5 Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server

The following sections describe how to install and configure the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server:

5.1 Installing and Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS

To install the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server:

  1. Download the WLS Web Server Proxy Plug-In for IIS Web Server, as described in Section 1.2, "Availability of WLS Web Server Proxy Plug-In 12.1.2." The zip file contains these files:

    Table 5-1 Files Included in the Microsoft IIS Plug-In Zip

    (path)/filename Description

    README.txt

    Information specific to the distribution, late-breaking updates, and other errata.

    bin/orapki.bat

    orapki tool for configuring Oracle wallets

    jlib/*.jar

    orapki helper Java libraries

    iisproxy.dll

    WebLogic proxy module

    lib/*.dll

    Helper libraries

  2. Copy the iisproxy.dll file into a convenient directory that is accessible to IIS. This directory must also contain the iisproxy.ini file that you will create in step 6.

  3. Set the user permissions for the iisproxy.dll file to include the name of the user who will be running IIS. One way to do this is by right clicking on the iisproxy.dll file and selecting Permissions, then adding the username of the person who will be running IIS.

  4. If you want to configure proxying by file extension (MIME type) complete this step. (You can configure proxying by path in addition to or instead of configuring by MIME type. See step 5.)

    1. Start the Internet Information Service Manager by selecting it from the Start menu.

    2. In the left panel of the Service Manager, select your Web site (the default is Default Web Site).

      Figure 5-1 Selecting Web Site in Service Manager

      Description of Figure 5-1 follows
      Description of "Figure 5-1 Selecting Web Site in Service Manager"

    3. Click the Play arrow in the toolbar to start.

    4. Open the properties for the selected Web site by right-clicking the Web site selection in the left panel and selecting Properties.

      Figure 5-2 Selecting Properties for Selected Web Site

      Description of Figure 5-2 follows
      Description of "Figure 5-2 Selecting Properties for Selected Web Site"

    5. In the Properties panel, select the Home Directory tab, and click Configuration in the Applications Settings section.

      Figure 5-3 Home Directory Tab of the Properties Panel

      Description of Figure 5-3 follows
      Description of "Figure 5-3 Home Directory Tab of the Properties Panel"

    6. On the Mappings tab, click Add to add file types and configure them to be proxied to WebLogic Server.

      Figure 5-4 Click the Add Button to Add File Types

      Description of Figure 5-4 follows
      Description of "Figure 5-4 Click the Add Button to Add File Types"

    7. In the Add dialog box, browse to find the iisproxy.dll file.

    8. Set the Extension to the type of file that you want to proxy to WebLogic Server.

    9. If you are configuring for IIS 6.0 or later, be sure to deselect the Check that file exists check box. The behavior of this check has changed from earlier versions of IIS: it used to check that the iisproxy.dll file exists; now it checks that files requested from the proxy exist in the root directory of the Web server. If the check does not find the files there, the iisproxy.dll file will not be allowed to proxy requests to the WebLogic Server.

    10. In the Directory Security tab, set the Method exclusions as needed to create a secure installation.

    11. When you finish, click OK to save the configuration. Repeat this process for each file type you want to proxy to WebLogic.

    12. When you finish configuring file types, click OK to close the Properties panel.

      Note:

      In the URL, any path information you add after the server and port is passed directly to WebLogic Server. For example, if you request a file from IIS with the URL:

      http://myiis.com/jspfiles/myfile.jsp

      it is proxied to WebLogic Server with a URL such as http://mywebLogic:7001/jspfiles/myfile.jsp

      Note:

      To avoid out-of-process errors, ensure Cache ISAPI Applications is selected.

  5. If you want to configure proxying by path, see Section 5.4, "Using Wildcard Application Mappings to Proxy by Path".

  6. In the directory used in Step 2, create the iisproxy.ini file.

    The iisproxy.ini file contains name=value pairs that define configuration parameters for the plug-in. The parameters are listed in Section 7.1, "General Parameters for Web Server Plug-Ins".

    Use the example iisproxy.ini file in Section 5.5.1, "Sample iisproxy.ini File" as a template for your iisproxy.ini file.

    Note:

    Changes in the parameters will not go into effect until you restart the "IIS Admin Service" (under services, in the control panel).

    Oracle recommends that you locate the iisproxy.ini file in the same directory that contains the iisproxy.dll file. You can also use other locations. If you place the file elsewhere, note that WebLogic Server searches for iisproxy.ini in the following directories, in the following order:

    1. In the same directory where iisproxy.dll is located.

    2. In the home directory of the most recent version of WebLogic Server that is referenced in the Windows Registry. (If WebLogic Server does not find the iisproxy.ini file in the home directory, it continues looking in the Windows Registry for older versions of WebLogic Server and looks for the iisproxy.ini file in the home directories of those installations.)

    3. In the directory c:\weblogic, if it exists.

  7. Define the Oracle WebLogic Server host and port number to which the Microsoft Internet Information Server plug-in proxies requests. Depending on your configuration, there are two ways to define the host and port:

    • If you are proxying requests to a single WebLogic Server, define the WebLogicHost and WebLogicPort parameters in the iisproxy.ini file. For example:

      WebLogicHost=localhost
WebLogicPort=7001

    • If you are proxying requests to a cluster of WebLogic Servers, define the WebLogicCluster parameter in the iisproxy.ini file. For example:

      WebLogicCluster=myweblogic.com:7001,yourweblogic.com:7001

      Where myweblogic.com and yourweblogic.com are instances of Oracle WebLogic Server running in a cluster.

  8. Optionally, enable HTTP tunneling by following the instructions for proxying by path (see Section 5.4, "Using Wildcard Application Mappings to Proxy by Path") substituting the WebLogic Server host name and the WebLogic Server port number, or the name of a WebLogic Cluster that you wish to handle HTTP tunneling requests.

  9. Set any additional parameters in the iisproxy.ini file. A complete list of parameters is available in the appendix Section 7.1, "General Parameters for Web Server Plug-Ins".

  10. If you are proxying servlets from IIS to WebLogic Server and you are not proxying by path, see Section 5.4, "Using Wildcard Application Mappings to Proxy by Path".

  11. The installed version of IIS with its initial settings does not allow the iisproxy.dll. Use the IIS Manager console to enable the plug-in:

    1. Open the IIS Manager console.

    2. Select Web Service Extensions.

    3. Set All Unknown ISAPI Extensions to Allowed.

5.1.1 Example: Configuring the IIS Plug-In

The following example describes how to set up the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server to proxy requests to a backend WebLogic Server (WLS).

  1. Create iisproxy.ini file in%PLUGIN_HOME%\lib\. Include the following lines:

    WebLogicHost=wls-host
WebLogicPort=wls-port
Debug=ALL
WLLogFile=C:\Temp\wl-proxy.log

  2. Ensure that the %PLUGIN_HOME%\lib is included in the system PATH (Control-Panel then System then System Properties then Environment Variables then System Properties then PATH).

  3. Open IIS Manager, use Default Web Site or create a Web Site. Click the site, open Handler Mappings and add a script map (set the Extension, for example '*.jsp' or '*', set Executable to %PLUGIN_HOME%\lib\iisproxy.dll, and assign a Name)

  4. Start IIS.

  5. Send a request to http://iis-host:iis-port/mywebapp/my.jsp from the browser. Validate the response.

5.2 Installing and Configuring the Microsoft IIS Plug-In for IIS 7.0

This section describes differences in how you set up the Microsoft Internet Information Server plug-in for IIS 7.0.

To set up the Microsoft Internet Information Server plug-in for IIS 7.0, follow these steps:

  1. Create a web application in IIS Manager by right clicking on Web Sites > Add Web Site.

    Fill in the Web Site Name with the name you want to give to your web application; for example, MyApp. Select the physical path of your web application Port (any valid port number not currently in use).

    Click OK to create the web application.

    If you can see the name of your application under Web Sites it means that your application has been created and started running. Click the MyApp node under Web Sites to see all of the settings related to the MyApp application, which you can change, as shown in Figure 5-5.

    Figure 5-5 Application Home Page

    Description of Figure 5-5 follows
    Description of "Figure 5-5 Application Home Page"

  2. Click Handler Mappings to set the mappings to the handler for a particular MIME type.

    Figure 5-6 Setting the Handler Mappings

    Description of Figure 5-6 follows
    Description of "Figure 5-6 Setting the Handler Mappings"

  3. Click the StaticFile and change the Request path from * to *.*. Click OK.

    Figure 5-7 Editing the Request Path for Module

    Description of Figure 5-7 follows
    Description of "Figure 5-7 Editing the Request Path for Module"

  4. Click MyApp and then click Add Script Map on the right-hand side menu options. Enter * for the Request path.

    Browse to the iisproxy.dll file and add it as the executable. Name it proxy.

    Figure 5-8 Editing the Request Path for Script

    Description of Figure 5-8 follows
    Description of "Figure 5-8 Editing the Request Path for Script"

  5. Click Request Restrictions and deselect Invoke handler only if the request is mapped to.

    Figure 5-9 Editing the Request Restrictions

    Description of Figure 5-9 follows
    Description of "Figure 5-9 Editing the Request Restrictions"

  6. Click OK to add this Handler mapping. Click Yes on the Add Script Map dialog box.

    Figure 5-10 Adding the Script Map

    Description of Figure 5-10 follows
    Description of "Figure 5-10 Adding the Script Map"

  7. If you want to configure proxying by path, see Section 5.4, "Using Wildcard Application Mappings to Proxy by Path".

  8. Click the Root node of the IIS Manager tree and click the ISAPI and CGI Restrictions. Make sure to check Allow unspecified ISAPI modules.

    Figure 5-11 Editing ISAPI and CGI Restrictions

    Description of Figure 5-11 follows
    Description of "Figure 5-11 Editing ISAPI and CGI Restrictions"

  9. Create a file called iisproxy.ini with the following contents and place it in the directory with the plug-in:

    WebLogicHost= @hostname@
WebLogicPort= @port@
ConnectRetrySecs=5
ConnectTimeoutSecs=25
Debug=ALL
DebugConfigInfo=ON
KeepAliveEnabled=true
 
WLLogFile=@Log file name@
SecureProxy=OFF

  10. Open the Internet Explorer browser and enter http://<hostname>:<port>. You should be able to see the Medrec Sample Application from your Oracle WebLogic Server.

    If you want to run the plug-in SSL mode, change the value of WeblogicPort to the SSL port of your application, change the SecureProxy value to ON, and set WLSSLWallet to the location of the wallet. For more information on SSL parameters, see Section 7.2, "SSL Parameters for Web Server Plug-Ins".

    Figure 5-12 Medrec Sample Application

    Description of Figure 5-12 follows
    Description of "Figure 5-12 Medrec Sample Application"

5.3 Serving Static Files from the Web Server

In order to have IIS 7.5 serve all static content that could be included on a web application that is to be served by WebLogic Server, do the following:

  1. Configure your application by setting up WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server on IIS 7.5 Web Server as described in Section 5.1.

    Assume that you created a Handler Mapper named proxy as described on the Oracle documentation.

    Important:

    Do not use WLEXCLUDEPATHORMIMETYPE property inside your proxy setup. It is not required neither useful here and can only confuse the understanding of the flow.

  2. On IIS Manager, display the home page by clicking the Virtual Directory or Application created on step 1.

  3. Double-click the Handling Mappers and then click View Ordered List on the right side pane. An ordered list of Handler Mappings appears.

  4. Select proxy and drag it below StaticFile handler mapping (in other words the StaticFile handler mapping should be above the proxy handler mapping.)

  5. Edit the Static File and change the request path to: *.jpg. Save the file.

  6. To have IIS 7.5 to serve types of static files, for example, PNGs, GIFs, or CSS, do the following:

    1. On IIS Manager, display the home page by clicking the Virtual Directory or Application created on step 1.

    2. Double click the Handling Mappers and then click Add Module Mapping on the right side pane.

    3. Choose a Request Path of desired type: for PNGs use *.png, for GIFs use *.gif and so on. For Module, choose StaticFileModule, enter a name, and click OK.

    4. Ensure that as stated on step 4, the newly created HandlerMapping is ordered before the proxy Handler Mapping defined on step 1.

5.4 Using Wildcard Application Mappings to Proxy by Path

As described in "Installing Wildcard Application Mappings (IIS 6.0)" (http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/5c5ae5e0-f4f9-44b0-a743-f4c3a5ff68ec.mspx?mfr=true), and "Add a Wildcard Script Map" for IIS 7.5 (http://technet.microsoft.com/en-us/library/cc754606(WS.10).aspx), you can configure a Web site or virtual directory to run an Internet Server API (ISAPI) application at the beginning of every request to that Web site or virtual directory, regardless of the extension of the requested file. You can use this feature to insert a mapping to iisproxy.dll and thereby proxy requests by path to WebLogic Server.

5.4.1 Installing Wildcard Application Mappings (IIS 6.0)

The following steps summarize the instructions available at "Installing Wildcard Application Mappings (IIS 6.0)" (http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/5c5ae5e0-f4f9-44b0-a743-f4c3a5ff68ec.mspx?mfr=true) for adding a wildcard application mapping to a Web server or Web site in IIS 6.0:

  1. In IIS Manager, expand the local computer, expand the Web Sites folder, right-click the Web site or virtual directory that you want, and then click Properties.

  2. Click the appropriate tab: Home Directory, Virtual Directory, or Directory.

  3. In the Application settings area, click Configuration, and then click the Mappings tab.

  4. To install a wildcard application map, do the following:

    1. On the Mappings tab, click Insert.

    2. Type the path to the iisproxy.dll DLL in the Executable text box or click Browse to navigate to.

    3. Click OK.

5.4.2 Adding a Wildcard Script Map for IIS 7.5

The following steps summarize the instructions available at "Add a Wildcard Script Map" for IIS 7.5 (http://technet.microsoft.com/en-us/library/cc754606(WS.10).aspx) to add a wildcard script map to do proxy-by-path with ISAPI in IIS 7.5:

  1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see "Open IIS Manager" at http://technet.microsoft.com/en-us/library/cc770472(WS.10).aspx. For information about navigating to locations in the UI, see "Navigation in IIS Manager" at http://technet.microsoft.com/en-us/library/cc732920(WS.10).aspx.

  2. In Features View, on the server, site, or application Home page, double-click Handler Mappings.

  3. On the Handler Mappings page, in the Actions pane, click Add Wildcard Script Map.

  4. In the Executable box, type the full path or browse to the iisproxy.dll that processes the request. For example, type systemroot\system32\inetsrv\iisproxy.dll.

  5. In the Name box, type a friendly name for the handler mapping.

  6. Click OK.

  7. Optionally, on the Handler Mappings page, select a handler to lock or unlock it. When you lock a handler mapping, it cannot be overridden at lower levels in the configuration. Select a handler mapping in the list, and then in the Actions pane, click Lock or Unlock.

  8. After you add a wildcard script map, you must add the executable to the ISAPI and CGI Restrictions list to enable it to run. For more information about ISAPI and CGI restrictions, see "Configuring ISAPI and CGI Restrictions in IIS 7" at http://technet.microsoft.com/en-us/library/cc730912(WS.10).aspx.

Note:

If you are proxying a request to multiple IIS applications within the same IIS site, to prevent the subsequent request from proxying to the first website only, create each IIS application and assign a unique application pool to each IIS application.

With IIS 7.x, you cannot assign application pools to virtual directories.

5.5 Proxying Requests from Multiple Virtual Web Sites to WebLogic Server

To proxy requests from multiple Web sites (defined as virtual directories in IIS) to WebLogic Server:

  1. Create a new directory for the virtual directories. This directory will contain .dll and .ini files used to define the proxy.

  2. Extract the contents of the plug-in .zip file to a directory.

  3. For each virtual directory you configured, copy the contents of the plug-in \lib folder to the directory you created in step 1.

  4. Create an iisproxy.ini file for the virtual Web sites, as described in Section 1.1.2, "Proxying Requests". Copy this iispoxy.ini file to the directory you created in step 1.

  5. Copy iisproxy.dll to the directory you created in step 1.

  6. Create a separate application pool for each virtual directory.

    As described in "Creating Application Pools (IIS 6.)" (http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/93275ef2-2f85-4eb1-8b92-a67545be11b4.mspx?mfr=true), you can isolate different Web applications or Web sites in pools, which are called application pools. In an application pool, process boundaries separate each worker process from other worker processes so that when an application is routed to one application pool, applications in other application pools do not affect that application.

Note:

Step 6 only applies to IIS 6.0 as there is no Application Protection option with IIS 7.0. The above step will work with IIS 7.0, with the exception that exactly one IIS virtual directory exists within a particular IIS site. The limitation exists because, with IIS 7.0, it is impossible to assign a unique application pool to each virtual directory, thus the subsequent requests are always proxied to the first website(virtual directory).

5.5.1 Sample iisproxy.ini File

Here is a sample iisproxy.ini file for use with a single, non-clustered WebLogic Server. Comment lines are denoted with the "#" character.

# This file contains initialization name/value pairs
# for the IIS/WebLogic plug-in.
WebLogicHost=localhost
WebLogicPort=7001
ConnectTimeoutSecs=20
ConnectRetrySecs=2

Here is a sample iisproxy.ini file with clustered WebLogic Servers. Comment lines are denoted with the "#" character.

# This file contains initialization name/value pairs
# for the IIS/WebLogic plug-in.
WebLogicCluster=myweblogic.com:7001,yourweblogic.com:7001
ConnectTimeoutSecs=20
ConnectRetrySecs=2

Note:

If you are using SSL between the plug-in and WebLogic Server, the port number should be defined as the SSL listen port.

5.6 Creating ACLs Through IIS

ACLs will not work through the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server if the Authorization header is not passed by IIS. Use the following information to ensure that the Authorization header is passed by IIS.

When using Basic Authentication, the user is logged on with local log-on rights. To enable the use of Basic Authentication, grant each user account the Log On Locally user right on the IIS server. Two problems may result from Basic Authentication's use of local logon:

  • If the user does not have local logon rights, Basic Authentication does not work even if the FrontPage, IIS, and Windows NT configurations appear to be correct.

  • A user who has local log-on rights and who can obtain physical access to the host computer running IIS will be permitted to start an interactive session at the console.

To enable Basic Authentication, in the Directory Security tab of the console, ensure that the Allow Anonymous option is "on" and all other options are "off".

5.7 Testing the Installation

After you install and configure the Microsoft IIS plug-in, follow these steps for deployment and testing:

  1. Make sure WebLogic Server and IIS are running.

  2. Save a JSP file into the document root of the default Web Application.

  3. Open a browser and set the URL to the IIS plus filename.jsp, as shown in this example:

    http://myiis.server.com/filename.jsp

    If filename.jsp is displayed in your browser, the plug-in is functioning.