4 Syntax and Use of obj.conf

The obj.conf file contains directives for HTTP request processing. The obj.conf file is in the INSTANCE_HOME/net-configuration_name/config directory.

During the installation of Oracle Traffic Director, an obj.conf file is created. If you configure multiple virtual servers using the Oracle Traffic Director Administrator Console or Command-Line Interface (CLI), separate obj.conf files can be created for each virtual server. These files are named virtual-server-name-obj.conf, where virtual-server-name is the name of the virtual server.

When changes made through the Administrator Console or CLI do not impact the obj.conf file, no new virtual server specific obj.conf files are created, and the default obj.conf file will be used for all the virtual servers of the configuration.

When changes made through Administrator Console or CLI impact the obj.conf file, a new obj.conf file is created for each virtual server. The server.xml file is immediately updated to reflect the appropriate obj.conf file used for each virtual server. If there are two virtual servers, vs1 and vs2, two new virtual server specific obj.conf files are created, vs1-obj.conf and vs2-obj.conf. These new files are updated in the server.xml file with the exact object-file used by these two virtual servers.

<object-file>vs1-obj.conf</object-file>

<object-file>vs2-obj.conf</object-file>

From this point onward, the default obj.conf file is neither updated, used, nor deleted. However, if you want to modify the obj.conf file for either of the two virtual servers, you should edit the respective file only, not the original obj.conf file.

In this document, the obj.conf file refers to the obj.conf file specified by the object-file sub element of the virtual-server element in the server.xml file.

This chapter describes the obj.conf directives; the use of Object, Client, If, ElseIf, and Else tags; the flow of control in obj.conf; and the syntax rules for editing obj.conf.

This chapter includes the following topics:

4.1 Request-Handling Process Overview

When you first start Oracle Traffic Director, it performs some initialization tasks and then waits for an HTTP request from a client (such as a browser). When Oracle Traffic Director receives a request, it first selects a virtual server. The obj.conf file of the selected virtual server determines how Oracle Traffic Director handles a request.

The obj.conf file contains a series of instructions known as directives that tell Oracle Traffic Director what to do at each stage in the request-handling process. These directives are grouped inside Object tags. Each directive invokes a function with one or more arguments.

Each directive is applied to a specific stage in the request-handling process. For example, a directive that is applied during the authorization stage in the request-handling process is an AuthTrans directive.

4.1.1 Steps in the Request-Handling Process

  1. AuthTrans (authorization translation)

    Verify the authorization information (such as name and password) sent in the request.

  2. NameTrans (name translation)

    Translate the logical URI into a local file system path.

  3. PathCheck (path checking)

    Check the local file system path for validity and check if the requestor has access privileges to the requested resource on the file system.

  4. ObjectType (object typing)

    Controls the flow of information from Oracle Traffic Director to the origin server and also configures Oracle Traffic Director to origin server connection attributes.

  5. Input (prepare to read input)

    Select filters that will process incoming request data read by the Service step.

  6. Output (prepare to send output)

    Select filters that will process outgoing response data generated by the Service step.

  7. Route (request routing)

    Select where to route the request.

  8. Service (generate the response)

    Generate and return the response to the client.

  9. AddLog (adding log entries)

    Add entries to log files.

  10. Error (error handling)

    Send an error message to the client and exit processing. This step is executed only if an error occurs in the previous steps.

4.2 Directives in obj.conf

The directives in the obj.conf file invoke functions known as server application functions (SAFs). Each directive calls a function, indicating when to call it and specifying parameters for it.

The syntax of each directive is:

Directive fn="function" name1="value1"...nameN="valueN"

The value of the function (fn) parameter is the name of the SAF to execute. All directives must supply a value for the fn parameter; if there is no function, the instruction does nothing. The remaining parameters are the arguments needed by the function, and they vary from function to function.

Parameters can contain references to variables and expressions. The variables can be predefined variables, variables defined at request time using the set-variable SAF, or variables defined in the server.xml file. For more information about the set-variable SAF, see Section 5.12.11, "set-variable". For more information about defining variables in the server.xml file, see Section 3.1.39, "variable". For more information about expressions and variables, see Appendix A, "Using Variables, Expressions, Wildcards, and String Interpolation".

Oracle Traffic Director has a set of built-in SAFs that you can use to create and modify directives in the obj.conf file. Section 5, "Predefined Server Application Functions and Filters in obj.conf" describes these SAFs in detail.

The magnus.conf file contains Init directive SAFs that initialize NASPI plug-ins.

4.3 Objects in obj.conf

Directives in the obj.conf file are grouped into Object tags. The default object contains instructions to Oracle Traffic Director about how to process requests by default. Each new object modifies the default behavior of the object.

An Object tag can contain a name or ppath attribute. Either parameter can be a wildcard pattern.

Oracle Traffic Director starts handling a request by processing the directives in the default object. However, Oracle Traffic Director switches to processing directives in another object after the NameTrans stage of the default object if either of the following conditions is true:

  • The successful NameTrans directive specifies a name argument.

  • The physical path name that results from the NameTrans stage matches the ppath attribute of another object.

When Oracle Traffic Director is alerted to use an object other than the default object, it processes the directives in the other object before processing the directives in the default object. For some steps in the process, Oracle Traffic Director stops processing directives in that particular stage (such as the Service stage) as soon as one is successfully executed. Whereas for other stages, Oracle Traffic Director processes all directives in that stage, including the ones in the default object and those in the additional object. For more information, see Flow of Control in obj.conf.

4.3.1 Objects That Use the name Attribute

If a NameTrans directive in the default object specifies a name argument, Oracle Traffic Director switches to processing the directives in the object of that name before processing the remaining directives in the default object.

4.3.2 Objects That Use the ppath Attribute

When Oracle Traffic Director completes processing the NameTrans directives in the default object, the logical URL of the request is converted to a physical path name. If this physical path name matches the ppath attribute of another object in the obj.conf file, Oracle Traffic Director switches to processing the directives in that object before processing the remaining ones in the default object.

4.3.3 Using the Client, If, ElseIf, and Else Tags

Additional tags are available to use within the Object tag. These tags give you greater flexibility when invoking directives within an object.

4.3.3.1 Client

The Client tag enables you to limit the execution of a set of directives to requests received from specific clients. Directives listed within the Client tag are executed only when information in the client request matches the parameter values specified.

Table 4-1 describes the parameters for the Client tag.

Table 4-1 Client Tag Parameters

Parameter Description

browser

The User-Agent string sent by a browser to Oracle Traffic Director.

chunked

A Boolean value set by a client requesting chunked encoding.

code

The HTTP response code.

dns

The DNS name of the client.

internal

The Boolean value indicating internally generated request.

ip

The IP address of the client.

keep-alive

The Boolean value indicating whether the client has requested a keep-alive connection.

keysize

The key size used in an SSL transaction.

match

The match mode for the Client tag. The valid values are all, any, and none.

method

The HTTP method used by the browser.

name

The name of an object as specified in a previous NameTrans statement.

odds

A random value for evaluating the enclosed directive. The value can be a percentage or a ratio (for example, 20% or 1/5).

path

The physical path to the requested resource.

ppath

The physical path of the requested resource.

query

The query string sent in the request.

reason

The text version of the HTTP response code.

restarted

A Boolean value indicating that a request was restarted.

secret-keysize

The secret key size used in an SSL transaction.

security

An encrypted request.

type

The type of document requested (such as text/html or image/gif).

uri

The URI section of the request from the browser.

urlhost

The DNS name of the virtual server requested by the client. (The value is provided in the Host header of the client request).

variable-headers

Prevents access to a specific site, based on the request by the client, for example:

Client variable-headers="Weferer:SKVFVWRKJVZCMHVIBGDA
Service type="image/*" fn="deny-existence"
</Client>

The Client tag parameter provides greater control when the If directive is executed. In the following example, the odds parameter gives the request a 25% chance of being redirected:

<Client odds="25%">
NameTrans fn="redirect"
          from="/Pogues"
          url-prefix="http://pogues.example.com"
</Client>

One or more wildcard patterns can be used to specify the Client tag parameter values. Wildcards can also be used to exclude clients that match the parameter value specified in the Client tag. In the following example, the Client tag and the AddLog directive are combined to direct Oracle Traffic Director to log access requests from all clients except those from the specified subnet:

<Client ip="*~192.85.250.*">
AddLog fn="flex-log" name="access"
</Client>

You can also create a negative match by setting the match parameter of the Client tag to none. In the following example, access requests from the specified subnet are excluded as are all requests to the virtual server example.com:

<Client match="none" ip="192.85.250.*" urlhost="www.example.com">
AddLog fn="flex-log" name="access"
</Client>

For more information about wildcard patterns, see Section A.5, "Wildcard Patterns".

4.3.3.2 If, ElseIf, and Else

Similar to the Client tag, these tags can only appear inside an Object tag. In addition, these tags can evaluate an expression, then conditionally execute one or more contained directives. For more information, see Section A.1, "If, ElseIf, and Else Tags".

4.4 Flow of Control in obj.conf

Before Oracle Traffic Director can process a request, it must direct the request to the correct virtual server. After the virtual server is determined, Oracle Traffic Director executes the obj.conf file of the specified virtual server. This section describes how Oracle Traffic Director determines the directives to execute in obj.conf.

4.4.1 AuthTrans

When Oracle Traffic Director receives a request, it executes the AuthTrans directives in the default object to check if the client is authorized to access Oracle Traffic Director. If there is more than one AuthTrans directive, Oracle Traffic Director executes them in sequence until one succeeds in authorizing the user, unless one of them results in an error. If an error occurs, Oracle Traffic Director skips all other directives except for the Error directive.

AuthTrans directives work in conjunction with the PathCheck directives. The AuthTrans directive checks if the user name and password associated with the request are acceptable, but it does not allow or deny access to the request; that is done by the PathCheck directive.

The authorization process is split into two steps to incorporate multiple authorization schemes easily and provide the flexibility to have resources that record authorization information.

When a client initially makes a request, the user name and password are unknown. The AuthTrans directive gets the user name and password from the headers associated with the request. The AuthTrans and PathCheck directives work together to reject the request if they cannot validate the user name and password. When a request is rejected, Oracle Traffic Director displays a dialog box. The client includes the user name and password in the headers and resubmits the request.

4.4.2 NameTrans

Oracle Traffic Director executes NameTrans directives in the default object to associate a named object (for example, an object that specifies the routing rules) with the URL of the requested resource.

Oracle Traffic Director evaluates each NameTrans directive in the default object in turn, until it finds one that can be applied.

Because Oracle Traffic Director might not execute all NameTrans directives, the order in which the directives appear is important.

4.4.2.1 How and When Oracle Traffic Director Processes Other Objects

As a result of executing a NameTrans directive, Oracle Traffic Director might start processing directives in another object. This happens if the NameTrans directive that was successfully executed specifies a name or generates a partial path that matches the name or ppath attribute of another object.

If the successful NameTrans directive assigns a name by specifying a name argument, Oracle Traffic Director starts processing directives in the named object (defined with the object tag) before processing directives in the default object for the rest of the request-handling process.

4.4.3 PathCheck

After converting the logical URL of the requested resource to a physical path name in the NameTrans step, Oracle Traffic Director executes PathCheck directives to verify that the client is allowed to access the requested resource.

If there is more than one PathCheck directive, Oracle Traffic Director executes all directives in the order in which they appear, unless one of the directives denies access. If access is denied, Oracle Traffic Director switches to executing directives in the Error section.

If the NameTrans directive assigned a name or generated a physical path name that matches the name or ppath attribute of another object, Oracle Traffic Director first applies the PathCheck directives in the matching object before applying the directives in the default object.

4.4.4 ObjectType

Assuming that the PathCheck directives approve access, Oracle Traffic Director next executes the ObjectType directives to determine the MIME type of the request. The MIME type has three attributes: type, encoding, and language. When Oracle Traffic Director sends the response to the client, the type, language, and encoding values are transmitted in the headers of the response. The type also frequently helps Oracle Traffic Director to determine which Service directive to execute to generate the response to the client.

If there is more than one ObjectType directive, Oracle Traffic Director applies all directives in the order in which they appear. However, once a directive sets an attribute of the MIME type, further attempts to set the same attribute are ignored. The reason why all ObjectType directives are applied is that one directive can set one attribute, for example type, while another directive sets a different attribute, such as language.

As with the PathCheck directives, if another object was matched to the request as a result of the NameTrans step, Oracle Traffic Director executes the ObjectType directives in the matching object before executing the ObjectType directives in the default object.

4.4.5 Input

The Input directive selects filters that process incoming request data read by the Service step. Input directives are invoked when Oracle Traffic Director or plug-in first attempts to read entity body data from the client. You can add the NSAPI filters that process incoming data by invoking the insert-filter SAF in the Input stage of the request-handling process. NSAPI filters enable a function to intercept and potentially modify the content presented to or generated by another function. The Input directives are executed once per request.

The order of Input fn="insert-filter" and Output fn="insert-filter" directives in obj.conf is important if two or more filters are defined to be in the same location in the filter stack. Filters that were inserted later appear higher than filters that were inserted earlier.

4.4.6 Output

The Output directive selects filters that process outgoing response data generated by the Service step. The Output directive allows you to invoke the insert-filter SAF to install NSAPI filters that process outgoing data. NSAPI filters enable a function to intercept and potentially modify the content presented to or generated by another function. Output directives are executed when Oracle Traffic Director or a plug-in first attempts to write entity body data from the client. The Output directives are executed once per request.

The order of Input fn="insert-filter" and Output fn="insert-filter" directives in obj.conf is important if two or more filters are defined to be in the same location in the filter stack. Filters that were inserted later appear higher than filters that were inserted earlier.

4.4.7 Route

If a Service directive requires that the HTTP request be sent to another server, Oracle Traffic Director executes Route directives to determine how the request be routed. Routing a request can involve selecting Oracle Traffic Director that will service the request and selecting a proxy through which the request is sent.

4.4.8 Service

Oracle Traffic Director executes a Service directive to generate the response to send to the client. Oracle Traffic Director looks at each Service directive to find the first one that matches the type, method, and query string. If a Service directive does not specify type, method, or query string, then the unspecified attribute matches anything.

If there is more than one Service directive, Oracle Traffic Director applies the first one that matches the conditions of the request and ignores all remaining Service directives.

For the PathCheck and ObjectType directives, if another object was matched to the request as a result of the NameTrans step, Oracle Traffic Director checks the Service directives in the matching object before considering the ones in the default object. If Oracle Traffic Director successfully executes a Service directive in the matching object, it does not execute the Service directives in the default object, because it only executes one Service directive.

4.4.9 AddLog

After Oracle Traffic Director generates the response and sends it to the client, it executes AddLog directives to add entries to the log files. All AddLog directives are executed. Oracle Traffic Director can add entries to multiple log files.

4.4.10 Error

If an error occurs during the request-handling process, for example, if a PathCheck or AuthTrans directive denies access to the requested resource or the requested resource does not exist, the SAF sets the HTTP response status code and returns the value REQ_ABORTED. When this happens, Oracle Traffic Director stops processing the request. Instead, it searches for an Error directive matching the HTTP response status code or its associated reason phrase and executes the directive's function. If Oracle Traffic Director does not find a matching Error directive, it returns the response status code to the client.

4.5 Changes in Function Flow

There are times when the function flow changes from the normal request-handling process. This happens during internal redirection, restarts, and URI translation functions.

4.5.1 Restarted Requests

Requests can be restarted, for example, a PathCheck directive might restart a request for http://server_name/ as a request for http://server_name/index.html.

4.5.2 Internal Requests

Oracle Traffic Director can generate internal requests, for example, an SHTML file or servlet might include a file. While processing the original request, Oracle Traffic Director makes an internal request to retrieve this file.

4.5.3 URI Translation

Oracle Traffic Director can execute AuthTrans and NameTrans directives to translate a URI to a physical path name without starting a new request.

4.6 Editing obj.conf

Use caution when making changes to this file. Simple mistakes can make Oracle Traffic Director fail to start or operate incorrectly.

4.6.1 Order of Directives

The order of directives is important, because Oracle Traffic Director executes them in the order in which they appear in obj.conf. The outcome of some directives affects the execution of other directives.

For PathCheck directives, the order within the PathCheck section is not important because Oracle Traffic Director executes all PathCheck directives. However, the order within the ObjectType section is very important, because if an ObjectType directive sets an attribute value, no other ObjectType directive can change that value.

Similarly, the order of directives in the Service section is very important. Oracle Traffic Director executes the first Service directive that matches the current request and does not execute the others.

4.6.2 Parameters

The number and names of parameters depend on the function. The order of parameters on the line is not important.

4.6.3 Case Sensitivity

Items in the obj.conf file are case-sensitive including function names, parameter names, parameter values, and path names.

4.6.4 Separators

Function names in the C language can be composed of letters, digits, and underscores. You can use the hyphen (-) in the configuration file in place of underscore (_) for your C code function names. This is only true for function names.

4.6.5 Quotation Marks

Quotation marks (") are only required around value strings when there is a space in the string. Otherwise, they are optional. Each open quotation mark must be matched by a closed quotation mark.

4.6.6 Spaces

  • Spaces are not allowed at the beginning of a line except when continuing from the previous line.

  • Spaces are not allowed before or after the equal sign (=) that separates the name and value.

  • Spaces are not allowed at the end of a line or on a blank line.

4.6.7 Line Continuation

A long line may be continued on the next line by beginning the next line with a space or tab.

4.6.8 Path Names

Always use forward slashes (/), in path names. A backslash escapes the next character.

4.6.9 Comments

Comments begin with a pound sign (#). If you manually add comments to the obj.conf file, then use the Administration Console or CLI to make changes to your server: your comments are overwritten when the obj.conf file is updated.