2 Understanding Oracle HTTP Server Modules

Modules extend the basic functionality of Oracle HTTP Server and support integration between Oracle HTTP Server and other Oracle Fusion Middleware components. Oracle HTTP Server uses both Oracle developed modules or “plug-ins” and Apache and third party-developed modules.

This chapter includes the following sections:

Oracle-Developed Modules for Oracle HTTP Server

Oracle has developed modules that Oracle HTTP Server can use specifically to extend its basic functionality.

The following sections describe these modules:

mod_certheaders Module—Enables Reverse Proxies

The mod_certheaders module enables reverse proxies that terminate Secure Sockets Layer (SSL) connections in front of Oracle HTTP Server to transfer information regarding the SSL connection, such as SSL client certificate information, to Oracle HTTP Server and the applications running behind Oracle HTTP Server. This information is transferred from the reverse proxy to Oracle HTTP Server using HTTP headers. The information is then transferred from the headers to the standard CGI environment variable. The mod_ossl module or the mod_ssl module populate the variable if the SSL connection is terminated by Oracle HTTP Server.

The mod_certheaders module also enables certain requests to be treated as HTTPS requests even though they are received through HTTP. This is done using the SimulateHttps directive.

SimulateHttps takes the container it is contained within, such as <VirtualHost> or <Location>, and treats all requests received for this container as if they were received through HTTPS, regardless of the real protocol used by the request.

See mod_certheaders Module for a list and description of the directives accepted by mod_certheaders.

mod_context Module—Creates or Propagates ECIDs

The mod_context module creates or propagates Execution Context IDs, or ECIDs, for requests handled by Oracle HTTP Server. If an ECID has been created for the request execution flow before it reaches Oracle HTTP Server, mod_context will make the ECID available for logging within Oracle HTTP Server and for propagation to other Fusion Middleware components, such as WebLogic Server. If an ECID has not been created when the request reaches Oracle HTTP Server, mod_context will create one.

mod_context is not configurable. It enables loading ECIDs into the server with the LoadModule directive, and disabled by removing or commenting out the LoadModule directive corresponding to this module. It should always be enabled to aid with problem diagnosis.

mod_dms Module—Enables Access to DMS Data

The mod_dms module provides FMW infrastructure access to the Oracle HTTP Server Dynamic Monitoring Service (DMS) data.

See Also:

Oracle Dynamic Monitoring Service in Tuning Performance.

mod_odl Module—Enables Access to ODL

The mod_odl module allows Oracle HTTP Server to access Oracle Diagnostic Logging (ODL). ODL generates log messages in text or XML-formatted logs, in a format which complies with Oracle standards for generating error log messages. Oracle HTTP Server uses ODL by default.

ODL provides the following benefits:

  • The capability to limit the total amount of diagnostic information saved. You can set the level of information saved and you can specify the maximum size of the log file and the log file directory.

  • When you reach the specified size, older segment files are removed and newer segment files are saved in chronological fashion.

  • Components can remain active, and do not need to be shutdown, when older diagnostic logging files are deleted.

You can view log files using Fusion Middleware Control or with WLST commands, or you can download log files to your local client and view them using another tool (for example, a text edit or another file viewing utility)

For more information on using ODL with Oracle HTTP Server, see Managing Oracle HTTP Server Logs.

See Also:

Managing Log Files and Diagnostic Datain Administering Oracle Fusion Middleware.

mod_ora_audit—Supports Authentication and Authorization Auditing

This module provides the OraAuditEnable directive to support authentication and authorization auditing by using the FMW Common Audit Framework. Previously the code for Audit was integrated in Oracle HTTP Server binary itself. In the current release, this is provided as a separate loadable module. See Support for FMW Audit Framework.

mod_ossl Module—Enables Cryptography (SSL)

The mod_ossl module enables strong cryptography for Oracle HTTP Server. It is a plug-in to Oracle HTTP Server that enables the server to use SSL. The functionality of this module is similar to the functionality of Apache’s mod_ssl module. However, the cryptography engine used in the mod_ossl module differs from that of the mod_ssl module. The mod_ossl module uses Oracle’s Secure Socket Layer, which is based on RSA security technology, whereas the mod_ssl module relies on OpenSSL to provide the cryptography engine.

Note:

Oracle HTTP server distributes OpenSSL libraries for usage with mod_security2 module. As stated above, the mod_ossl module does not use OpenSSL libraries.

Oracle HTTP Server complies with the Federal Information Processing Standard publication 140 (FIPS 140). It uses a version of the underlying SSL libraries that has gone through formal FIPS certification. As part of Oracle HTTP Server's FIPS 140 compliance, the mod_ossl plug-in now includes the SSLFIPS directive. See SSLFIPS Directive.

Oracle no longer supports the mod_ssl module. A tool is provided to enable you to migrate from mod_ssl to mod_ossl, and convert your text certificates to Oracle wallets.

The mod_ossl modules provides these features:

  • Encrypted communication between client and server, using RSA or DES encryption standards.

  • Integrity checking of client/server communication using MD5 or SHA checksum algorithms.

  • Certificate management with Oracle wallets.

  • Authorization of clients with multiple access checks, exactly as performed in the mod_ssl module.

mod_ossl Module Directives

See mod_ossl Module for a list and descriptions of directives accepted by the mod_ossl module.

Note:

See Configuring SSL for the Web Tier in Administering Oracle Fusion Middleware.

mod_webgate Module—Enables Single Sign-on

The mod_webgate module is included with Oracle HTTP Server to enable single sign-on features from Oracle Access Manager (OAM). OAM's WebGate feature examines incoming requests and determines whether the requested resource is protected, and if so, retrieves the session information for the user. See Authenticating Users with WebGate and Security: Single Sign-On with WebGate.

mod_webgate is generally integrated with mod_ossl and mod_wl_ohs, and has a dependency on cURL and OpenSSL libraries. These libraries are also included in the Oracle HTTP Server installation. For information about configuring WebGate, see Configuring WebGate for Oracle Access Manager in Installing and Configuring Oracle HTTP Server.

mod_wl_ohs Module—Proxies Requests to Oracle WebLogic Server

The mod_wl_ohs module is a key feature of Oracle HTTP Server that enables requests to be proxied from Oracle HTTP Server to Oracle WebLogic Server. This module is generally referred to as the Oracle WebLogic Server Proxy Plug-In. This plug-in enhances an Oracle HTTP server installation by allowing Oracle WebLogic Server to handle requests that require dynamic functionality. In other words, you typically use a plug-in where the HTTP server serves static pages such as HTML pages, while Oracle WebLogic Server serves dynamic pages such as HTTP Servlets and Java Server Pages (JSPs).

For information about the prerequisites and procedure for configuring mod_wl_ohs, see Configuring the Plug-In for Oracle HTTP Server in Using Oracle WebLogic Server Proxy Plug-Ins. Directives for this module are listed in Parameters for Oracle WebLogic Server Proxy Plug-Ins in Using Oracle WebLogic Server Proxy Plug-Ins.

Note:

mod_wl_ohs is similar to the mod_wl plug-in, which you can use to proxy requests from Apache HTTP Server to Oracle WebLogic server. However, while the mod_wl plug-in for Apache HTTP Server should be downloaded and installed separately, the mod_wl_ohs plug-in is bundled with Oracle HTTP Server.

Apache HTTP Server and Third-party Modules in Oracle HTTP Server

Oracle HTTP Server includes Apache and third-party modules. These modules are not developed by Oracle.

Table 2-1 lists these modules.

Table 2-1 Apache HTTP Server and Third-party Modules in Oracle HTTP Server

Module Enabled by Default? For more information, see:

mod_access_compat

No

http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html

mod_actions

Yes

http://httpd.apache.org/docs/2.4/mod/mod_actions.html

mod_alias

Yes

http://httpd.apache.org/docs/2.4/mod/mod_alias.html

mod_asis

Yes

http://httpd.apache.org/docs/2.4/mod/mod_asis.html

mod_auth_basic

Yes

http://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html

mod_authn_anon

Yes

http://httpd.apache.org/docs/2.4/mod/mod_authn_anon.html

mod_authn_core

Yes

http://httpd.apache.org/docs/2.4/mod/mod_authn_core.html

mod_authn_file

Yes

http://httpd.apache.org/docs/2.4/mod/mod_authn_file.html

mod_authz_core

Yes

http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html

mod_authnz_fcgi

No

http://httpd.apache.org/docs/2.4/mod/mod_authnz_fcgi.html

mod_authz_groupfile

Yes

http://httpd.apache.org/docs/2.4/mod/mod_authz_groupfile.html

mod_authz_host

Yes

http://httpd.apache.org/docs/2.4/mod/mod_authz_host.html

mod_authz_owner

No

http://httpd.apache.org/docs/2.4/mod/mod_authz_owner.html

mod_authz_user

Yes

http://httpd.apache.org/docs/2.4/mod/mod_authz_user.html

mod_autoindex

Yes

http://httpd.apache.org/docs/2.4/mod/mod_autoindex.html

mod_cache (Windows only)

No

http://httpd.apache.org/docs/2.4/mod/mod_cache.html

mod_cache_disk

No

http://httpd.apache.org/docs/2.4/mod/mod_cache_disk.html

mod_disk_cache (Windows only)

No

http://httpd.apache.org/docs/2.2/mod/mod_disk_cache.html

mod_cern_meta

Yes

http://httpd.apache.org/docs/2.4/mod/mod_cern_meta.html

mod_cgi

Yes

http://httpd.apache.org/docs/2.4/mod/mod_cgi.html

mod_cgid (UNIX only)

Yes

http://httpd.apache.org/docs/2.4/mod/mod_cgid.html

mod_deflate

No

http://httpd.apache.org/docs/2.4/mod/mod_deflate.html

Note: To enable mod_deflate, you must first upload mod_filter. In Apache HTTP Server Version 2.4, the command AddOutputFilterByType directive is moved to mod_filter module. See https://httpd.apache.org/docs/current/upgrading.html#commonproblems.

mod_dir

Yes

http://httpd.apache.org/docs/2.4/mod/mod_dir.html

mod_dumpio

No

http://httpd.apache.org/docs/2.4/mod/mod_dumpio.html

mod_env

Yes

http://httpd.apache.org/docs/2.4/mod/mod_env.html

mod_expires

Yes

http://httpd.apache.org/docs/2.4/mod/mod_expires.html

mod_file_cache

Yes

http://httpd.apache.org/docs/2.4/mod/mod_file_cache.html

mod_filter

No

http://httpd.apache.org/docs/2.4/mod/mod_filter.html

Note: The syntax of the FilterProvider directive under mod_filter has changed in Apache 2.4. This directive must be upgraded manually. See http://httpd.apache.org/docs/2.4/upgrading.html

mod_headers

Yes

http://httpd.apache.org/docs/2.4/mod/mod_headers.html

mod_imagemap

Yes

http://httpd.apache.org/docs/2.4/mod/mod_imagemap.html

mod_include

Yes

http://httpd.apache.org/docs/2.4/mod/mod_include.html

mod_info

Yes

http://httpd.apache.org/docs/2.4/mod/mod_info.html

mod_lbmethod_bybusyness

No

http://httpd.apache.org/docs/2.4/mod/mod_lbmethod_bybusyness.html

mod_lbmethod_byrequests

No

http://httpd.apache.org/docs/2.4/mod/mod_lbmethod_byrequests.html

mod_lbmethod_bytraffic

No

http://httpd.apache.org/docs/2.4/mod/mod_lbmethod_bytraffic.html

mod_log_config

Yes

http://httpd.apache.org/docs/2.4/mod/mod_log_config.html

mod_log_forensic

Yes

http://httpd.apache.org/docs/2.4/mod/mod_log_forensic.html

mod_logio

No

http://httpd.apache.org/docs/2.4/mod/mod_logio.html

mod_macro

No

http://httpd.apache.org/docs/2.4/mod/mod_macro.html

mod_mime

Yes

http://httpd.apache.org/docs/2.4/mod/mod_mime.html

mod_mime_magic

Yes

http://httpd.apache.org/docs/2.4/mod/mod_mime_magic.html

mod_mpm_event

Yes (Linux only)

http://httpd.apache.org/docs/2.4/mod/event.html

mod_mpm_prefork

No

http://httpd.apache.org/docs/2.4/mod/prefork.html

mod_mpm_winnt (Windows only)

Yes

http://httpd.apache.org/docs/2.4/mod/mpm_winnt.html

mod_mpm_worker

Yes (on Non-Windows and non-Linux platforms)

http://httpd.apache.org/docs/2.4/mod/worker.html

mod_negotiation

Yes

http://httpd.apache.org/docs/2.4/mod/mod_negotiation.html

mod_proxy

Yes

http://httpd.apache.org/docs/2.4/mod/mod_proxy.html

mod_proxy_balancer

Yes

http://httpd.apache.org/docs/2.4/mod/mod_proxy_balancer.html

mod_proxy_connect

Yes

http://httpd.apache.org/docs/2.4/mod/mod_proxy_connect.html

mod_proxy_fcgi

No

http://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html

mod_proxy_ftp

Yes

http://httpd.apache.org/docs/2.4/mod/mod_proxy_ftp.html

mod_proxy_http

Yes

http://httpd.apache.org/docs/2.4/mod/mod_proxy_http.html

mod_remoteip

No

http://httpd.apache.org/docs/2.4/mod/mod_remoteip.html

mod_reqtimeout

No

http://httpd.apache.org/docs/2.4/mod/mod_reqtimeout.html

mod_rewrite

Yes

http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html

mod_security2

No

http://www.modsecurity.org/documentation.html

Also, for Oracle HTTP Server-specific information regarding mod_security, see Configuring mod_security in the httpd.conf File..

mod_sed

No

http://httpd.apache.org/docs/2.4/mod/mod_sed.html

mod_setenvif

Yes

http://httpd.apache.org/docs/2.4/mod/mod_setenvif.html

mod_slotmem_shm

Yes

http://httpd.apache.org/docs/2.4/mod/mod_slotmem_shm.html

mod_socache_shmcb

Yes

http://httpd.apache.org/docs/2.4/mod/mod_socache_shmcb.html

mod_speling

Yes

http://httpd.apache.org/docs/2.4/mod/mod_speling.html

mod_status

Yes

http://httpd.apache.org/docs/2.4/mod/mod_status.html

mod_substitute

No

http://httpd.apache.org/docs/2.4/mod/mod_substitute.html

mod_unique_id

Yes

http://httpd.apache.org/docs/2.4/mod/mod_unique_id.html

mod_unixd

Yes

http://httpd.apache.org/docs/2.4/mod/mod_unixd.html

mod_userdir

Yes

http://httpd.apache.org/docs/2.4/mod/mod_userdir.html

mod_usertrack

Yes

http://httpd.apache.org/docs/2.4/mod/mod_usertrack.html

mod_version

Yes

http://httpd.apache.org/docs/2.4/mod/mod_version.html

mod_vhost_alias

Yes

http://httpd.apache.org/docs/2.4/mod/mod_vhost_alias.html

mod_proxy_wstunnel

No

http://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html