Oracle® iPlanet Web Server Release Notes Release 6.1 SP21 E18788-09 |
|
|
PDF · Mobi · ePub |
Oracle iPlanet Web Server 6.1 SP12 is the last release at which the entire documentation set for Oracle iPlanet Web Server 6.1 was updated. Subsequent to the 6.1 SP12 release, updates and corrections to 6.1 documentation are provided in this Release Notes document; see Section 3.1, "Corrections and Updates to 6.1 SP12 Manuals."
The Oracle iPlanet Web Server 6.1 SP12 documentation is available online in PDF and HTML formats at:
http://download.oracle.com/docs/cd/E19857-01/index.html
.
Table 3-1 Oracle iPlanet Web Server 6.1 Documentation Roadmap
For Information About | See |
---|---|
Late-breaking information about the software and documentation |
Oracle iPlanet Web Server Release 6.1 SP21 Release Notes (this document) |
Information about Web Server 6.1 FastCGI plug-in, including information about server application functions (SAFs), installation, configuration, technical notes, and pointers to additional resources. |
|
Information about Web Server 6.1 Reverse Proxy plug-in, including information about server application functions (SAFs), installation, configuration, technical notes, and pointers to additional resources. |
|
Getting started with Web Server, including hands-on exercises that introduce server basics and features (recommended for first-time users) |
|
Performing installation and migration tasks:
|
Installation and Migration Guide Note: Java ES patches for Oracle iPlanet Web Server 6.1 were provided up to release 6.1.12. The information in this section is applicable only to release 6.1.12 and earlier releases. If Sun Java Enterprise System 1 is installed on your system and you want to upgrade the Oracle iPlanet Web Server 6.1 that is part of Sun Java Enterprise System 1 to Oracle iPlanet Web Server Release 6.1 SP21, you must use the Java Enterprise System (JES) installer to perform the upgrade. Do not use the separate component installer included with Oracle iPlanet Web Server Release 6.1 SP21. |
Performing the following administration tasks:
|
|
Using programming technologies and APIs to do the following:
|
|
Creating custom Netscape Server Application Programmer's Interface (NSAPI) plugins |
|
Implementing servlets and JavaServer Pages ( JSP) technology in Web Server |
|
Editing configuration files |
|
Tuning Web Server to optimize performance |
The following sections describe corrections and updates to Oracle iPlanet Web Server 6.1 SP12 manuals:
Incorrect Instructions for Stopping schedulerd
Control Daemon
Upgrade Fails in HP_UX When Upgraded From Oracle Web Server SP12/ SP14 to Web Server SP17
Section 4.2 of the HTTP/1.1 standard (http://www.ietf.org/rfc/rfc2616.txt
) states that HTTP header names are case-insensitive. When processing header names, Web Server 6.1 converts the names to all-lowercase.
The section Setting Access Rights in the Sun Java System Web Server 6.1 SP12 Administrator's Guide contains the following inaccurate note. Please ignore this note.
Note:
Although the following methods are present in the code, they are not included in the document above: revlog
, getattribute
, getattributename
, getproperties
, startrev
, stoprev
, edit
, unedit
, save
, setattribute
, revadd
, revlabel
and destroy
.
net_read()
Return ValueThe section net_read in the Sun Java System Web Server 6.1 SP12 NSAPI Programmer's Guide contains incorrect information about the return value for the net_read()
function. The correct information is:
Returns
The number of bytes read, which will not exceed the maximum size, sz
. A negative value is returned if an error has occurred, in which case errno
is set to the constant ETIMEDOUT
if the operation did not complete before timeout
seconds elapsed.
The number of bytes read, which will not exceed the maximum size, sz
. A negative value is returned if an error has occurred, in which case errno
is set to one of the following constants:
ETIMEDOUT
if the read operation did not complete before timeout
seconds elapsed.
EAGAIN
if non-blocking I/O is enabled on the socket descriptor and the socket was temporarily unavailable.
EWOULDBLOCK
if non-blocking I/O is enabled on the socket descriptor and the read operation would have blocked.
The section "PathCheck" in the Sun Java System Web Server 6.1 SP12 NSAPI Programmer's Guide contains incorrect information.
If the NameTrans
directive assigned a name or generated a physical path name that matches the name
or ppath
attribute of another object, the server first applies the PathCheck
directives in the matching object before applying the directives in the default object.
If the NameTrans
directive assigned a name or generated a physical path name that matches the name
or ppath
attribute of another object, the server first applies the PathCheck
directives in the default object before applying the directives in the matching object.
schedulerd
Control DaemonThe section "Using Schedulerd
Control-based Log Rotation (UNIX/Linux)" in the Sun Java System Web Server 6.1 SP12 Administrator's Guide contains incorrect information about stopping the schedulerd
control daemon
export PID_FILE=/opt/SUNWwbsvr/https-admserv/logs/scheduler.pid kill -9 -`cat $PID_FILE` - rm $PID_FILE
export PID_FILE=/opt/SUNWwbsvr/https-admserv/logs/scheduler.pid kill -9 `cat $PID_FILE` rm $PID_FILE
Upgrade from Oracle Web Server SP12 or SP 14 to Web Server SP17 fails in HP_UX operating system.
Workaround:
Go to <install root>/plugins/include/nspr
path.
Run the ls -l
command and find all the files that have non-existing symbolic links.
Remove the files that have non-existing symbolic links using the command rm <file names>
.
Run the Web server SP17 installer to upgrade the instance.
Note:
This upgrade issue exists only in the HP_UX operating system.
The section "About Hypertext Transfer Protocol (HTTP)" in Sun ONE Web Server 6.1 Administrator's Guide lists outdated RFC number.
Incorrect:
The iPlanet Web Server 4.x supports HTTP 1.1. Previous versions of the server supported HTTP 1.0. The server is conditionally compliant with the HTTP 1.1 proposed standard, as approved by the Internet Engineering Steering Group (IESG) and the Internet Engineering Task Force (IETF) HTTP working group. For more information on the criteria for being conditionally compliant, see the Hypertext Transfer Protocol—HTTP/1.1 specification (RFC 2068).
Correct:
The iPlanet Web Server 6.1 supports HTTP 1.1. Previous versions of the server supported HTTP 1.0. The server is conditionally compliant with the HTTP 1.1 proposed standard, as approved by the Internet Engineering Steering Group (IESG) and the Internet Engineering Task Force (IETF) HTTP working group. For more information on the criteria for being conditionally compliant, see the Hypertext Transfer Protocol—HTTP/1.1 specification (RFC 2616).
The section "Compliance" in Sun Java System Web Server 6.1 SP12 NSAPI Programmer's Guide lists outdated RFC number and incorrect link.
Incorrect:
For more information on the criteria for being conditionally compliant, see the Hypertext Transfer Protocol -- HTTP/1.1 specification (RFC 2068) at:
http://www.ietf.org/rfc/rfc2068.txt?number=2068
Correct:
For more information on the criteria for being conditionally compliant, see the Hypertext Transfer Protocol -- HTTP/1.1 specification (RFC 2616) at: http://www.ietf.org/rfc/rfc2616.txt
The following is an example to understand the IP attribute mentioned in the section "ACL File Syntax" in Oracle iPlanet Web Server 7.0.9 Administrator's Configuration File Reference:
deny (all) ip ="*";
allow (read, execute, info) (ip="10.186.81.*") or (ip="10.159.184.187");
If there is no wildcard, do the following:
deny (all) ip ="*";
allow (read, execute, info) (ip="10.186.81.155,10.159.184.187");
The section "AcceptTimeout" in Sun Java System Web Server 6.1 SP7 Administrator's Configuration File Reference contains incorrect information about the default value.
Incorrect:
30 seconds for servers that don't use hardware encryption devices and 300 seconds for those that do.
Correct:
The default value of the AcceptTimeout
parameter is always 30 seconds.
A new property named httponlysessioncookie
has been added to JAVA element of the server.xml
configuration file. By default, this property is true and ;HttpOnly
is appended to the set-cookie header. When the value is set to false, ;HttpOnly
is not appended. You can set this property by changing the server.xm
l configuration file.
Starting from Oracle iPlanet Web Sever 6.1.18, the set-cookie header value is being appended by ;HttpOnly
due to security reasons. If you do not wish to append ;HttpOnly
to the set-cookie header, do the following :
Set the httponlysessioncookie
property of the JAVA element in server.xm
l configuration file to false.
The following versions of LDAP directory servers are supported:
Oracle Directory Server Enterprise Edition 11gR1 (11.1.1.3+)
Oracle Virtual Directory 11gR1 (11.1.1.3+)
Oracle Internet Directory 11gR1 (11.1.1.3+)
For Unix, the invocation of a web server instance brings up a single watchdog process, which brings up a primordial process, which in turn launches a worker process. The watchdog process is named webservd-wdog
, whereas both the primordial process and the worker are named webservd
. The worker process waits for HTTP requests and processes them to generate HTTP responses. The other two processes together provide limited High Availability functionality. If the worker process crashes or goes down, then the primordial process brings up another instance of the worker process. If the primordial process goes down, then the watchdog process must bring up another instance of it.
For Windows, the primordial process is not used.
When you use certain load balancers, such as F5 Networks' BIG-IP, to distribute client requests to iPlanet Web Server 6.1 SP15 and later releases (6.1 SP17 and later Releases in HP-UX), TLS communication using CBC ciphers (such as TLS_RSA_WITH_AES_256_CBC_SHA
and TLS_RSA_WITH_3DES_EDE_CBC_SHA
) breaks. BIG-IP and, possibly, other load balancers are unable to forward responses from the Oracle iPlanet Web Server instances to the clients.
The NSS version included in Oracle iPlanet Web Server release 6.1 SP15 (and later) implements split data packets. BIG-IP and some other load balancers might not be able to handle split data packets.
Caution:
This workaround removes the fix introduced in release 6.1 SP15 (6.1 SP17 in HP-UX) for the CVE-2011-3389 security vulnerability.
Stop the server.
In the startserv
script, set the environment variable NSS_SSL_CBC_RANDOM_IV
to 0.
The startserv
script is located in the instance_dir/bin
directory. On Windows, for example, add the following line in the startserv
script:
set NSS_SSL_CBC_RANDOM_IV=0
Start the server.