2 Understanding Oracle HTTP Server Modules
Modules extend the basic functionality of Oracle HTTP Server and support integration between Oracle HTTP Server and other Oracle Fusion Middleware components. Oracle HTTP Server uses both Oracle developed modules or “plug-ins” and Apache and third party-developed modules.
This chapter includes the following sections:
- Oracle-Developed Modules for Oracle HTTP Server
Oracle has developed modules that Oracle HTTP Server can use specifically to extend its basic functionality. - Apache HTTP Server and Third-party Modules in Oracle HTTP Server
Oracle HTTP Server includes Apache and third-party modules. These modules are not developed by Oracle.
Parent topic: Understanding Oracle HTTP Server
Oracle-Developed Modules for Oracle HTTP Server
Oracle has developed modules that Oracle HTTP Server can use specifically to extend its basic functionality.
The following sections describe these modules:
- mod_certheaders Module—Enables Reverse Proxies
- mod_context Module—Creates or Propagates ECIDs
- mod_dms Module—Enables Access to DMS Data
- mod_odl Module—Enables Access to ODL
- mod_ora_audit—Supports Authentication and Authorization Auditing
- mod_ossl Module—Enables Cryptography (SSL)
- mod_webgate Module—Enables Single Sign-on
- mod_wl_ohs Module—Proxies Requests to Oracle WebLogic Server
Parent topic: Understanding Oracle HTTP Server Modules
mod_certheaders Module—Enables Reverse Proxies
The mod_certheaders module enables reverse proxies that terminate Secure Sockets Layer (SSL) connections in front of Oracle HTTP Server to transfer information regarding the SSL connection, such as SSL client certificate information, to Oracle HTTP Server and the applications running behind Oracle HTTP Server. This information is transferred from the reverse proxy to Oracle HTTP Server using HTTP headers. The information is then transferred from the headers to the standard CGI environment variable. The mod_ossl module or the mod_ssl module populate the variable if the SSL connection is terminated by Oracle HTTP Server.
The mod_certheaders module also enables certain requests to be treated as HTTPS requests even though they are received through HTTP. This is done using the SimulateHttps
directive.
SimulateHttps
takes the container it is contained within, such as <VirtualHost>
or <Location>
, and treats all requests received for this container as if they were received through HTTPS, regardless of the real protocol used by the request.
See mod_certheaders Module for a list and description of the directives accepted by mod_certheaders.
Parent topic: Oracle-Developed Modules for Oracle HTTP Server
mod_context Module—Creates or Propagates ECIDs
The mod_context module creates or propagates Execution Context IDs, or ECIDs, for requests handled by Oracle HTTP Server. If an ECID has been created for the request execution flow before it reaches Oracle HTTP Server, mod_context will make the ECID available for logging within Oracle HTTP Server and for propagation to other Fusion Middleware components, such as WebLogic Server. If an ECID has not been created when the request reaches Oracle HTTP Server, mod_context will create one.
mod_context is not configurable. It enables loading ECIDs into the server with the LoadModule directive, and disabled by removing or commenting out the LoadModule directive corresponding to this module. It should always be enabled to aid with problem diagnosis.
Parent topic: Oracle-Developed Modules for Oracle HTTP Server
mod_dms Module—Enables Access to DMS Data
The mod_dms module provides FMW infrastructure access to the Oracle HTTP Server Dynamic Monitoring Service (DMS) data.
See Also:
Oracle Dynamic Monitoring Service in Tuning Performance.
Parent topic: Oracle-Developed Modules for Oracle HTTP Server
mod_odl Module—Enables Access to ODL
The mod_odl module allows Oracle HTTP Server to access Oracle Diagnostic Logging (ODL). ODL generates log messages in text or XML-formatted logs, in a format which complies with Oracle standards for generating error log messages. Oracle HTTP Server uses ODL by default.
ODL provides the following benefits:
-
The capability to limit the total amount of diagnostic information saved. You can set the level of information saved and you can specify the maximum size of the log file and the log file directory.
-
When you reach the specified size, older segment files are removed and newer segment files are saved in chronological fashion.
-
Components can remain active, and do not need to be shutdown, when older diagnostic logging files are deleted.
You can view log files using Fusion Middleware Control or with WLST commands, or you can download log files to your local client and view them using another tool (for example, a text edit or another file viewing utility)
For more information on using ODL with Oracle HTTP Server, see Managing Oracle HTTP Server Logs.
See Also:
Managing Log Files and Diagnostic Datain Administering Oracle Fusion Middleware.
Parent topic: Oracle-Developed Modules for Oracle HTTP Server
mod_ora_audit—Supports Authentication and Authorization Auditing
This module provides the OraAuditEnable directive to support authentication and authorization auditing by using the FMW Common Audit Framework. Previously the code for Audit was integrated in Oracle HTTP Server binary itself. In the current release, this is provided as a separate loadable module. See Support for FMW Audit Framework.
Parent topic: Oracle-Developed Modules for Oracle HTTP Server
mod_ossl Module—Enables Cryptography (SSL)
The mod_ossl
module enables strong cryptography for Oracle HTTP Server. It is a plug-in to Oracle HTTP Server that enables the server to use SSL. The functionality of this module is similar to the functionality of Apache’s mod_ssl
module. However, the cryptography engine used in the mod_ossl
module differs from that of the mod_ssl
module. The mod_ossl
module uses Oracle’s Secure Socket Layer, which is based on RSA security technology, whereas the mod_ssl
module relies on OpenSSL to provide the cryptography engine.
Note:
Oracle HTTP server distributes OpenSSL libraries for usage withmod_security2
module. As stated above, the mod_ossl
module does not use OpenSSL libraries.
Oracle HTTP Server complies with the Federal Information Processing Standard publication 140 (FIPS 140). It uses a version of the underlying SSL libraries that has gone through formal FIPS certification. As part of Oracle HTTP Server's FIPS 140 compliance, the mod_ossl
plug-in now includes the SSLFIPS directive. See SSLFIPS Directive.
Oracle no longer supports the mod_ssl
module. A tool is provided to enable you to migrate from mod_ssl
to mod_ossl
, and convert your text certificates to Oracle wallets.
The mod_ossl
modules provides these features:
-
Encrypted communication between client and server, using RSA or DES encryption standards.
-
Integrity checking of client/server communication using MD5 or SHA checksum algorithms.
-
Certificate management with Oracle wallets.
-
Authorization of clients with multiple access checks, exactly as performed in the
mod_ssl
module.
mod_ossl Module Directives
See mod_ossl Module for a list and descriptions of directives accepted by the mod_ossl
module.
Note:
See Configuring SSL for the Web Tier in Administering Oracle Fusion Middleware.
Parent topic: Oracle-Developed Modules for Oracle HTTP Server
mod_webgate Module—Enables Single Sign-on
The mod_webgate
module is included with Oracle HTTP Server to enable single sign-on features from Oracle Access Manager (OAM). OAM's WebGate feature examines incoming requests and determines whether the requested resource is protected, and if so, retrieves the session information for the user. See Authenticating Users with WebGate and Security: Single Sign-On with WebGate.
mod_webgate
is generally integrated with mod_ossl
and mod_wl_ohs
, and has a dependency on cURL and OpenSSL libraries. These libraries are also included in the Oracle HTTP Server installation. For information about configuring WebGate, see Configuring WebGate for Oracle Access Manager in Installing and Configuring Oracle HTTP Server.
mod_wl_ohs Module—Proxies Requests to Oracle WebLogic Server
The mod_wl_ohs module is a key feature of Oracle HTTP Server that enables requests to be proxied from Oracle HTTP Server to Oracle WebLogic Server. This module is generally referred to as the Oracle WebLogic Server Proxy Plug-In. This plug-in enhances an Oracle HTTP server installation by allowing Oracle WebLogic Server to handle requests that require dynamic functionality. In other words, you typically use a plug-in where the HTTP server serves static pages such as HTML pages, while Oracle WebLogic Server serves dynamic pages such as HTTP Servlets and Java Server Pages (JSPs).
For information about the prerequisites and procedure for configuring mod_wl_ohs, see Configuring the Plug-In for Oracle HTTP Server in Using Oracle WebLogic Server Proxy Plug-Ins. Directives for this module are listed in Parameters for Oracle WebLogic Server Proxy Plug-Ins in Using Oracle WebLogic Server Proxy Plug-Ins.
Note:
mod_wl_ohs is similar to the mod_wl plug-in, which you can use to proxy requests from Apache HTTP Server to Oracle WebLogic server. However, while the mod_wl plug-in for Apache HTTP Server should be downloaded and installed separately, the mod_wl_ohs plug-in is bundled with Oracle HTTP Server.
Parent topic: Oracle-Developed Modules for Oracle HTTP Server
Apache HTTP Server and Third-party Modules in Oracle HTTP Server
Oracle HTTP Server includes Apache and third-party modules. These modules are not developed by Oracle.
Table 2-1 lists these modules.
Table 2-1 Apache HTTP Server and Third-party Modules in Oracle HTTP Server
Module | Enabled by Default? | For more information, see: |
---|---|---|
mod_access_compat |
No |
|
mod_actions |
Yes |
|
mod_alias |
Yes |
|
mod_asis |
Yes |
|
mod_auth_basic |
Yes |
|
mod_authn_anon |
Yes |
|
mod_authn_core |
Yes |
|
mod_authn_file |
Yes |
|
mod_authz_core |
Yes |
|
mod_authnz_fcgi |
No |
|
mod_authz_groupfile |
Yes |
|
mod_authz_host |
Yes |
|
mod_authz_owner |
No |
|
mod_authz_user |
Yes |
|
mod_autoindex |
Yes |
|
mod_cache (Windows only) |
No |
|
mod_cache_disk |
No |
|
mod_disk_cache (Windows only) |
No |
|
mod_cern_meta |
Yes |
|
mod_cgi |
Yes |
|
mod_cgid (UNIX only) |
Yes |
|
mod_deflate |
No |
Note: To enable |
mod_dir |
Yes |
|
mod_dumpio |
No |
|
mod_env |
Yes |
|
mod_expires |
Yes |
|
mod_file_cache |
Yes |
|
mod_filter |
No |
Note: The syntax of the |
mod_headers |
Yes |
|
mod_imagemap |
Yes |
|
mod_include |
Yes |
|
mod_info |
Yes |
|
mod_lbmethod_bybusyness |
No |
|
mod_lbmethod_byrequests |
No |
|
mod_lbmethod_bytraffic |
No |
|
mod_log_config |
Yes |
|
mod_log_forensic |
Yes |
|
mod_logio |
No |
|
mod_macro |
No |
|
mod_mime |
Yes |
|
mod_mime_magic |
Yes |
|
mod_mpm_event |
Yes (Linux only) |
|
mod_mpm_prefork |
No |
|
mod_mpm_winnt (Windows only) |
Yes |
|
mod_mpm_worker |
Yes (on Non-Windows and non-Linux platforms) |
|
mod_negotiation |
Yes |
|
mod_proxy |
Yes |
|
mod_proxy_balancer |
Yes |
|
mod_proxy_connect |
Yes |
|
mod_proxy_fcgi |
No |
|
mod_proxy_ftp |
Yes |
|
mod_proxy_http |
Yes |
|
mod_remoteip |
No |
|
mod_reqtimeout |
No |
|
mod_rewrite |
Yes |
|
mod_security2 |
No |
Also, for Oracle HTTP Server-specific information regarding mod_security, see Configuring mod_security in the httpd.conf File.. |
mod_sed |
No |
|
mod_setenvif |
Yes |
|
mod_slotmem_shm |
Yes |
|
mod_socache_shmcb |
Yes |
|
mod_speling |
Yes |
|
mod_status |
Yes |
|
mod_substitute |
No |
|
mod_unique_id |
Yes |
|
mod_unixd |
Yes |
|
mod_userdir |
Yes |
|
mod_usertrack |
Yes |
|
mod_version |
Yes |
|
mod_vhost_alias |
Yes |
|
mod_proxy_wstunnel |
No |
|
Parent topic: Understanding Oracle HTTP Server Modules