This appendix describes the directives available in the Oracle-developed modules supported by OHS. It contains these sections:
Note:
The directives described in this appendix are only for modules developed by Oracle. OHS also includes many Apache HTTP Server and third-party modules out-of-the-box. See "Apache HTTP Server and Third-party Modules in Oracle HTTP Server" in Chapter 3 for a list of these modules and a link to their documentation.
mod_certheaders accepts the following directives:
Specifies which headers should be translated to CGI environment variables. This can be achieved by using the AddCertHeader directive. This directive takes a single argument, which is the CGI environment variable that should be populated from a HTTP header on incoming requests. For example, to populate the SSL_CLIENT_CERT CGI environment variable. AddCertHeader is generally used for Web cache in front of OHS.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Note:
If a simulated SSL connection needs to be passed to WebLogic Server, AddCertHeader can be used with mod_wl_ohs as well. That module's directive, WLProxySSLPassThrough, ensures that the certificate is passed to the backend (irrespective of the real or simulated SSL connection).
mod_certheaders can be used to instruct Oracle HTTP Server to treat certain requests as if they were received through HTTPS even though they were received through HTTP. This is useful when Oracle HTTP Server is front-ended by a reverse proxy or load balancer, which acts as a termination point for SSL requests, and forwards the requests to Oracle HTTP Server through HTTPS. and SimulateHttps is used for load balancer type of devices.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
mod_certheaders accepts the OpmnHostPort directive.
This directive enables you to specify a hostname and port that OPMN should use for pinging the Oracle HTTP Server instance that mod_onsint is running in. If OpmnHostPort is not specified, mod_onsint chooses an HTTP port automatically. However, in certain circumstances, you may want to choose a specific HTTP port and hostname that OPMN should use to ping the listener with.
| Category | Value |
|---|---|
|
Syntax |
OpmnHostPort host:Port |
|
Example |
OpmnHostPort localhost:7778 |
|
Default |
None |
mod_oradav accepts the following directives:
In an Oracle HTTP Server environment that is not OraDAV-enabled, mod_dav does not respond to HTTP GET requests. Instead, normal Oracle HTTP Server mechanisms are used to respond to GET requests.
The ORAAllowIndexDetails parameter controls how OraDAV responds when a GET request is performed on a DAV collection and no index.html file is found in the directory. In a typical Oracle HTTP Server environment, a separate module takes control, automatically generating and returning to the client HTML that represents an "index" of the resources (files) in that collection.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
false |
Specifies the password for the user specified by the ORAUser parameter. The OraAltPassword uses a base-64 encoded character string. This parameter provides an alternative if you do not want the password to appear in unencoded plain text with the ORAUser parameter. If the ORAPassword parameter is not specified, this value is used for the password.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Specifies the directory to use for disk caching operations, per these requirements:
The specified directory must exist and be readable by Oracle HTTP Server, but cannot be visible to normal GET requests. If the directory is visible to normal GET requests, security measures could be bypassed by users accessing the cache directory.
The directory should be located on a file system that supports a last accessed time. On Microsoft Windows systems, this means using NTFS, not FAT, formatted partitions.
You cannot use the cache directory for anything other than caching. Any files in the cache directory are subject to deletion.
If you use the ORACacheDirectory parameter, you must also use the ORACacheTotalSize parameter.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
If not used, disk caching is not performed for OraDAV operations |
Specifies the maximum cacheable resource size for disk caching operations. You can specify kilobytes (KB) or megabytes (MB) after an integer. If you do not specify a unit after the integer, then the default unit is bytes.
This parameter enables Web administrators to prevent large media files from dominating the cache. The performance benefit of caching a large file is greater than from caching a small file.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Specifies the percentage of disk cache usage to be freed when the cache is full. When the disk cache is full, the oldest files in the cache are deleted until the cache disk usage is reduced by the ORACachePrunePercent value.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
25 |
Specifies the size of the cache to use for disk caching operations. You can specify MB (for megabytes) or GB (for gigabytes) after an integer. If you do not specify a unit after the integer, the default unit is bytes.
If you use the ORACacheDirectory parameter, you must also use the ORACacheTotalSize parameter.
The ORACacheTotalSize value should be large enough to hold either a significant amount of your Web site, or all of the most frequently accessed files plus 25 percent more space. If the value is too small, overall performance degrades because of the extra work of writing BLOB data to the file system and deleting files to make room for newer cache requests.
The actual space utilized by the disk cache might sometimes exceed the ORACacheTotalSize value, possibly by as much as the ORACacheMaxResourceSize value. You should also be aware of file system block size issues that could cause the cache to use more disk space than the ORACacheTotalSize value.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Specifies the Oracle database to connect to. The ORAConnect parameter lets you connect to a database that is not included in the tnsnames.ora file. The value must use the following format:
To connect to an Oracle database, you must specify one, and no more than one, of the parameters ORAConnect, ORAConnectSN, or ORAService. To connect to a database included in the tnsnames.ora file, use the ORAService parameter.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Specifies the Oracle database to connect to. The ORAConnectSN parameter lets you connect to a database that is not included in the tnsnames.ora file. The value for this parameter is a character string.The value must use the following format:
To connect to an Oracle database, you must specify one, and no more than one, of the parameters ORAConnect, or ORAService. To connect to a database included in the tnsnames.ora file, use the ORAService parameter.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Within the database user (schema) specified by the ORAUser parameter, there must exist a container, which is a set of PL/SQ packages and database tables that allow the storage of files in the database within a hierarchical structure. The ORAContainerName parameter specifies the name of the container to use for the location. The value for this parameter is a character string, up to 20 characters. For example, <Location/project1>.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Writes PL/SQL stack dumps in the Oracle HTTP Server log file, error_log, in the event of an exception in the PL/SQL package.
| Category | Value |
|---|---|
|
Syntax |
ORAException RAISE|NORAISE |
|
Example |
ORAException RAISE |
|
Default |
NORAISE |
Note:
Although this parameter is useful for debugging purposes, it can use a large amount of disk space and can slow the performance of your system.
Specifies one or more file extensions to identify types of files that are not to be run, but rather opened for editing. This allows you to open files for editing that are usually run as a result of a GET operation. When entering filetypes, include dot separators (.) and use a comma to separate file extensions. The value for this parameter is enclosed within double quotation marks. For example:
".htm, .html, .jsp1, .jsp2"
This directive applies only to file system access.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
.JSP .SQLJSP |
Note:
The .jsp and .sqljsp files are by default opened for editing; you do not need to specify them in the ORAGetSource parameter.
Intended to be used in high-latency network environments to adjust the refresh lock behavior in Microsoft Office. Microsoft Office attempts to refresh locks on DAV resources just before the lock is set to expire. If the Microsoft Office client and the DAV server experience network congestion between the refresh, the request might arrive after the lock has expired.
OraDAV periodically looks for locks on resources that have expired and deletes those locks. The ORALockExpirationPad parameter can be used to provide some additional time between when a lock expires and when that lock is deleted. For example, if ORALockExpirationPad is set to 120, OraDAV does not actually delete locks for at least two minutes after the expiration time.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
0 |
Identifies the OraDAV driver implementation that is to be called when issuing OraDAV commands. The default is the OraDAV driver, which is the ORDSYS.DAV_API_DRIVER package.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
The OraDAV driver |
Specifies the password for the user specified by the ORAUser parameter.
If you do not want to specify the password as an unencoded text string with the ORAPassword parameter, you can specify the password as a base-64 encoded string with the ORAAltPassword parameter.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Specifies the directory within the database repository to use as the root. If this parameter is specified, WebDAV clients see this directory as the root and are not be able to see the repository directories that lead up to it. Do not include a trailing slash (/) in the value.
WebDAV clients can view the /third directory and can navigate to the /third/fourth directory, but will not be able to view or navigate to the /first or /first/second directories.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Specifies the Oracle database to connect to. The specified value must match a SID value in the tnsnames.ora file.
To connect to an Oracle database, you must specify one, and no more than one, of the parameters ORAConnect, ORAConnectSN, or ORAService. To connect to a database that is not included in the tnsnames.ora file, use the ORAConnect or ORAConnectSN parameter.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Specifies the types of events to be recorded in the Oracle HTTP Server error log for debugging. The value for this parameter is one of the following:
getsource: traces GET activity against the file system
hreftoutf8: traces the HREF conversion from the native character set to UTF-8
request: traces DAV requests, responses, and status values handled by mod_oradav
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Note:
Although this parameter is useful for debugging purposes, it can use a large amount of disk space and can slow the performance of your system.
Specifies the level of debugging (trace statements) that will be entered in the Oracle HTTP Server error log. The lowest level is 0 (the default), which performs no tracing. The highest level is 4, which performs maximum tracing. The value for this parameter is an integer between 0 and 4.
The higher the number for the debugging level, the more information is written to the error log file.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
0 |
Note:
Although setting this parameter to a high number is useful for debugging purposes, it can use a large amount of disk space and can slow the performance of your system.
Specifies the database user (schema) to use when connecting to the service specified by the ORAConnect, ORAConnectSN, or ORAService parameter.
This user must have the following privileges:
CONNECT
RESOURCE
CREATE TABLESPACE
DROP TABLESPACE
CREATE ANY TRIGGER
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
To configure SSL for your Oracle HTTP Server, enter the mod_ossl directives you want to use in the httpd.conf file.
The following directives are described in subsequent sections:
Specifies if SSL accelerator is used. Currently only nFast card is supported.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
SSLAccelerator yes |
|
Default |
|
Note:
The SSLAccelerator directive has been deprecated. For information on enabling SSL acceleration support using a wallet, refer to the Oracle Advanced Security Administrator's Guide on http://www.oracle.com/technology/documentation.
Specifies the file where you can assemble the Certificate Revocation Lists (CRLs) from CAs (Certificate Authorities) that you accept certificates from. These are used for client authentication. Such a file is the concatenation of various PEM-encoded CRL files in order of preference. This directive can be used alternatively or additionally to SSLCARevocationPath.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Specifies the directory where PEM-encoded Certificate Revocation Lists (CRLs) are stored. These CRLs come from the CAs (Certificate Authorities) that you accept certificates from. If a client attempts to authenticate itself with a certificate that is on one of these CRLs, then the certificate is revoked and the client cannot authenticate itself with your server.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Specifies the SSL cipher suite that the client can use during the SSL handshake. This directive uses a colon-separated cipher specification string to identify the cipher suite. Table 11–2 shows the tags you can use in the string to describe the cipher suite you want. SSLCipherSuite accepts the following values:
none: Adds the cipher to the list
+ : Adds the cipher to the list and place it in the correct location in the list
- : Remove the cipher from the list (can be added later)
! : Remove the cipher from the list permanently
Tags are joined together with prefixes to form a cipher specification string. Cipher suite tags are listed in Table E-1 and Table E-2.
Table E-1 SSLCipher Suite Tags
| Function | Tag | Meaning |
|---|---|---|
|
Key exchange |
|
|
|
Key exchange |
|
Diffie-Hellman key exchange with RSA key |
|
Authentication |
|
No authentication |
|
Authentication |
|
|
|
Authentication |
|
Diffie-Hellman authentication |
|
Encryption |
|
No encryption |
|
Encryption |
|
|
|
Encryption |
|
Triple |
|
Encryption |
|
|
|
Data Integrity |
|
|
|
Data Integrity |
|
|
|
Aliases |
|
All SSL version 3.0 ciphers |
|
Aliases |
|
All export ciphers |
|
Aliases |
|
All 40-bit export ciphers only |
|
Aliases |
|
All 56-bit export ciphers only |
|
Aliases |
|
All low strength ciphers (export and single |
|
Aliases |
|
All ciphers with 128-bit encryption |
|
Aliases |
|
All ciphers using triple |
|
Aliases |
|
All ciphers using |
|
Aliases |
|
All ciphers using Diffie-Hellman key exchange |
Note:
There are restrictions if export versions of browsers are used. Oracle module, mod_ossl, supports RC4-40 encryption only when the server uses 512 bit key size wallets.
Table E-2 Cipher Suites Supported in Oracle Advanced Security 10i
| Cipher Suite | Authentication | Encryption | Data Integrity |
|---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Toggles the usage of the SSL Protocol Engine. This is usually used inside a <VirtualHost> section to enable SSL for a particular virtual host. By default, the SSL Protocol Engine is disabled for both the main server and all configured virtual hosts. Example 11–1 is an example for using SSLEngine directive. The default SSL is 4443 on UNIX and 443 on Windows.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
Specifies where the SSL engine log file will be written. (Error messages will also be duplicated to the standard Oracle HTTP Server log file specified by the ErrorLog directive.)
Place this file at a location where only root can write, so that it cannot be used for symlink attacks. If the filename does not begin with a slash (/), it is assumed to be relative to the ServerRoot. If the filename begins with a bar (|), then the string following the bar is expected to be a path to an executable program to which a reliable pipe can be established.
This directive should occur only once per virtual server configuration.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Specifies the verbosity degree of the SSL engine log file. The degrees, or levels, are (in ascending order, where each level is included in the levels preceding it):
none: No dedicated SSL logging is done. Messages of type 'error' are duplicated to the standard HTTP server log file specified by the ErrorLog directive.
error: Only messages of the type 'error' (conditions that stop processing) are logged.
warn: Messages that notify of non-fatal problems (conditions that do not stop processing) are logged.
info: Messages that summarize major processing actions are logged.
trace: Messages that summarize minor processing actions are logged.
debug: Messages that summarize development and low-level I/O operations are logged.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Type of semaphore (lock) for SSL engine's mutual exclusion of operations that have to be synchronized between Oracle HTTP Server processes. Accepted values are:
none: Uses no mutex at all. Not recommended, because the mutex synchronizes the write access to the SSL session cache. If you do not configure a mutex, the session cache can become garbled.
file:path/to/mutex: Uses a file for locking. The process ID (PID) of the Oracle HTTP Server parent process is appended to the filename to ensure uniqueness. If the filename does not begin with a slash (/), it is assumed to be relative to ServerRoot. This setting is not available on Windows.
sem: Uses an operating system semaphore to synchronize writes. On UNIX, it would be a Sys V IPC semaphore; on Windows, it is a Windows Mutex. This is the best choice, if the operating system supports it.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Controls various runtime options on a per-directory basis. In general, if multiple options apply to a directory, the most comprehensive option is applied (options are not merged). However, if all of the options in an SSLOptions directive are preceded by a plus ('+') or minus ('-') symbol, then the options are merged. Options preceded by a plus are added to the options currently in force, and options preceded by a minus are removed from the options currently in force.
Accepted values are:
StdEnvVars: Creates the standard set of CGI/SSI environment variables that are related to SSL. This is disabled by default because the extraction operation uses a lot of CPU time and usually has no application when serving static content. Typically, you only enable this for CGI/SSI requests.
ExportCertData: Enables the following additional CGI/SSI variables:
SSL_SERVER_CERT
SSL_CLIENT_CERT
SSL_CLIENT_CERT_CHAIN_n (where n= 0, 1, 2...)
These variables contain the Privacy Enhanced Mail (PEM)-encoded X.509 certificates for the server and the client for the current HTTPS connection, and can be used by CGI scripts for deeper certificate checking. All other certificates of the client certificate chain are provided. This option is "Off" by default because there is a performance cost associated with using it.
SSL_CLIENT_CERT_CHAIN_n variables are in the following order: SSL_CLIENT_CERT_CHAIN_0 is the intermediate CA who signs SSL_CLIENT_CERT. SSL_CLIENT_CERT_CHAIN_1 is the intermediate CA who signs SSL_CLIENT_CERT_CHAIN_0, and so forth, with SSL_CLIENT_ROOT_CERT as the root CA.
FakeBasicAuth: Translates the subject distinguished name of the client X.509 certificate into an HTTP basic authorization user name. This means that the standard HTTP server authentication methods can be used for access control. Note that no password is obtained from the user; the string 'password' is substituted.
StrictRequire: Denies access when, according to SSLRequireSSL or directives, access should be forbidden. Without StrictRequire, it is possible for a 'Satisfy any' directive setting to override the SSLRequire or SSLRequireSSL directive, allowing access if the client passes the host restriction or supplies a valid user name and password.
Thus, the combination of SSLRequireSSL or SSLRequire with SSLOptions +StrictRequire gives mod_ossl the ability to override a 'Satisfy any' directive in all cases.
CompatEnvVars: Exports obsolete environment variables for backward compatibility to Apache SSL 1.x, mod_ssl 2.0.x, Sioux 1.0, and Stronghold 2.x. Use this to provide compatibility to existing CGI scripts.
OptRenegotiate: This enables optimized SSL connection renegotiation handling when SSL directives are used in a per-directory context.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Type of pass phrase dialog for wallet access. mod_ossl asks the administrator for a pass phrase in order to access the wallet. Accepted if values are:
builtin: when the server is started, mod_ossl prompts for a password for each wallet.
This cannot be used when Oracle HTTP Server is managed by OPMN. No user interaction is allowed when Oracle HTTP Server is started by OPMN.
exec:path/to/program - when the server is started, mod_ossl calls an external program configured for each wallet. This program is invoked with two arguments: servername:portnumber and RSA or DSA.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
Specifies SSL protocol(s) for mod_ossl to use when establishing the server environment. Clients can only connect with one of the specified protocols. Accepted values are:
SSLv2
SSLv3
TLSv1
All
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
Denies access unless an arbitrarily complex boolean expression is true.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
The expression must match the following syntax (given as a BNF grammar notation):
expr ::= "true" | "false"
"!" expr
expr "&&" expr
expr "||" expr
"(" expr ")"
comp ::=word "==" word | word "eq" word
word "!=" word |word "ne" word
word "<" word |word "lt" word
word "<=" word |word "le" word
word ">" word |word "gt" word
word ">=" word |word "ge" word
word "=~" regex
word "!~" regex
wordlist ::= word
wordlist "," word
word ::= digit
cstring
variable
function
digit ::= [0-9]+
cstring ::= "..."
variable ::= "%{varname}"
Table E-3 and Table E-4 list standard and SSL variables. These are valid values for varname.
function ::= funcname "(" funcargs ")"
For funcname, the following function is available:
file(filename)
The file function takes one string argument, the filename, and expands to the contents of the file. This is useful for evaluating the file's contents against a regular expression.
Table E-3 lists the standard variables for SSLRequire varname.
Table E-3 Standard Variables for SSLRequire Varname
| Standard Variables | Standard Variables | Standard Variables |
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Table E-4 lists the SSL variables for SSLRequire varname.
Table E-4 SSL Variables for SSLRequire Varname
| SSL Variables | SSL Variables | SSL Variables |
|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Denies access to clients not using SSL. This is a useful directive for absolute protection of a SSL-enabled virtual host or directories in which configuration errors could create security vulnerabilities.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
SSLRequireSSL |
|
Default |
None |
Specifies the global/interprocess session cache storage type. The cache provides an optional way to speed up parallel request processing. The accepted values are:
none: disables the global/interprocess session cache. Produces no impact on functionality, but makes a major difference in performance.
shmht:/path/to/datafile[bytes]: Uses a high-performance hash table (bytes specifies approximate size) inside a shared memory segment in RAM, which is established by the /path/to/datafile. This hash table synchronizes the local SSL memory caches of the server processes.
shmcb:/path/to/datafile[bytes]: Uses a high-performance Shared Memory Cyclic Buffer (SHMCB) session cache to synchronize the local SSL memory caches of the server processes. The performance of shmcb is more uniform in all environments when compared to shmht.
| Category | Value |
|---|---|
|
Syntax |
|
|
Examples |
|
|
Default |
|
Specifies the number of seconds before a SSL session in the session cache expires.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
300 |
Specifies whether or not a client must present a certificate when connecting. The accepted values are:
none: No client certificate is required
optional: Client may present a valid certificate
require: Client must present a valid certificate
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Note:
The level optional_no_ca included with mod_ssl (in which the client can present a valid certificate, but it need not be verifiable) is not supported in mod_ossl.
Specifies the location of the wallet with its WRL, specified as a filepath.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Note:
SSLWalletPassword has been deprecated. A warning message is generated in the Oracle HTTP Server log if this directive is used. For secure wallets, you should get a SSO wallet, with auto-login enabled, instead.
Specifies the Wallet password needed to access the wallet specified within the same context. You can choose either a cleartext wallet password or an obfuscated password. The obfuscated password is created with the command line tool iasobf. If you must use a regular wallet, Oracle recommends that you use the obfuscated password instead of a cleartext password. If no password is required do not set this directive.
Note:
If you are using a wallet created with the Auto Login feature of Oracle Wallet Manager, do not set this directive because these wallets do not require passwords.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
See Also:
"Using the iasobf Utility" on page 11-15
Note:
mod_osso is deprecated. You should use the Webgate plugin to achieve single sign on. For more information, see "Installing and Configuring Oracle HTTP Server 11g Webgate for OAM" in Oracle® Fusion Middleware Installation Guide for Oracle Identity Management.
mod_oddo accepts the following directives:
Specifies the path to osso.conf.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Specifies whether or not to enable cookie idle timeout.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
OFF |
Identifies which URLs OHS should ignore.
If ALL is specified, then all URLs are ignored.
If querystring is specified, URLs matching the query string are ignored.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
or
|
|
Default |
No URLs are ignored. |
When set to On, the directive enables a weak form of IP spoof checking. The incoming IP address is compared against the ClientIP header value.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
OFF |
Specifies whether or not to enable URI authentication for the location where it was set. When On, URI authentication is enabled.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
OFF |
Specifies whether or not to create a cookie for an application that protects itself via dynamic sso directives. When ON this cookie is created.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
OFF |
Specifies whether or not to enable redirect by form. When On, the redirect is enabled.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
OFF |
Specifies whether or not to enable secure cookies. When set to On, these cookies ar eenabled.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
ON |
For statically protected pages, this directive specifies whether or not the following headers are sent:
Pragma: no-cache
Cache-Control: no-store
Surrogate-Control: no-store
Expires: Thu, 01 Jan 1970 12:00:00 GMT
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
ON |
Specifies whether or not to set HTTPOnly in the cookies created by the module. If ON, HTTPOnly is set.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
ON |
The mod_plsql configuration parameters are described in these sections:
The following parameters are used with the plsql.conf file:
Enables Dynamic Monitoring Service (DMS) for the mod_plsql module.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
Enables debug level logging for the mod_plsql module. Debug level logging is meant to be used for debugging purposes only.
When logging is enabled, Oracle HTTP Server log files are typically created in the ORACLE_INSTANCE/diagnostics/logs/OHS/config/OHS/component_name directory. However, the location specified in PlsqlLogDirectory determines the final location.
This parameter should be set to Off unless recommended by Oracle support to debug problems with the mod_plsql module.
To view more details about the internal processing of the mod_plsql module, set this directive to On. This causes the mod_plsql module to start logging every request that is processed. The log files are generated as specified by the PlsqlLogDirectory directive.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
Specifies the directory where debug level logs are written.
Set the directory name of the location where log files should be generated when logging is enabled. To avoid possible confusion about the location of this directory, an absolute path is recommended.
On UNIX, this directory must have write permissions by the owner of the child httpd processes.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Specifies the time (in minutes) in which the idle database sessions should be closed and cleaned by the mod_plsql module.
This directive is used in conjunction with connection pooling of database connections and sessions in the mod_plsql module. When a session is not used for the specified amount of time, it is closed and freed. This is done so that unused sessions can be cleaned, and the memory is freed on the database side.
Setting this time to a low number helps in faster cleanup of unused database sessions. If this number is too low, then this may adversely affect the performance benefits of connection pooling in the mod_plsql module.
If the number of open database sessions is not a concern, you can increase the value of this parameter for best performance. In such a case, if the site is accessed frequently enough that the idle session cleanup interval is never reached for a session, then the DAD configuration parameter PlsqlMaxRequestsPerSession can be modified so that it is guaranteed that a pooled database session gets recycled on a regular basis.
For most installations, the default value is adequate.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
15 (minutes) |
The dads.conf file contains the configuration parameters for the PL/SQL database access descriptor. (See Table E-1 for the file location.) A DAD is a set of values that specifies how the mod_plsql module connects to a database server to fulfill a HTTP request.
The following parameters are used with the dads.conf file:
|
|
|
Specifies the procedure to be invoked after calling the requested procedure. This enables you to put a hook point after the requested procedure is called. This is useful in doing SQL*Traces/SQL Profiles while debugging a problem with the requested procedure. This is also useful when you want to ensure that a specific call is made after running every procedure.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Note:
This parameter should only be used for debugging purposes. In addition, you could use this parameter to stop SQL trace/SQL profiling.
Specifies whether the mod_plsql module should describe a procedure before trying to run it. If this is set to On, then the mod_plsql module will always describe a procedure before invoking it. Otherwise, the mod_plsql module will only describe a procedure when its internal heuristics have interpreted a parameter type incorrectly.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
Note:
This parameter should only be used for debugging purposes.
Specifies the authentication mode to use for allow access through the DAD. The accepted values for PlsqlAuthenticationMode are Basic, SingleSignOn, GlobalOwa, CustomOwa, PerPackageOwa.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
Basic is the default mode and determines whether or not to ask for username and password if they are not provided with PlsqlDatabaseUsername and PlsqlDatabasePassword. This setting is required for WebDB 2.x applications. If the DAD is not using the Basic authentication, then you must include a valid username/password in the DAD configuration.
SingleSignOn specifies that you want to use Single Sign-On server. This is required for DADs using Oracle9iAS Portal. As already stated the provided username and password need to be the one from your single signon server.
GlobalOwa, CustomOwa, and PerPackageOwa are used only by very few PL/SQL applications. Custom authentication enables applications to authenticate users within the application itself, not at the database level.
Authorization is performed by invoking a user-written authorization function. Custom authentication uses a static username/password that is stored in the DAD. It cannot be combined with dynamic username/password authentication. To enable custom authentication, set the level of authentication for PlsqlAuthenticationMode and implement the authorize function.
You should also be aware of the following:
If the DAD is not using the Basic authentication, then you must include a valid username/password in the DAD configuration. For the Basic mode, to perform dynamic authentication, the DAD username/password parameters must be omitted.
The SingleSignOn mode is supported only for Oracle Fusion Middleware releases, and is used by Oracle Portal and Oracle Single Sign-On. Most customer applications use Basic authentication. Custom authentication modes (GlobalOwa, CustomOwa, and PerPackageOwa) are used by very few PL/SQL applications.
Specifies the procedure to be invoked before calling the requested procedure. This enables you to put a hook point before the requested procedure is called. This is useful in doing SQL*Traces/SQL Profiles while debugging a problem with the requested procedure. This is also useful when you want to ensure that a specific call be made before running every procedure.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Note:
This parameter should only be used for debugging purposes. In addition, you could use this parameter to start SQL Trace/SQL Profiling.
Note:
This configuration property is rarely ever changed, and system defaults suffice in almost all cases.
Specifies the rounding size to use while binding the number of elements in a collection bind. While executing PL/SQL statements, the Oracle database maintains a cache of PL/SQL statements in the shared SQL area, and attempts to reuse the cached statement if the same statement is run again. Oracle's matching criteria requires that the statement texts be identical, and that the bind variable data types match. Unfortunately, the type match for strings is sensitive to the exact byte size specified, and for collection bindings is also sensitive to the number of elements in the collection. Since the mod_plsql module binds statements dynamically, the odds of hitting the shared cache are low, and it may fill up with near-duplicates and lead to contention for the latch on the shared area. This parameter reduces that effect by bucketing bind lengths to the nearest level.
All numbers specified should be in ascending order. After the last specified size, subsequent bucket sizes will be assumed to be twice the last one.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
4,20,100,400 |
This parameter is relevant only if you are using procedures with array parameters, and passing varying number of parameters to the procedure.
The default should be sufficient for most PL/SQL applications.
To see if this parameter needs to be changed, check the number of versions of a SQL statement in the SQL area.
After the higher configured value, mod_plsql starts auto-generating bucket sizes of larger values by doubling the last value, as needed. Therefore, after 400, the next bucket value becomes 800, then 1600, and so on.
Consider using flexible parameter passing to reduce the problem.
Note:
This configuration property is rarely ever changed, and system defaults suffice in almost all cases.
Specifies the rounding size to use while binding the number of elements in a collection bind. While executing PL/SQL statements, the Oracle database maintains a cache of PL/SQL statements in the shared SQL area, and attempts to reuse the cached statement if the same statement is run again. Oracle's matching criteria requires that the statement texts be identical, and that the bind variable data types match. Unfortunately, the type match for strings is sensitive to the exact byte size specified, and for collection bindings is also sensitive to the number of elements in the collection. Since the mod_plsql module binds statements dynamically, the odds of hitting the shared cache are low, and it may fill up with near-duplicates and lead to contention for the latch on the shared area. This parameter reduces that effect by bucketing bind widths to the nearest level.
All numbers specified should be in ascending order. After the last specified size, subsequent bucket sizes will be assumed to be twice the last one.
The last bucket width must be equal to or less than 4000. This is due to the restriction imposed by OCI where array bind widths cannot be greater than 4000.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
This parameter is relevant only if you are using procedures with array parameters, and passing varying number of parameters to the procedure.
The default should be sufficient for most PL/SQL applications.
To see if this parameter needs to be changed, check the number of versions of a SQL statement in the SQL area.
After the higher configured value, mod_plsql starts auto-generating bucket sizes of larger values by doubling the last value, as needed. Therefore, after 400, the next bucket value becomes 800, then 1600, and so on.
Consider using flexible parameter passing to reduce the problem.
Specifies overrides and additions of CGI environment variables to the default set of environment variables passed to a PL/SQL procedure. This is a multi-line directive of name-value pairs to be added, overridden or removed. You can only specify one environment variable for each directive.
You can add CGI environment variables from the Oracle HTTP Server environment by specifying the variable name. To remove a CGI environment variable, set it equal to blank. To add your own name-value pair, use the syntax myname=myvalue.
| Category | Value |
|---|---|
|
Syntax |
|
|
Default |
None |
|
Example |
|
Environment variables added here are available in the PL/SQL application through the function owa_util.get_cgi_env.
Specifies the timeout in milliseconds for testing a connection pool in the mod_plsql module.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
10000 (milliseconds) |
When PlsqlConnectionValidation is set to Automatic or AlwaysValidate, the mod_plsql module attempts to test pooled database connections. This parameter specifies the maximum time the mod_plsql module should wait for the test request to complete before it assumes that the connection is not usable.
Specifies the mechanism the mod_plsql module should use to detect terminated connections in its connection pool.
Note:
This configuration property is rarely ever changed, and system defaults suffice in almost all cases.
For performance reasons, the mod_plsql module pools database connections. If a database instance goes down, and the mod_plsql module was maintaining a pool of connections to the instance, then each pooled database connection results in an error when it is next used to service a request. This can be a concern in high availability configurations such as RAC where even if one node goes down, other nodes servicing the database might have been able to service the request successfully. The mod_plsql module provides for a mechanism whereby it can self-correct after it detects a failure that could be caused by a database node going down. This mechanism to self-correct is controlled by the parameter PlsqlConnectionValidation.
The following are the valid values for PlsqlConnectionValidation:
Automatic: The mod_plsql module tests all pooled database connections which were created prior to the detection of a failure that could mean an instance failure.
ThrowAwayOnFailure: The mod_plsql module throws away all pooled database connections which were created prior to the detection of a failure that could mean an instance failure.
AlwaysValidate: The mod_plsql module always tests all pooled database connections which were created prior to issuing a request. Since this option has an associated performance overhead for each request, this should be used with caution.
NeverValidate: The mod_plsql module never pings any pooled database connection.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
When the mod_plsql module encounters one of the following errors, it assumes that the database may have been down.
00443 — background process <string> did not start
00444 — background process <string> failed while starting
00445 — background process did not start after <x> seconds
00447 — fatal error in background processes
00448 — normal completion of background process
00449 — background process <string> unexpectedly terminated with error
00470 — LGWR process terminated with error
00471 — DBWR process terminated with error
00472 — PMON process terminated with error
00473 — ARCH process terminated with error
00474 — SMON process terminated with error
00475 — TRWR process terminated with error
00476 — RECO process terminated with error
00480 — LCK* process terminated with error
00481 — LMON process terminated with error
00482 — LMD* process terminated with error
00484 — LMS* process terminated with error
00485 — DIAG process terminated with error
01014 — ORACLE shutdown in progress
01033 — ORACLE initialization or shutdown in progress
01034 — ORACLE not available
01041 — internal error. hostdef extension doesn't exist
01077 — background process initialization failure
01089 — immediate shutdown in progress- no operations permitted
01090 — shutdown in progress- connection is not permitted
01091 — failure during startup force
01092 — ORACLE instance terminated. Disconnection forced
03106 — fatal two-task communication protocol error
03113 — end-of-file on communication channel
03114 — not connected to ORACLE
12570 — TNS: packet reader failure
12571 — TNS: packet writer failure
Specifies the connection to an Oracle database.
| Category | Value |
|---|---|
|
Syntax |
The string parameter depends on the second argument:
If the format argument is not specified, then the mod_plsql module assumes the string is either in the HOST:PORT:SID format, or resolvable by Net8. The differentiation between the two is made by the presence of the colon in the specified string. It is recommended that newer DADs do not use the |
|
Example |
|
|
Default |
None |
If the database is running in the same Oracle home, or the environment variable TWO_TASK is set, then this parameter need not be specified.
If the database is running in a separate Oracle home, then this parameter is mandatory.
If you have problems connecting to the database:
Check the username and password information in the DAD.
Make sure that you run tnsping db_connect_string, and commands such as:
sqlplus DADUsername/DADPassword@db_connect_string
Ensure that TNS_ADMIN is configured properly.
Verify that the HOST:PORT:SERVICE_NAME format works correctly.
Ensure that the TNS listener and database are up and running.
Ensure that you can ping the host from this machine.
From a the mod_plsql module perspective, TNSFormat and NetServiceNameFormat are synonymous and denote connect descriptors that are resolved by Net8. The TNSFormat is provided as a convenience so that end-users use this to signify that the name resolution happens through the local tnsnames.ora. For situations where the resolution is through an LDAP lookup as configured in sqlnet.ora, it is recommended that the format specifier of NetServiceNameFormat be used.
If your database supports high availability, for example, Oracle Real Application Clusters database, it is highly recommended that you use the NetServiceNameFormat such that the resolution for the net service name is through LDAP. This enables you to add or remove RAC nodes accessible through the mod_plsql module by changing Oracle Internet Directory with the new or deleted node information. In such situations, hard-coding database listener HOST:PORT information in dads.conf or in the local tnsnames.ora is not recommended.
Specifies the password to use to log in to the database.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
This is a mandatory parameter, except for a DAD that sets PlsqlAuthenticationMode to Basic and uses dynamic authentication.
For DADs using SingleSignOn authentication, this parameter uses the name of the schema owner.
After making manual configuration changes to DAD passwords, you should obfuscate the DAD passwords by running the dadTool.pl script, located in ORACLE_HOME/bin.
To obfuscate DAD passwords:
If necessary, change the user to the Oracle software owner user, typically oracle, using the following command:
$ su - oracle
Set the ORACLE_HOME environment variable to specify the path to the Oracle home directory for the current release, and set the PATH environment variable to include the directory containing the Perl executable and the location of the dadTool.pl script.
Bourne, Bash, or Korn shell:
$ ORACLE_HOME=new_ORACLE_HOME_path;export ORACLE_HOME $ PATH=ORACLE_HOME/bin:ORACLE_HOME/perl/bin:$PATH;export PATH
C or tcsh shell:
% setenv ORACLE_HOME new_ORACLE_HOME_PATH % setenv PATH ORACLE_HOME/bin:ORACLE_HOME/perl/bin:PATH
On Microsoft Windows, set the PATH and PERL5LIB environment variable:
set PATH=ORACLE_HOME\bin;ORACLE_HOME\perl\bin;%PATH% set PERL5LIB=ORACLE_HOME\perl\lib
On UNIX platforms, set the shared library path environment variable.
Include the ORACLE_HOME/lib or lib32 directory in your shared library path. Table E-5 shows the appropriate directory and environment variable for each platform.
Table E-5 Shared Library Path Environment Variable
| Platform | Environment Variable | Include Directory |
|---|---|---|
|
AIX Based Systems |
LIBPATH |
ORACLE_HOME/lib |
|
HP-UX PA-RISC |
SHLIB_PATH |
ORACLE_HOME/lib |
|
Solaris Operating System |
LD_LIBRARY_PATH |
ORACLE_HOME/lib32 |
|
Other UNIX platforms, including Linux and HP Tru64 UNIX |
LD_LIBRARY_PATH |
ORACLE_HOME/lib |
For example, on HP-UX PA-RISC systems, set the SHLIB_PATH environment to include the ORACLE_HOME/lib directory:
$SHLIB_PATH=$ORACLE_HOME/lib:$SHLIB_PATH;export SHLIB_PATH
Change directory to the mod_plsql configuration directory for the current release of Oracle HTTP Server:
cd ORACLE_HOME/bin
Invoke the following Perl script to obfuscate DAD password:
perl dadTool.pl -f dadfilename
where dadfilename is the filename for dads.conf, which includes the full path to the DAD file.
For example:
perl dadTool.pl -f /u01/app/oracle/as11gr1/ORACLE_INSTANCE/config/OHS/component_name/mod_plsql/dads.conf
Specifies the username to use to log in to the database.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
This is a mandatory parameter, except for a DAD that sets PlsqlAuthenticationMode to Basic and uses dynamic authentication.
For DADs using SingleSignOn authentication, this parameter is the name of the schema owner.
Specifies the default procedure to call if none is specified in the URL.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
You can also use Oracle HTTP Server Rewrite rules to achieve the same effect as you get by setting this configuration parameter.
Specifies a virtual path in the URL that initiates document download from the document table. For example, if this parameter is set to docs, then the following URLs will start the document downloading process for URLs of the format:
/pls/dad/docs /pls/plsqlapp/docs
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
Omit this parameter for applications that do not perform document uploads or downloads.
Specifies the procedure to call when a document download is initiated. This procedure is called to process the download.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Omit this parameter for applications that do not perform document uploads or downloads.
Specifies the table in the database to which all documents are uploaded.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Omit this parameter for applications that do not perform document uploads or downloads.
Specifies the error reporting mode for mod_plsql errors.
Specifies a pattern for procedures, packages, or schema names which are forbidden to be directly run from a browser. This is a multi-line directive in which each pattern is on a separate line. The pattern is not case sensitive and can accept a wildcard such as an asterisk (*). The default patterns disallowed from direct URL access are as follows:
sys.*
dbms_*
utl_*
owa_util*
owa.*
htp.*
htf.*
wpg_docload.*
Setting this directive to #NONE# will disable all protection. This is strongly discouraged for an active site and should not be done. It may be used for debugging purposes.
If this parameter is overridden, the defaults still apply, which means that you do not have to explicitly add the default list to the list of excluded patterns.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
will disallow access to URLs which contain one of:
will disable all protection. Its use is strongly discouraged for an active site. |
|
Default |
sys.* dbms_* utl_* owa_util* owa.* htp.* htf.* wpg_docload.* |
In addition to the patterns specified with this parameter, the mod_plsql module disallows any procedure name which contains the following special characters:
tabs
new lines
carriage-return
single quotation mark
reverse slash
form feed
left parenthesis
right parenthesis
space
This cannot be changed.
Specifies the number of rows of content to fetch from the database for each trip, using either owa_util.get_page or owa_util.get_page_raw.
By default, the mod_plsql module attempts to fetch 200 response lines of output where each line is of 255 bytes. In situations where the response bytes are single-bytes, the response buffer is populated to the maximum and can pack 255*200=51000 bytes for each round trip. For responses containing multi-byte data, the byte packing for each row could be less than ideal resulting in lesser bytes getting transferred for each round trip. If your application generates large pages frequently and the response does not fit in one round trip, then consider setting this parameter higher. The memory usage for the mod_plsql module will increase.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
200 |
This parameter is changed only for performance reasons. The minimum value for this parameter is 28, but it is seldom reduced.
Change this parameter only under the following circumstances:
The average response page is large and you want to reduce the number of round-trips the mod_plsql module makes to the database to fetch the response.
The character set in use is multi-byte, and you want to compensate for the problem of get_page or get_page_raw fetching fewer bytes for each row. Calculations in the PL/SQL Web ToolKit are character-based and in the case of multi-byte characters, OWA packages assume a worst-case character byte size and do not attempt to pack each row to its maximum.
Specifies what mode the mod_plsql module should use to do extra performance logging.
InfoDebug mode: This logs more information to the Apache's error_log. This is used in conjunction with Apache's info logging level. If the Apache's logging level is not at least set to this high, this setting will be ignored.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
Empty |
The logging setting is useful for debugging problems in your PL/SQL application.
Specifies the maximum number of requests a pooled database connection should service before it is closed and re-opened.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
1000 |
This parameter helps relieve memory and resource problems that may occur due to prolonged session reuse by a PL/SQL application.
This parameter should not need to be changed. The default is sufficient in most cases.
Setting this parameter to a low number can degrade performance. A case for a lower value might be an infrequently-used DAD whose performance is not a concern, and for which limiting the number of requests provides some benefit.
Specifies the NLS_LANG variable for this DAD. This parameter overrides the NLS_LANG environment variable. When this parameter is set, the PL/SQL Gateway uses the specified NLS_LANG to connect to the database. Once connected, an alter session command is issued to switch to the specified language and territory. If the middle tier character set matches that of the database, then no alter session call is issued by the mod_plsql module.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
Most applications have PlsqlTransferMode set to CHAR which means that the character set in PlsqlNLSLanguage needs to match the character set of the database. In one special case, where the database and the mod_plsql module are both using fixed-size character sets, and the character set width matches, the character set can be different. The response character set is always the mod_plsql module character set.
If PlsqlTransferMode is set to RAW, then this parameter can be ignored.
Specifies a virtual path alias to map to a procedure call. This is application-specific. This directive is used with PlsqlPathAliasProcedure.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
For applications that do not use path aliasing, this parameter may be omitted.
Specifies the procedure to call when the virtual path in the URL matches the path alias as configured by PlsqlPathAlias.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
For applications that do not use path aliasing, this parameter may be omitted.
Specifies an application-defined PL/SQL function which gives you the opportunity to allow and disallow further processing of the requested procedure. This is useful in implementing tight security for your PL/SQL application by blocking out package and procedure calls that should not be allowed to run from a DAD.
The function defined by this parameter must have the following prototype:
boolean function_name (procedure_name IN varchar2)
The procedure_name parameter will contain the name of the procedure that the request is trying to run.
For example, if all the PL/SQL application procedures callable from a browser are inside the package mypkg, then an implementation of this function can be as follows:
boolean my_validation_check (procedure_name varchar2)
is
begin
if (upper (procedure_name) like upper ('myschema.mypkg%')) then
return TRUE
else
return FALSE
end if;
end;
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
none |
By default, the mod_plsql module already disallows direct URL access to certain schemas and packages. For more information, refer to PlsqlExclusionList.
It is highly recommended that you provide an implementation for this function such that it only allows requests that belong to your application, and are callable from a browser.
Since this function will be called for every request, be sure to make this function as optimized as possible. Suggested recommendations are:
Name your PL/SQL packages in a fashion such that the implementation of this function can be similar to the previous example.
If your implementation performs a table lookup to determine what packages and procedures should be allowed, then performance can be improved if you pin the cursor in the shared pool.
Specifies the cookie name when PlsqlAuthenticationMode is set to SingleSignOn. This parameter is supported only for Oracle Fusion Middleware releases, and is used by Oracle Portal and Oracle Single Sign-On.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
Same as DAD name |
For DADs not using SingleSignOn authentication, this parameter can be omitted. In most other cases, the session cookie name should be omitted (and this parameter automatically defaults to the DAD name).
A session cookie name must be specified only for Oracle Portal instances that need to participate in a distributed Oracle Portal environment. For those Oracle Portal nodes you want to seamlessly participate as a federated cluster, ensure that the session cookie name for all the participating nodes is the same.
Independent Oracle Portal nodes need to use distinct session cookie names.
Specifies how package and session state should be cleaned up at the end of each the mod_plsql request.
StatelessWithResetPackageState causes the mod_plsql module to call dbms_session.reset_package_state at the end of each mod_plsql request. This is the default.
StatelessWithPreservePackageState causes the mod_plsql module to call htp.init at the end of each mod_plsql request. This cleans up the state of session variables in the PL/SQL Web ToolKit. The PL/SQL application is responsible for cleaning up its own session state. Failure to do so causes erratic behavior, in which a request starts recognizing or manipulating state modified in previous requests.
StatelessWithFastResetPackageState causes the mod_plsql module to call dbms_session.modify_package_state(dbms_session.reinitialize) at the end of each mod_plsql request. This API is faster than the mode of StatelessWithResetPackageState, and avoids some latch contention issues, but exists only in Oracle database releases 8.1.7.2 and later. This mode uses slightly more memory than the default mode.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
The earlier values of stateful=no or stateful=STATELESS_RESET corresponds to StatelessWithResetPackageState.
The earlier value of stateful=STATELESS_FAST_RESET corresponds to StatelessWithFastResetPackageState.
The earlier value of stateful=STATELESS_PRESERVE corresponds to StatelessWithPreservePackageState.
The mod_plsql module does not support stateful mode of operation. To allow PL/SQL applications stateful behavior, save the state in cookies and/or in the database.
Specifies the transfer mode for data from the database back to the mod_plsql module. Most applications use the default value of CHAR.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
This parameter only needs to be changed to enable sending back responses in different character sets from the same DAD. In such a case, the CHAR mode is useless, since it always converts the response data from the database character set to the mod_plsql character set.
Specifies the file extensions to be uploaded as LONGRAW data type, as opposed to using the default BLOB data type. The default can be overridden by specifying multi-line directives of file extensions for field. A value of asterisk (*) in this field causes all documents to be uploaded as LONGRAW.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
None |
For applications that do not upload or download documents, this parameter may be omitted.
The cache.conf file contains the configuration settings for the file system caching functionality implemented in the mod_plsql module. This configuration file is relevant only if PL/SQL applications use the OWA_CACHE package to cache dynamically generated content in the file system.
The following parameters are specified in the cache.conf file:
Specifies the time to start the cleanup of the cache storage.
This setting defines the exact day and time in which cleanup should occur. The frequency can be set as daily, weekly, and monthly.
To define daily frequency, the keyword Everyday is used. The cleanup starts every day at the time defined. For example, Everyday 2:00 causes the cleanup to happen everyday at 2:00 a.m. (local time).
To define weekly frequency, the days of the week, (Sunday, Monday, Tuesday, Wednesday, Thursday, Friday, Saturday) are used. For example, Wednesday 15:30 causes the cleanup to happen every Wednesday at 3:30 p.m. (local time).
To define monthly frequency, the keyword Everymonth is used. The cleanup starts on the Saturday of the month at the time defined. For example, Saturday Everymonth 23:00 causes the cleanup to happen the first Saturday of every month at 11:00 p.m. (local time).
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
Saturday 23:00 |
Specifies the directory where cache files are written out by the mod_plsql module. This directory must exist or Oracle HTTP Server will not start.
On UNIX, this directory must have write permissions by the owner of the child httpd processes.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
none |
Enables mod_plsql caching.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
|
If an application does not make use of the OWA_CACHE package in the PL/SQL Web Toolkit, then you can choose to disable caching. In such situations, there will be a minor performance benefit.
Specifies the maximum time, in days, a cache file can reside in a file system cache, after which the cached file will be removed for cache maintenance.
This setting is to ensure that the cache system does not contain old content. This setting removes old cache files and makes space for new ones.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
30 (days) |
Specifies the maximum possible size of a cache file.
This setting prevents the case in which one file can fill up the entire cache. In general, it is recommended that this be set to about 1-3 percent of the total cache size, which is specified by PlsqlCacheTotalSize.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
1048576 |
Specifies the total size of the cache directory. The default is 20 MB.
This setting limits the amount of space the cache is allowed to use. Both PL/SQL cache and Session Cookie cache share this cache space. This setting is not a hard limit. It might exceed the limit temporarily during normal processing. This is normal behavior.
The cleanup algorithm uses this setting to determine how much to reduce the cache files. Therefore, the real space limit is the physical storage's available size.
This parameter takes bytes as values:
1 megabytes = 1048576 bytes
10 megabytes = 10485760 bytes
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
20971520 (bytes) |
mod_wl_ohs accepts the following directives:
Note:
mod_wl_ohs directives are the same as those accepted by mod_wl.
Interval in seconds that the plug-in should sleep between attempts to connect to the WebLogic Server host (or all of the servers in a cluster). Make this number less than the ConnectTimeoutSecs. The number of times the plug-in tries to connect before returning an HTTP 503/Service Unavailable response to the client is calculated by dividing ConnectTimeoutSecs by ConnectRetrySecs. To specify no retries, set ConnectRetrySecs equal to ConnectTimeoutSecs. However, the plug-in attempts to connect at least twice.You can customize the error response by using the ErrorPage directive.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
2 |
Maximum time in seconds that the plug-in should attempt to connect to the WebLogic Server host. Make the value greater than ConnectRetrySecs. If ConnectTimeoutSecs expires without a successful connection, even after the appropriate retries (see ConnectRetrySecs), an HTTP 503/Service Unavailable response is sent to the client. You can customize the error response by using the ErrorPage directive.
| Category | Value |
|---|---|
|
Syntax |
ConnectTimeoutSecs secs |
|
Example |
ConnectTimeoutSecs 120 |
|
Default |
10 |
Sets the type of logging performed for debugging operations. The debugging information is written to the /tmp/wlproxy.log file on UNIX systems and c:\TEMP\wlproxy.log on Windows NT/2000 systems.
Override this location and filename by setting the WLLogFile parameter to a different directory and file. (See the WLTempDir parameter for an additional way to change this location.)
Ensure that the tmp or TEMP directory has write permission assigned to the user who is logged in to the server. Set any of the following logging options (HFC,HTW,HFW, and HTC options may be set in combination by entering them separated by commas, for example “HFC,HTW”):
ON - The plug-in logs informational and error messages.
OFF - No debugging information is logged.
HFC - The plug-in logs headers from the client, informational, and error messages.
HTW - The plug-in logs headers sent to WebLogic Server, and informational and error messages.
HFW - The plug-in logs headers sent from WebLogic Server, and informational and error messages.
HTC - The plug-in logs headers sent to the client, informational messages, and error messages.
ERR - Prints only the Error messages in the plug-in.
ALL - The plug-in logs headers sent to and from the client, headers sent to and from WebLogic Server, information messages, and error messages.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
OFF |
Enables the special query parameter “__WebLogicBridgeConfig”. Use it to get details about configuration parameters from the plug-in.For example, if you enable “__WebLogicBridgeConfig” by setting DebugConfigInfo and then send a request that includes the query string ?__WebLogicBridgeConfig, then the plug-in gathers the configuration information and run-time statistics and returns the information to the browser. The plug-in does not connect to WebLogic Server in this case. This parameter is strictly for debugging and the format of the output message can change with releases. For security purposes, keep this parameter turned OFF in production systems.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
OFF |
Sets the default welcome page of the Web Application in WebLogic Server to which requests are being proxied.
If the URI is “/” then the plug-in performs the following steps:
Trims the path specified with the PathTrim parameter.
Appends the value of DefaultFileName.
Prepends the value specified with PathPrepend.
This procedure prevents redirects from WebLogic Server. For example, If the DefaultFileName is set to welcome.html, an HTTP request like “http://somehost/weblogic” becomes “http://somehost/weblogic/welcome.html”. For this parameter to function, the same file must be specified as a welcome file in all the Web Applications to which requests are directed. For more information, see Configuring Welcome Pages.
Apache users:
If you are using Stronghold or Raven versions, define this parameter inside of a Location block, and not in an IfModule block. Oracle
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
none |
When set to OFF, the plug-in ignores the dynamic cluster list used for load balancing requests proxied from the plug-in and only uses the static list specified with the WebLogicCluster parameter. Normally this parameter should remain set to ON.
There are some implications for setting this parameter to OFF:
If one or more servers in the static list fails, the plug-in could waste time trying to connect to a dead server, resulting in decreased performance.
If you add a new server to the cluster, the plug-in cannot proxy requests to the new server unless you redefine this parameter. WebLogic Server automatically adds new servers to the dynamic server list when they become part of the cluster.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
ON |
Sets the error page that appears whenever your Web server is unable to forward requests to WebLogic Server. You can create your own error page. The plug-in redirects to an error page when the back-end server returns an HTTP 503/Service Unavailable response and there are no servers for failover.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
none |
Specifies whether or not file caching is enabled. When set to ON, and the size of the POST data in a request is greater than 2048 bytes, the POST data is first read into a temporary file on disk and then forwarded to the WebLogic Server in chunks of 8192 bytes. This preserves the POST data during failover, allowing all necessary data to be repeated to the secondary if the primary goes down.
Note that when FileCaching is ON, any client that tracks the progress of the POST will see that the transfer has completed even though the data is still being transferred between the WebServer and WebLogic. So, if you want the progress bar displayed by a browser during the upload to reflect when the data is actually available on the WebLogic Server, you might not want to have FileCaching ON.
When set to OFF and the size of the POST data in a request is greater than 2048 bytes, the reading of the POST data is postponed until a WebLogic Server cluster member is identified to serve the request. Then the plug-in reads and immediately sends the POST data to the WebLogic Server in chunks of 8192 bytes.
Note that turning FileCaching OFF limits failover. If the WebLogic Server primary server goes down while processing the request, the POST data already sent to the primary cannot be repeated to the secondary.
Finally, regardless of how FileCaching is set, if the size of the POST data is 2048 bytes or less the plug-in will read the data into memory and use it if needed during failover to repeat to the secondary.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
ON |
Specifies whether or not plug-ins fail over.
When set to ON and if the servers do not respond within WLIOTimeoutSecs, the plug-ins fail over if the method is idempotent.
The plug-ins also fail over if Idempotent is set to ON and the servers respond with an error such as READ_ERROR_FROM_SERVER.
If set to OFF the plug-ins do not fail over. If you are using the Apache HTTP Server you can set this parameter differently for different URLs or MIME types.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
ON |
Enables pooling of connections between the plug-in and WebLogic Server.
If you are using Apache prefork mpm, Apache web server might crash. Turn KeepAliveEnabled to OFF when using prefork mpm or use worker mpm in Apache.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
ON(TRUE) |
Specifies how long to maintain an inactive connection between the plug-in and WebLogic Server. Once the time set here has elapsed, the connection is closed. You must set KeepAliveEnabled to true (ON when using the Apache HTTP Server) for this parameter to be effective.
The value of this parameter must be less than or equal to the value of the Duration field set in the Administration Console on the Server/HTTP tab, or the value set on the server Mbean with the KeepAliveSecs attribute.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
20 |
Specifies the filename pattern to use when proxying. This directive is entered inside of an IfModule block. For example, if you wanted to proxy by MIME type, you would use MatchExpression as shown here:
<IfModule weblogic_module>
MatchExpression *.jsp
WebLogicHost=myHost|paramName=value
</IfModule>
Or, if you wanted to proxy by path, you would use MatchExpression like this:
<IfModule weblogic_module>
MatchExpression /weblogic
WebLogicHost=myHost|paramName=value
</IfModule>
You can define a new parameter for MatchExpression by using the following syntax:
MatchExpression *.jsp PathPrepend=/test PathTrim=/foo
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
none |
Maximum allowable size of POST data, in bytes. If the content-length exceeds MaxPostSize, the plug-in returns an error message. If set to -1, the size of POST data is not checked. This is useful for preventing denial-of-service attacks that attempt to overload the server with POST data.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
-1 |
If a WebLogic Server listed in either the WebLogicCluster parameter or a dynamic cluster list returned from WebLogic Server fails, the failed server is marked as “bad” and the plug-in attempts to connect to the next server in the list.
MaxSkipTime sets the amount of time after which the plug-in will retry the server marked as “bad.” The plug-in attempts to connect to a new server in the list each time a unique request is received (that is, a request without a cookie).
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
10 |
Specifies the path that the plug-in prepends to the {PATH} portion of the original URL, after PathTrim is trimmed and before the request is forwarded to WebLogic Server.Note that if you need to append File Name, use DefaultFileName parameter instead of PathPrepend.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
null |
PathTrim specifies the string trimmed by the plug-in from the {PATH}/{FILENAME} portion of the original URL, before the request is forwarded to WebLogic Server. For example, if the URLhttp://myWeb.server.com/weblogic/foois passed to the plug-in for parsing and if PathTrim has been set to strip off /weblogic before handing the URL to WebLogic Server, the URL forwarded to WebLogic Server is: http://myWeb.server.com:7001/fooNote that if you are newly converting an existing third-party server to proxy requests to WebLogic Server using the plug-in, you will need to change application paths to /foo to include weblogic/foo. You can use PathTrim and PathPrepend in combination to change this path.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
null |
When set to ON, specifies that the Apache HTTP Server use
(request_rec *)r->the_ request
to pass the query string to WebLogic Server. (For more information, see the Apache documentation.) This behavior is useful when a Netscape version 4.x browser makes requests that contain spaces in the query string
When set to OFF, the Apache HTTP Server uses (request_rec *)r->args to pass the query string to WebLogic Server.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
OFF |
Specifies the list of WebLogic Servers that can be used for load balancing. The server or cluster list is a list of host:port entries. If a mixed set of clusters and single servers is specified, the dynamic list returned for this parameter will return only the clustered servers. This derivative is required to proxy a list of clustered back-end servers or to perform load balancing among non-clustered managed server instances.
If you are using SSL between the plug-in and WebLogic Server, set the port number to the SSL listen port and set the SecureProxy parameter to ON.
The plug-in does a simple round-robin between all available servers. The server list specified in this property is a starting point for the dynamic server list that the server and plug-in maintain. WebLogic Server and the plug-in work together to update the server list automatically with new, failed, and recovered cluster members.
You can disable the use of the dynamic cluster list by setting the DynamicServerList parameter to OFF.
The plug-in directs HTTP requests containing a cookie, URL-encoded session, or a session stored in the POST data to the server in the cluster that originally created the cookie.
| Category | Value |
|---|---|
|
Syntax |
The syntax for specifying the value of this parameter varies depending on the web server for which you are configuring the plug-in, as described in Using Web Server 1.1 Plug-Ins with Oracle WebLogic Server. For more information, see the following: |
|
Example |
|
|
Default |
none |
Specifies the WebLogic Server host (or virtual host name as defined in WebLogic Server) to which HTTP requests should be forwarded. If you are using a WebLogic cluster, use the WebLogicCluster parameter instead of WebLogicHost. This directive is required when proxying to a single WebLogic Server.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
none |
Specifies the port at which the WebLogic Server host is listening for connection requests from the plug-in (or from other servers). This directive is required when proxying to a single WebLogic Server.
If you are using SSL between the plug-in and WebLogic Server, set this parameter to the SSL listen port and set the SecureProxy parameter to ON.
If you are using a WebLogic Cluster, use the WebLogicCluster parameter instead of WebLogicPort.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
none |
Selects the SSL protocol version to use for communication between the plug-in and the WebLogic Server. The following values are accepted:
SSLv3 : Uses SSL v3
TLSv1 : Uses TLS v1
The SSL protocol version chosen is used for all the connections from the plug-in to WebLogic Server. Hence define this parameter at the global scope.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
If not configured, the best protocol supported by both the plug-in and WebLogic Server is used. |
Note:
WLCookieName replaces CookieName, which is deprecated.
If you change the name of the WebLogic Server session cookie in the WebLogic Server Web application, you need to change the this parameter in the plug-in to the same value. The name of the WebLogic session cookie is set in the WebLogic-specific deployment descriptor, in the <session-descriptor> element.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
WLCookieName |
|
Default |
JSESSIONID |
If defined in the proxy configuration, this directive specifies the interval duration, in seconds, at which WebLogic Server refreshes DNS name to IP mapping for a server. This can be used in the event that a WebLogic Server instance is migrated to a different IP address, but the DNS name for that server's IP remains the same. In this case, at the specified refresh interval the bi-directional DNS-to-IP mapping will be updated.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
WLDNSRefreshInterval 10 |
|
Default |
Lookup once, during startup |
This parameter allows you exclude certain requests from proxying. This parameter can be defined locally at the Location tag level as well as globally. When the property is defined locally, it does not override the global property but defines a union of the two parameters.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
WLExcludePathOrMimeType |
|
Default |
none |
When set to ON, the WLS plug-in will forward the original URI from the client to WebLogic Server. When set to OFF (default), the URI sent to WebLogic Server is subject to modification by mod_rewrite or other web server plug-in modules.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
OFF |
Note:
WLIOTimeoutSecs is the new name for HungServerRecoverSecs.
Defines the amount of time the plug-in waits for a response to a request from WebLogic Server. The plug-in waits for WLIOTimeoutSecs for the server to respond and then declares that server dead, and fails over to the next server. The value should be set to a very large value. If the value is less than the time the servlets take to process, then you may see unexpected results.
Minimum value: 10
Maximum value: Unlimited
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
300 |
Defines the IP address (on the plug-in's system) to which to bind when the plug-in connects to a WebLogic Server instance running on a multihomed machine.
If WLLocalIP is not set, the TCP/IP stack will choose the source IP address.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
none |
Specifies path and file name for the log file that is generated when the Debug parameter is set to ON. You must create this directory before setting this parameter.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
If you have a chained proxy setup, where a proxy plug-in or HttpClusterServlet is running behind some other proxy or load balancer, you must explicitly enable the WLProxyPassThrough parameter. This parameter allows the header to be passed through the chain of proxies.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
OFF |
Specifies whether or not to maintain SSL communication between the plug-in and WebLogic Server when the following conditions exist:
An HTTP client request specifies the HTTPS protocol.
The request is passed through one or more proxy servers (including the WebLogic Server proxy plug-ins).
The connection between the plug-in and WebLogic Server uses the HTTP protocol.
When WLProxySSL is set to ON, the location header returned to the client from WebLogic Server specifies the HTTPS protocol.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
OFF |
If a load balancer or other software deployed in front of the web server and plug-in is the SSL termination point, and that product sets the WL-Proxy-SSL request header to true or false based on whether or not the client connected to it over SSL, set WLProxySSLPassThrough to ON so that the use of SSL is passed on to the Oracle WebLogic Server.
If the SSL termination point is in the web server where the plug-in operates, or the load balancer does not set WL-Proxy-SSL, set WLProxySSLPassThrough to OFF (default).
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
OFF |
Specifies whether or not a 503 error response from Oracle WebLogic Server triggers a failover to another server. Normally, the plug-in will attempt to failover to another server when a 503 error response is received. When WLServerInitiatedFailover is set to OFF, the 503 error response will be returned to the client immediately.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
ON |
Sets the timeout, in seconds, for the socket while connecting. See ConnectTimeoutSecs and ConnectRetrySecs for additional details. This value must be greater than 0
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
2 |
This is an alternative to the SetHandler weblogic-handler mechanism of identifying requests to be forwarded to Oracle WebLogic Server. For example,
<Location /weblogic>
WLSRequest ON
PathTrim /weblogic
</Location>
The use of WLSRequest ON instead of SetHandler weblogic-handler has the following advantages:
Lower web server processing overhead in general
Resolves substantial performance degradation when the web server DocumentRoot is on a slow file system
Resolves 403 errors for URIs which cannot be mapped to the file system due to the file system length restrictions
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
OFF |
Specifies:
The directory where a wlproxy.log will be created. If the location fails, the Plug-In resorts to creating the log file under C:/temp in Windows and /tmp in all Unix platforms.
The location of the _wl_proxy directory for POST data files.
When both WLTempDir and WLLogFile are set, WLLogFile will override as to the location of wlproxy.log. WLTempDir will still determine the location of _wl_proxy directory.
| Category | Value |
|---|---|
|
Syntax |
|
|
Example |
|
|
Default |
See the Debug parameter . |