The following sections describe the parameters that you use to configure the Apache and Microsoft IIS Web server plug-ins:
You enter the parameters for each Web server plug-in in special configuration files. Each Web server has a different name for this configuration file and different rules for formatting the file. For details, see the following sections on each plug-in:
The general parameters for Web server plug-ins are shown in Table 7-1. Parameters are case sensitive.
Table 7-1 General Parameters for Web Server Plug-Ins
Parameter Name | Default | Description | Applicable to |
---|---|---|---|
|
none |
WebLogic Server host (or virtual host name as defined in WebLogic Server) to which HTTP requests should be forwarded. If you are using a WebLogic cluster, use the |
ISAPI, Apache and NSAPI plug-in, HttpClusterServlet, and HttpProxyServlet |
|
none |
Port at which the WebLogic Server host is listening for connection requests from the plug-in (or from other servers). (If you are using SSL between the plug-in and WebLogic Server, set this parameter to the SSL listen port (see Configuring SSL) and set the If you are using a WebLogic Cluster, use the |
ISAPI, Apache and NSAPI plug-in, HttpClusterServlet, and HttpProxyServlet |
(Required when proxying to a cluster of WebLogic Servers, or to multiple non-clustered servers.) |
none |
The List of WebLogic Servers that can be used for load balancing. The server or cluster list is a list of host:port entries. If a mixed set of clusters and single servers is specified, the dynamic list returned for this parameter will return only the clustered servers. The method of specifying the parameter, and the required format vary by plug-in. See the examples in:
If you are using SSL between the plug-in and WebLogic Server, set the port number to the SSL listen port (see Configuring SSL) and set the The plug-in does a simple round-robin between all available servers. The server list specified in this property is a starting point for the dynamic server list that the server and plug-in maintain. WebLogic Server and the plug-in work together to update the server list automatically with new, failed, and recovered cluster members. You can disable the use of the dynamic cluster list by setting the The plug-in directs HTTP requests containing a cookie, URL-encoded session, or a session stored in the POST data to the server in the cluster that originally created the cookie. |
ISAPI, Apache and NSAPI plug-in,and HttpClusterServlet |
|
null |
As per the RFC specification, generic syntax for URL is: [PROTOCOL]://[HOSTNAME]:{PORT}/{PATH}/{FILENAME};{PATH_PARAMS}/{QUERY_STRING}...
http://myWeb.server.com/weblogic/foo is passed to the plug-in for parsing and if http://myWeb.server.com:7001/foo Note that if you are newly converting an existing third-party server to proxy requests to WebLogic Server using the plug-in, you will need to change application paths to |
ISAPI, Apache and NSAPI plug-in, HttpClusterServlet, and HttpProxyServlet |
|
null |
As per the RFC specification, generic syntax for URL is: [PROTOCOL]://[HOSTNAME]:{PORT}/{PATH}/{FILENAME};{PATH_PARAMS}/{QUERY_STRING}...
Note that if you need to append File Name, use |
ISAPI, Apache and NSAPI plug-in, HttpClusterServlet, and HttpProxyServlet |
|
10 |
Maximum time in seconds that the plug-in should attempt to connect to the WebLogic Server host. Make the value greater than You can customize the error response by using the ErrorPage parameter. |
NSAPI, ISAPI, and Apache plug-in, and HttpClusterServlet |
|
2 |
Interval in seconds that the plug-in should sleep between attempts to connect to the WebLogic Server host (or all of the servers in a cluster). Make this number less than the To specify no retries, set You can customize the error response by using the |
NSAPI, ISAPI, and Apache plug-in, and HttpClusterServlet |
|
OFF |
Sets the type of logging performed for debugging operations. The debugging information is written to the Override this location and filename by setting the WLLogFile parameter to a different directory and file. (See the Ensure that the tmp or TEMP directory has write permission assigned to the user who is logged in to the server. Set any of the following logging options (HFC,HTW,HFW, and HTC options may be set in combination by entering them separated by commas, for example “HFC,HTW”):
|
NSAPI, ISAPI, and Apache plug-in, HttpClusterServlet, and HttpProxyServlet. For HttpClusterServlet and HttpProxyServlet, the only possible values are ON and OFF. |
|
See the |
Specifies path and file name for the log file that is generated when the |
NSAPI, ISAPI, and Apache plug-in, HttpClusterServlet, and HttpProxyServlet |
|
0 (Lookup once, during startup) |
Only applies to NSAPI and Apache. If defined in the proxy configuration, specifies number of seconds interval at which WebLogic Server refreshes DNS name to IP mapping for a server. This can be used in the event that a WebLogic Server instance is migrated to a different IP address, but the DNS name for that server's IP remains the same. In this case, at the specified refresh interval the DNS<->IP mapping will be updated. |
NSAPI and Apache plug-in |
WLTempDir |
See the Debug parameter |
Specifies the directory where a Also specifies the location of the When both |
NSAPI, ISAPI, and Apache plug-in |
DebugConfigInfo |
OFF |
Enables the special query parameter “__WebLogicBridgeConfig”. Use it to get details about configuration parameters from the plug-in. For example, if you enable “__WebLogicBridgeConfig” by setting DebugConfigInfo and then send a request that includes the query string ?__WebLogicBridgeConfig, then the plug-in gathers the configuration information and run-time statistics and returns the information to the browser. The plug-in does not connect to WebLogic Server in this case. This parameter is strictly for debugging and the format of the output message can change with releases. For security purposes, keep this parameter turned OFF in production systems. |
NSAPI, ISAPI, and Apache plug-in, HttpClusterServlet, and HttpProxyServlet |
StatPath (Not available for the Microsoft Internet Information Server Plug-In) |
false |
If set to true, the plug-in checks the existence and permissions of the translated path (“Proxy-Path-Translated”) of the request before forwarding the request to WebLogic Server. If the file does not exist, an HTTP 404 File Not Found response is returned to the client. If the file exists but is not world-readable, an HTTP 403/Forbidden response is returned to the client. In either case, the default mechanism for the Web server to handle these responses fulfills the body of the response. This option is useful if both the WebLogic Server Web Application and the Web Server have the same document root. You can customize the error response by using the ErrorPage parameter. |
NSAPI and Apache plug-in |
ErrorPage |
none |
You can create your own error page that is displayed when your Web server is unable to forward requests to WebLogic Server. |
ISAPI, Apache, and NSAPI plug-in |
WLSocketTimeoutSecs |
2 (must be greater than 0) |
Set the timeout for the socket while connecting, in seconds. |
|
WLIOTimeoutSecs (new name for HungServerRecoverSecs) |
300 |
Defines the amount of time the plug-in waits for a response to a request from WebLogic Server. The plug-in waits for Minimum value: 10 Maximum value: Unlimited |
NSAPI, ISAPI, and Apache plug-in |
Idempotent |
ON |
When set to ON and if the servers do not respond within WLIOTimeoutSecs (new name for HungServerRecoverSecs), the plug-ins fail over. The plug-ins also fail over if Idempotent is set to ON and the servers respond with an error such as If set to “OFF” the plug-ins do not fail over. If you are using the Apache HTTP Server you can set this parameter differently for different URLs or MIME types. |
ISAPI, Apache and NSAPI plug-in, and HttpClusterServlet |
WLCookieName CookieName parameter is deprecated |
JSESSIONID |
If you change the name of the WebLogic Server session cookie in the WebLogic Server Web application, you need to change the WLCookieName parameter in the plug-in to the same value. The name of the WebLogic session cookie is set in the WebLogic-specific deployment descriptor, in the |
NSAPI, ISAPI, and Apache plug-in, HttpClusterServlet, and HttpProxyServlet |
DefaultFileName |
none |
If the URI is “/” then the plug-in performs the following steps: Trims the path specified with the Appends the value of Prepends the value specified with This procedure prevents redirects from WebLogic Server. Set the DefaultFileName to the default welcome page of the Web Application in WebLogic Server to which requests are being proxied. For example, If the Note for Apache users: If you are using Stronghold or Raven versions, define this parameter inside of a |
NSAPI, ISAPI, and Apache plug-in, HttpClusterServlet, and HttpProxyServlet |
MaxPostSize |
-1 |
Maximum allowable size of POST data, in bytes. If the content-length exceeds |
ISAPI, Apache and NSAPI plug-in, HttpClusterServlet, and HttpProxyServlet |
MatchExpression (Apache HTTP Server only) |
none |
When proxying by MIME type, set the filename pattern inside of an IfModule block using the MatchExpression parameter. Example when proxying by MIME type: <IfModule weblogic_module> MatchExpression *.jsp WebLogicHost=myHost|paramName=value </IfModule> Example when proxying by path: <IfModule weblogic_module> MatchExpression /weblogic WebLogicHost=myHost|paramName=value </IfModule> It is possible to define a new parameter for MatchExpression using the following syntax: MatchExpression *.jsp PathPrepend=/test PathTrim=/foo |
Apache plug-in |
FileCaching |
ON |
When set to Note that when When set to Note that turning Finally, regardless of how |
ISAPI, Apache and NSAPI plug-in, and HttpClusterServlet |
FilterPriorityLevel |
2 |
The values for this parameter are 0 (low), 1 (medium), and 2 (high). The default value is 2. This priority should be put in iisforward.ini file. This property is used to set the priority level for the iisforward.dll filter in IIS. Priority level is used by IIS to decide which filter will be invoked first, in case multiple filters match the incoming request. |
ISAPI plug-in |
WLExcludePathOrMimeType |
none |
This parameter allows you make exclude certain requests from proxying. This parameter can be defined locally at the Location tag level as well as globally. When the property is defined locally, it does not override the global property but defines a union of the two parameters. |
NSAPI, ISAPI, and Apache plug-in |
WlForwardPath |
null |
If WlForwardPath is set to "/" all requests are proxied. To forward any requests starting with a particular string, set WlForwardPath to the string. For example, setting WlForwardPath to /weblogic forwards all requests starting with /weblogic to Weblogic Server. This parameter is required if you are proxying by path. You can set multiple strings by separating the strings with commas. For example: WlForwardPath=/weblogic,/bea. |
ISAPI plug-in |
KeepAliveSecs |
20 |
The length of time after which an inactive connection between the plug-in and WebLogic Server is closed. You must set The value of this parameter must be less than or equal to the value of the Duration field set in the Administration Console on the Server/HTTP tab, or the value set on the server Mbean with the |
ISAPI, Apache and NSAPI plug-in, HttpClusterServlet, and HttpProxyServlet |
KeepAliveEnabled |
true (Microsoft IIS plug-in) ON (Apache plug-in) |
Enables pooling of connections between the plug-in and WebLogic Server. Valid values for the Microsoft IIS plug-ins are true and false. Valid values for the Apache plug-in are |
ISAPI, Apache and NSAPI plug-in, HttpClusterServlet, and HttpProxyServlet |
QueryFromRequest (Apache HTTP Server only) |
OFF |
When set to (request_rec *)r->the request to pass the query string to WebLogic Server. (For more information, see your Apache documentation.) This behavior is desirable in the following situations:
When set to |
Apache plug-in |
MaxSkipTime |
10 |
If a WebLogic Server listed in either the WebLogicCluster parameter or a dynamic cluster list returned from WebLogic Server fails, the failed server is marked as “bad” and the plug-in attempts to connect to the next server in the list.
|
ISAPI, Apache and NSAPI plug-in, and HttpClusterServlet |
DynamicServerList |
ON |
When set to There are some implications for setting this parameter to
|
NSAPI, ISAPI, and Apache plug-in, and HttpClusterServlet |
WLProxySSL |
OFF |
Set this parameter to
When WLProxySSL is set to |
NSAPI, ISAPI, and Apache plug-in, HttpClusterServlet, and HttpProxyServlet |
WLProxyPassThrough |
OFF |
If you have a chained proxy setup, where a proxy plug-in or |
NSAPI, ISAPI, and Apache plug-in, HttpClusterServlet, and HttpProxyServlet |
WLLocalIP |
none |
Defines the IP address (on the plug-in's system) to bind to when the plug-in connects to a WebLogic Server instance running on a multihomed machine. If |
NSAPI, ISAPI, and Apache plug-in |
WLSendHdrSeparately |
ON |
When this parameter is set to ON, header and body of the response are sent in separate packets. Note: If you need to send the header and body of the response in two calls, for example, in cases where you have other ISAPI filters or programmatic clients that expect headers before the body, set this parameter to ON. |
ISAPI plug-in |
When the FileCaching parameter is set to ON, and the size of the POST data in a request is greater than 2048 bytes, the POST data is first read into a temporary file on disk and then forwarded to the WebLogic Server in chunks of 8192 bytes. This preserves the POST data during failover.
The temporary POST file is located under /tmp/_wl_proxy
for UNIX. For Windows it is located as follows (if WLTempDir
is not specified):
Environment variable TMP
Environment variable TEMP
C:\Temp
/tmp/_wl_proxy
is a fixed directory and is owned by the HTTP Server user. When there are multiple HTTP Servers installed by different users, some HTTP Servers might not be able to write to this directory. This condition results in an error similar to the following:
@ @ @ <HTML> @ <HEAD> @ <TITLE>Weblogic Bridge Message @ </TITLE> @ </HEAD> @ <BODY> @ <H2>Failure of server APACHE bridge:</H2><P> @ <hr>Cannot open TEMP post file '/tmp/_wl_proxy/_post_25444_36' for POST of @ 4564 bytes
To correct this condition, use the WLTempDir
parameter to specify a different location for the _wl_proxy
directory for POST data files.
Note:
SCG Certificates are not supported for use with WebLogic Server Proxy Plug-Ins. Non-SCG certificates work appropriately and allow SSL communication between WebLogic Server and the plug-in.KeyStore-related initialization parameters are not supported for use with WebLogic Server Proxy Plug-Ins
The SSL parameters for Web Server plug-ins are shown in Table 7-2. Parameters are case sensitive.
Table 7-2 SSL Parameters for Web Server Plug-Ins
Parameter | Default | Description | Applicable to |
---|---|---|---|
EnforceBasicConstraint |
Strong |
This parameter closes a security hole which existed with SSL certificate validation where certificate chains with invalid V3 CA certificates would not be properly rejected. This allowed certificate chains with invalid intermediate CA certificates, rooted with a valid CA certificate to be trusted. X509 V3 CA certificates are required to contain the The levels of enforcement are as follows:
|
NSAPI, ISAPI, and Apache plug-in |
SecureProxy |
OFF |
Set this parameter to ON to enable the use of the SSL protocol for all communication between the plug-in and WebLogic Server. Remember to configure a port on the corresponding WebLogic Server for the SSL protocol before defining this parameter. This parameter may be set at two levels: in the configuration for the main server and—if you have defined any virtual hosts—in the configuration for the virtual host. The configuration for the virtual host inherits the SSL configuration from the configuration of the main server if the setting is not overridden in the configuration for the virtual host. |
ISAPI, NSAPI, and Apache plug-ins, HttpClusterServlet, and HttpProxyServlet |
TrustedCAFile |
none |
Name of the file that contains the digital certificates for the trusted certificate authorities for the plug-in. This parameter is required if the SecureProxy parameter is set to |
ISAPI, NSAPI, and Apache plug-ins |
RequireSSLHostMatch |
true |
Determines whether the host name to which the plug-in is connecting must match the Subject Distinguished Name field in the digital certificate of the WebLogic Server to which the proxy plug-in is connecting. When specifying When using the |
ISAPI, NSAPI, and Apache plug-ins |
SSLHostMatchOID |
22 |
The ASN.1 Object ID (OID) that identifies which field in the Subject Distinguished Name of the peer digital certificate is to be used to perform the host match comparison. The default for this parameter corresponds to the
|
ISAPI, NSAPI, and Apache plug-ins |
KeyStore |
none |
For generic proxy servlets, the key store location in a Web application when using two-way SSL to create a user-defined identity certificate and key. |
Applies only to the HttpClusterServlet and to the HttpProxyServlet. |
KeyStoreType |
none |
The key store type when using two-way SSL with a generic proxy servlet. If it is not defined, the default type will be used instead. |
Applies only to the HttpClusterServlet and to the HttpProxyServlet. |
PrivateKeyAlias |
none |
The private key alias when using two-way SSL with a generic proxy servlet. |
Applies only to the HttpClusterServlet and to the HttpProxyServlet. |
KeyStorePasswordProperties |
none |
A property file in a Web application that defines encrypted passwords to access the key store and private key alias when using two-way SSL with a generic proxy servlet. The file contents looks like this: KeyStorePassword={3DES}i4+50LCKenQO8BBvlsXTrg\=\= PrivateKeyPassword={3DES}a4TcG4mtVVBRKtZwH3p7yA\=\= You must use the |
Applies only to the HttpClusterServlet and to the HttpProxyServlet. |