Oracle HTTP Server Administration Guide Release 2 (9.0.2) Part Number A92173-02 |
|
This chapter provides answers to frequently asked questions on how to configure the Oracle HTTP Server to perform specialized useful functions.
Oracle HTTP Server has a default content handler for dealing with errors. You can use the ErrorDocument
directive to override the defaults.
For HTTP, Oracle HTTP Server supports two types of virtual hosts: name-based and IP-based. HTTPS supports only IP-based virtual hosts.
If you are using IP-based virtual hosts for HTTP, then the customer has a virtual server listening on port 80 of a per-customer IP address. To provide HTTPS for these customers, simply add an additional virtual host per user listening on port 443 of that same per-customer IP address and use SSL directives, such as SSLRequireSSL
to specify the per-customer SSL characteristics. Note that each customer can have their own wallet and server certificate.
If you are using name-based virtual hosts for HTTP, each customer has a virtual server listening on port 80 of a shared IP address. To provide HTTPS for those customers, you can add a single shared IP virtual host listening on port 443 of the shared IP address. All customers will share the SSL configuration, including the wallet and ISP's server certificate.
You can use the Oracle HTTP Server as a Web cache by setting the ProxyRequests
"on" and CacheRoot
directives.
You can use multiviews, a general name given to the Apache server's ability to provide language and character-specific document variants in response to a request.
You can use directives such as ExpiresActive
, ExpiresByType
, ExpiresDefault
, to set the length of time that any cache existing between the client and the Web server will cache the returned Web pages.
See Also:
"ExpiresActive, ExpiresByType, ExpiresDefault directives" in the Apache Server documentation. |
You should use the Proxy directives, and not the Cache directives, to send proxy sensitive requests across firewalls.
<Directory>
, <Location>
, Alias
, and other directives to create a simple, distributed application name space that works across firewalls, clusters of application servers, and Web caches?
The general idea is that all servers in a distributed Web site should agree on a single URL namespace. Every server will serve some part of that namespace, and will be able to redirect or proxy requests for URLs that it does not serve to a server that is "closer" to that URL. For example, your namespaces could be the following:
/app1/login.html /app1/catalog.html app1/dologin.jsp /app2/orderForm.html /apps/placeOrder.jsp
We could initially map this namespace to two Web servers by putting app1 on server1 and app2 on server2. Server1's configuration might look like the following:
Redirect permanent /app2 http://server2/app2 Alias /app1 /myApps/application1 <Directory /myApps/application1> ... </Directory>
Server2's configuration is complementary. Now, if we decide to partition the namespace by content type (HTML on server, JSP on server2), we change server configuration and move files around, but we do not have to make changes to the application itself. The resulting configuration of server1 might look like the following:
RedirectMatch permanent (.*) \.jsp$ http://server2/$1.jsp AliasMatch ^/app(.*) \.html$ /myPages/application$1.html <DirectoryMatch "^/myPages/application\d"> ... </DirectoryMatch>
Note that the amount of actual redirection can be minimized by configuring a hardware load balancer like F5 system's BigIP to send requests to server1 or server2 based on the URL.
There are many attacks, and new attacks are invented everyday. Following are some general guidelines for securing your site. You can never be really completely secure, but you can avoid being an easy target.
|
Copyright © 2002 Oracle Corporation. All Rights Reserved. |
|