled
|
A value of true causes proxy-server plugins to pass identity certificates from clients to all web applications that are deployed on all server instances in the cluster.
A proxy-server plugin encodes each identify certification in the WL-Proxy-Client-Cert header and passes the header to WebLogic Server instances. Each WebLogic Server instance takes the certificate information from the header, trusting that it came from a secure source, and uses that information to authenticate the user.
If you specify true, use a weblogic.security.net.ConnectionFilter to ensure that each WebLogic Server instance accepts connections only from the machine on which the proxy-server plugin is running. Specifying true without using a connection filter creates a potential security vulnerability because the WL-Proxy-Client-Cert header can be spoofed.
A value of true overrides the value that each server instance within the cluster specifies with ServerMBean#setClientCertProxyEnabled(boolean).
By default (or if you specify false):
|
Admin Console field label: Client Cert Proxy Enabled
Required: no
Default: false
Secure value: false
|
ClusterAddress
|
Defines the address to be used by clients to connect to this cluster. This address may be either a DNS host name that maps to multiple IP addresses or a comma separated list of single address host names or IP addresses. If network channels are configured, it is possible to set the cluster address on a per channel basis.
|
Admin Console field label: Cluster Address
Required: no
|
DefaultLoadAlgorithm
|
Defines the algorithm to be used for load-balancing between replicated services if none is specified for a particular service.
|
Admin Console field label: Default Load Algorithm
Required: no
Default: round-robin
|
HttpTraceSupportEnabled
|
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This attribute is for disabling HTTP TRACE support. It is duplicated both in ClusterMBean and ServerMBean so the attribute HttpTraceSupportEnabled can be used cluster-wide. ClusterMBean overrides ServerMBean
|
Required: no
Default: false
|
IdlePeriodsUntilTimeout
|
Maximum number of periods that a cluster member will wait before timing out a member of a cluster.
|
Required: no
Default: 3
Minimum: 3
|
MulticastAddress
|
Defines the multicast address used by cluster members to communicate with each other.
|
Admin Console field label: Multicast Address
Required: no
Default: 237.0.0.1
|
MulticastBufferSize
|
Defines the multicast socket send/receive buffer size.
|
Admin Console field label: Multicast Buffer Size
Required: no
Units: kilobytes
Default: 64
Minimum: 64
|
MulticastPort
|
Defines the multicast port used by cluster members to communicate with each other.
|
Admin Console field label: Multicast Port
Required: no
Default: 7001
Minimum: 1
Maximum: 65535
|
MulticastSendDelay
|
Defines the number of milliseconds to delay sending message fragments over multicast in order to avoid OS-level buffer overflow.
|
Admin Console field label: Multicast Send Delay
Required: no
Default: 12
Minimum: 0
Maximum: 100
|
MulticastTTL
|
Sets the time-to-live value for the cluster's multicast address.
|
Admin Console field label: Multicast TTL
Required: no
Default: 1
Minimum: 1
Maximum: 255
|
Name
|
The name of this configuration. WebLogic Server uses an MBean to implement and persist the configuration.
|
Admin Console field label: Name
Required: no
|
Notes
|
Optional information that you can include to describe this configuration.
|
Admin Console field label: Notes
Required: no
|
WeblogicPluginEnabled
|
WLS HttpRequest.getRemoteAddr() used to rely on X-Forwarded-For for its returned value. This is a security hole due to HTTP header can be easily mocked and we end up with returning wrong value. This is improved by introducing a proprietary header WL-Proxy-Client-IP from our plugins and this header will only be used if WLS is configured to use our plugins. This is duplicated both in ClusterMBean and ServerMBean so the attribute WeblogicPluginEnabled can be used cluster-wide. ClusterMBean overrides ServerMBean
|
Admin Console field label: WebLogic Plug-In Enabled
Required: no
Default: false
Secure value: false
|