3 Elements in server.xml

This chapter describes the elements in the server.xml file in alphabetical order.

List of Elements

This section describes the elements in the server.xml file in alphabetical order.


The access-log element configures the settings for the access log. This element can appear zero or more times within the server element and zero or more times within the virtual-server element. See server and virtual-server.

Table 3-1 describes the subelements of access-log.

Table 3-1 access-log Subelements

Element Occurrences Description


0 or 1

Specifies whether the server writes to this access log. Default Value: true.


0 or 1

The name that uniquely identifies the access log. If you specify a name, the server does not automatically write to this access log. Instead, you explicitly configure this access log in an obj.conf AddLog directive.



The file name of the access log. If a relative path is used, it is relative to the server's config directory, for example, ../logs/access.log.


0 or 1

The format of the access log entries. The default format is an extended custom log format. For more information about access log format, see Using the Custom Access-Log File Format.

Related Topics


The access-log-buffer element configures the settings for access log buffering subsystem. This element can appear zero or one time within the server element. For more information, see server.

Table 3-2 describes the subelements of access-log-buffer.

Table 3-2 access-log-buffer Subelements

Element Occurrences Description


0 or 1

Specifies if the file system cache access log writes. Default value: false. It indicates that the file system write to a cache. Setting the value to true indicates that the file system should not to write to a cache. The setting is purely advisory; either the server or the operating system may choose to ignore it.


0 or 1

Specifies whether the server buffers the access log entries. Default value: true.


0 or 1

The size (in bytes) of individual access log buffers. The value can be from 4096 to 1048576. Default value: 8192.



Specifies the maximum number of access-log buffers per server. Values: 1 to 65536. Default value: 1000.


0 or 1

Specifies the maximum number of access-log buffers per access-log file. Values: 1 to 128.


0 or 1

The maximum time (in seconds) to buffer a given access log entry. The value can be from 0.001 to 3600. Default value: 1.

Related Topics


The cert element uniquely identifies a certificate. This element can appear zero or more times within the ssl element. See ssl.

Table 3-3 describes the subelements of cert.

Table 3-3 cert Subelements

Element Occurrences Description



Required. Subject name of the certificate.


0 or 1

This optional field can be specified in order to disambiguate between multiple certificates with the same subject name. This field is specified in hexadecimal and is not case-sensitive. The 0x prefix is optional.


0 or 1

This optional field can be specified in order to disambiguate between multiple certificates with the same subject name.


The crl element uniquely identifies a certificate revocation list (CRL). This element can appear zero or one time within the server element. See server.

Table 3-4 describes the subelements of crl.

Table 3-4 crl Subelements

Element Occurrences Description


0 or 1

Defines whether CRLs should be applied while verifying SSL certificates. Default value: true.


0 or 1

Specifies the path to a directory where CRLs are stored. Defaults to 'crl 'sub-directory under the config directory of the instance.


0 or 1

Defines a cache size between 0 and 2,147,483,647 bytes inclusive. Default value: 52428800.


0 or 1

Specifies whether a CRL is required when verifying peer certificates during SSL/TLS handshakes. This affects both libproxy (back-end) and client (front-end) authentication. Default value: false.


The dns element configures how the server uses the domain name system (DNS). This element can appear zero or one time within the server element. See server.

Table 3-5 describes the subelements of dns.

Table 3-5 dns Subelements

Element Occurrences Description


0 or 1

Specifies whether the server does DNS lookups. Default value: false.


0 or 1

Specifies whether the server uses its own asynchronous DNS resolver, instead of the Operating System's synchronous resolver. Default value: true.


0 or 1

Specifies the duration (in seconds) after which the asynchronous DNS lookups should time out. The value can be from 0.001 to 3600.

Related Topics


The dns-cache element configures the DNS cache. This element can appear zero or one time within the server element. See server.

Table 3-6 describes the subelements of dns-cache.

Table 3-6 dns-cache Subelements

Element Occurrences Description


0 or 1

Specifies whether the server writes to a cache for DNS lookup results. Default value: true.


0 or 1

Specifies the duration (in seconds) for which the entries must be kept in the cache. The value can be from 0.001 to 604800. Default value: 120.


0 or 1

Specifies the maximum number of DNS lookup results to write to the cache. The value can be from 1 to 1048576. Default value: 1024.

Related Topics


The event element configures a recurring event. The element can appear zero or more times within the server element. See server.

Table 3-7 describes the subelements of event.

Table 3-7 event Subelements

Element Occurrences Description


0 or 1

Specifies whether the event is enabled at run time. Default value: true.


0 or more

Configures a specific time when the event occurs. See time.


0 or 1

Specifies the interval (in seconds) at which the event occurs. The value can be from 60 to 86400.


0 or 1

Rotates the log files. Default value: false.


0 or 1

Rotates the access log files. Default value: false.


0 or more

The command to execute to get an event to run.


0 or 1

Dynamically reconfigures the server. Default value: false.


0 or 1

Restarts the server. Default value: false.


0 or 1

The description of the event. The value of this element is in text format.


The event-subscription eelement configures parameters for receiving notifications on HTTP endpoint URLs when an event occurs. The element may appear zero or once within the element. See origin-server.

Table 3-8 describes the subelements of event.

Table 3-8 event-subscription Subelements

Element Occurrences Description


0 or 1

Specifies the configuration in the event-subscription block is enabled or disabled. Default value: true (enabled).



Specifies the user defined name of the event subscription. Values: string.



Specifies the subscription URL. If this is configured, Oracle® Fusion Middleware publishes the notification to this URL. Value: a valid HTTP URL.


HTTPS endpoints are not supported.


The file-cache element configures the file cache. This element can appear zero or one time within the server element. See server.

Table 3-9 describes the subelements of file-cache.

Table 3-9 file-cache Subelements

Element Occurrences Description


0 or 1

Indicates whether the server caches file content and meta information. Whether file content is cached in addition to meta information is controlled by the cache-content sub-element. Default value: true.


0 or 1

The maximum amount of time (in seconds) to cache file content and meta information. The value can be from 0.001 to 3600. -1 indicates no limit. Default value: 30.


0 or 1

The maximum number of paths to cache content and/or meta information. The value can be from 1 to 1073741824.  Default value: 1024


0 or 1

The maximum number of file descriptors the file cache will keep open. The value can be from 1 to 1073741824. 


0 or 1

Determines whether the server will attempt to use the operating system's sendfile, sendfilev, send_file, or TransmitFile system call. The default value is true on Windows and false on other platforms. 


0 or 1

Determines whether the server copies cached files to a temporary directory. Default value: true on Windows, false on other platforms.


0 or 1

The temporary directory that is used when copy-files is true. If a relative path is used, it is relative to the server's config directory.


0 or 1

The cache entry replacement algorithm. The value can be false, lru, or lfu. Default value: lru.


0 or 1

Determines whether the server caches file content in addition to the meta information. The default value is true.


0 or 1

The maximum size (in bytes) of files to cache on the heap. The value can be from 0 to 2147483647. -1 indicates that there is no maximum size. Default value: 524288.


0 or 1

The maximum amount (in bytes) of heap to use for caching files. The value can be from 0 to 1099511627776. Default value: 10485760.


0 or 1

The maximum size (in bytes) of files to mmap. The value can be from 0 to 2147483647. -1 indicates that there is no maximum size. Default value: 0.


0 or 1

The maximum amount (in bytes) of mmap address space to use for caching files. The value can be from 0 to 1099511627776. Default value: 0.

buffer-size 0 or 1 Specifies the size of the input/output buffer used on cache misses. The value can be from 512 to 1048576. Default value: 8192.


0 or 1

sendfile-size is used only when sendfile is enabled and the file size is greater than max-heap-file-size. When sendfile-size is set to its default value of 0, the entire file is attempted to be sent out at once. Otherwise, the file-cache subsystem attempts to send the file in chunks of at most sendfile-size. The values can range from 0 and 2147483647. Default value: 0.


The failover-group element defines a failover group. This element may appear zero or one time within the cluster element.

Table 3-10 describes the subelements of failover-group.

Table 3-10 failover-group Subelements

Element Occurrences Description



Specifies the virtual IP for the failover group. The virtual IP should belong to the same subnet as that of the instances in the failover group, and must be accessible to clients.


0 or 1

Specifies the router identity for the failover-group. The value must be unique across the failover-groups. It is used to identify the router group of all the participating routers for the same VIP. Values are positive integer. Range of values: 1 to 255. Default value: 255.


1 or more

Represents an Oracle Traffic Director instance that belongs to the failover group. See failover-instance.


0 or 1

Specifies the failover type.

Values: active-active or active-passive.

Default value: active-passive.


0 or more On Linux, these specify custom properties that will be passed to the vrrp_instance within keepalived.conf. See property.


The failover-instance element defines a failover instance.

Table 3-11describes the subelements of failover-group.

Table 3-11 failover-instance Subelements

Element Occurrences Description



Specifies the name of the Oracle Traffic Director instance which is part of the failover group.



Specifies the hostname of the node where the instance has been created.


0 or 1

Specifies the priority value for the instance. This value identifies whether the instance is the primary or the backup for the failover-group. Values: positive integer. Range of values: 1 to 254. Default value: 250.



Indicates the network interface on the node where this instance is created on which the VIP is moderated.


The ftp-filter element configures parameters that are used to make a TCP proxy to front-end an FTP server. See tcp-proxy.

Table 3-12 describes the subelements of tcp-proxy.

Table 3-12 ftp-filter Subelements

Element Occurrences Description


0 or 1

Specifies id the FTP filter is enabled or disabled.

Default value: false


0 or 1

Specifies if client-side SSL should be enabled explicitly.

Default value: true


0 or 1

Specifies if server-side SSL should enabled explicitly.

Default value: true


0 or 1

Specifies if SSL should terminate at Oracle Traffic Director.

Default value: false


0 or 1

Specifies the lower limit of port range for FTP passive data connections. Range of values: 1025 to 65535.

Default value: 1025


0 or 1

Specifies the upper limit of port range for FTP passive data connections. Range of values: 1025 to 65535.

Default value: 65535


0 or 1

Specifies the lower limit of port range for FTP active data connections. Range of values: 1025 to 65535.

Default value: 1025


0 or 1

Specifies the upper limit of port range for FTP active data connections. Range of values: 1025 to 65535.

Default value: 65535


The health-check element configures the parameters that are used to determine the status of each origin-server in an origin-server pool. This element may appear zero or one time within the origin-server-pool element. See origin-server-pool.

Table 3-13 describes the subelements of health-check.

Table 3-13 health-check Subelements

Elements Occurrences Description TCP health check on HTTP servers TCP health check on TCP servers


0 or 1

Specifies the type of connection—HTTP or TCP, or an external executable—that Oracle Traffic Director should attempt with the origin server to determine its health.

TCP: Oracle Traffic Director attempts to open a TCP connection to each origin server. The success or failure of this attempt determines whether Oracle Traffic Director considers the origin server to be online or offline.

HTTP: Oracle Traffic Director sends an HTTP GET or OPTIONS request to each origin server in the pool, and checks the response to determine the availability and health of the origin server.

COMMAND: Oracle Traffic Director invokes the executable specified in <command> for the health check.

Default value: HTTP.


Valid; HTTP is not a valid value for origin-server-pool elements that specify tcp in the type subelement.


0 or 1

Specifies the time interval (in seconds) between successive health check operations. Values: 0.001 to 3600. Default value: 30.




0 or 1

Indicates the number of consecutive failures for marking a server down. Values: 1 to 256. Default value: 3.




0 or 1

Specifies the timeout value (in seconds) for a connection. Values: 0.001 to 3600. Default value: 5.




0 or 1

Specifies the full path of an external health check executable. You must configure this parameter if the protocol is COMMAND.




0 or 1

Specifies the method used during HTTP health check operations. Values: GET, HEAD and OPTIONS. Default value: OPTIONS.




0 or 1

Specifies the URI that is used for HTTP health check operations. Default value: "/".




0 or 1

A modified regular expression used to specify the types of response status codes acceptable for a healthy origin server. The expression is a union of three character patterns that contain only digits or 'x'. 'x' represents any digit, for example, the following three expressions are valid: 200, 2xx|304, 1xx|2xx|3xx|4xx.

If the parameter is not specified, all other codes except 5xx server error are considered acceptable. This is applicable only when protocol is HTTP.




0 or 1

A regular expression that is used to match the HTTP response body to determine the origin server's health. This is applicable only when protocol is HTTP.




0 or 1

Specifies the maximum length of the response body that should match. Values: 0 to 2147483647. Default value: 2048.




0 or 1

Specifies whether the server should dynamically discover Oracle WebLogic Server cluster nodes and add them to the pool. Default value: false.

Valid for HTTP Health Check



0 or 1

Specifies whether the obj.conf file processing for health-check requests is enabled.

Default value: True




The http element configures the settings for the miscellaneous HTTP protocol options. This element can appear zero or one time within the server element. For more information, see server.

Table 3-14 describes the subelements of http.

Table 3-14 http Subelements

Element Occurrences Description


0 or 1

Specifies the highest HTTP protocol version the server supports. The default HTTP version string is HTTP/1.1.


0 or 1

Specifies the server header information such as server software and version. The default server header is Oracle-Traffic-Director/<version>. Note that setting this to an empty string suppresses the server header.

etag 0 or 1

Indicates if the server includes an Etag header field in its responses. Default value: true


0 or 1

Specifies the size (in bytes) of the buffer used to read HTTP request headers. The value can be from 0 to 2147483647. Default value: 8192.


0 or 1

Indicates whether the server rejects certain malformed HTTP request headers. Default value: false.


0 or 1

Indicates whether the server should preserve the case of HTTP request/response headers. Default value: false.


0 or 1

Enables/disables strict RFC 6455 adherence during the WebSocket upgrade request. Default value: false.

discard-misquoted-cookies 0 or 1

Indicate whether to discard misquoted cookies. Default value: true.


0 or 1

Specifies the maximum number of header fields in an HTTP request header. The value can be from 1 to 512. Default value: 64.


0 or 1

Defines the maximum size of the request body content that OTD will expose via the $body variable in obj.conf. The value can range from 0 to 2147483647. Default value: 1024.


0 or 1

Specifies the size (in bytes) of the buffer for HTTP responses. The value can be from 0 to 2147483647. Default value: 8192.


0 or 1

Specifies the maximum size (in bytes) of a chunked HTTP request body that the server will unchunk. The value can be from 0 to 2147483647. Default value: 8192.


0 or 1

Specifies the maximum time (in seconds) that the server waits for a chunked HTTP request body to arrive. The value can be from 0 to 3600, or -1 for no timeout. Default value: 60.


0 or 1

Specifies the maximum time (in seconds) that the server waits for an individual packet. The value can be from 0 to 3600. Default value: 30.


0 or 1

Specifies the maximum time (in seconds) that the server waits for a complete HTTP request header. The value can be from 0 to 3600. Default value: 30.


0 or 1

Specifies the maximum time (in seconds) that the server waits for a complete HTTP request body. The value can be from 0 to 604800, or -1 for no timeout. Default value: -1.


0 or 1

Specifies whether the server replies to requests for favicon.ico with its own built-in icon file. Default value: true.


0 or 1

Specifies whether the server generates, propagates, and logs the execution context. The value of the ECID is a unique identifier that can be used to correlate individual events as being part of the same request execution flow. For example, events that are identified as being related to a particular request typically have the same ECID value. However, the format of the ECID string itself is determined by an internal mechanism that is subject to change; therefore, you should not have or place any dependencies on that format. ECID is defined as a part of the execution context. The execution context consists of ECID and RID. You may also refer to the whole execution context, which is the combination of ECID and RID, as just ECID. Default value: true.


The http-listener element configures an HTTP listener. This element can appear zero or more times within the server element. See server.

Table 3-15 describes the subelements of http-listener.

Table 3-15 http-listener Subelements

Element Occurrences Description


0 or 1

Specifies whether the HTTP listener is enabled to accept connection requests. Default value: true.



Specifies the name that uniquely identifies the HTTP listener. Whitespace is not permitted.


0 or 1

Specifies an IP address to which to listen. The value of this element is a specific IP address or hostname or an asterisk * to listen on all IP addresses.



Specifies the port to which to listen. The value of this element is the port number. The value can be from 1 to 65535.


0 or 1

Specifies the number of threads dedicated to accept connections received by this listener. The value can be from 1 to 128.



Specifies the default server name. Tells the server what to put in the host name section of any URLs it sends to the client. This affects URLs the server automatically generates, say on a redirect; it does not affect the URLs for directories and files stored in the server. This name should be the alias name if your server uses an alias.

Values: The value can be a hostname, fully qualified domain name, ip address, or a url prefix that contains one. The url prefix must not specify a path. It can include a scheme (for example, prefix http://) and port suffix (for example, :80)


0 or 1

Specifies whether the server uses blocking I/O. Default value: false.


0 or 1

Specifies the socket family that is used to connect to the origin server. Values: inet, inet6, inet-sdp, and default. inet and inet6 represent IPV4 and IPV6 protocols respectively. inet-sdp is used for Sockets Direct Protocol (SDP). Default value: default.


0 or 1

Indicates whether the server responds to SSL or non-SSL protocol mismatches in client requests. Default value: true, meaning the server will attempt to detect SSL or non-SSL protocol mismatches and send an HTTP redirect or SSL alert when a mismatch is detected. Default value: true.


0 or 1

Specifies the size (in bytes) of the listen queue. The value of this element can be from 1 to 1048576. Default value: 128.


0 or 1

Specifies the size (in bytes) of the operating system socket receive buffer. The value of this element can be from 0 to 2147483647.


0 or 1

Specifies the size (in bytes) of the operating system socket send buffer. The value of this element can be from 0 to 2147483647.



Specifies the name of the virtual server that processes request that do not match a host. The value of this element is the name value from a virtual-server element. See virtual-server.


0 or 1

Configures SSL/TLS. If the ssl element is omitted, SSL/TLS support is disabled. See ssl


0 or 1

Specifies the description of the HTTP listener. The value of this element must be in text format.


0 or 1

Specifies the maximum number of keep-alive requests that will be handled per HTTP connection after which the keep-alive connection will be closed. The value can be from 1 to 2147483647, or -1 for no limit. Default value: -1


0 or 1

Enables/disables blocking of the server listen socket while retaining client end points as non blocking (useful when MaxProcs > 1). Default value: false.

Related Topics


The keep-alive element configures the settings for the keep-alive subsystem. This element can appear zero or one time within the server element. See server.

Table 3-16 describes the subelements of keep-alive.

Table 3-16 keep-alive Subelements

Element Occurrences Description


0 or 1

Specifies whether the keep-alive subsystem is enabled at runtime. Default value: true.


0 or 1

Specifies the number of keep alive subsystem threads. The value can be from 1 to 256.


0 or 1

Specifies the maximum number of concurrent keep alive connections that the server supports. The value can be from 1 to 1048576.


0 or 1

Specifies the timeout (in seconds) after which an inactive keep alive connection can be used. The value can be from 0.001 to 3600. -1 indicates no timeout. Default value: 30 seconds.


0 or 1

Specifies the interval (in seconds) between polls. The value can be from 0.001 to 1. Default value: .001.


The localization element defines a method by which the server chooses a language with which it presents information to the client. This element may appear zero or one time within the server element, and zero or one time within the virtual-server element. See server and virtual-server.

Table 3-17 describes the subelement of localization.

Table 3-17 localization Subelements

Element Occurrences Description


0 or 1

The default language with which the messages and content are displayed. The value is a language tag.


0 or 1

Specifies whether the server uses the accept-language HTTP header to negotiate the content language with clients. Default value: false.


The log element configures the logging subsystem. This element can appear zero or one time within the server element. See server.

Table 3-18 describes the subelements of log.

Table 3-18 log Subelements

Element Occurrences Description


0 or 1

Specifies whether the server logs data that applications write to stdout. Default value: true.


0 or 1

Specifies whether the server logs data that applications write to stderr. Default value: true.


0 or 1

Specifies whether the server includes the virtual server name in log messages. Default value: false.


0 or 1

Specifies whether the server writes log messages to syslog. Default value: false.


0 or 1

This is executed after the server rotates a log file. The program is passed the post-rotation file name of the log file as an argument. A program command line, for example: gzip


0 or 1

Specifies the log verbosity for the server as a whole. Values: INCIDENT_ERROR:1, NOTIFICATION:1, ERROR:1, ERROR:16, ERROR:32, WARNING:1, TRACE:1, TRACE:16 TRACE:32. Default value: NOTIFICATION:1


0 or 1

Specifies the name and location of the log file. Value: User defined name and location. Default value: ../logs/server.log


The maintenance element enables maintenance for an origin-server-pool.

Table 3-19 describes the subelements of maintenance.

Table 3-19 maintenance Subelements

Element Occurrences Description


0 or 1

Indicates whether the origin server pool has been put under maintenance. Values: true, false.

true means that maintenance is enabled and the server pool will not handle any sticky or non-sticky requests. Instead a response based on the response-code and response-file configurations.

false means that maintenance is disabled and origin servers of this pool (depending on the state of the origin server) can handle sticky and non-sticky requests.


0 or 1

Specifies the response code to be sent for requests that land on this pool when it is under maintenance.

If this is set to 200, response-file is expected to be configured. If response-file is not specified, it will be considered as a misconfiguration and server will throw an error at start-up.

Values: 200 or HTTP response codes in the range 400 to 599.


0 or 1

Specifies the absolute path of an HTML file to send to the client when the request lands on a maintenance enabled origin server pool. The file is sent as text/html regardless of its name or actual type. If the file does not exist or is not accessible, the server returns the default 503 response code.


The origin-server-pool element configures a pool of origin servers that are used for load balancing requests. This element may appear zero or more times within the server element. See server.

Table 3-20 describes the subelements of origin-server-pool.

Table 3-20 origin-server-pool Subelements

Element Occurrences Description



Specifies the name by which the server pool is identified.


0 or 1

The load-balancing method for distributing requests to the origin-server pool. Values: round-robin, least-connection-count, least-response-time, and ip-hash. Default value: round-robin.

For more information about load-balancing methods, see the section Modifying an Origin-Server Pool in the Oracle Traffic Director Administrator's Guide.


0 or 1

Specifies outgoing proxy SSL connections.

This allows you to select the client certificate as well as ciphers. With Oracle Traffic Director 12.2.1, it replaces the ssl-client-config SAF. See ssl,



Indicates the kind of requests that are handled by every server in the server pool. Values: http and tcp.


0 or 1

Specifies the socket family that is used to connect to the origin server. Values: inet, inet6, inet-sdp, and default. inet and inet6 represent IPV4 and IPV6 protocols respectively. inet-sdp is used for Sockets Direct Protocol (SDP). Default value: default.


0 or more

Represents an origin server that belongs to the server pool. See origin-server


0 or 1

Specifies the health check settings for the server pool. See health-check


0 or 1

Specifies a proxy server through which connections to origin servers can optionally go through. See proxy-server.

0 or 1

Time (in seconds) for which the request waits in the queue for a connection to an origin-server. If a timeout occurs, the request is rejected. Range of values: 0.001 to 3600. Default value: 30.


0 or 1

This element is applicable only if ssl is enabled. If present, it represents the value of the TLS Server Name Indication extension to be sent for TLS connections to the origin-server during the TLS handshake. If omitted, the TLS SNI extension is not sent. Note that for HTTP origin server pools, the administrator needs to ensure that the Host header in HTTP requests matches the value of this extension, otherwise, there may be an error on the origin server.


0 or 1

This element is used to enable maintenance on an origin server pool. See maintenance.


The origin-server element defines a member of a server pool. This element may appear zero or more times within the origin-server-pool element. For more information, see origin-server-pool.

Table 3-21 describes the subelements of origin-server.

Table 3-21 origin-server Subelements

Element Occurrences Description



Specifies the host name or the IP address of the origin server.


0 or 1

Specifies the port number of the origin server. Value: 1 to 65536. The port defaults to 80 if ssl is disabled and to 443 when ssl is enabled.


0 or 1

Specifies the load distribution weight for the origin server. Value: 1 to 1000. Default value: 1.


0 or 1

Specifies the state of the origin-server. Values: enabled, disabled or draining.

enabled means origin server is active and handles both sticky and non-sticky requests.

disabled means origin server does not handle any (sticky or non-sticky) requests and is not part of the pool (e.g. when it is under maintenance).

draining means origin server handles only sticky requests.

New non-sticky requests are handled by other origin servers in the pool.

This mode is used mainly to bring down the server gracefully for maintenance (like patch rollout)

This mode is not applicable for origin servers of tcp server pool.


0 or 1

Specifies whether the origin server is a backup server. Requests are sent to the backup origin server only when none of the primary (non-backup) origin servers is available. Default value: false.


0 or 1

Specifies the maximum number of active connections an origin-server can have at any given point of time. Values:1 to 1048576. -1 indicates that there is no maximum. Default value: -1.


0 or 1

The time (in seconds) that Oracle Traffic Director should take to ramp up the request sending rate to the full capacity of this origin server. Values: 0.001 to 3600. Default value: 0.001.


0 or 1

Specifies the maximum number of keep-alive requests that will be handled per origin server connection after which the keep-alive connection will be closed. The value can be from 1 to 2147483647, or -1 for no limit. Default value: -1.


0 or 1

Total bandwidth limit in byte/second enforced on request. Values: 0 to 1099511627776, or 0 for no limit. Default value: 0.


0 or 1

Total bandwidth limit in byte/second enforced on response. Values: 0 to 1099511627776, or 0 for no limit. Default value: 0.


0 or 1

Time in seconds before a request waiting in the queue for bandwidth is aborted. Values: 0 to 86400. Default value: 60.


The property element defines a name-value pair. The property element can appear zero or more times within failover-group. On Linux, these properties can be used to specify custom properties to be passed to the vrrp_instance within keepalived.conf.

Table 3-22 describes the subelements of property.

Table 3-22 property Subelements

Element Occurrences Description



The name of the property.



The value of the property.

Related Topics


The proxy-cache element configures the HTTP reverse proxy cache configuration. This element can appear zero or one time within the server element. For more information, see server.

Table 3-23 describes the subelements of proxy-cache.

Table 3-23 proxy-cache Subelements

Element Occurrences Description


0 or 1

Specifies whether response caching is enabled. Default value: true.


0 or 1

Specifies the maximum amount (in bytes) of heap to use for caching response objects. It should not be more than available memory or process address space. Values: 0 to 1099511627776 (1024 GB). Default value: 10485760 (10 MB).


0 to 1

Specifies the maximum size of objects that should be cached. Objects larger than the specified size are not cached. Values: 0 to 2147483647. Default value: 524288 (512 KB). -1 indicates that there is no maximum size.


0 to 1

Specifies the algorithm for cache replacement. Values: lru, lfu, and false. Default value: lru.

  • lru (Least Recently Used): Oracle Traffic Director discards the least recently used entry first.

  • lfu (Least Frequently Used): Oracle Traffic Director discards the least frequently used entry first.

  • false: Cache replacement is disabled.


0 to 1

Specifies the maximum number of entries in the cache. The range is 1 to 1073741824. Default value: 1024.


Table 3-24 describes the subelements of proxy-server.

Table 3-24 proxy-server Subelements

Element Occurrences Description


0 or 1

Specifies whether the proxy server is enabled at runtime. Default value: true.



Specifies the host name or the IP address of the proxy server.


0 or 1

Specifies the port number of the proxy-server. Default: 80.



The qos-limits element configures the Quality of Service (QoS) limits. This element may appear zero or one time within the server element and zero or one time within the virtual-server element. See server and virtual-server.

Table 3-25 describes the subelements of qos-limits.

Table 3-25 qos-limits Subelements

Element Occurrences Description


0 or 1

Specifies whether the QoS limits are enforced at runtime. Default value: true.


0 or 1

Specifies the maximum transfer rate (bytes/second). Range of value: 1 to 2147483647. -1 indicates that there is no maximum. Default : -1.


0 or 1

Specifies the maximum number of concurrent connections. Range of value: 1 to 1048576. -1 indicates that there is no maximum. Default : -1.


The server element defines a server. This is the root element. There can be only one server element in the server.xml file.

Table 3-26 describes the subelements of server.

Table 3-26 server Subelements

Element Occurrences Description


0 or 1

The server cluster to which the server belongs.


0 or 1

Enables the FIPS-140 mode of operation for the security library.


0 or 1

Defines a certificate. See crl.


0 or 1

Configures the logging subsystem. See log.


0 or 1

Specifies a configurable upper limit on the file descriptor usage of the Oracle Traffic Director server process.

The default value of max-fd element is 2 million. This means that by default, Oracle Traffic Director does not assume more than 2 million available file descriptors even if the actual file descriptor availability is configured to be higher.


0 or 1

Specifies the path to a file that contains the MIME type mappings for the server. If a relative path is used, it is relative to the server's config directory.


0 or 1

The account the server runs as (UNIX only). The value is the user account. If the server is started as root, any UNIX account can be specified. If the server is started by a non-root account, only that non-root account can be specified.


0 or 1

The directory where the server stores its temporary files. If a relative path is used, it is relative to the server's config directory. The directory must be owned by the account that the server runs as.


0 or more

Defines a variable for use in expressions, log formats, and obj.conf parameters. See variable.


0 or 1

Configures localization. See localization.


0 or 1

Configures the HTTP protocol options. See http.


0 or 1

Configures the HTTP keep-alive subsystem. See keep-alive.


0 or 1

Configures the HTTP request processing threads. See thread-pool.


0 or 1

Configures the statistics collection subsystem. See stats.


0 or 1

Configures the server's use of DNS. See dns.


0 or 1

Configures the DNS cache. See dns-cache.


0 or 1

Configures the SSL/TLS session cache. See ssl-session-cache.


0 or 1

Configures the access log buffering subsystem. See access-log-buffer.


0 or 1

Configures SNMP. See snmp.


0 or more

Configures an HTTP access log for the server. See access-log.


0 or more

Configures an HTTP listener. See http-listener.


0 or more

Configures a virtual server. See virtual-server.


0 or more

Configures a recurring event. See event-subscription.


0 or more

Configures notifications for origin server status change. See event.


0 or more

Configures a pool of origin servers that are used for handling load balancing requests. See origin-server-pool.


0 or 1

Defines the HTTP reverse proxy caching configuration mechanism. See proxy-cache.


0 or 1

Specifies information related to QoS settings. See qos-limits.


0 or 1

Configures a Status Listener. See status-listener.


0 or 1

Configures the TCP request processing threads. See tcp-thread-pool.


0 or 1

Configures TCP access log for the server. See tcp-access-log.


0 or more

Configures a TCP listener. See tcp-listener.


0 or more

Configures a TCP service. See tcp-proxy.


0 or more

Specifies the path to a file containing the Web Application Firewall (WAF) module rules. See webapp-firewall-ruleset.


The snmp element configures the server's SNMP subagent. This element can appear zero or one time within the server element. See server.

Table 3-27 describes the subelements of snmp.

Table 3-27 snmp Subelements

Element Occurrences Description


0 or 1

Specifies whether the SNMP agent is enabled. If enabled, the SNMP subagent gathers information about the server and passes the information to the master agent. Default value: true.


0 or 1

(Optional) Specifies the description of the server. The value must be in text format.


0 or 1

(Optional) Specifies the name of the organization responsible for the server. The value must be in text format.


0 or 1

(Optional) Specifies the location of the server. The value must be in text format.


0 or 1

(Optional) Specifies the contact information of the person responsible for the server. The value must be in text format.

Related Topics


The ssl element configures the SSL/TLS settings. This element can appear zero or one time within the http-listener element. See http-listener.

To configure outgoing proxy SSL connections, this element can appear zero or one time within the origin-server-pool element. See origin-server-pool.

Table 3-28 describes the subelements of ssl.

Table 3-28 ssl Subelements

Element Occurrences Description


0 or 1

Specifies whether SSL support is enabled for the listener. Disabled by default for listeners when no cert element is specified, otherwise enabled.


0 or more

Specifies the certificate that the server presents to clients. See cert. You can specify zero or one RSA certificate, and zero or one ECC certificate.


0 or 1

Allows the creation of more than one NZ global context to get around NZ lock contention in high load situations. Default value: 1.


0 or 1

Creates a pool to support the re-use of NZ ssl contexts, boosting performance.

At creation, the pool is empty, so there is no additional startup time. Once the pool is full, new contexts are created but not reused, and performance drops. This setting should be tuned to the maximum number of expected concurrent SSL connections. Note that increasing the pool size will increase memory usage, as the contexts saved in the pool will not be freed until re-configuration or shutdown. Range of values: -1 to 1000000. If size is 0 or -1, we do not create a pool of reusable contexts. Default value: 4096.


0 or 1

Specifies whether TLS 1.0 connections are accepted. Default value: false.


0 or 1

Specifies whether TLS 1.1 connections are accepted. Default value: true.


0 or 1

Specifies whether TLS 1.2 connections are accepted. Default value: true.


0 or 1

Configures the TLS cipher suites. See ssl3-tls-ciphers.


0 or 1

Specifies the method of client certificate authentication. The value can be required, optional, or false. When you choose required option, the server requests the client for a certificate; if the client does not provide a certificate, the connection is closed. When you choose optional option, the server requests the client for a certificate, but does not require it. The connection is established even if the client does not provide a certificate. Default value: false. The client authentication is disabled by default.


0 or 1

Indicates the duration (in seconds) after which a client authentication handshake fails. The value can be from 0.001 to 3600. Default: 60.


0 or 1

Specifies the number of characters of authentication data that the server can buffer. The value can be from 0 to 2147483647. Default: 1048576.


0 or 1

Specifies whether validate SSL certificate hostname is on or off. Applies only to outgoing connections. The remote certificate or CA must still be trusted locally in the wallet.

NZ does not provide a programmatic override if the remote certicate is completely untrusted (for example, self-signed). Default value: true


0 or 1

Allows selection of an alternate wallet for a virtual server, listener, or origin server group. If this is omitted, the wallet from the instance's config directory is omitted. This is primarily to support SNI for multi-tenant, so that each virtual server can use a different wallet.


The ssl3-tls-ciphers element configures SSL3 and TLS cipher suites. This element can appear zero or one time within the ssl element. See ssl.

Note that if ssl3-tls-ciphers is not present in the configuration, the default enablement value for each of the ciphers is used. If ssl3-tls-ciphers is present, you must include a cipher element for each cipher that you want enabled.

Table 3-29 describes the subelements of ssl3-tls-ciphers.

Table 3-29 ssl3-tls-ciphers Subelements

Element Occurrences Description


0 or more

Specifies a TLS cipher to be enabled. This element can appear zero or one time within the ssl3-tls-ciphers element.
The following ciphers are supported:

If the ssl3-tls-ciphers element is omitted, the above set of ciphers is configured implicitly and in the order specified above. If ssl3-tls-ciphers is present, you must include a cipher element for each cipher that you want enabled.


Apart from the above, the following ciphers are also supported, but are deprecated and disabled by default:



0 or 1

This setting applies only to server-side listeners (ie. HTTPS and TCP listeners), and SNI virtual servers. If set, the server chooses a cipher in the order specified in <ssl3-tls-ciphers>. The first cipher from this list supported by the client is selected. If not set, the first cipher from the ClientHello message supported by the server is selected. Default value: false.

Related Topics


The ssl-session-cache element configures the SSL/TLS session cache. This element can appear zero or one time within the server element. See server.

Table 3-30 describes the subelements of ssl-session-cache.

Table 3-30 ssl-session-cache Subelements

Element Occurrences Description


0 or 1

Specifies whether the server writes SSL/TLS sessions to the cache. Default value: true.


0 or 1

Specifies the maximum number of SSL/TLS sessions that are written to the cache by the server. The value can be from 1 to 524288. Default: 10000.


0 or 1

Specifies the maximum amount of time (in seconds) a SSL/TLS session is written to the cache. The value can be from 1 to 86400. Default: 86400.

Related Topics


The stats element configures the statistics collection subsystem. This element can appear zero or one time within the server element. See server.

Table 3-31 describes the subelements of stats.

Table 3-31 stats Subelements

Element Occurrences Description


0 or 1

Specifies whether the server collects the statistics. Default value: true.


0 or 1

Specifies the interval (in seconds) at which statistics are updated. The value can be from 0.001 to 3600.


0 or 1

Specifies whether the performance buckets used to track NSAPI function execution time are enabled at runtime. Default value: true.

Related Topics


The stats-listenerelement configures dedicated Status Listeners to check the status of Oracle® Fusion Middleware instances. This element can appear zero or one time within the server element. See server.

Table 3-32 describes the subelements of stats.

Table 3-32 stats-listener Subelements

Element Occurrences Description


0 or 1

Specifies whether the Status Listener is enabled to accept connection requests. Default value: true.


0 or 1

Specifies the IP address to listen.



Specifies the port to listen.


0 or 1

Specifies the protocol family that is used to connect to the origin server. Values: inet, inet6 or default. Default value: default.


0 or 1

Configures SSL/TLS. See ssl.


0 or 1

Specifies the description of the Status Listener. The value of this element must be in text format.


0 or 1

Enables/disables blocking of the server listen socket, while retaining client end points as non-blocking (useful when Maxprocs > 1). Default value: false.


The tcp-access-log element configures the settings for the TCP access log. If the tcp-access-log element is missing TCP access logging is disabled. See server.

Table 3-33 describes the subelements of tcp-access-log.

Table 3-33 tcp-access-log Subelements

Element Occurrences Description


0 or 1

Specifies whether TCP access logging is enabled. If the element is enabled, the server writes a log entry for every request received by TCP listeners. Default value: true.



Specifies the filename of the access log file (absolute path or path relative to the server's config directory).


The tcp-listener element configures a TCP listener. See server.

Table 3-34 describes the subelements of tcp-listener.

Table 3-34 tcp-listener Subelements

Element Occurrences Description


0 or 1

Specifies whether the TCP listener is enabled to accept connection requests. Default value: true.



Specifies the name that uniquely identifies the TCP listener.


0 or 1

Specifies the IP address to listen. The value of this element is a specific IP address or hostname or an asterisk * to listen on all IP addresses.



Specifies the port to listen. The value of this element is the port number. The value can be from 1 to 65535.


0 or 1

Specifies the socket family that is used to connect to the origin server. Values: inet, inet6, inet-sdp and default. inet and inet6 represent IPV4 and IPV6 protocols respectively. inet-sdp is used for Sockets Direct Protocol (SDP). Default value: default.


0 or 1

Specifies the number of threads dedicated to accept connections received by this listener. The value can be from 1 to 128.



Specifies the name of the TCP proxy that processes requests received by the listener.


0 or 1

Specifies the size (in bytes) of the listen queue. Value: 1 to 1048576. Default value: 128.


0 or 1

Specifies the size (in bytes) of the operating system socket receive buffer. Value: 0 to 2147483647.


0 or 1

Specifies the size (in bytes) of the operating system socket send buffer. Value: 0 to 2147483647.


0 or 1

Configures SSL/TLS. If the ssl element is omitted, SSL/TLS support is disabled. See ssl.


0 or 1

Specifies the description of the TCP listener. The value of this element must be in text format.


0 or 1

Enables/disables blocking of the server listen socket, while retaining client end points as non-blocking (useful when MaxProcs > 1). Default value: false.


The tcp-proxy element is used to support LDAP/T3 listeners. See server.

Table 3-35 describes the subelements of tcp-proxy.

Table 3-35 tcp-proxy Subelements

Element Occurrences Description


0 or 1

Specifies whether the TCP service is enabled. Default value: true.



A name that uniquely identifies the TCP proxy.


0 or 1

Specifies the maximum timeout (in seconds) that the server waits while receiving/sending data. Range of values: 0.001 and 604800. It defaults to the timeout value under tcp-thread-pool.


0 or 1

Specifies the name of a server pool that provides the TCP service. The value must be a name value from an origin-server-pool element.


0 or 1

Specifies if the FTP protocol is enabled for the TCP proxy. See ftp-filter.


The tcp-thread-pool element configures the threads used to process WebSocket requests and requests received by TCP listeners. See server.

Table 3-36 describes the subelements of tcp-thread-pool.

Table 3-36 tcp-thread-pool Subelements

Element Occurrences Description


0 or 1

Specifies whether the pool is enabled. Default value: true.


0 or 1

Specifies the number of TCP/WebSocket request processing threads. The value can be from 1 to 512. Default value: 1 per CPU.


0 or 1

Specifies the maximum number of connection pairs that the server will support. The value can be from 1 to 1048576. Default value: the default value is the value of the keep-alive max-connections value.


0 or 1

Specifies the idle timeout (in seconds), after which connection pairs will be closed. The value will be overridden by the tcp or WebSocket subsystem. The value can be from 0.001 to 3600. -1 indicates no timeout. Default value: 300 seconds.


0 or 1

The value can be from 8192 to 268435456. 0 indicates that the platform-specific default stack size should be used. Default value: 65536.


0 or 1

Specifies the interval (in seconds) between polls. The value can be from 0.001 to 1. Default value: 0.010 seconds.


0 or 1

Specifies the size of the buffer (in bytes), used by each connection for transferring data. The value can be from 512 to 1048576. Default value: 16384.


The thread-pool element configures the threads used to process HTTP requests. This element can appear zero or one time within the server element. See server.

Table 3-37 describes the subelements of thread-pool.

Table 3-37 thread-pool Subelements

Element Occurrences Description


0 or 1

Specifies the minimum number of HTTP request processing threads. The value can be from 1 to 20480. Default value: 1.


0 or 1

Specifies the maximum number of HTTP request processing threads.

The value can be from 1 to 20480. Default value: If there are 1, 2 CPUs, then the default value is 256 and if there are 3, 4 CPUs, the default value is 512. If there are more than 4 CPUs, the default value is 1024. Note that the the default value will never be more than quarter of the maximum number of file descriptors available to the process.


0 or 1

Specifies the stack size (in bytes) for HTTP request processing threads. The value can be from 8192 to 268435456. 0 indicates that the platform-specific default stack size should be used. Default value: 262144.


0 or 1

Specifies the maximum number of concurrent HTTP connections that can be queued for processing. The value can be from 1 to 1048576.

Related Topics


The time element schedules when an event occurs. This element can appear zero or more times within the event element. See event.

Table 3-38 describes the subelement of time.

Table 3-38 time Subelements

Element Occurrences Description



Specifies the time when the event occurs. The value must be in the hh:mm format.


0 or 1

Specifies the day of the week. The value can be Sun, Mon, Tue, Wed, Thu, Fri, or Sat.


0 or 1

Specifies the day of month. The value can be from 1 to 31.


0 or 1

Specifies the name of the month. The value can be Jan, Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, or Dec.


The variable element defines a variable for use in expressions, log formats, and obj.conf parameters. This element can appear zero or more times within the server element, and zero or more times within the virtual-server element. For more information, see server and virtual-server.

Table 3-39describes the subelements of variable.

Table 3-39 List of variable Subelements

Element Occurrences Description



Specifies the name of the variable. The value must be in text format.



Specifies the value of the variable. The value must be in text format.


0 or 1

The description of the variable. The value must be in text format.


The virtual-server element configures an HTTP virtual server. Each server typically has at least one virtual server. This element can appear zero or more times within the server element. See server.

Table 3-40 describes the subelements of virtual-server.

Table 3-40 virtual-server Subelements

Element Occurrences Description


0 or 1

Specifies whether the virtual server is enabled at runtime. Default value: true.



A name that uniquely identifies the virtual server.


0 or 1

Specifies SSL for a virtual-server.

SSL is configurable for each virtual server for SNI. You can select a different certificate and cipher for each virtual-server.

ssl can be set only on a virtual-server explicitly bound to an http-listener. The default virtual-server cannot contain an ssl element as the SSL parameters would come from the listener's ssl settings.

A virtual-server with ssl is accessible only by SNI-capable SSL clients that send an SNI extension and HTTP host header, both of which must match one of the host elements for the virtual-server.

To support non-SNI capable clients, configure OTD without including ssl in a virtual-server. For example, configure multiple listeners on different IP addresses with separate certificates, or configure one listener and one certificate with multiple subjectAltNames.


0 or more

The name of a HTTP listener associated with one or more of the virtual server's host name. The value is the name from an http-listener element. See http-listener.


0 or more

Indicates the host name that the virtual-server services. The value can be a specific hostname or a wildcard pattern that matches one or more hostnames. See Wildcard Patterns.


0 or 1

The canonical name of the virtual server. Requests using a different hostname are redirected to this hostname. The value can be a hostname, fully qualified domain name, IP address, or a URL prefix that contains one (the URL prefix must not contain a path).



The obj.conf file that controls request processing for virtual server. Default value: default-virtual-server-name-obj.conf, and the user can specify any valid file.


0 or 1

The name of the root obj.conf object. Default value: default.


0 or 1

Configures localization. See localization.


0 or more

Configures an HTTP access log for the virtual server. See access-log.


0 or 1

Specifies the path to the log file for the virtual server. The value is the log file name, for example, ../logs/errors.


0 or more

Defines an obj.conf variable for the virtual server. See variable.


0 or 1

The description of the virtual server.


0 or 1

Specifies information related to QoS settings. See qos-limits.


0 or more

Specifies the path to a file containing Web Application Firewall (WAF) rules or configuration. See webapp-firewall-ruleset.

Related Topics


The webapp-firewall-ruleset element configures the path to a web application firewall configuration file, which contains ModSecurity rules/configuration directives. The path may be an absolute path or a relative path. If a relative path is used, it is relative to the server's config directory. The file name component may contain wildcard characters to specify multiple files within the given directory.

The webapp-firewall-ruleset element may be present at the virtual-server level as well as at the server level and can appear zero or more times within the server and virtual-server elements. Configuration settings at the virtual-server level take precedence over the server level. However some configuration directives can only be specified at the server level. The scope of these directives is considered to be Main. Similarly, scope of directives that can be specified at either server level or virtual-server level is considered to be Any. Note that if a directive with Main scope is specified within the virtual-server level configuration file, then an error will be logged and the server will fail to start. For information about the scope of different directives, see the Web Application Firewall section in the Oracle Traffic Director Administrator's Guide.


For information about various web application firewall use cases, see the appendix, Web Application Firewall Examples and Use Cases in the Oracle Traffic Director Administrator's Guide.