31.3 About Access Manager with Apache and IHS v2 Webgates

Access Manager provides components for Apache v2 Web servers and the IBM HTTP Server in addition to the Oracle HTTP Server. The IBM HTTP Server (IHS2) is a variation of Apache v2.

Unless otherwise stated, the following information applies to the following components:

  • Apache v2.0.5.2 Webgate

  • Apache v2.0.48 Webgate, including reverse proxy if you choose to activate this capability.

  • Apache v2.0.47 Webgate for the IBM HTTP Server (IHS2) powered by Apache, including reverse proxy if you choose to activate this capability.


For the latest Access Manager certification information, see:


Each platform-specific installation package supports both plain and SSL-capable Apache modes. The number 2 in a file name indicates that this component is based on Apache v2. For example:

AIX: Oracle_Access_Manager10_1_4_3_0_power-aix_IHS2_Webgate

Linux: Oracle_Access_Manager10_1_4_3_0_ linux_Apache2_Webgate

Solaris: Oracle_Access_Manager10_1_4_3_0_sparc-s2_Apache2_Webgate

Windows: Oracle_Access_Manager10_1_4_3_0_Win32_APACHE2_Webgate

Earlier Access Manager releases included separate platform-specific installation packages for plain versus SSL-capable modes. For example, two Webgate files were provided for each platform: the APACHE_Webgate, and the APACHESSL_Webgate.

There have been no functional changes to Access Manager components to support these Web servers. Access Manager authentication occurs through the Webgate using HTTP basic, form, or SSL client certificates. Authorization for Web resources by authenticated users, as well as simple and multi-domain SSO with other Web servers or applications, also occurs through the Webgate.

31.3.1 About the Apache HTTP Server

The Apache HTTP Server is an open-source HTTP Web server project of the Apache Software Foundation. The project goal is to provide a secure, efficient and extensible server and HTTP services that meet current HTTP standards.

For more information, see "About Apache v2 Architecture and Access Manager".

31.3.2 About the IBM HTTP Server

The IBM HTTP Server (IHS) is a variation of Apache v2. Portions of the IBM HTTP Server are based on software developed by The Apache Group. The IBM HTTP Server component also includes software developed by the OpenSSL Project and software developed by Eric Young.

Details about the Apache architecture and Access Manager, discussed in "About Apache v2 Architecture and Access Manager", apply to IHS with the following exceptions:

  • Previous versions of IHS required a separate IDS Client to use the mod_ibm_ldap module. With IHS powered by Apache v2.0.47, this is not a requirement.

  • IHS v2.0.47 supports FIPS 140-2. FIPS support is disabled by default. To enable FIPS support, just add the SSLFIPSEnable directive to the httpd.conf file. Similarly, use SSLFIPSDisable directive to disable FIPS support.

  • On AIX, ensure that the appropriate runtime library is installed before you install IHS v2.0.47.

For example, on AIX 5.1, the xlC.rte 6.0 runtime library (for example, xlC.rte. must be installed before you install IHS v2.0.47. This library is required on AIX to install and use SSL with IHS v2. You can download this library from the following Web site:


31.3.3 About the Apache and IBM HTTP Reverse Proxy Server

A reverse proxy appears like an ordinary Web server.

Typically, a reverse proxy is used in the following situations:

  • To provide Internet users with access to a server behind a firewall

  • To balance the load among several back-end servers, or to provide caching for a slower back-end server

  • To bring several servers into the same URL space

The proxy_module implements a proxy/gateway for Apache and IHS powered by Apache. Appearing like an ordinary Web server, a reverse proxy does not require the client have any special configuration. The client makes requests as usual for content in the name-space of the reverse proxy. It is the reverse proxy that decides where those requests are sent. Content is returned as if the reverse proxy was the origin.


The proxy_module can be used to implement a proxy capability for FTP, CONNECT (for SSL), HTTP/0.9, HTTP/1.0, and HTTP/1.1. However, only the reverse proxy capability is supported with the Webgate.

See "Requirements for Apache v2 Web Servers".