PLGWL 2

Oracle®
[1] Fusion Middleware

Using Oracle WebLogic Server Proxy Plug-Ins 12.1.2
12c (12.1.2)
E38389-07
February 2015
This document describes the use of version 12.1.2 plug-ins
provided for proxying requests from web servers to Oracle
WebLogic Server. This document is intended mainly for
system administrators who manage the WebLogic Server
application platform and its various subsystems.
Oracle Fusion Middleware Using Oracle WebLogic Server Proxy Plug-Ins 12.1.2, 12c (12.1.2)
E38389-07
Copyright © 2007, 2015, Oracle and/or its affiliates. All rights reserved.
Primary Author: Srinivas Sudhindra
Contributors: Seema Alevoor, Jeff Trawick, Yulong Shi, Edwin Spear
This software and related documentation are provided under a license agreement containing restrictions on
use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your
license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,
transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse
engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is
prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If
you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it
on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software,
any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users
are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and
agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and
adaptation of the programs, including any operating system, integrated software, any programs installed on
the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to
the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management
applications. It is not developed or intended for use in any inherently dangerous applications, including
applications that may create a risk of personal injury. If you use this software or hardware in dangerous
applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other
measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages
caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of
their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks
are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD,
Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced
Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content,
products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and
expressly disclaim all warranties of any kind with respect to third-party content, products, and services
unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its
affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of
third-party content, products, or services, except as set forth in an applicable agreement between you and
Oracle.
Contents
Preface ................................................................................................................................................................ vii

Documentation Accessibility .................................................................................................................... vii
Conventions ................................................................................................................................................ vii
1 Overview of Web Server Proxy Plug-Ins 12.1.2

1.1 What are WLS Web Server Proxy Plug-Ins? ........................................................................... 1-1
1.1.1 Connection Pooling and Keep-Alive ................................................................................ 1-1
1.1.2 Proxying Requests ............................................................................................................... 1-2
1.2 Availability of WLS Web Server Proxy Plug-In 12.1.2 .......................................................... 1-2
1.3 Upgrading from 1.0 Plug-Ins .................................................................................................... 1-2
1.3.1 Upgrade Instructions .......................................................................................................... 1-3
1.3.2 Considerations for Upgrading to Web Server Proxy Plug-ins 12.1.2........................... 1-3
1.4 Features of the Version 12.1.2 Plug-Ins.................................................................................... 1-3
1.4.1 Standard Encryption Strength Allows Simplified Naming........................................... 1-3
1.4.2 Version 12.1.2 Plug-Ins Use Oracle Security Framework .............................................. 1-4
1.4.3 Version 12.1.2 Plug-Ins Support IPv6 ............................................................................... 1-4
1.4.4 Version 12.1.2 Plug-Ins Support Two-Way SSL .............................................................. 1-4
1.4.5 Deprecated Directives in Version 12.1.2........................................................................... 1-4
1.5 Support and Patching................................................................................................................. 1-4
2 Configuring the WebLogic Proxy Plug-In for Oracle HTTP Server

2.1 Prerequisites for Configuring the WebLogic Proxy Plug-In ................................................ 2-1
2.2 Configuring the WebLogic Proxy Plug-In Using Fusion Middleware Control................. 2-2
2.2.1 Using the Search Function.................................................................................................. 2-5
2.2.2 Using the AutoFill Function............................................................................................... 2-5
2.3 Configuring the WebLogic Proxy Plug-In Manually ............................................................ 2-5
2.4 Deprecated Directives for Oracle HTTP Server...................................................................... 2-8
2.5 Troubleshooting WebLogic Proxy Plug-In Implementations .............................................. 2-9
2.5.1 WLS Session Issues.............................................................................................................. 2-9
2.5.2 CONNECTION_REFUSED Errors .................................................................................... 2-9
2.5.3 NO_RESOURCES Errors ................................................................................................. 2-10
3 Configuring WLS Web Server Proxy Plug-In for Apache HTTP Server
3.1 Support Note ............................................................................................................................... 3-1
3.2 Install the WLS Web Server Proxy Plug-In for Apache HTTP Server................................. 3-1
iii
3.2.1 Installation Prerequisites .................................................................................................... 3-2
3.2.2 Installing the Apache HTTP Server Plug-In .................................................................... 3-2
3.3 Configure the Apache HTTP Server Plug-In .......................................................................... 3-3
3.3.1 Editing the httpd.conf File.................................................................................................. 3-3
3.3.1.1 Placing WebLogic Properties Inside Location or VirtualHost Blocks .................. 3-6
3.3.1.2 Example: Configuring the Apache Plug-In .............................................................. 3-6
3.3.2 Including a weblogic.conf File in the httpd.conf File ..................................................... 3-7
3.3.2.1 Creating weblogic.conf Files ....................................................................................... 3-7
3.3.2.2 Sample weblogic.conf Configuration Files ............................................................... 3-8
3.3.2.3 Template for the Apache HTTP Server httpd.conf File ....................................... 3-10
3.4 Deprecated Directives for Apache HTTP Server................................................................. 3-10
4 Configuring the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server
4.1 Overview of the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet ..................................... 4-1
4.2 Installing and Configuring the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet ........... 4-2
4.2.1 Installation Prerequisites .................................................................................................... 4-2
4.2.2 Installing the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server ............ 4-3
4.2.3 Configuring the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server ......... 4-3
4.2.3.1 Proxying Requests by URL ......................................................................................... 4-3
4.2.3.2 Proxying the Request by MIME Type ....................................................................... 4-4
4.2.3.3 Testing the Plug-in ....................................................................................................... 4-5
4.2.4 Example: Configuring the iPlanet Plug-in ....................................................................... 4-6
4.2.5 Guidelines for Modifying the obj.conf File ...................................................................... 4-6
4.2.6 Sample obj.conf File (Not Using a WebLogic Cluster) ................................................... 4-6
4.2.7 Sample obj.conf File (Using a WebLogic Cluster)........................................................... 4-8
4.3 Deprecated Directives for iPlanet Web Server ....................................................................... 4-9
5 Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web
Server
5.1 Installing and Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS 5-1
5.1.1 Example: Configuring the IIS Plug-In .............................................................................. 5-5
5.2 Installing and Configuring the Microsoft IIS Plug-In for IIS 7.0.......................................... 5-6
5.3 Serving Static Files from the Web Server ............................................................................. 5-10
5.4 Using Wildcard Application Mappings to Proxy by Path ................................................. 5-11
5.4.1 Installing Wildcard Application Mappings (IIS 6.0).................................................... 5-11
5.4.2 Adding a Wildcard Script Map for IIS 7.5..................................................................... 5-11
5.5 Proxying Requests from Multiple Virtual Web Sites to WebLogic Server ...................... 5-12
5.5.1 Sample iisproxy.ini File.................................................................................................... 5-13
5.6 Creating ACLs Through IIS.................................................................................................... 5-13
5.7 Testing the Installation............................................................................................................ 5-14
6 Common Configuration Tasks

6.1 Use SSL with Plug-Ins ................................................................................................................ 6-1
6.1.1 Configure Libraries for SSL................................................................................................ 6-2
6.1.2 Configuring a Plug-In for One-Way SSL.......................................................................... 6-2
6.1.3 Configure Two-Way SSL Between the Plug-In and Oracle WebLogic Server............ 6-4
iv
6.2 Use IPv6 With Plug-Ins .............................................................................................................. 6-5
6.3 Set Up Perimeter Authentication.............................................................................................. 6-5
6.4 Understanding Connection Errors and Clustering Failover ................................................ 6-6
6.4.1 Possible Causes of Connection Failures ........................................................................... 6-6
6.4.2 Tips for reducing Connection_Refused Errors................................................................ 6-7
6.4.3 Failover with a Single, Non-Clustered WebLogic Server .............................................. 6-7
6.4.4 The Dynamic Server List .................................................................................................... 6-7
6.4.5 Failover, Cookies, and HTTP Sessions ............................................................................. 6-8
6.4.6 Using SSL with the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server ... 6-9
6.4.7 Failover Behavior When Using Firewalls and Load Directors .................................. 6-10
7 Parameters for Web Server Plug-Ins

7.1 General Parameters for Web Server Plug-Ins ......................................................................... 7-1
7.1.1 Location of POST Data Files............................................................................................ 7-15
7.2 SSL Parameters for Web Server Plug-Ins ............................................................................. 7-16
v
vi
Preface
This preface describes the document accessibility features and conventions used in this
guide—Using Oracle WebLogic Server Proxy Plug-Ins 12c.
Documentation Accessibility
For information about Oracle's commitment to accessibility, visit the Oracle
Accessibility Program website at
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Access to Oracle Support

Oracle customers that have purchased support have access to electronic support
through My Oracle Support. For information, visit
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit
http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing
impaired.
Conventions
The following text conventions are used in this document:
Convention Meaning
boldface Boldface type indicates graphical user interface elements associated
with an action, or terms defined in text or the glossary.
italic Italic type indicates book titles, emphasis, or placeholder variables for
which you supply particular values.
monospace Monospace type indicates commands within a paragraph, URLs, code
in examples, text that appears on the screen, or text that you enter.
vii
viii
1
Overview of Web Server Proxy Plug-Ins 12.1.2
1
The following sections describe the plug-ins provided by Oracle for use with
WebLogic Server:
■ Section 1.1, "What are WLS Web Server Proxy Plug-Ins?"
■ Section 1.2, "Availability of WLS Web Server Proxy Plug-In 12.1.2"
■ Section 1.3, "Upgrading from 1.0 Plug-Ins"
■ Section 1.4, "Features of the Version 12.1.2 Plug-Ins"
■ Section 1.5, "Support and Patching"
1.1 What are WLS Web Server Proxy Plug-Ins?

Web server plug-ins allow requests to be proxied from Oracle HTTP Server, Oracle
iPlanet Web Server, Apache HTTP Server, or Microsoft Internet Information Server
(IIS) to Oracle WebLogic Server. In this way, plug-ins enable the HTTP server to
communicate with applications deployed on the WebLogic Server.
The plug-in enhances an HTTP server installation by allowing Oracle WebLogic Server
to handle requests that require dynamic functionality. In other words, you typically
use a plug-in where the HTTP server serves static pages such as HTML pages, while
Oracle WebLogic Server serves dynamic pages such as HTTP Servlets and Java Server
Pages (JSPs).
Oracle WebLogic Server may be operating in a different process, possibly on a
different host. To the end user—the browser—the HTTP requests delegated to Oracle
WebLogic Server still appear to be coming from the HTTP server.
In addition, the HTTP-tunneling facility of the WebLogic client-server protocol also
operates through the plug-in, providing access to all Oracle WebLogic Server services.
1.1.1 Connection Pooling and Keep-Alive

The plug-ins improve performance using a pool of connections from the plug-in to
Oracle WebLogic Server. The plug-in implements HTTP 1.1 keep-alive connections
between the plug-in and Oracle WebLogic Server by reusing the same connection for
subsequent requests from the same plug-ins. If the connection is inactive for more than
20 seconds, (or a user-defined amount of time), the connection is closed. For more
information, see KeepAliveEnabled in Table 7–1.
Note: Client connections are managed by the web server.
Overview of Web Server Proxy Plug-Ins 12.1.2 1-1

Availability of WLS Web Server Proxy Plug-In 12.1.2
1.1.2 Proxying Requests

The plug-in proxies requests to Oracle WebLogic Server based on a configuration that
you specify.
■ You can proxy requests based on the URL of the request or a portion of the URL.
This is called proxying by path.
■ You can also proxy a request based on the MIME type of the requested file, which
is called proxying by file extension.
You can also enable both methods. If you enable both methods and a request matches
both criteria, the request is proxied by path.
You can also specify additional parameters for each of these types of requests that
define additional behavior of the plug-in.
1.2 Availability of WLS Web Server Proxy Plug-In 12.1.2

Version 12.1.2 plug-ins are available for the following web servers:
Table 1–1 Availability of Version 12.1.2 Plug-Ins

Web Server Plug-In Availability More Information
Oracle HTTP Server The plug-in is included in the Oracle See Chapter 2, "Configuring
12cR1 HTTP Server installation. For the WebLogic Proxy Plug-In
information about configuring this for Oracle HTTP Server."
plug-in, see Chapter 2, "Configuring
the WebLogic Proxy Plug-In for
Oracle HTTP Server."
Oracle iPlanet Web The plug-ins are available for For information about
Server (7.0.9 and later download on the My Oracle Support installing and configuring the
releases) (http://support.oracle.com) and plug-ins for Apache HTTP
Software Delivery Cloud Server, Microsoft IIS, and
Apache HTTP Server
(http://edelivery.oracle.com) Oracle iPlanet Web Server, see
2.2.x
web sites as zip files containing the the following:
Microsoft Internet necessary binary and helper files.
■ Chapter 4, "Configuring
Information Server (IIS)
For example, the following the WLS Web Server
6.0 through 7.5
directories are included in the mod_ Proxy Plug-In 12.1.2 for
wl.so plug-in distribution. iPlanet Web Server"
■ lib/mod_wl.so (Apache HTTP ■ Chapter 3, "Configuring
Server plug-in) WLS Web Server Proxy
Plug-In for Apache
■ lib/*.so (native libraries)
HTTP Server"
■ bin/orapki or bin\orapki.cmd
■ Chapter 5, "Configuring
(orapki tool)
the WLS Web Server
■ jlib/*.jar (Java helper libraries Proxy Plug-In 12.1.2 for
for orapki) Microsoft IIS Web Server"
1.3 Upgrading from 1.0 Plug-Ins

The version 1.0 plug-ins are deprecated and are not guaranteed to be available for
future versions of Oracle WebLogic Server. The version 12.1.2 plug-ins are the
recommended replacement.
Note: For Apache HTTP Server 1.3.x or 2.0.x, continue to use the
version 1.0 plug-in.
1-2 Using Oracle WebLogic Server Proxy Plug-Ins 12.1.2

Features of the Version 12.1.2 Plug-Ins
1.3.1 Upgrade Instructions

For upgrading from 11g plug-ins to the Web Server Proxy Plug-ins 12.1.2, use
installation instructions included in the specific chapter for your web server, as listed
in Table 1–2.
Table 1–2 Upgrade Instructions by Plug-In

To upgrade to the WebLogic
Proxy Plug-In 12.1.2 for: See:
Oracle HTTP Server Chapter 2, "Configuring the WebLogic Proxy Plug-In for
Oracle HTTP Server"
Apache HTTP Server Chapter 3, "Configuring WLS Web Server Proxy Plug-In for
Apache HTTP Server"
iPlanet Web Server Chapter 4, "Configuring the WLS Web Server Proxy Plug-In
12.1.2 for iPlanet Web Server"
Microsoft IIS Web Server Chapter 5, "Configuring the WLS Web Server Proxy Plug-In
12.1.2 for Microsoft IIS Web Server"
1.3.2 Considerations for Upgrading to Web Server Proxy Plug-ins 12.1.2

The version 12.1.2 plug-ins are a superset of the version 1.0 plug-ins and support the
existing features. However, when you upgrade, keep the following considerations in
mind:
■ The list of supported platforms has changed. For more information, see the Oracle
Fusion Middleware Supported System Configurations at:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certi
fication-100350.html
■ If you have been using 128-bit encryption, you need to change your configuration
file to reflect the new naming convention, as described in Section 1.4.1, "Standard
Encryption Strength Allows Simplified Naming". For example, you need to change
mod_wl128_22.so to mod_wl.so.
1.4 Features of the Version 12.1.2 Plug-Ins

This section describes the additional features of the version 12.1.2 plug-ins when
compared with the 1.0 plug-ins.
■ Section 1.4.1, "Standard Encryption Strength Allows Simplified Naming"
■ Section 1.4.2, "Version 12.1.2 Plug-Ins Use Oracle Security Framework"
■ Section 1.4.3, "Version 12.1.2 Plug-Ins Support IPv6"
■ Section 1.4.4, "Version 12.1.2 Plug-Ins Support Two-Way SSL"
1.4.1 Standard Encryption Strength Allows Simplified Naming

Because the version 1.0 plug-ins supported both 40- and 128-bit encryption standards,
the plug-in file names needed to identify which standard was supported. For example,
mod_wl_22.so indicated 40-bit encryption and mod_wl128_22.so indicated 128-bit
encryption; however, the version 12.1.2 plug-ins support only 128-bit encryption, and
the plug-in names are now simplified. For example, mod_wl.so is the only file name
required.

Support and Patching
Note: If you upgrade from the 1.0 plug-ins and had been using
128-bit encryption, you need to change your configuration file to
reflect the new naming convention. For example, you need to change
mod_wl128_22.so to mod_wl.so.
1.4.2 Version 12.1.2 Plug-Ins Use Oracle Security Framework

The version 12.1.2 plug-ins use the Oracle certified security framework, and can
therefore use Oracle wallets to store SSL configuration information.
For this reason, the version 12.1.2 plug-ins introduce an SSL configuration parameter
WLSSLWallet to use Oracle wallets.
You can configure the certificates in the Oracle wallet with a command line tool that is
provided with the plug-in binary files. See Section 6.1, "Use SSL with Plug-Ins" for
information about configuring SSL.
1.4.3 Version 12.1.2 Plug-Ins Support IPv6

The version 12.1.2 plug-ins support IPv6. The WebLogicHost and WebLogicCluster
configuration parameters (see Table 7–1) now support IPv6 addresses.
For more information, see Section 6.2, "Use IPv6 With Plug-Ins."
1.4.4 Version 12.1.2 Plug-Ins Support Two-Way SSL

The version 12.1.2 plug-ins provide two-way SSL support for verifying client identity.
Two-way SSL is automatically enforced when WebLogic Server requests the client
certificate during the handshake process.
For more information, see Section 6.1, "Use SSL with Plug-Ins."
1.4.5 Deprecated Directives in Version 12.1.2

The version 12.1.2 plug-ins deprecates WlLogFile and Debug parameters for Oracle
HTTP Server, Apache HTTP server and Oracle iPlanet Server. The logs are now part of
the respective web server's error logs. For more details on how to enable debugging,
please refer to:
■ Section 2.4, "Deprecated Directives for Oracle HTTP Server"
■ Section 3.4, "Deprecated Directives for Apache HTTP Server"
■ Section 4.3, "Deprecated Directives for iPlanet Web Server"
1.5 Support and Patching

When you encounter issues with a plug-in, always report the version of the plug-in
you are using. You can find this information in the apache log or the plug-in debug log
(if configured). The version information will look like this:
WebLogic Server Plug-in version 12.1.2 <WLSPLUGINS_XXXX_XXXX_XXXXX.XXXX>
Note: On the Apache Web Server for Linux, You can also obtain the
plugin version by issuing the following command:
$ strings ${PLUGIN_HOME}/lib/mod_wl.so | grep -i wlsplugins

A patch for a plug-in typically will contain one or more shared objects to be replaced.
Be sure to backup your original files as you replace them with those in the patch.
Validate that the patch has been correctly updated by checking the version string in
the logs.


2
Configuring the WebLogic Proxy Plug-In for
2
Oracle HTTP Server
This chapter describes how to configure the WebLogic Proxy Plug-In (mod_wl_ohs),
which is the plug-in for proxying requests from Oracle HTTP Server to Oracle
WebLogic server. The WebLogic Proxy Plug-In is included in the Oracle HTTP Server
12.1.2 installation. You need not download and install it separately.
Note: The WebLogic Proxy Plug-In provides features that are

identical to those of the plug-in for Apache HTTP Server.
You can configure the WebLogic Proxy Plug-In either by using Fusion Middleware
Control or by editing the mod_wl_ohs.conf configuration file manually.
This chapter contains the following topics:
■ Section 2.1, "Prerequisites for Configuring the WebLogic Proxy Plug-In"
■ Section 2.2, "Configuring the WebLogic Proxy Plug-In Using Fusion Middleware
Control"
■ Section 2.3, "Configuring the WebLogic Proxy Plug-In Manually"
■ Section 2.4, "Deprecated Directives for Oracle HTTP Server"
■ Section 2.5, "Troubleshooting WebLogic Proxy Plug-In Implementations"
2.1 Prerequisites for Configuring the WebLogic Proxy Plug-In

Before you begin configuring the WebLogic Proxy Plug-In, do the following:
■ Ensure that Oracle WebLogic Server has been installed, a domain has been created,
and you can access the Oracle WebLogic Server administration console.
■ Verify that Fusion Middleware Control has been installed and you can access the
Enterprise Manager Console. This is required if you want configure the WebLogic
Proxy Plug-In by using the graphical interface provided by Fusion Middleware
Control.
■ To be able to test the configuration, make sure that the required Java applications
are deployed to Oracle WebLogic Server—either to a single managed server or to a
cluster—and are accessible.
■ If the version of the Oracle WebLogic Server instances in the back end is 10.3.4 (or
later releases), you must set the WebLogic Plug-In Enabled parameter.
1. Log in to the Oracle WebLogic Server administration console.
Configuring the WebLogic Proxy Plug-In for Oracle HTTP Server 2-1
Configuring the WebLogic Proxy Plug-In Using Fusion Middleware Control
2. In the Domain Structure pane, expand the Environment node.

– If the server instances to which you want to proxy requests from Oracle
HTTP Server are in a cluster, select Clusters.
– Otherwise, select Servers.
3. Select the server or cluster to which you want to proxy requests from Oracle
HTTP Server.
The Configuration: General tab is displayed.
4. Scroll down to the Advanced section, expand it, and select the WebLogic
Plug-In Enabled checkbox.
5. If you selected Servers in step 2, repeat steps 3 and 4 for the other servers to
which you want to proxy requests from Oracle HTTP Servers.
6. Click Save.
For the change to take effect, you must restart the server instances.
2.2 Configuring the WebLogic Proxy Plug-In Using Fusion Middleware

Control
To configure the mod_wl_ohs module using Fusion Middleware Control, do the
following:
1. Make sure that you have fulfilled the prerequisites listed in Section 2.1.
2. Select Administration from the Oracle HTTP Server menu.
3. Select mod_wl_ohs Configuration from the Administration menu. The mod_wl_
ohs Configuration page appears.
4. Specify the configuration settings as described in the following table:

Field Description
WebLogic Cluster List of Oracle WebLogic Servers that can be used for load
balancing. The server or cluster list is a list of host:port
entries. If a mixed set of clusters and single servers is
specified, the dynamic list returned for this parameter will
return only the clustered servers.
If you are not sure if the correct cluster, you can click the
search icon to see a list of all associated clusters. For more
information, see Section 2.2.1, "Using the Search Function".
The module does a simple round-robin between all available
servers. The server list specified in this property is a starting
point for the dynamic server list that the server and module
maintain. Oracle WebLogic Server and the module work
together to update the server list automatically with new,
failed, and recovered cluster members.
You can disable the use of the dynamic cluster list by
disabling the Dynamic Server List ON field. The module
directs HTTP requests containing a cookie, URL-encoded
session, or a session stored in the POST data to the server in
the cluster that originally created the cookie.
Note: WebLogic Cluster and WebLogic Host are
mutually-exclusive fields; you should only specify one. If
you provide a value for both fields, WebLogic Cluster takes
precedence.
WebLogic Host Oracle WebLogic Server host (or virtual host name as defined
in Oracle WebLogic Server) to which HTTP requests should
be forwarded. If you are using a WebLogic cluster, use the
WebLogic Cluster parameter instead of WebLogic Host.
If you are not sure if the correct server, you can click the
search icon to see a list of all associated clusters. For more
information, see Section 2.2.1, "Using the Search Function".
Note: WebLogic Host and WebLogic Cluster are
mutually-exclusive fields; you should only specify on. If you
provide a value for both fields, WebLogic Cluster takes
precedence.
WebLogic Port Port at which the Oracle WebLogic Server host is listening for
connection requests from the module (or from other servers).
(If you are using SSL between the module and Oracle
WebLogic Server, set this parameter to the SSL listen port.)
Dynamic Server List ON | When set to OFF, the module ignores the dynamic cluster list
OFF used for load balancing requests proxied from the module
and only uses the static list specified with the WebLogic
Cluster parameter. Normally this parameter should be set to
ON.
There are some implications for setting this parameter to
OFF:
■ If one or more servers in the static list fails, the module
could waste time trying to connect to a dead server,
resulting in decreased performance.
■ If you add a new server to the cluster, the module cannot
proxy requests to the new server unless you redefine this
parameter. Oracle WebLogic Server automatically adds
new servers to the dynamic server list when they
become part of the cluster.
Error Page You can create your own error page to appear when your
Web server is unable to forward requests to Oracle WebLogic
Server.
Field Description
WebLogic Temp Directory Specifies the location of the _wl_proxy directory for post data
files.
Exclude Path or MIME Type This parameter allows you exclude certain requests from
proxying.
This parameter can be defined locally at the Location tag
level as well as globally. When the property is defined locally,
it does not override the global property but defines a union
of the two parameters.
Match Expressions This region is used to specify any Expression overrides. For
example, if you were proxying by MIME type, you might
enter:
*.jsp WebLogicHost=myHost|paramName=value
You can define a new parameter for Match Expression by
using the following syntax:
*.jsp PathPrepend=/test PathTrim=/foo
Location This table is used to specify any location overrides. See step
6, below.
5. If necessary, add any expression overrides in the Match Expression field.

6. If necessary, add any location overrides in the Location table. To do so:
a. Click Add Row to create a new row.
b. Enter the base URI for which the associated directives become effective.
c. Complete the WebLogic Cluster, WebLogic Host, and WebLogic Port fields.
You can automatically complete these fields by clicking AutoFill (see
Section 2.2.2, "Using the AutoFill Function").
d. For the Path Trim field, as per the RFC specification, generic syntax for URL is:
[PROTOCOL]://[HOSTNAME]:{PORT}/{PATH}/{FILENAME};{PATH_PARAMS}/{QUERY_
STRING}...
Path Trim specifies the string trimmed by the module from the
{PATH}/{FILENAME} portion of the original URL, before the request is
forwarded to WebLogic Server. For example, if the URL:
http://myWeb.server.com/weblogic/foo
is passed to the module for parsing and if Path Trim has been set to strip off
/weblogic before handing the URL to WebLogic Server, the URL forwarded to
WebLogic Server is:
http://myWeb.server.com:7002/foo
Note: If you are converting an existing third-party server to proxy

requests to WebLogic Server using the module for the first time, you
must change application paths to /foo to include weblogic/foo. You
can use Path Trim and Path Prepend in combination to change this
path
e. For the Path Prepend field, as per the RFC specification, generic syntax for
URL is:

Configuring the WebLogic Proxy Plug-In Manually
[PROTOCOL]://[HOSTNAME]:{PORT}/{PATH}/{FILENAME};{PATH_PARAMS}/{QUERY_
STRING}...
Path Prepend specifies the path that the module prepends to the {PATH}
portion of the original URL, after Path Trim is trimmed and before the request
is forwarded to WebLogic Server.
Note: If you need to append File Name, use the DefaultFileName

module parameter instead of Path Prepend.
f. Click Add Row again to save the new row

7. If the settings are correct, click Apply to apply the changes. If the settings are
incorrect or you decide to not apply the changes, click Revert to return to the
original settings.
8. Restart Oracle HTTP Server by selecting Control from the Oracle HTTP Server
menu, and then selecting Start Up.
The mod_wl_ohs module configuration is saved and shown on the mod_wl_ohs
Configuration page.
2.2.1 Using the Search Function

By clicking the search icon , you can see a list of clusters or servers available to the
selected Oracle HTTP Server instance. To use the search function, do the following:
1. Click the search icon for either WebLogic Cluster or WebLogic Host. The Select
WebLogic Cluster/Server dialog box appears.
2. Select the cluster or server you want to use and click OK.
The selected cluster or server name appears in the appropriate field.
2.2.2 Using the AutoFill Function

You can easily add valid WebLogic Server and endpoint locations for a specified Base
UIRL to the Locations table on the WebLogic Proxy Plug-In Configuration screen by
using the AutoFill button. To do so:
1. Click Add to add a new location,
2. Type a location name in the Location field.
3. Click AutoFill.
Data for any location of the same name will be updated and any new locations will be
added to the table.
2.3 Configuring the WebLogic Proxy Plug-In Manually

You can configure the WebLogic Proxy Plug-In manually by specifying directives in
the mod_wl_ohs.conf file.
1. Make sure that you have fulfilled the prerequisites listed in Section 2.1.
2. Open the mod_wl_ohs.conf file, which is located in the following directory, in a
text editor:
DOMAIN_
HOME/config/fmwconfig/components/OHS/instances/componentName
3. Look for the <IfModule weblogic_module> element.
4. Add directives within the <IfModule weblogic_module> element in the
configuration file, as follows:
Note: Oracle recommends that you specify directives within the

predefined <IfModule weblogic_module> element.
If you specify directives outside the predefined <IfModule weblogic_
module> element, or in additional <IfModule weblogic_module>
elements, or in configuration files other than mod_wl_ohs.conf, the
WebLogic Proxy Plug-In might work, but the configuration state of the
module, as displayed in Fusion Middleware Control, could be
inconsistent with the directives specified in the mod_wl_ohs.conf
configuration file.
■ To forward requests to an application running on a single Oracle WebLogic

Server instance, specify the details of that destination server within a
<location> element.
Syntax:
<IfModule weblogic_module>
<Location path>
WLSRequest On
WebLogicHost host
WeblogicPort port
</Location>
</IfModule>
Example:
With the following configuration, requests for the /myapp1 URI received at the
Oracle HTTP Server listen port will be forwarded to /myapp1 on the Oracle
WebLogic Server with the listen port localhost:7001
<Location /myapp1>
WLSRequest On
WebLogicHost localhost
WeblogicPort 7001
</Location>
</IfModule>
■ To forward requests to an application running on a cluster of Oracle

WebLogic Server instances, specify the details of that destination cluster
within a new <location> element.
Syntax:
<Location path>
WLSRequest On
WebLogicCluster host:port,host:port,...
</Location>
</IfModule>

Example:
With the following configuration, requests for the /myapp2 URI received at the
Oracle HTTP Server listen port will be forwarded to /myapp2 the Oracle
WebLogic Server cluster containing the managed servers with the listen ports
localhost:8002 and localhost:8003.
<Location /myapp2>
WLSRequest On
WebLogicCluster localhost:8002,localhost:8003
</Location>
</IfModule>
■ To configure multiple destinations—say, an application running on a single

Oracle WebLogic Server instance and another application running on a
cluster—you must specify each destination in a distinct <location> child
element. Note that all the <location> child elements should be at the same
level within the <IfModule weblogic_module> element, as shown in the
following syntax:
#For an application running on a single server instance
<Location path1>
WLSRequest On
WebLogicHost host
WeblogicPort port
</Location>
#For an application running on a cluster

<Location path2>
WLSRequest On
WebLogicCluster host:port,host:port,...
</Location>
</IfModule>
■ To configure the WebLogic Proxy Plug-In so that it can link to managed

servers, for example to enable a high availability deployment of Oracle HTTP
Server, edit mod_wl_ohs.conf as follows:
<IfModule mod_weblogic.c>
WebLogicCluster apphost1.mycompany.com:7050,
apphost2.mycompany.com:7050
MatchExpression *.jsp
</IfModule>
<Location /weblogic>
WLSRequest On
WebLogicCluster apphost1.mycompany.com:7050,apphost2.com:7050
DefaultFileName index.jsp
</Location>
Deprecated Directives for Oracle HTTP Server
Note:If you are using SSL termination and routing requests to

WebLogic, the following additional configuration is required.
In the WebLogic console, WebLogic Plugin Enabled must be set to
true, either at the domain, cluster or Managed Server level.
In the Location block which directs requests to the WebLogic managed
servers, the following lines also need to be added.
WLProxySSL ON
WLProxySSLPassThrough ON
For example:
WLSRequest On
WebLogicCluster apphost1.mycompany.com:7050,apphost2.com:7050
WLProxySSL On
WLProxySSLPassThrough ON
DefaultFileName index.jsp
</Location>
After enabling the WebLogic plugin, restart the Administration Server.
These examples show two different ways of routing requests to Oracle

WebLogic managed servers:
– The <ifModule> block sends any requests ending in *.jsp to the WebLogic
Managed Server cluster located on Apphost1 and Apphost2.
– The <Location> block sends any requests with URLs prefixed by
/weblogic to the WebLogic Managed Server cluster located on Apphost1
and Apphost2.
■ For information about configuring the WebLogic Proxy Plug-In to support
one-way and two-way SSL between Oracle HTTP Server and Oracle WebLogic
Server, see Use SSL with Plug-Ins.
For information about the other directives that you can specify in the mod_wl_
ohs.conf file, see Chapter 7, "Parameters for Web Server Plug-Ins.".
5. Restart Oracle HTTP Server by using one of the techniques described in "Starting
Oracle HTTP Server", in Administering Oracle HTTP Server.
2.4 Deprecated Directives for Oracle HTTP Server

The WebLogic Server plug-in logs for WebLogic Proxy Plug-In are now part of the Web
Server error log mechanism. References are prefixed with weblogic: to easily identify
them; for example:
[Fri Dec 27 12:09:14 2013] [debug] ap_proxy.cpp(143): [client 192.168.1.123]
weblogic: INFO: SSL is configured, referer:@
https://example.com/app/fileUploadAction.do
The directives WLLogFile and Debug are deprecated. If the configuration still uses any
of these directives, the following note will appear in the console log file:
The WLLogFile directive is ignored. The web server log file is used instead. The
Debug directive is ignored. The web server log level is used instead.

Troubleshooting WebLogic Proxy Plug-In Implementations
To enable plug-in logs:

■ If OraLogMode is set to ODL-text, set OraLogSeverity to TRACE:32. The logs
appear in the directory OraLogDir (instance-name.log). This is the default.
■ If OraLogMode is set to apache, set LogLevel to debug. The directive ErrorLog
points to the file where the errors are logged.
For more details on Managing Oracle HTTP Server Logs, See "Managing Oracle HTTP
Server Logs".
2.5 Troubleshooting WebLogic Proxy Plug-In Implementations

This section describes common problems that you might encounter when using the
WebLogic Proxy Plug-In and explains how to solve them. It includes the following
topics:
■ WLS Session Issues
■ CONNECTION_REFUSED Errors
■ NO_RESOURCES Errors
2.5.1 WLS Session Issues

The WebLogic Proxy Plug-In routes the requests to backend WLS server/cluster. WLS
maintains sessions so that subsequent requests from the same client are routed to the
same WLS server. However, due to various reasons, if the WebLogic Proxy Plug-In is
unable to communicate with the WLS server:
■ If the request is routed to a single WebLogic Server instance, the WebLogic Proxy
Plug-In continues trying to connect to that same WebLogic Server instance for the
maximum number of retries as specified by the ratio of ConnectTimeoutSecs and
ConnectRetrySecs. If all attempts fail, an HTTP 503 error message is returned back
to the client.
■ If the request is routed to WebLogic Cluster, then the current WLS server is
marked as bad, and the request is routed to the next available WLS server. If all
attempts fail, an HTTP 503 error message is returned back to the client.
In addition to sending a HTTP 503 error message, the following is displayed as a
response in the HTTP client:
Failure of Web Server bridge:
No backend server available for connection: timed out after xx seconds or
idempotent set to OFF or method not idempotent.
2.5.2 CONNECTION_REFUSED Errors

Occasionally, under stress conditions, few requests might fail with the following error
logged in the error log file.
weblogic: Trying GET /uri at backend host 'xx.xx.xx.xx/port; got exception
'CONNECTION_REFUSED [os error=xxx, line xxxx of URL.cpp]: apr_socket_connect call
failed with error=xxx, host=xx.xx.xx.xx, port=xxxx'
As mentioned in Section 6.4.2, "Tips for reducing Connection_Refused Errors", WLS

server might have reached the maximum allowed backlog connections.
To resolve, follow the steps mentioned in Section 6.4.2, "Tips for reducing Connection_
Refused Errors".
Troubleshooting WebLogic Proxy Plug-In Implementations
2.5.3 NO_RESOURCES Errors

Occasionally, under stress conditions, few requests might fail with the following error
logged in the error log file.
weblogic: *******Exception type [NO_RESOURCES] (apr_socket_connect call failed
with error=70007, host=xx.xx.xx.xx, port=xxxx) raised at line xxxx of URL.cpp
This usually occurs if WLS server is too busy to respond to the connect request from
the WebLogic Proxy Plug-In. This can be resolved by setting WLSocketTimeoutSecs to
a higher value. This allows the WebLogic Proxy Plug-In to wait longer for the connect
request to be responded by the WLS server.

3
Configuring WLS Web Server Proxy Plug-In for
3
Apache HTTP Server
This chapter describes how to install and configure the WLS Web Server Proxy Plug-In
for Apache HTTP Server. It contains the following sections:
■ Section 3.1, "Support Note"
■ Section 3.2, "Install the WLS Web Server Proxy Plug-In for Apache HTTP Server"
■ Section 3.3, "Configure the Apache HTTP Server Plug-In"
■ Section 3.4, "Deprecated Directives for Apache HTTP Server"
Note: For proxying requests from Oracle HTTP Server to Oracle

WebLogic Server, use the mod_wl_ohs plug-in, which is similar to the
plug-in for Apache HTTP Server, but need not be downloaded and
installed separately. For information about configuring mod_wl_ohs,
see Chapter 2, "Configuring the WebLogic Proxy Plug-In for Oracle
HTTP Server.".
3.1 Support Note

The WLS Web Server Proxy Plug-In for Apache HTTP Server is supported on Apache
web servers and is able to front-end WebSocket applications. Support is described in
the Certification matrix, at:
http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certific
ation-100350.html
Note that this URL points to the Certification Central Page, so you need to copy the
correct module based on your web server version. To obtain certifications for the WLS
Plug-in, choose the spreadsheet document in the list associated with your FMW/WLS
version (for example, 12.1.2.0) and then open the "webservers" tab.
3.2 Install the WLS Web Server Proxy Plug-In for Apache HTTP Server
After you download the WLS Web Server Proxy Plug-In for Apache HTTP Server, as
described in Section 1.2, "Availability of WLS Web Server Proxy Plug-In 12.1.2,", you
can install it as an Apache HTTP Server module in your Apache HTTP Server
installation.
Configuring WLS Web Server Proxy Plug-In for Apache HTTP Server 3-1
Install the WLS Web Server Proxy Plug-In for Apache HTTP Server
3.2.1 Installation Prerequisites

Before you install the WLS Web Server Proxy Plug-In for Apache HTTP Server, do the
following:
■ Download the WLS Web Server Proxy Plug-In for Apache HTTP Server, as
described in Section 1.2, "Availability of WLS Web Server Proxy Plug-In 12.1.2."
■ Plug-in zip extract location (PLUGIN_HOME; for example
/home/myhome/weblogic-plugins-12.1.2/)
■ Extract the plug-ins zip distribution to PLUGIN_HOME; for example,
/home/myhome/weblogic-plugins-12.1.2/. This distribution contains these files:
Table 3–1 Files Included in the Apache Web Server Plug-in Zip
(path)/filename Description
README.txt The README file for the plug-in.
bin/orapki.bat orapki tool for configuring Oracle wallets
jlib/*.jar orapki helper Java libraries
lib/mod_wl.so WebLogic proxy module
lib/*.so(.dll) Helper libraries
■ Install JDK 6 if you want to use SSL. The JDK 6 installation is required to use the
orapki utility, which manages public key infrastructure (PKI) elements, such as
wallets and certificate revocation lists, for use with SSL.
■ Ensure that you have a supported Apache HTTP Server installation.
For more information, see:
http://www.oracle.com/technology/software/products/ias/files/fusion_
certification.html.
■ Ensure that a supported version of Oracle WebLogic Server is configured and
running on a target system. Note that this server does not need to be running on
the system on which you extracted the plug-in zip distribution. For the supported
Oracle WebLogic Server versions, see:
certification.html.
3.2.2 Installing the Apache HTTP Server Plug-In

The WLS Web Server Proxy Plug-In for Apache HTTP Server is distributed as a shared
object (.so) file. You can obtain the plug-in here:
http://www.oracle.com/technetwork/middleware/webtier/overview/index.html#W
LSPlugIn
To install the Apache HTTP Server plug-in:
1. Make sure that the weblogic-plugins-12.1.2/lib folder is included in LD_
LIBRARY_PATH on Unix systems (and PATH on Windows systems). If you do not
do this, you see linkage errors when starting Apache HTTP Server.
2. In the location where you unzipped the downloaded plug-in file, locate lib/mod_
wl.so; for example, /home/myhome/weblogic-plugins-12.1.2/lib/mod_wl.so.
3. Verify that the mod_so.c module is enabled.

Configure the Apache HTTP Server Plug-In
If you installed Apache HTTP Server using the script supplied by Apache, mod_
so.c is already enabled. Verify that mod_so.c is enabled by executing the following
command:
■ UNIX/Linux
APACHE_HOME/bin/apachectl -l
(APACHE_HOME is the directory that contains the Apache HTTP Server

installation.)
This command lists all enabled modules. If mod_so.c is not listed, you must
rebuild your Apache HTTP Server, making sure that the following configure
option is specified:
...
--enable-module=so
...
4. Make a copy of the APACHE_HOME/bin/httpd.conf file for backup.

5. Open the httpd.conf file.
6. Install the Apache HTTP Server plug-in module for Apache 2.2.x by adding the
following line.
LoadModule weblogic_module /home/myhome/weblogic-plugins-12.1.2/lib/mod_wl.so
7. Verify the syntax of the httpd.conf file by running the following command:
■ UNIX/Linux
> APACHE_HOME/bin/apachectl -t
If the httpd.conf file contains any errors, the output of this command shows the
errors; otherwise, the command returns the following:
Syntax OK
3.3 Configure the Apache HTTP Server Plug-In

This section describes how to edit the httpd.conf file to proxy requests by path or by
MIME type, to enable HTTP tunneling, and to use other Oracle WebLogic Server
plug-in parameters.
3.3.1 Editing the httpd.conf File

Edit the httpd.conf file in your Apache HTTP Server installation to configure the
Apache HTTP Server plug-in.
1. Open the httpd.conf file, if it is not already open.
2. To proxy requests by MIME type, add an IfModule block that defines one of the
following:
■ For a non-clustered WebLogic Server: the WebLogicHost and WebLogicPort
parameters.
■ For a cluster of WebLogic Servers: the WebLogicCluster parameter.
Example:
WebLogicHost myweblogic.example.com
WebLogicPort 7001
DebugConfigInfo ON
</IfModule>
3. To proxy requests by MIME type, add a MatchExpression line to the <IfModule>

block. Note that if both MIME type and proxying by path are enabled, proxying by
path takes precedence over proxying by MIME type.
For example, the following <IfModule> block for a non-clustered WebLogic Server
specifies that all files with MIME type .jsp are proxied:
WebLogicHost my-weblogic.server.com
WebLogicPort 7001
DebugConfigInfo ON
</IfModule>
You can also use multiple MatchExpressions, for example:

WebLogicHost my-weblogic.server.com
WebLogicPort 7001
MatchExpression *.xyz
DebugConfigInfo ON
</IfModule>
If you are proxying requests by MIME type to a cluster of WebLogic Servers, use
the WebLogicCluster parameter instead of the WebLogicHost and WebLogicPort
parameters. For example:
WebLogicCluster w1s1.com:7001,w1s2.com:7001,w1s3.com:7001
MatchExpression *.xyz
</IfModule>
4. To proxy requests by path, use the <Location> block and the WLSRequest
statement. WLSRequest specifies the handler for the WLS Web Server Proxy Plug-In
for Apache HTTP Server module. For example the following Location block
proxies all requests containing /weblogic in the URL:
WLSRequest On
PathTrim /weblogic
</Location>
The PathTrim parameter specifies a string trimmed from the beginning of the URL
before the request is passed to the WebLogic Server instance (see Section 7.1,
"General Parameters for Web Server Plug-Ins").
5. The PathTrim parameter must be configured inside the <Location> tag. These
known issues arise when you configure the WLS Web Server Proxy Plug-In for
Apache HTTP Server to use SSL
■ The following configuration is incorrect:
WLSRequest On
</Location>

WebLogicHost localhost
WebLogicPort 7001
PathTrim /weblogic
</IfModule>
The following configuration is the correct setup:

WLSRequest On
PathTrim /weblogic
</Location>
■ The current implementation of the WLS Web Server Proxy Plug-In for Apache
HTTP Server does not support the use of multiple certificate files with Apache
SSL.
6. Optionally, enable HTTP tunneling for t3 or IIOP.
a. To enable HTTP tunneling if you are using the t3 protocol and weblogic.jar,
add the following <Location> block to the httpd.conf file:
<Location /bea_wls_internal>
WLSRequest On
</Location>
b. To enable HTTP tunneling if you are using the IIOP, the only protocol used by
the WebLogic Server thin client, wlclient.jar, add the following Location block
to the httpd.conf file:
<Location /bea_wls_internal>
WLSRequest On
</Location>
7. Define any additional parameters for the WLS Web Server Proxy Plug-In for
Apache HTTP Server.
The WLS Web Server Proxy Plug-In for Apache HTTP Server recognizes the
parameters listed in Section 7.1, "General Parameters for Web Server Plug-Ins". To
modify the behavior of your WLS Web Server Proxy Plug-In for Apache HTTP
Server, define these parameters either:
■ In a <Location> block, for parameters that apply to proxying by path, or
■ At global or virtual host scope, for parameters that apply to proxying by
MIME type.
8. Verify the syntax of the httpd.conf file by running the following command:
■ UNIX/Linux
> APACHE_HOME/bin/apachectl -t
If the httpd.conf file contains any errors, the output of this command shows the
errors; otherwise, the command returns the following:
Syntax OK
9. Start the Apache HTTP Server.

■ UNIX/Linux
> APACHE_HOME/bin/apachectl start
10. Send a request to http://apache-host:apache-port/mywebapp/my.jsp from the

browser. Validate the response.
3.3.1.1 Placing WebLogic Properties Inside Location or VirtualHost Blocks

If you choose to not use the <IfModule>, you can instead directly place the WebLogic
properties inside Location or <VirtualHost> blocks. Consider the following examples
of the <Location> and <VirtualHost> blocks:
WLSRequest On
WebLogicHost myweblogic.server.com
WebLogicPort 7001
</Location>
WLSRequest On
</Location>
<VirtualHost apachehost:80>
WLSRequest On
WebLogicServer weblogic.server.com
WebLogicPort 7001
</VirtualHost>
3.3.1.2 Example: Configuring the Apache Plug-In

The following example demonstrates basic instructions for quickly setting up the
Apache plug-in to proxy requests to a backend WebLogic Server:
1. Make a copy of ${APACHE_HOME}/conf/httpd.conf file.
2. Edit the file to add the following code:
...
LoadModule weblogic_module /home/myhome/weblogic-plugins-12.1.2/lib/mod_wl.so
WebLogicHost wls-host
WebLogicPort wls-port
</IfModule>
<Location /mywebapp>
WLSRequest On
</Location>
...
3. Include ${PLUGIN_HOME}/lib in the LD_LIBRARY_PATH by entering the

following command:
$ export LD_LIBRARY_PATH=/home/myhome/weblogic-plugin-12.1.2/lib:...
Note:You can also update the PATH by copying the 'lib' contents to
APACHE_HOME\lib or by editing the APACHE_
HOME/bin/apachectl to update the LD_LIBRARY_PATH.

4. At the prompt, start the Apache HTTP Server by entering:

$ ${APACHE_HOME}/bin/apachectl start
5. Send a request to http://apache-host:apache-port/mywebapp/my.jsp from the

browser and validate the response
3.3.2 Including a weblogic.conf File in the httpd.conf File

If you want to keep several separate configuration files, you can define parameters in a
separate configuration file called weblogic.conf file, by using the Apache HTTP
Server Include directive in an <IfModule> block in the httpd.conf file:
# Config file for WebLogic Server that defines the parameters
Include conf/weblogic.conf
</IfModule>
The syntax of weblogic.conf files is the same as that for the httpd.conf file.
This section describes how to create weblogic.conf files, and includes sample
weblogic.conf files.
3.3.2.1 Creating weblogic.conf Files

Be aware of the following when constructing a weblogic.conf file.
■ Enter each parameter on a new line. Do not put "=" between a parameter and its
value. For example:
PARAM_1 value1
PARAM_2 value2
PARAM_3 value3
■ If a request matches both a MIME type specified in a MatchExpression in an

<IfModule> block and a path specified in a Location block, the behavior specified
by the <Location> block takes precedence.
■ If you use an Apache HTTP Server <VirtualHost> block, you must include all
configuration parameters (MatchExpression, for example) for the virtual host
within the <VirtualHost> block (see Apache Virtual Host documentation at
http://httpd.apache.org/docs/vhosts/).
■ Sample httpd.conf file:
WebLogicCluster johndoe02:8005,johndoe:8006
WLTempDir "c:\myTemp"
DebugConfigInfo ON
KeepAliveEnabled ON
KeepAliveSecs 15
</IfModule>
<Location /jurl>
WLSRequest On
WebLogicCluster agarwalp01:7001
WLTempDir "c:\jurl
</Location>
<Location /web>
WLSRequest On
PathTrim /web
WebLogicHost myhost
WebLogicPort 8001
WLTempDir "c:\web"
</Location>
<Location /foo>
WLSRequest On
WebLogicHost myhost02
WebLogicPort 8090
WLTempDir "c:\foo"
PathTrim /foo
</Location>
■ All the requests that match /jurl/* will have the POST data files in c:\jurl and will
reverse proxy the request to agarwalp01 and port 7001. All the requests that match
/web/* will have the POST data files in c:\web and will reverse proxy the request
to myhost and port 8001. All the requests that match /foo/* will have the POST
data files written to c:\foo and will reverse proxy the request to myhost02 and
port 8090.
■ You should use the MatchExpression statement instead of the <Files> block.
3.3.2.2 Sample weblogic.conf Configuration Files

The following examples of weblogic.conf files may be used as templates that you can
modify to suit your environment and server. Lines beginning with # are comments.
Example 3–1 Example Using WebLogic Clusters

# These parameters are common for all URLs which are
# directed to the current module. If you want to override
# these parameters for each URL, you can set them again in
# the <Location> or <Files> blocks. (Except WebLogicHost,
# WebLogicPort, WebLogicCluster, and CookieName.)
ErrorPage http://myerrorpage.mydomain.com
</IfModule>
####################################################
In Example 3–2, the MatchExpression parameter syntax for expressing the filename
pattern, the WebLogic Server host to which HTTP requests should be forwarded, and
various other parameters is as follows:
MatchExpression [filename pattern] [WebLogicHost=host] | [paramName=value]
The first MatchExpression parameter below specifies the filename pattern *.jsp, and
then names the single WebLogicHost. The paramName=value combinations following
the pipe symbol specify the port at which WebLogic Server is listening for connection
requests, and also activate the Debug option. The second MatchExpression specifies
the filename pattern *.html and identifies the WebLogic Cluster hosts and their ports.
The paramName=value combination following the pipe symbol specifies the error page
for the cluster.
Example 3–2 Example Using Multiple WebLogic Clusters


# the <Location> or <Files> blocks (Except WebLogicHost,
MatchExpression *.jsp WebLogicHost=myHost|WebLogicPort=7001|Debug=ON
MatchExpression *.html WebLogicCluster=myHost1:7282,myHost2:7283|ErrorPage=
http://www.xyz.com/error.html
</IfModule>
Example 3–3 shows an example without WebLogic clusters.
Example 3–3 Example Without WebLogic Clusters

# the <Location> or <Files> blocks (Except WebLogicHost,
WebLogicHost myweblogic.server.com
WebLogicPort 7001
</IfModule>
Example 3–4 shows an example of configuring multiple name-based virtual hosts.
Example 3–4 Example Configuring Multiple Name-Based Virtual Hosts

# VirtualHost1 = localhost:80
<VirtualHost 127.0.0.1:80>
DocumentRoot "C:/test/VirtualHost1"
ServerName localhost:80
#... WLS parameter ...
# Example: MatchExpression *.jsp <some additional parameter>
MatchExpression *.jsp PathPrepend=/test2
</IfModule>
</VirtualHost>
# VirtualHost2 = 127.0.0.2:80
<VirtualHost 127.0.0.2:80>
DocumentRoot "C:/test/VirtualHost1"
ServerName 127.0.0.2:80
# Example: MatchExpression *.jsp <some additional parameter>
MatchExpression *.jsp PathPrepend=/test2
</IfModule>
</VirtualHost>
You must define a unique value for ServerName or some plug-in parameters will not
work as expected.
Deprecated Directives for Apache HTTP Server
3.3.2.3 Template for the Apache HTTP Server httpd.conf File

This section contains a sample httpd.conf file for Apache 2.2. You can use this sample
as a template and modify it to suit your environment and server. Lines beginning with
# are comments.
Note that Apache HTTP Server is not case sensitive.
Example 3–5 Sample httpd.conf file for Apache 2.2

####################################################
APACHE-HOME/conf/httpd.conf file
####################################################
LoadModule weblogic_module lhome/myhome/weblogic-plugins-12.1.2/lib/mod_wl.so
WLSRequest On
PathTrim /weblogic
ErrorPage http://myerrorpage1.mydomain.com
</Location>
<Location /servletimages>
WLSRequest On
PathTrim /something
ErrorPage http://myerrorpage1.mydomain.com
</Location>
ErrorPage http://myerrorpage.mydomain.com
</IfModule>
3.4 Deprecated Directives for Apache HTTP Server

The WebLogic Server plug-in logs are now part of the Apache HTTP Server error log
and are prefixed with weblogic: to easily identify them. Hence the directives
WLLogFile and Debug are deprecated. If the configuration still uses any of these
directives, the following note will appear during startup::
The WLLogFile directive is ignored. The web server log file is used instead.
The Debug directive is ignored. The web server log level is used instead.
To enable plug-in logs, set LogLevel to debug. The logs will be included in the file
pointed to by ErrorLog.

4
Configuring the WLS Web Server Proxy Plug-In
4
12.1.2 for iPlanet Web Server
This chapter describes how to install and configure the WLS Web Server Proxy Plug-In
12.1.2 for iPlanet Web Server. In previous releases, this plug-in was referred to as the
Netscape Enterprise Server plug-in.
This chapter contains the following sections:
■ Section 4.1, "Overview of the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet"
■ Section 4.2, "Installing and Configuring the WLS Web Sever Proxy Plug-In 12.1.2
for iPlanet"
■ Section 4.3, "Deprecated Directives for iPlanet Web Server"
4.1 Overview of the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet
The WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server enables requests to be
proxied from Oracle iPlanet Web Server to Oracle WebLogic Server. The plug-in
enhances a Oracle iPlanet Web Server installation by allowing WebLogic Server to
handle those requests that require the dynamic functionality of WebLogic Server.
The WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server is designed for an
environment where Oracle iPlanet Web Server serves static pages, and an Oracle
WebLogic Server instance (operating in a different process, possibly on a different
machine) is delegated to serve dynamic pages, such as JSPs or pages generated by
HTTP Servlets. The connection between WebLogic Server and the WLS Web Sever
Proxy Plug-In 12.1.2 for iPlanet Web Server is made using clear text or Secure Sockets
Layer (SSL). To the end user—the browser—the HTTP requests delegated to WebLogic
Server appear to come from the same source as the static pages. Additionally, the
HTTP-tunneling facility of WebLogic Server can operate through the WLS Web Sever
Proxy Plug-In 12.1.2 for iPlanet Web Server, providing access to all WebLogic Server
services (not just dynamic pages).
The WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server operates as a module
within a Oracle iPlanet Web Server. The module is loaded at startup and later based on
the configuration, certain HTTP requests are delegated to it.
For more information about Oracle iPlanet Web Server see,
http://download.oracle.com/docs/cd/E18958_01/doc.70/e18789/chapter.htm
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server 4-1
Installing and Configuring the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet
4.2 Installing and Configuring the WLS Web Sever Proxy Plug-In 12.1.2
for iPlanet
The following sections provide information pertaining to the installation prerequisites
and configuring the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server.
4.2.1 Installation Prerequisites

Before you install the Oracle iPlanet Web Server plug-in, do the following:
■ Create a plug-in zip extract location (PLUGIN_HOME; for example,
/home/myhome/weblogic-plugins-12.1.2/)
■ Download the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server, as
described in Section 1.2, "Availability of WLS Web Server Proxy Plug-In 12.1.2."
■ Extract the plug-in zip distribution into the Web Server installation directory
install-dir. Before extracting the plug-in zip distribution, rename the existing
README.txt within install-dir. This distribution contains these files:
Table 4–1 Files Included in the Oracle iPlanet Web Server Plug-in Zip
README.txt information specific to the distribution, late-breaking updates,
and other errata.
bin/orapki (.bat on orapki tool for configuring Oracle wallets
Windows)
lib/mod_wl.so (.dll on WebLogic proxy module
Windows)
lib/*.so(.dll on Windows) Helper libraries
■ Installed JDK 6 if you want to use SSL. You must have a JDK 6 installation if you
want to use the orapki utility. The orapki utility manages public key infrastructure
(PKI) elements, such as wallets and certificate revocation lists, for use with SSL.
■ Created a supported WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server
installation (7.0.9 or later) installed on IPLANET_HOME; that is, iPlanet server
listening on iplanet-host:iplanet-port.
The version 12.1.2 plug-in is supported on the WLS Web Sever Proxy Plug-In
12.1.2 for iPlanet Web Server platforms described in:
certification.html
■ Created an iPlanet instance location (INSTANCE-DIR; for example, ${IPLANET_
HOME}/https-foo.
■ Created a supported version of WebLogic Server is configured and running on a
target system. Note that this server does not need to run on the system to which
you extracted the plug-in zip distribution. For the supported WebLogic Server
versions, see:
certification.html

4.2.2 Installing the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server
The WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server is distributed as a
shared object (.so) for Unix platforms and as a DLL (.dll) for Windows.
To instruct Oracle iPlanet Web Server to load the native library (mod_wl.so on Unix) as
a module, add the following line to the magnus.conf file.
Init fn="load-modules" shlib="mod_wl.so"
The magnus.conf file is located in the INSTANCE-DIR/config directory. Where

INSTANCE-DIR is the web server instance directory. For more information, see:
http://download.oracle.com/docs/cd/E19146-01/821-1827/821-1827.pdf
4.2.3 Configuring the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server
This section provides information about configuring the WLS Web Sever Proxy
Plug-In 12.1.2 for iPlanet Web Server.
Locate and open the obj.conf file
The default obj.conf file is located in the INSTANCE-DIR/config directory. Where
INSTANCE-DIR is the web server instance directory.
For more information, see
There are different ways to configure obj.conf file.
Read guidelines for Section 4.2.5, "Guidelines for Modifying the obj.conf File". The
obj.conf file defines which requests are proxied to WebLogic Server and other
configuration information.
4.2.3.1 Proxying Requests by URL

If you want to proxy requests by URL, (also called proxying by path.) create a separate
<Object> tag for each URL that you want to proxy and define the PathTrim parameter.
The following is an example of an <Object> tag that proxies a request containing the
string */weblogic/*
<Object ppath="*/weblogic/*">
Service fn=wl-proxy WebLogicHost=myserver.com WebLogicPort=7001
PathTrim="/weblogic"
</Object>
Here is an example of the object definitions for two separate ppaths that identify
requests to be sent to different instances of WebLogic Server:
</Object>
<Object name="si" ppath="*/servletimages/*">
Service fn=wl-proxy WebLogicHost=otherserver.com WebLogicPort=7008
</Object>
Note: Parameters that are not required, such as PathTrim, can be

used to further configure the way the ppath is passed through the
WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web Server. For a
complete list of plug-in parameters, see Section 7.1, "General
Parameters for Web Server Plug-Ins"
4.2.3.2 Proxying the Request by MIME Type

If you are proxying requests by MIME type, add any new MIME types referenced in
the obj.conf file to the mime.types file. You can add MIME types by using the iPlanet
server console or by editing the mime.types file directly.
■ To directly edit mime.types file, open the file for editing and type the following
line:
type=text/jsp exts=jsp
■ To edit the mime.types file in the iPlanet Administration console, see

http://download.oracle.com/docs/cd/E19146-01/821-1828/gdabr/index.html
Note: iPlanet Web Server 7.0.9 and above already defines the MIME
type for JSPs. Change the existing MIME type from
magnus-internal/jsp to text/jsp.
All requests with a designated MIME type extension (for example, .jsp) can be proxied
to the WebLogic Server, regardless of the URL.
For example, to proxy all JSPs to a WebLogic Server, the following Service directive
should be added:
Service method="(GET|HEAD|POST|PUT)" type=text/jsp fn=wl-proxy
WebLogicHost=myserver.com WebLogicPort=7001 PathPrepend=/jspfiles
This Service directive proxies all files with the .jsp extension to the designated
WebLogic Server, where they are served with a URL like this:
http://myserver.com:7001/jspfiles/myfile.jsp
The value of the PathPrepend parameter should correspond to the context root of a
Web Application that is deployed on the WebLogic Server or cluster to which requests
are proxied.
After adding entries for the WLS Web Server Proxy Plug-In 12.1.2 for iPlanet Web
Server, the default <Object> definition will be similar to the following example:
<Object name="default">
AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
NameTrans fn="pfx2dir" from="/mc-icons" dir="/export/home/ws/lib/icons"
name="es-internal"
PathCheck fn="uri-clean"
PathCheck fn="check-acl" acl="default"
PathCheck fn="find-pathinfo"
PathCheck fn="find-index" index-names="index.html,home.html
ObjectType fn="type-by-extension"
ObjectType fn="force-type" type="text/plain"
Service method="(GET|HEAD|POST|PUT)" type="text/jsp" fn="wl-proxy"
WebLogicHost="myweblogic.server.com" WebLogicPort="7100"
Service method="(GET|HEAD)" type="magnus-internal/directory" fn="index-common"

Service method="(GET|HEAD|POST)" type="*~magnus-internal/*" fn="send-file"

Service method="TRACE" fn="service-trace"
AddLog fn="flex-log"
</Object>
You can add a similar Service statement to the default object definition for all other
MIME types that you want to proxy to WebLogic Server.
For proxy-by-MIME to work properly you need to disable Java from the WLS Web
Server Proxy Plug-In 12.1.2 for iPlanet Web Server otherwise, SUN One will try to
serve all requests that end in *.jsp and will return a 404 error as it will fail to locate the
resource under $doc_root.
To disable Java from the Oracle iPlanet Web Server, comment out the following in the
obj.conf file under the name="default"
#NameTrans fn="ntrans-j2ee" name="j2ee" and restart the web server. Optionally,
■ If you are proxying by path, enable HTTP-tunneling.
If you are using weblogic.jar and tunneling the t3 protocol, add the following
object definition to the obj.conf file, substituting the WebLogic Server host name
and the WebLogic Server port number, or the name of a WebLogic Cluster that you
want to handle HTTP tunneling requests.
<Object name="tunnel" ppath="*/HTTPClnt*"
</Object>
■ If you are tunneling IIOP, which is the only protocol used by the WebLogic Server
thin client, wlclient.jar, add the following object definition to the obj.conf file,
substituting the WebLogic Server host name and the WebLogic Server port
number, or the name of a WebLogic Cluster that you want to handle HTTP
tunneling requests.
<Object name="tunnel" ppath="*/iiop*">
</Object>
4.2.3.3 Testing the Plug-in

To test the Oracle iPlanet Web Server plug-in:
1. Start WebLogic Server.
2. Start Oracle iPlanet Web Server. If WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet
Web Server is already running, you must either restart or reconfigure the server.
3. You can test the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server
plug-in using the following URL. It should bring up the default WebLogic Server
HTML page, welcome file, or default servlet, as defined for the default Web
Application as shown in this example
http://webserver_host:webserver_port/weblogic/
For information on how to create a default Web Application, see Developing Web
Applications, Servlets, and JSPs for Oracle WebLogic Server
4.2.4 Example: Configuring the iPlanet Plug-in

The following example demonstrates basic instructions for quickly setting up the WLS
Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server to proxy requests to a backend
WebLogic Server (WLS).
1. Edit %IPLANET_INSTANCE_HOME%\config\magnus.conf file and add the
following:
...
Init fn="load-modules" shlib="%PLUGIN_HOME%\lib\mod_wl.so"
...
2. Open the %IPLANET_INSTANCE_HOME%\config\<vs-obj.conf> file (the default

is %IPLANET_INSTANCE_HOME%\config\obj.conf) and add the following code:
...
<Object name="weblogic" ppath="*/wls/*">
Service fn="wl-proxy" WebLogicHost=<wls-host> WebLogicPort=<wls-port>
DebugConfigInfo="ON"
PathTrim="/wls"
</Object>
...
For more information on configuring the contents of obj.conf, see Section 4.2.6,
"Sample obj.conf File (Not Using a WebLogic Cluster)" and Section 4.2.7, "Sample
obj.conf File (Using a WebLogic Cluster)".
3. At the prompt, include the %PLUGIN_HOME%\lib in the PATH by entering:
set PATH=C:\myhome\weblogic-plugin-12.1.2\lib:...
Note:You can also update the PATH by copying the 'lib' contents to
IPLANET_HOME\lib or editing the IPLANET_INSTANCE_
HOME\bin\startserv.
4. At the prompt, start the iPlanet server by entering:

%IPLANET_INSTANCE_HOME%\bin\startserv
5. Send a request to http://iplanet-host:iplanet-port/mywebapp/my.jsp from the

browser and validate the response.
4.2.5 Guidelines for Modifying the obj.conf File

To use the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server, you must make
several modifications to the obj.conf file. For more information, see
4.2.6 Sample obj.conf File (Not Using a WebLogic Cluster)

Below is an example of lines that should be added to the obj.conf file if you are not
using a cluster. You can use this example as a template that you can modify to suit
your environment and server. Lines beginning with # are comments.
■ Proxy requests by URL
## --------------BEGIN SAMPLE obj.conf CONFIGURATION---------
# (no cluster)

# Configure which types of HTTP requests should be handled by the

# iPlanet NSAPI plug-In (and, in turn, by WebLogic). This is done
# with one or more "<Object>" tags as shown below.
# Here we configure the iPlanet plug-In module to pass requests for
# "/weblogic" to a WebLogic Server listening at port 7001 on
# the host myweblogic.server.com.
Service fn=wl-proxy WebLogicHost=myweblogic.server.com WebLogicPort=7001
</Object>
# Here we configure the plug-in so that requests that
# match "/servletimages/" is handled by the
# plug-in/WebLogic.
</Object>
## -------------END SAMPLE obj.conf CONFIGURATION-------------------
■ Proxy requests by MIME type

This Object directive works by file extension rather than
# request path. To use this configuration, you must modify the existing line or
add the following line to mime.types file.
## -----------BEGIN SAMPLE mime.types CONFIGURATION---------------------

#
# type=text/jsp exts=jsp
## ------------END SAMPLE mime.types CONFIGURATION----------------------
## -------------BEGIN SAMPLE obj.conf CONFIGURATION---------------------

# This configuration means that any file with the extension
# ".jsp" are proxied to WebLogic. Then you must add the
# Service line for this extension to the Object "default",
# which should already exist in your obj.conf file:
<Object name=default>
NameTrans fn=pfx2dir from=/ns-icons dir="c:/Export/Home/ns-icons"
NameTrans fn=pfx2dir from=/mc-icons dir="c://Export/Home/ns-icons"
NameTrans fn="pfx2dir" from="/help" dir="c:/Export/Home/manual/https/ug"
NameTrans fn=document-root root="c:/Export/Home/docs"
Service method="(GET|HEAD|POST|PUT)" type=text/jsp fn=wl_proxy
WebLogicHost=myweblogic.server.com WebLogicPort=7001 PathPrepend=/jspfiles
PathCheck fn=nt-uri-clean
PathCheck fn=find-pathinfo
PathCheck fn=find-index index-names="index.html,home.html"
ObjectType fn=type-by-extension
ObjectType fn=force-type type=text/plain
Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
Service method=(GET|HEAD) type=*~magnus-internal/* fn=send-file
AddLog fn=flex-log name="access"
</Object>
# The following directive enables HTTP-tunneling of the
# WebLogic protocol through the iPlanet plug-in.
<Object name="tunnel" ppath="*/HTTPClnt*">
</Object>
#
## -------------END SAMPLE obj.conf CONFIGURATION---------------------
4.2.7 Sample obj.conf File (Using a WebLogic Cluster)

Below is an example of lines that should be added to obj.conf if you are using a
WebLogic Server cluster. You can use this example as a template that you can modify
to suit your environment and server. Lines beginning with # are comments.
■ Proxy requests by URL
## -------------BEGIN SAMPLE obj.conf CONFIGURATION-------------------
# (using a WebLogic Cluster)
#
# Configure which types of HTTP requests should be handled by the
# iPlanet module (and, in turn, by WebLogic). This is done
# with one or more "<Object>" tags as shown below.
# Here we configure the iPlanet module to pass requests for
# "/weblogic" to a cluster of WebLogic Servers.
Service fn=wl-proxy WebLogicCluster="myweblogic.com:7001,yourweblogic.com:7001,
theirweblogic.com:7001" PathTrim="/weblogic"
</Object>
# Here we configure the plug-in so that requests that
# match "/servletimages/" are handled by the
# plug-in/WebLogic.
Service fn=wl-proxy WebLogicCluster="myweblogic.com:7001,yourweblogic.com:7001,
theirweblogic.com:7001"
</Object>
## ----------------END OF SAMPLE obj.conf CONFIGURATION------------------
■ Proxy requests by MIME types

# This Object directive works by file extension rather than
# request path. To use this configuration, you must modify the existing line or
add the following line to mime.types file.:
## -----------------BEGIN SAMPLE mime.types FILE -------------------------
# type=text/jsp exts=jsp
#
## --------------------END SAMPLE mime.types------------------------------
## -------------BEGIN SAMPLE obj.conf CONFIGURATION-----------------------

# This configuration means that any file with the extension
# ".jsp" is proxied to WebLogic. Then you must add the
# Service line for this extension to the Object "default",
# which should already exist in your obj.conf file:
<Object name=default>
NameTrans fn=pfx2dir from=/ns-icons dir="c:/Export/Home/ns-icons"
NameTrans fn=pfx2dir from=/mc-icons dir="c:/Export/Home/ns-icons"
NameTrans fn="pfx2dir" from="/help" dir="c://Export/Home/manual/https/ug"
NameTrans fn=document-root root="c://Export/Home/docs"
Service method="(GET|HEAD|POST|PUT)" type=text/jsp fn=wl_proxy
WebLogicCluster="myweblogic.com:7001, yourweblogic.com:7001,
theirweblogic.com:7001",PathPrepend=/jspfiles
PathCheck fn=nt-uri-clean
PathCheck fn=find-pathinfo
PathCheck fn=find-index index-names="index.html,home.html"
ObjectType fn=type-by-extension
ObjectType fn=force-type type=text/plain
Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
Service method=(GET|HEAD) type=*~magnus-internal/* fn=send-file

Deprecated Directives for iPlanet Web Server
AddLog fn=flex-log name="access"

</Object>
# The following directive enables HTTP-tunneling of the
# WebLogic protocol through the NES plug-in.
<Object name="tunnel" ppath="*/HTTPClnt*">
Service fn=wl-proxy WebLogicCluster="myweblogic.com:7001,
yourweblogic.com:7001, theirweblogic.com:7001"
</Object>
#
## -------------END SAMPLE obj.conf CONFIGURATION--------------------
4.3 Deprecated Directives for iPlanet Web Server

The WebLogic Server plug-in logs are now part of the Oracle iPlanet Server error log
and are prefixed with weblogic: to easily identify them. Hence the directives
WLLogFile and Debug are deprecated. If the configuration still uses any of these
directives, the following note will appear:
weblogic: Debug & WLLogFile directives are deprecated for the current plugin
release. Please Refer to the plugin documentation.
To enable plug-in logs, set log-level to fine.
Deprecated Directives for iPlanet Web Server

5
Configuring the WLS Web Server Proxy Plug-In
5
12.1.2 for Microsoft IIS Web Server
The following sections describe how to install and configure the WLS Web Server
Proxy Plug-In 12.1.2 for Microsoft IIS Web Server:
■ Section 5.1, "Installing and Configuring the WLS Web Server Proxy Plug-In 12.1.2
for Microsoft IIS"
■ Section 5.2, "Installing and Configuring the Microsoft IIS Plug-In for IIS 7.0"
■ Section 5.3, "Serving Static Files from the Web Server"
■ Section 5.4, "Using Wildcard Application Mappings to Proxy by Path"
■ Section 5.5, "Proxying Requests from Multiple Virtual Web Sites to WebLogic
Server"
■ Section 5.6, "Creating ACLs Through IIS"
■ Section 5.7, "Testing the Installation"
5.1 Installing and Configuring the WLS Web Server Proxy Plug-In 12.1.2
for Microsoft IIS
To install the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server:
1. Download the WLS Web Server Proxy Plug-In for IIS Web Server, as described in
Section 1.2, "Availability of WLS Web Server Proxy Plug-In 12.1.2." The zip file
contains these files:
Table 5–1 Files Included in the Microsoft IIS Plug-In Zip

README.txt Information specific to the distribution, late-breaking updates,
and other errata.
bin/orapki.bat orapki tool for configuring Oracle wallets
iisproxy.dll WebLogic proxy module
lib/*.dll Helper libraries
2. Copy the iisproxy.dll file into a convenient directory that is accessible to IIS. This
directory must also contain the iisproxy.ini file that you will create in step 6.
Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS Web Server 5-1
Installing and Configuring the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS
3. Set the user permissions for the iisproxy.dll file to include the name of the user
who will be running IIS. One way to do this is by right clicking on the iisproxy.dll
file and selecting Permissions, then adding the username of the person who will
be running IIS.
4. If you want to configure proxying by file extension (MIME type) complete this
step. (You can configure proxying by path in addition to or instead of configuring
by MIME type. See step 5.)
a. Start the Internet Information Service Manager by selecting it from the Start
menu.
b. In the left panel of the Service Manager, select your Web site (the default is
Default Web Site).
Figure 5–1 Selecting Web Site in Service Manager
c. Click the Play arrow in the toolbar to start.

d. Open the properties for the selected Web site by right-clicking the Web site
selection in the left panel and selecting Properties.
Figure 5–2 Selecting Properties for Selected Web Site

e. In the Properties panel, select the Home Directory tab, and click
Configuration in the Applications Settings section.
Figure 5–3 Home Directory Tab of the Properties Panel
f. On the Mappings tab, click Add to add file types and configure them to be
proxied to WebLogic Server.
Figure 5–4 Click the Add Button to Add File Types
g. In the Add dialog box, browse to find the iisproxy.dll file.

h. Set the Extension to the type of file that you want to proxy to WebLogic Server.
i. If you are configuring for IIS 6.0 or later, be sure to deselect the Check that file
exists check box. The behavior of this check has changed from earlier versions
of IIS: it used to check that the iisproxy.dll file exists; now it checks that files
requested from the proxy exist in the root directory of the Web server. If the
check does not find the files there, the iisproxy.dll file will not be allowed to
proxy requests to the WebLogic Server.
j. In the Directory Security tab, set the Method exclusions as needed to create a
secure installation.
k. When you finish, click OK to save the configuration. Repeat this process for
each file type you want to proxy to WebLogic.
l. When you finish configuring file types, click OK to close the Properties panel.
Note: In the URL, any path information you add after the server and
port is passed directly to WebLogic Server. For example, if you request
a file from IIS with the URL:
http://myiis.com/jspfiles/myfile.jsp
it is proxied to WebLogic Server with a URL such as
http://mywebLogic:7001/jspfiles/myfile.jsp
Note: To avoid out-of-process errors, ensure Cache ISAPI

Applications is selected.
5. If you want to configure proxying by path, see Section 5.4, "Using Wildcard
Application Mappings to Proxy by Path".
6. In the directory used in Step 2, create the iisproxy.ini file.
The iisproxy.ini file contains name=value pairs that define configuration
parameters for the plug-in. The parameters are listed in Section 7–1, " General
Parameters for Web Server Plug-Ins".
Use the example iisproxy.ini file in Section 5.5.1, "Sample iisproxy.ini File" as a
template for your iisproxy.ini file.
Note: Changes in the parameters will not go into effect until you
restart the "IIS Admin Service" (under services, in the control panel).
Oracle recommends that you locate the iisproxy.ini file in the same directory that
contains the iisproxy.dll file. You can also use other locations. If you place the file
elsewhere, note that WebLogic Server searches for iisproxy.ini in the following
directories, in the following order:
a. In the same directory where iisproxy.dll is located.
b. In the home directory of the most recent version of WebLogic Server that is
referenced in the Windows Registry. (If WebLogic Server does not find the
iisproxy.ini file in the home directory, it continues looking in the Windows
Registry for older versions of WebLogic Server and looks for the iisproxy.ini
file in the home directories of those installations.)
c. In the directory c:\weblogic, if it exists.
7. Define the Oracle WebLogic Server host and port number to which the Microsoft
Internet Information Server plug-in proxies requests. Depending on your
configuration, there are two ways to define the host and port:

■ If you are proxying requests to a single WebLogic Server, define the

WebLogicHost and WebLogicPort parameters in the iisproxy.ini file. For
example:
WebLogicHost=localhost
WebLogicPort=7001
■ If you are proxying requests to a cluster of WebLogic Servers, define the

WebLogicCluster parameter in the iisproxy.ini file. For example:
WebLogicCluster=myweblogic.com:7001,yourweblogic.com:7001
Where myweblogic.com and yourweblogic.com are instances of Oracle WebLogic

Server running in a cluster.
8. Optionally, enable HTTP tunneling by following the instructions for proxying by
path (see Section 5.4, "Using Wildcard Application Mappings to Proxy by Path")
substituting the WebLogic Server host name and the WebLogic Server port
number, or the name of a WebLogic Cluster that you wish to handle HTTP
tunneling requests.
9. Set any additional parameters in the iisproxy.ini file. A complete list of parameters
is available in the appendix Section 7.1, "General Parameters for Web Server
Plug-Ins".
10. If you are proxying servlets from IIS to WebLogic Server and you are not proxying
by path, see Section 5.4, "Using Wildcard Application Mappings to Proxy by Path".
11. The installed version of IIS with its initial settings does not allow the iisproxy.dll.
Use the IIS Manager console to enable the plug-in:
a. Open the IIS Manager console.
b. Select Web Service Extensions.
c. Set All Unknown ISAPI Extensions to Allowed.
5.1.1 Example: Configuring the IIS Plug-In

The following example describes how to set up the WLS Web Server Proxy Plug-In
12.1.2 for Microsoft IIS Web Server to proxy requests to a backend WebLogic Server
(WLS).
1. Create iisproxy.ini file in%PLUGIN_HOME%\lib\. Include the following lines:
WebLogicHost=wls-host
WebLogicPort=wls-port
Debug=ALL
WLLogFile=C:\Temp\wl-proxy.log
2. Ensure that the %PLUGIN_HOME%\lib is included in the system PATH

(Control-Panel then System then System Properties then Environment Variables
then System Properties then PATH).
3. Open IIS Manager, use Default Web Site or create a Web Site. Click the site, open
Handler Mappings and add a script map (set the Extension, for example '*.jsp' or
'*', set Executable to %PLUGIN_HOME%\lib\iisproxy.dll, and assign a Name)
4. Start IIS.
5. Send a request to http://iis-host:iis-port/mywebapp/my.jsp from the browser.
Validate the response.
Installing and Configuring the Microsoft IIS Plug-In for IIS 7.0
5.2 Installing and Configuring the Microsoft IIS Plug-In for IIS 7.0
This section describes differences in how you set up the Microsoft Internet Information
Server plug-in for IIS 7.0.
To set up the Microsoft Internet Information Server plug-in for IIS 7.0, follow these
steps:
1. Create a web application in IIS Manager by right clicking on Web Sites > Add
Web Site.
Fill in the Web Site Name with the name you want to give to your web
application; for example, MyApp. Select the physical path of your web application
Port (any valid port number not currently in use).
Click OK to create the web application.
If you can see the name of your application under Web Sites it means that your
application has been created and started running. Click the MyApp node under
Web Sites to see all of the settings related to the MyApp application, which you
can change, as shown in Figure 5–5.
Figure 5–5 Application Home Page
2. Click Handler Mappings to set the mappings to the handler for a particular MIME
type.

Figure 5–6 Setting the Handler Mappings
3. Click the StaticFile and change the Request path from * to *.*. Click OK.
Figure 5–7 Editing the Request Path for Module
4. Click MyApp and then click Add Script Map on the right-hand side menu
options. Enter * for the Request path.
Browse to the iisproxy.dll file and add it as the executable. Name it proxy.
Figure 5–8 Editing the Request Path for Script
5. Click Request Restrictions and deselect Invoke handler only if the request is
mapped to.
Figure 5–9 Editing the Request Restrictions
6. Click OK to add this Handler mapping. Click Yes on the Add Script Map dialog
box.

Figure 5–10 Adding the Script Map
7. If you want to configure proxying by path, see Section 5.4, "Using Wildcard
Application Mappings to Proxy by Path".
8. Click the Root node of the IIS Manager tree and click the ISAPI and CGI
Restrictions. Make sure to check Allow unspecified ISAPI modules.
Figure 5–11 Editing ISAPI and CGI Restrictions
9. Create a file called iisproxy.ini with the following contents and place it in the
directory with the plug-in:
WebLogicHost= @hostname@
WebLogicPort= @port@
ConnectRetrySecs=5
ConnectTimeoutSecs=25
Debug=ALL
Serving Static Files from the Web Server
DebugConfigInfo=ON
KeepAliveEnabled=true
WLLogFile=@Log file name@

SecureProxy=OFF
10. Open the Internet Explorer browser and enter http://<hostname>:<port>. You
should be able to see the Medrec Sample Application from your Oracle WebLogic
Server.
If you want to run the plug-in SSL mode, change the value of WeblogicPort to the
SSL port of your application, change the SecureProxy value to ON, and set
WLSSLWallet to the location of the wallet. For more information on SSL
parameters, see Section 7.2, "SSL Parameters for Web Server Plug-Ins".
Figure 5–12 Medrec Sample Application
5.3 Serving Static Files from the Web Server

In order to have IIS 7.5 serve all static content that could be included on a web
application that is to be served by WebLogic Server, do the following:
1. Configure your application by setting up WLS Web Server Proxy Plug-In 12.1.2 for
Microsoft IIS Web Server on IIS 7.5 Web Server as described in Section 5.1.
Assume that you created a Handler Mapper named proxy as described on the
Oracle documentation.
Important: Do not use WLEXCLUDEPATHORMIMETYPE property inside

your proxy setup. It is not required neither useful here and can only
confuse the understanding of the flow.
2. On IIS Manager, display the home page by clicking the Virtual Directory or
Application created on step 1.
3. Double-click the Handling Mappers and then click View Ordered List on the right
side pane. An ordered list of Handler Mappings appears.
4. Select proxy and drag it below StaticFile handler mapping (in other words the
StaticFile handler mapping should be above the proxy handler mapping.)
5. Edit the Static File and change the request path to: *.jpg. Save the file.

Using Wildcard Application Mappings to Proxy by Path
6. To have IIS 7.5 to serve types of static files, for example, PNGs, GIFs, or CSS, do
the following:
a. On IIS Manager, display the home page by clicking the Virtual Directory or
Application created on step 1.
b. Double click the Handling Mappers and then click Add Module Mapping on
the right side pane.
c. Choose a Request Path of desired type: for PNGs use *.png, for GIFs use *.gif
and so on. For Module, choose StaticFileModule, enter a name, and click OK.
d. Ensure that as stated on step 4, the newly created HandlerMapping is ordered
before the proxy Handler Mapping defined on step 1.
5.4 Using Wildcard Application Mappings to Proxy by Path

As described in "Installing Wildcard Application Mappings (IIS 6.0)"
(http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/II
S/5c5ae5e0-f4f9-44b0-a743-f4c3a5ff68ec.mspx?mfr=true), and "Add a Wildcard
Script Map" for IIS 7.5
(http://technet.microsoft.com/en-us/library/cc754606(WS.10).aspx), you can
configure a Web site or virtual directory to run an Internet Server API (ISAPI)
application at the beginning of every request to that Web site or virtual directory,
regardless of the extension of the requested file. You can use this feature to insert a
mapping to iisproxy.dll and thereby proxy requests by path to WebLogic Server.
5.4.1 Installing Wildcard Application Mappings (IIS 6.0)

The following steps summarize the instructions available at "Installing Wildcard
Application Mappings (IIS 6.0)"
(http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/II
S/5c5ae5e0-f4f9-44b0-a743-f4c3a5ff68ec.mspx?mfr=true) for adding a wildcard
application mapping to a Web server or Web site in IIS 6.0:
1. In IIS Manager, expand the local computer, expand the Web Sites folder, right-click
the Web site or virtual directory that you want, and then click Properties.
2. Click the appropriate tab: Home Directory, Virtual Directory, or Directory.
3. In the Application settings area, click Configuration, and then click the Mappings
tab.
4. To install a wildcard application map, do the following:
a. On the Mappings tab, click Insert.
b. Type the path to the iisproxy.dll DLL in the Executable text box or click
Browse to navigate to.
c. Click OK.
5.4.2 Adding a Wildcard Script Map for IIS 7.5

The following steps summarize the instructions available at "Add a Wildcard Script
Map" for IIS 7.5
(http://technet.microsoft.com/en-us/library/cc754606(WS.10).aspx) to add a
wildcard script map to do proxy-by-path with ISAPI in IIS 7.5:
1. Open IIS Manager and navigate to the level you want to manage. For information
about opening IIS Manager, see "Open IIS Manager" at
Proxying Requests from Multiple Virtual Web Sites to WebLogic Server
http://technet.microsoft.com/en-us/library/cc770472(WS.10).aspx. For
information about navigating to locations in the UI, see "Navigation in IIS
Manager" at
http://technet.microsoft.com/en-us/library/cc732920(WS.10).aspx.
2. In Features View, on the server, site, or application Home page, double-click
Handler Mappings.
3. On the Handler Mappings page, in the Actions pane, click Add Wildcard Script
Map.
4. In the Executable box, type the full path or browse to the iisproxy.dll that
processes the request. For example, type
systemroot\system32\inetsrv\iisproxy.dll.
5. In the Name box, type a friendly name for the handler mapping.
6. Click OK.
7. Optionally, on the Handler Mappings page, select a handler to lock or unlock it.
When you lock a handler mapping, it cannot be overridden at lower levels in the
configuration. Select a handler mapping in the list, and then in the Actions pane,
click Lock or Unlock.
8. After you add a wildcard script map, you must add the executable to the ISAPI
and CGI Restrictions list to enable it to run. For more information about ISAPI and
CGI restrictions, see "Configuring ISAPI and CGI Restrictions in IIS 7" at
http://technet.microsoft.com/en-us/library/cc730912(WS.10).aspx.
Note: If you are proxying a request to multiple IIS applications

within the same IIS site, to prevent the subsequent request from
proxying to the first website only, create each IIS application and
assign a unique application pool to each IIS application.
With IIS 7.x, you cannot assign application pools to virtual directories.
5.5 Proxying Requests from Multiple Virtual Web Sites to WebLogic

Server
To proxy requests from multiple Web sites (defined as virtual directories in IIS) to
WebLogic Server:
1. Create a new directory for the virtual directories. This directory will contain .dll
and .ini files used to define the proxy.
2. Extract the contents of the plug-in .zip file to a directory.
3. For each virtual directory you configured, copy the contents of the plug-in \lib
folder to the directory you created in step 1.
4. Create an iisproxy.ini file for the virtual Web sites, as described in Section 1.1.2,
"Proxying Requests". Copy this iispoxy.ini file to the directory you created in step
1.
5. Copy iisproxy.dll to the directory you created in step 1.
6. Create a separate application pool for each virtual directory.
As described in "Creating Application Pools (IIS 6.)"
(http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library
/IIS/93275ef2-2f85-4eb1-8b92-a67545be11b4.mspx?mfr=true), you can isolate

Creating ACLs Through IIS
different Web applications or Web sites in pools, which are called application
pools. In an application pool, process boundaries separate each worker process
from other worker processes so that when an application is routed to one
application pool, applications in other application pools do not affect that
application.
Note: Step 6 only applies to IIS 6.0 as there is no Application

Protection option with IIS 7.0.
The above step will work with IIS 7.0, with the exception that exactly
one IIS virtual directory exists within a particular IIS site. The
limitation exists because, with IIS 7.0, it is impossible to assign a
unique application pool to each virtual directory, thus the subsequent
requests are always proxied to the first website(virtual directory).
5.5.1 Sample iisproxy.ini File

Here is a sample iisproxy.ini file for use with a single, non-clustered WebLogic Server.
Comment lines are denoted with the "#" character.
# This file contains initialization name/value pairs
# for the IIS/WebLogic plug-in.
WebLogicHost=localhost
WebLogicPort=7001
ConnectRetrySecs=2
Here is a sample iisproxy.ini file with clustered WebLogic Servers. Comment lines are
denoted with the "#" character.
# This file contains initialization name/value pairs
# for the IIS/WebLogic plug-in.
WebLogicCluster=myweblogic.com:7001,yourweblogic.com:7001
ConnectRetrySecs=2
Note: If you are using SSL between the plug-in and WebLogic Server,
the port number should be defined as the SSL listen port.
5.6 Creating ACLs Through IIS

ACLs will not work through the WLS Web Server Proxy Plug-In 12.1.2 for Microsoft
IIS Web Server if the Authorization header is not passed by IIS. Use the following
information to ensure that the Authorization header is passed by IIS.
When using Basic Authentication, the user is logged on with local log-on rights. To
enable the use of Basic Authentication, grant each user account the Log On Locally
user right on the IIS server. Two problems may result from Basic Authentication's use
of local logon:
■ If the user does not have local logon rights, Basic Authentication does not work
even if the FrontPage, IIS, and Windows NT configurations appear to be correct.
■ A user who has local log-on rights and who can obtain physical access to the host
computer running IIS will be permitted to start an interactive session at the
console.
Testing the Installation
To enable Basic Authentication, in the Directory Security tab of the console, ensure that
the Allow Anonymous option is "on" and all other options are "off".
5.7 Testing the Installation

After you install and configure the Microsoft IIS plug-in, follow these steps for
deployment and testing:
1. Make sure WebLogic Server and IIS are running.
2. Save a JSP file into the document root of the default Web Application.
3. Open a browser and set the URL to the IIS plus filename.jsp, as shown in this
example:
http://myiis.server.com/filename.jsp
If filename.jsp is displayed in your browser, the plug-in is functioning.

6
Common Configuration Tasks
6
This chapter describes tasks that are common across all the web servers for
configuring the plug-ins provided by Oracle. It contains the following sections:
■ Section 6.1, "Use SSL with Plug-Ins"
■ Section 6.2, "Use IPv6 With Plug-Ins"
■ Section 6.3, "Set Up Perimeter Authentication"
■ Section 6.4, "Understanding Connection Errors and Clustering Failover"
6.1 Use SSL with Plug-Ins

You can use the Secure Sockets Layer (SSL) protocol to protect the connection between
the plug-in and Oracle WebLogic Server. The SSL protocol provides confidentiality
and integrity to the data passed between the plug-in and WebLogic Server.
The plug-in does not use the transport protocol (HTTP or HTTPS) specified in the
HTTP request (usually by the browser) to determine whether to use SSL to protect the
connection between the plug-in and WebLogic Server; that is, the plug-in is in no way
dependent on whether the HTTP request (again, usually from the browser) uses
HTTPS (SSL).
Instead, the plug-in uses SSL parameters that you configure for the plug-in, as
described in Section 7.2, "SSL Parameters for Web Server Plug-Ins", to determine when
to use SSL. There are two key SSL parameters:
■ WebLogicSSLVersion—Specifies the SSL protocol version to use for
communication between the plug-in and the WebLogic Server.
■ WLSSLWallet: The version 12.1.2 plug-ins use Oracle wallets to store SSL
configuration information. The plug-ins introduce a new SSL configuration
parameter WLSSLWallet to use Oracle wallets. The orapki utility is provided in the
plug-in distribution for this purpose.
The orapki utility manages public key infrastructure (PKI) elements, such as
wallets and certificate revocation lists, on the command line so the tasks it
performs can be incorporated into scripts. This enables you to automate many of
the routine tasks of maintaining a PKI.
For more information, see "Using the orapki Utility for Certificate Validation and
CRL Management" .
■ SecureProxy: The SecureProxy parameter determines whether SSL is enabled.
Common Configuration Tasks 6-1

Use SSL with Plug-Ins
Note: For more information on valid security protocols and ciphers

for the current release, see "SSLCipherSuite" and "SSLProtocol" in
Oracle Fusion Middleware Administering Oracle HTTP Server.
In the case of two-way SSL, the plug-in (the SSL client) automatically uses two-way
SSL when Oracle WebLogic Server is configured for two-way SSL and requests a client
certificate.
If a client certificate is not requested, the plug-ins default to one-way SSL.
Note: If an Oracle Fusion Middleware 12c (12.1.2) product is

installed on the same system as the Apache (including Oracle HTTP
Server) plug-in, the ORACLE_HOME variable must point to a valid
installation; otherwise, the plug-in fails to initialize SSL.
For example, if ORACLE_HOME is invalid because the product was
not cleanly removed, the plug-in fails to initialize SSL.
6.1.1 Configure Libraries for SSL

The plug-ins use Oracle libraries (NZ) to provide SSL support. Because the libraries
are large, they are loaded only when SSL is needed. You need to make sure that the
library files, located in lib/*.so*, are available at the proper locations so that they can
be dynamically loaded by the plug-in.
To configure the libraries for the plug-ins for Apache HTTP Server, you have a few
options:
■ Windows: Specify the lib directory that contains the .dll files in the PATH variable
or copy the *.dll files in the bin directory.
■ UNIX: Configure LD_LIBRARY_PATH to point to the folder containing the
libraries or copy the libraries to the lib directory.
If you copy the libraries instead of updating the PATH (Windows) or LD_LIBRARY_
PATH (Unix) variables, you must copy the libraries afresh each time you install a new
version of the plug-in.
6.1.2 Configuring a Plug-In for One-Way SSL

Perform the following steps to configure one-way SSL.
In these steps, you run the keytool commands on the system on which WebLogic
Server is installed, and you run the orapki commands on the system on which the
version 12.1.2 plug-ins are installed.
Note: The examples in this section use the WebLogic Server demo
CA. If you are using the plug-in a production environment, make sure
that trusted CAs are properly configured for the plug-in as well as for
Oracle WebLogic Server.
1. Configure Oracle WebLogic Server for SSL. For more information, see
"Configuring SSL" in Securing Oracle WebLogic Server.
2. Create an Oracle Wallet, by using the orapki utility.

orapki wallet create -wallet mywallet -auto_login_only
For more information, see "Using the orapki Utility for Certificate Validation and
CRL Management" in the Oracle Fusion Middleware Administrator's Guide.
Note: Only the user who creates the wallet (or for Windows, the
account SYSTEM) has access to the wallet.
This is typically sufficient for the WLS Web Server Proxy Plug-In for
Apache HTTP Server because Apache runs as the account SYSTEM on
Windows, and as the user who creates it on UNIX. However, for IIS
the wallet will not work because the default user is IUSR_<Machine_
Name>(IIS6.0 and below) or IUSR (IIS7.0 and above).
If the user who runs the WLS Web Server Proxy Plug-In for Apache
HTTP Server or WLS Web Server Proxy Plug-In 12.1.2 for Microsoft IIS
Web Server is not the same user who creates the wallet (or for
Windows, the account SYSTEM), you need to grant the user access to
the wallet by running the command cacls (Windows) or chmod
(UNIX) after you create the wallet. For example:
IIS 6.0:
cacls <wallet_path>\cwallet.sso /e /g IUSR_<Machine_Name>:R
IIS 7.5:
cacls <wallet_path>\cwallet.sso /e /g IUSR:R
3. Import the WL_HOME\server\lib\CertGenCA.der CA into the Oracle Wallet.

orapki wallet add -wallet mywallet -trusted_cert -cert CertGenCA.der -auto_
login_only
4. Configure the web server configuration files as follows:

■ For Oracle HTTP Server, edit the mod_wl_ohs.conf file as follows:
WebLogicHost host
WebLogicPort port
SecureProxy ON
WLSSLWallet path_to_wallet
</IfModule>
■ For Microsoft IIS, edit the iisproxy.ini file as follows:

WebLogicHost=host
WebLogicPort=port
SecureProxy=ON
WLSSLWallet=path_to_wallet
■ For iPlanet Web Server, edit the config/obj.conf or config/<vs>-obj.conf

file as follows:
<Object ppath="*/weblogic/*">>
SecureProxy=ON
WLSSLWallet=path_to_wallet
</Object>

For more information about the parameters in these examples, see Chapter 7,
"Parameters for Web Server Plug-Ins."
5. If the version of the Oracle WebLogic Server instances in the back end is 10.3.4 (or
a later release), do the following:
a. Log in to the Oracle WebLogic Server administration console.
b. In the Domain Structure pane, expand the Environment node.
– If the server instances to which you want to proxy requests from Oracle
HTTP Server are in a cluster, select Clusters.
– Otherwise, select Servers.
c. Select the server or cluster to which you want to proxy requests from Oracle
HTTP Server.
The Configuration: General tab is displayed.
d. Scroll down to the Advanced section, expand it.
e. Do one of the following:
To... Select...
Enable one-way SSL WebLogic Plug-In Enabled
Enable two-way SSL where client certificates are used to Client Cert Proxy Enabled
authenticate
Enable two-way SSL with client certificates. Both
f. Select the check box.

g. Select the check box.
h. If you selected Servers in step b, repeat steps c and d for the other servers to
which you want to proxy requests from Oracle HTTP Servers.
i. Click Save.
For the change to take effect, you must restart the server instances.
6. Send a request to http://host:port/mywebapp/my.jsp from the browser and
validate the response.
6.1.3 Configure Two-Way SSL Between the Plug-In and Oracle WebLogic Server
When Oracle WebLogic Server is configured for two-way SSL, the plug-in forwards
the user certificate to WebLogic Server. As long as WebLogic Server can validate the
user certificate, two-way SSL can be established.
In addition to the steps described in Section 6.1.2, "Configuring a Plug-In for One-Way
SSL", perform the following steps:
In these steps, you run the keytool commands on the system on which WebLogic
Server is installed. You run the orapki commands on the system on which the version
12.1.2 plug-ins are installed.
1. From the Oracle wallet, generate a certificate request.
2. Use this certificate request to create a certificate via a CA or some other
mechanism.

Set Up Perimeter Authentication
3. Import the user certificate as a trusted certificate in the WebLogic trust store.
Oracle WebLogic Server needs to trust the certificate.
keytool -file user.crt -importcert -trustcacerts -keystore DemoTrust.jks
-storepass <passphrase>
4. Set the WebLogic Server SSL configuration options that require the presentation of
client certificates (for two-way SSL). For more information, see "Configure
two-way SSL" in the Oracle WebLogic Server Administration Console Help.
6.2 Use IPv6 With Plug-Ins

The version 12.1.2 plug-ins support IPv6. Specifically, the WebLogicHost and
WebLogicCluster configuration parameters (see Table 7–1) now support IPv6
addresses. For example:
WebLogicHost [a:b:c:d:e:f]
WebLogicPort 7002
...
</IfModule>
or
WebLogicCluster [a:b:c:d:e:f]:<port>, [g:h:i:j:k:l]:<port>
....
</IfModule>
You can also use the IPv6 address mapped host name.
Note: As of Windows 2008, the DNS server returns the IPv6 address
in preference to the IPv4 address. If you are connecting to a Windows
2008 (or later) system using IPv4, the link-local IPv6 address format is
tried first, which may result in a noticeable delay and reduced
performance. To use the IPv4 address format, configure your system
to instead use IP addresses in the configuration files or add the IPv4
addresses to the etc/hosts file.
In addition, you may find that setting the DynamicServerList
property to OFF in the mod_wl_ohs.conf/mod_wl.conf/iisproxy.ini
file also improves performance with IPv6. When set to OFF, the
plug-in ignores the dynamic cluster list used for load balancing
requests proxied from the plug-in and uses the static list specified
with the WebLogicCluster parameter.
6.3 Set Up Perimeter Authentication

Use perimeter authentication to secure WebLogic Server applications that are accessed
via the plug-in.
A WebLogic Identity Assertion Provider authenticates tokens from outside systems
that access your WebLogic Server application, including users who access your
WebLogic Server application through the plug-in. Create an Identity Assertion
Provider that will safely secure your plug-in as follows:
1. Create a custom Identity Assertion Provider on your WebLogic Server application.
See "How to Develop a Custom Identity Assertion Provider" in Developing Security

Understanding Connection Errors and Clustering Failover
Providers for Oracle WebLogic Server.

2. Configure the custom Identity Assertion Provider to support the Cert token type
and make Cert the active token type. See "How to Create New Token Types" in
Developing Security Providers for Oracle WebLogic Server.
3. Set clientCertProxy to True in the web.xml deployment descriptor file for the Web
application (or, if using a cluster, optionally set the Client Cert Proxy Enabled
attribute to true for the whole cluster on the Administration Console Cluster then
Configuration then General tab).
The clientCertProxy attribute can be used with a third party proxy server, such
as a load balancer or an SSL accelerator, to enable 2-way SSL authentication. For
more information about the clientCertProxy attribute, see context-param in
Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server.
4. Once you have set clientCertProxy, be sure to use a connection filter to ensure
that WebLogic Server accepts connections only from the machine on which the
plug-in is running. See "Using Network Connection Filters" in Programming
Security for Oracle WebLogic Server.
5. Web server plug-ins require a trusted Certificate Authority file in order to use SSL
between the plug-in and WebLogic Server. See Section 6.1, "Use SSL with Plug-Ins"
for the steps you need to perform to configure SSL.
See "Identity Assertion Providers" in Developing Security Providers for Oracle WebLogic
Server.
6.4 Understanding Connection Errors and Clustering Failover

When the plug-in attempts to connect to WebLogic Server, the plug-in uses several
configuration parameters to determine how long to wait for connections to the
WebLogic Server host and, after a connection is established, how long the plug-in
waits for a response. If the plug-in cannot connect or does not receive a response, the
plug-in attempts to connect and send the request to other WebLogic Server instances
in the cluster. If the connection fails or there is no response from any WebLogic Server
in the cluster, an error message is sent.
Figure 6–1 demonstrates how the plug-in handles failover.
6.4.1 Possible Causes of Connection Failures

Failure of the WebLogic Server host to respond to a connection request could indicate
the following problems:
■ Physical problems with the host machine
■ Network problems
■ Other server failures
Failure of all WebLogic Server instances to respond could indicate the following
problems:
■ WebLogic Server is not running or is unavailable
■ A hung server
■ A database problem
■ An application-specific failure

6.4.2 Tips for reducing Connection_Refused Errors

Under load, a plug-in may receive CONNECTION_REFUSED errors from a back-end
WebLogic Server instance. Follow these tuning tips to reduce CONNECTION_
REFUSED errors:
■ Increase the AcceptBackLog setting in the configuration of your WebLogic Server
domain.
■ Decrease the time wait interval. This setting varies according to the operating
system you are using. For example:
– On Windows NT, set the TcpTimedWaitDelay on the proxy and WebLogic
Server servers to a lower value. Set the TIME_WAIT interval in Windows NT
by editing the registry key under HKEY_LOCAL_MACHINE:
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpTimedWaitDelay
If this key does not exist you can create it as a DWORD value. The numeric
value is the number of seconds to wait and may be set to any value between
30 and 240. If not set, Windows NT defaults to 240 seconds for TIME_WAIT.
– On Windows 2000, lower the value of the TcpTimedWaitDelay by editing the
registry key under HKEY_LOCAL_MACHINE:
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
– On Solaris, reduce the setting tcp_time_wait_interval to one second (for

both the WebLogic Server machine and the Apache machine, if possible):
$ndd /dev/tcp
param name to set - tcp_time_wait_interval
value=1000
■ Increase the open file descriptor limit on your machine. This limit varies by
operating system. Using the limit (.csh) or ulimit (.sh) directives, you can make a
script to increase the limit. For example:
#!/bin/sh
ulimit -S -n 100
exec httpd
■ On Solaris, increase the values of the following tunables on the WebLogic Server
machine:
tcp_conn_req_max_q
tcp_conn_req_max_q0
6.4.3 Failover with a Single, Non-Clustered WebLogic Server

If you are running only a single WebLogic Server instance the plug-in only attempts to
connect to the server defined with the WebLogicHost parameter. If the attempt fails, an
HTTP 503 error message is returned. The plug-in continues trying to connect to that
same WebLogic Server instance for the maximum number of retries as specified by the
ratio of ConnectTimeoutSecs and ConnectRetrySecs.
6.4.4 The Dynamic Server List

The WebLogicCluster parameter is required to proxy to a list of back-end servers that
are clustered, or to perform load balancing among non-clustered managed server
instances.

In the case of proxying to clustered managed servers, when you use the
WebLogicCluster parameter to specify a list of WebLogic Servers, the plug-in uses that
list as a starting point for load balancing among the members of the cluster. After the
first request is routed to one of these servers, a dynamic server list is returned
containing an updated list of servers in the cluster. The updated list adds any new
servers in the cluster and deletes any that are no longer part of the cluster or that have
failed to respond to requests. This feature can be controlled by using
DynamicServerList. For example, to disable this feature, set DynamicServerList to
OFF.
6.4.5 Failover, Cookies, and HTTP Sessions

When a request contains session information stored in a cookie or in the POST data, or
encoded in a URL, the session ID contains a reference to the specific server instance in
which the session was originally established (called the primary server). A request
containing a cookie attempts to connect to the primary server. If that attempt fails, the
plug-in attempts to make a connection to the next available server in the list in a
round-robin fashion. That server retrieves the session from the original secondary
server and makes itself the new primary server for that same session. See Figure 6–1.
Note: If the POST data is larger than 64K, the plug-in will not parse
the POST data to obtain the session ID. Therefore, if you store the
session ID in the POST data, the plug-in cannot route the request to
the correct primary or secondary server, resulting in possible loss of
session data.

Figure 6–1 Connection Failover
In this figure, the Maximum number of retries allowed in the red loop is equal to
ConnectTimeoutSecs/ConnectRetrySecs.
6.4.6 Using SSL with the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server
You can use the Secure Sockets Layer (SSL) protocol to protect the connection between
the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server plug-in and Oracle
WebLogic Server. The SSL protocol provides confidentiality and integrity to the data
passed between the Oracle iPlanet Web Server plug-in and Oracle WebLogic Server.
The WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server plug-in does not use
the transport protocol (http or https) specified in the HTTP request (usually by the
browser) to determine whether or not the SSL protocol will be used to protect the
connection between the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web Server
and Oracle WebLogic Server.
To use the SSL protocol between Oracle iPlanet Web Server plug-in and Oracle
WebLogic Server:

1. Configure Oracle WebLogic Server for SSL. For more information, see
"Configuring SSL" in Securing Oracle WebLogic Server.
2. Set the WebLogicPort parameter in the Service directive in the obj.conf file to the
listen port configured in step 1.
3. Set the SecureProxy parameter in the Service directive in the obj.conf file file to
ON.
4. Set additional parameters, as required, in the Service directive in the obj.conf file
that define information about the SSL connection. For the list of parameters, see
Section 7.2, "SSL Parameters for Web Server Plug-Ins."
6.4.7 Failover Behavior When Using Firewalls and Load Directors

In most configurations, the WLS Web Sever Proxy Plug-In 12.1.2 for iPlanet Web
Server sends a request to the primary instance of a cluster. When that instance is
unavailable, the request fails over to the secondary instance. However, in some
configurations that use combinations of firewalls and load-directors, any one of the
servers (firewall or load-directors) can accept the request and return a successful
connection while the primary instance of WebLogic Server is unavailable. After
attempting to direct the request to the primary instance of WebLogic Server (which is
unavailable), the request is returned to the plug-in as "connection reset."
Requests running through combinations of firewalls (with or without load-directors)
are handled by WebLogic Server. In other words, responses of connection reset fail
over to a secondary instance of WebLogic Server. Because responses of connection
reset fail over in these configurations, servlets must be idempotent. Otherwise
duplicate processing of transactions may result.

7
Parameters for Web Server Plug-Ins
7
This chapter describes the parameters that you can use to configure the Oracle HTTP
Server, Apache HTTP Server, Microsoft IIS, and Oracle iPlanet Web Server plug-ins. It
contains the following sections:
■ Section 7.1, "General Parameters for Web Server Plug-Ins"
■ Section 7.2, "SSL Parameters for Web Server Plug-Ins"
Note: The parameters for the web-server plug-ins should be

specified in special configuration files, which are named and
formatted uniquely for each web server. For information about the
configuration files specific to the plug-ins for Apache HTTP Server,
Oracle HTTP Server, Microsoft IIS, and Oracle iPlanet Web Server, see
the following chapters:
■ Chapter 2, "Configuring the WebLogic Proxy Plug-In for Oracle
HTTP Server"
■ Chapter 3, "Configuring WLS Web Server Proxy Plug-In for
Apache HTTP Server"
■ Chapter 4, "Configuring the WLS Web Server Proxy Plug-In 12.1.2
for iPlanet Web Server"
■ Chapter 5, "Configuring the WLS Web Server Proxy Plug-In 12.1.2
for Microsoft IIS Web Server"
7.1 General Parameters for Web Server Plug-Ins

The general parameters for Web server plug-ins are shown in Table 7–1. The
parameters are case sensitive.
Parameters for Web Server Plug-Ins 7-1

General Parameters for Web Server Plug-Ins
Table 7–1 General Parameters for Web Server Plug-Ins

Parameter Name Default Description Applicable to
WLIOTimeoutSecs 300 Defines the amount of time the plug-in Oracle HTTP Server
waits for a response to a request from
(new name for Oracle iPlanet Web Server
WebLogic Server. The plug-in waits for
HungServerRecoverSecs)
WLIOTimeoutSecs for the server to respond Apache HTTP Server
and then declares that server dead, and
Microsoft IIS
fails over to the next server. The value
should be set to a very large value. If the
value is less than the time the servlets take
to process, then you may see unexpected
results.
Minimum value: 10
Maximum value: Unlimited

Table 7–1 (Cont.) General Parameters for Web Server Plug-Ins

WebLogicCluster none The WebLogicCluster parameter is Oracle HTTP Server
required to proxy a list of back-end servers
(Required when proxying Oracle iPlanet Web Server
that are clustered, or to perform load
to a cluster of WebLogic
balancing among non-clustered managed Apache HTTP Server
Servers, or to multiple
server instances.
non-clustered servers.) Microsoft IIS
List of WebLogic Servers that can be used
for load balancing. The server or cluster list
is a list of host:port entries. If a mixed set
of clusters and single servers is specified,
the dynamic list returned for this parameter
will return only the clustered servers.
The syntax for specifying the value of this
parameter varies depending on the web
server for which you are configuring the
plug-in. For more information, see the
following:
■ Chapter 3, "Configuring WLS Web
Server Proxy Plug-In for Apache HTTP
Server"
■ Chapter 2, "Configuring the WebLogic
Proxy Plug-In for Oracle HTTP Server"
■ Chapter 5, "Configuring the WLS Web
Server Proxy Plug-In 12.1.2 for
Microsoft IIS Web Server"
■ Chapter 4, "Configuring the WLS Web
Server Proxy Plug-In 12.1.2 for iPlanet
Web Server"
If you are using SSL between the plug-in
and WebLogic Server, set the port number
to the SSL listen port and set the
SecureProxy parameter to ON.
The plug-in does a simple round-robin
between all available servers. The server
list specified in this property is a starting
point for the dynamic server list that the
server and plug-in maintain. WebLogic
Server and the plug-in work together to
update the server list automatically with
new, failed, and recovered cluster
members.
You can disable the use of the dynamic
cluster list by setting the
DynamicServerList parameter to OFF.
The plug-in directs HTTP requests
containing a cookie, URL-encoded session,
or a session stored in the POST data to the
server in the cluster that originally created
the cookie.
WebLogicHost none WebLogic Server host (or virtual host name Oracle HTTP Server
as defined in WebLogic Server) to which
HTTP requests should be forwarded. If you
to a single WebLogic are using a WebLogic cluster, use the Apache HTTP Server
Server.) WebLogicCluster parameter instead of
Microsoft IIS
WebLogicHost.


WebLogicPort none Port at which the WebLogic Server host is Oracle HTTP Server
listening for connection requests from the
plug-in (or from other servers). (If you are
to a single WebLogic using SSL between the plug-in and Apache HTTP Server
Server.) WebLogic Server, set this parameter to the
Microsoft IIS
SSL listen port and set the SecureProxy
parameter to ON).
If you are using a WebLogic Cluster, use the
WebLogicCluster parameter instead of
WebLogicPort.
WLCookieName JSESSIONID If you change the name of the WebLogic Oracle HTTP Server
Server session cookie in the WebLogic
(CookieName is Oracle iPlanet Web Server
Server Web application, you must change
deprecated.)
the WLCookieName parameter in the plug-in Apache HTTP Server
to the same value. The name of the
Microsoft IIS
WebLogic session cookie is set in the
WebLogic-specific deployment descriptor,
in the <session-descriptor> element.
ConnectRetrySecs 2 Interval in seconds that the plug-in should Oracle HTTP Server
sleep between attempts to connect to the
Oracle iPlanet Web Server
WebLogic Server host (or all of the servers
in a cluster). Make this number less than Apache HTTP Server
the ConnectTimeoutSecs. The number of
Microsoft IIS
times the plug-in tries to connect before
returning an HTTP 503/Service
Unavailable response to the client is
calculated by dividing
ConnectTimeoutSecs by ConnectRetrySecs.
To specify no retries, set ConnectRetrySecs
equal to ConnectTimeoutSecs. However,
the plug-in attempts to connect at least
twice.
You can customize the error response by
using the ErrorPage parameter.
ConnectTimeoutSecs 10 Maximum time in seconds that the plug-in Oracle HTTP Server
should attempt to connect to the WebLogic
Server host. Make the value greater than
ConnectRetrySecs. If ConnectTimeoutSecs Apache HTTP Server
expires without a successful connection,
Microsoft IIS
even after the appropriate retries (see
ConnectRetrySecs), an HTTP 503/Service
Unavailable response is sent to the client.
You can customize the error response by
using the ErrorPage parameter.


Debug OFF Sets the type of logging performed for Microsoft IIS
debugging operations. The debugging
DEPRECATED
information is written to
c:\TEMP\wlproxy.log on Windows
NT/2000 systems.
Override this location and filename by
setting the WLLogFile parameter to a
different directory and file. (See the
WLTempDir parameter for an additional way
to change this location.)
Ensure that the TEMP directory has write
permission assigned to the user who is
logged in to the server. Set any of the
following logging options
(HFC,HTW,HFW, and HTC options may be
set in combination by entering them
separated by commas, for example
"HFC,HTW"):
■ ON: The plug-in logs informational and
error messages.
■ OFF: No debugging information is
logged.
■ HFC: The plug-in logs headers from the
client, informational, and error
messages.
■ HTW: The plug-in logs headers sent to
WebLogic Server, and informational
and error messages.
■ HFW: The plug-in logs headers sent
from WebLogic Server, and
informational and error messages.
■ HTC: The plug-in logs headers sent to
the client, informational messages, and
error messages.
■ ERR: Prints only the Error messages in
the plug-in.
■ ALL: The plug-in logs headers sent to
and from the client, headers sent to
and from WebLogic Server,
information messages, and error
messages.
For information on setting logging without
using the deprecated parameter, see
Section 3.4, "Deprecated Directives for
Apache HTTP Server."


DebugConfigInfo OFF Enables the special query parameter "__ Oracle HTTP Server
WebLogicBridgeConfig". Use it to get
details about configuration parameters
from the plug-in. Apache HTTP Server
For example, if you enable "__ Microsoft IIS
WebLogicBridgeConfig" by setting
DebugConfigInfo and then send a request
that includes the query string ?__
WebLogicBridgeConfig, then the plug-in
gathers the configuration information and
run-time statistics and returns the
information to the browser. The plug-in
does not connect to WebLogic Server in this
case.
This parameter is strictly for debugging
and the format of the output message can
change with releases. For security
purposes, keep this parameter turned OFF
in production systems.
DefaultFileName none If the URI is "/" then the plug-in performs Oracle HTTP Server
the following steps:
Trims the path specified with the PathTrim
Apache HTTP Server
parameter.
Microsoft IIS
Appends the value of DefaultFileName.
Prepends the value specified with
PathPrepend.
This procedure prevents redirects from
WebLogic Server.
Set the DefaultFileName to the default
welcome page of the Web Application in
WebLogic Server to which requests are
being proxied. For example, If the
DefaultFileName is set to welcome.html,
an HTTP request like
"http://somehost/weblogic" becomes
"http://somehost/weblogic/welcome.html
". For this parameter to function, the same
file must be specified as a welcome file in
all the Web Applications to which requests
are directed. For more information, see
Configuring Welcome Pages.
Note for Apache users: If you are using
Stronghold or Raven versions, define this
parameter inside of a Location block, and
not in an IfModule block.


DynamicServerList ON When set to OFF, the plug-in ignores the Oracle HTTP Server
dynamic cluster list used for load balancing
requests proxied from the plug-in and only
uses the static list specified with the Apache HTTP Server
WebLogicCluster parameter. Normally this
Microsoft IIS
parameter should remain set to ON.
There are some implications for setting this
parameter to OFF:
■ If one or more servers in the static list
fails, the plug-in could waste time
trying to connect to a dead server,
resulting in decreased performance.
■ If you add a new server to the cluster,
the plug-in cannot proxy requests to
the new server unless you redefine this
parameter. WebLogic Server
automatically adds new servers to the
dynamic server list when they become
part of the cluster.
ErrorPage none You can create your own error page that is Oracle HTTP Server
displayed when your Web server is unable
to forward requests to WebLogic Server.
Apache HTTP Server
The plug-in redirects to an error page when
the back-end server returns an HTTP Microsoft IIS
503/Service Unavailable response and
there are no servers for failover.


FileCaching ON When set to ON, and the size of the POST Oracle HTTP Server
data in a request is greater than 2048 bytes,
the POST data is first read into a temporary
file on disk and then forwarded to the Apache HTTP Server
WebLogic Server in chunks of 8192 bytes.
Microsoft IIS
This preserves the POST data during
failover, allowing all necessary data to be
repeated to the secondary if the primary
goes down.
Note that when FileCaching is ON, any
client that tracks the progress of the POST
will see that the transfer has completed
even though the data is still being
transferred between the WebServer and
WebLogic. So, if you want the progress bar
displayed by a browser during the upload
to reflect when the data is actually available
on the WebLogic Server, you might not
want to have FileCaching ON.
When set to OFF and the size of the POST
data in a request is greater than 2048 bytes,
the reading of the POST data is postponed
until a WebLogic Server cluster member is
identified to serve the request. Then the
plug-in reads and immediately sends the
POST data to the WebLogic Server in
chunks of 8192 bytes.
Note that turning FileCaching OFF limits
failover. If the WebLogic Server primary
server goes down while processing the
request, the POST data already sent to the
primary cannot be repeated to the
secondary.
Finally, regardless of how FileCaching is
set, if the size of the POST data is 2048
bytes or less the plug-in will read the data
into memory and use it if needed during
failover to repeat to the secondary.
Idempotent ON When set to ON and if the servers do not Oracle HTTP Server
respond within WLIOTimeoutSecs, the
plug-ins fail over if the method is
idempotent. Apache HTTP Server
The plug-ins also fail over if Idempotent is Microsoft IIS
set to ON and the servers respond with an
error such as READ_ERROR_FROM_SERVER.
If set to "OFF" the plug-ins do not fail over.
If you are using the Apache HTTP Server
you can set this parameter differently for
different URLs or MIME types.
Idempotent only takes effect if the request
has been successfully sent to WebLogic
Server and the plugin is now waiting for a
response from backend server.


KeepAliveEnabled true Enables pooling of connections between the Oracle HTTP Server
(Microsoft IIS plug-in and WebLogic Server.
plug-in)
Valid values for the Microsoft IIS plug-ins
Apache HTTP Server
ON (Oracle are true and false.
HTTP Server Microsoft IIS
Valid values for the Apache HTTP Server
and Apache
are ON and OFF.
HTTP
Server)
While using Apache prefork mpm, Apache
ON (Oracle web server might crash. Turn
iPlanet Web KeepAliveEnabled to OFF when using
Server) prefork mpm or use worker mpm in
Apache.
Valid values for Oracle iPlanet Webserver
are ON and OFF
KeepAliveSecs 20 The length of time after which an inactive Oracle HTTP Server
connection between the plug-in and
WebLogic Server is closed. You must set
KeepAliveEnabled to true (ON when using Apache HTTP Server
the Apache HTTP Server) for this
Microsoft IIS
parameter to be effective.
The value of this parameter must be less
than or equal to the value of the Duration
field set in the Administration Console on
the Server/HTTP tab, or the value set on
the server Mbean with the KeepAliveSecs
attribute.


MatchExpression none Use this parameter to modify the values of Oracle HTTP Server
existing parameters or add a new
Apache HTTP Server
parameter for a particular configuration.
The MatchExpression parameter supports
only the * and ? regular expressions:
■ * which matches 0 or more characters
■ ? which matches exactly one character
This parameter can be configured for two
scenarios.
Proxying by MIME type:
You can use this parameter in the following
format to set other parameters for a
particular MIME type.
Syntax:
MatchExpression <file_extension>
<param=value>|<param-value>|…
For example, the following configuration
proxies *.jsp to myHost:8080:
WebLogicHost=myHost|WebLogicPort=8080
</IfModule>
Proxying by path:
You can also use this parameter in the
following format to set other parameters
for a particular path.
Syntax:
MatchExpression <path>
<param=value>|<param-value>|…
proxies the URIs beginning with /weblogic
to myHost:9090:
MatchExpression /weblogic
WebLogicHost=myHost|WebLogicPort=9090
</IfModule>
You can also use MatchExpression to
override the parameter values, as shown
above. It can also be used to define new
parameters (that is, those that have not
been used in the configuration).
proxies all the requests to myHost:8080.
The URIs that match the type jpg will be
proxied to myHost:8080/images and others
will be proxied to myHost:8080.


SetHandler weblogic-handler
WebLogicHost myHost
WebLogicPort 8080
MatchExpression *.jpg
PathPrepend=/images
</IfModule>
You can find more examples of how to use
MatchExpression in Chapter 3,
"Configuring WLS Web Server Proxy
Plug-In for Apache HTTP Server."
MaxPostSize -1 Maximum allowable size of POST data, in Oracle HTTP Server
bytes. If the content-length exceeds
MaxPostSize, the plug-in returns an error
message. If set to -1, the size of POST data Apache HTTP Server
is not checked. This is useful for preventing
Microsoft IIS
denial-of-service attacks that attempt to
overload the server with POST data.
MaxSkipTime 10 If a WebLogic Server listed in either the Oracle HTTP Server
WebLogicCluster parameter or a dynamic
cluster list returned from WebLogic Server
fails, the failed server is marked as "bad" Apache HTTP Server
and the plug-in attempts to connect to the
Microsoft IIS
next server in the list.
MaxSkipTime sets the amount of time after
which the plug-in will retry the server
marked as "bad." The plug-in attempts to
connect to a new server in the list each time
a unique request is received (that is, a
request without a cookie).
PathPrepend null As per the RFC specification, generic Oracle HTTP Server
syntax for URL is:
[PROTOCOL]://[HOSTNAME]:{PORT}/{PATH}
Apache HTTP Server
/{FILENAME};{PATH_PARAMS}/{QUERY_
STRING}... Microsoft IIS
PathPrepend specifies the path that the
plug-in prepends to the {PATH} portion of
the original URL, after PathTrim is trimmed
and before the request is forwarded to
WebLogic Server.
Note that if you need to append File Name,
use DefaultFileName parameter instead of
PathPrepend.


PathTrim null As per the RFC specification, generic Oracle HTTP Server
syntax for URL is:
[PROTOCOL]://[HOSTNAME]:{PORT}/{PATH}
Apache HTTP Server
/{FILENAME};{PATH_PARAMS}/{QUERY_
STRING}... Microsoft IIS
PathTrim specifies the string trimmed by
the plug-in from the {PATH}/{FILENAME}
portion of the original URL, before the
request is forwarded to WebLogic Server.
For example, if the URL
http://myWeb.server.com/weblogic/foo
is passed to the plug-in for parsing and if
PathTrim has been set to strip off
/weblogic before handing the URL to
WebLogic Server, the URL forwarded to
WebLogic Server is:
http://myWeb.server.com:7001/foo
Note that if you are newly converting an
existing third-party server to proxy
requests to WebLogic Server using the
plug-in, you will need to change
application paths to /foo to include
weblogic/foo. You can use PathTrim and
PathPrepend in combination to change this
path.
QueryFromRequest OFF When set to ON, specifies that the Apache Oracle HTTP Server
HTTP Server uses
Apache HTTP Server
(request_rec *)r->the_request
to pass the query string to WebLogic Server.
(For more information, see the Apache
documentation.) This behavior is desirable
when a Netscape version 4.x browser
makes requests that contain spaces in the
query string.
When set to OFF, the Apache HTTP Server
uses (request_rec *)r->args to pass the
query string to WebLogic Server.
WLDNSRefreshInterval 0 (Lookup If defined in the proxy configuration, Oracle HTTP Server
once, during specifies number of seconds interval at
startup) which WebLogic Server refreshes DNS
name to IP mapping for a server. This can Apache HTTP Server
be used in the event that a WebLogic Server
instance is migrated to a different IP
address, but the DNS name for that server's
IP remains the same. In this case, at the
specified refresh interval the DNS<->IP
mapping will be updated.
WLExcludePathOrMimeType none This parameter allows you make exclude Oracle HTTP Server
certain requests from proxying.
This parameter can be defined locally at the
Apache HTTP Server
Location tag level as well as globally. When
the property is defined locally, it does not Microsoft IIS
override the global property but defines a
union of the two parameters.


WLFlushChunks False By default, IIS plug-in buffers chunked Microsoft IIS
transfer encoding responses instead of
streaming the chunks as they are received.
When the flag WLFlushChunks is set to true,
the plug-in flushes chunks immediately as
they are received from WebLogic Server.
WLForwardUriUnparsed OFF When set to ON, the WLS plug-in will Oracle HTTP Server
forward the original URI from the client to
Apache HTTP Server
WebLogic Server. When set to OFF
(default), the URI sent to WebLogic Server
is subject to modification by mod_rewrite
or other web server plug-in modules.
WLLocalIP none Defines the IP address (on the plug-in's Oracle HTTP Server
system) to bind to when the plug-in
connects to a WebLogic Server instance
running on a multihomed machine. Apache HTTP Server
If WLLocalIP is not set, If WLLocalIP is not Microsoft IIS
set, the TCP/IP stack will choose the source
IP address.
WLLogFile See the Debug Specifies path and file name for the log file Microsoft IIS
parameter that is generated when the Debug parameter
DEPRECATED
is set to ON. You must create this directory
before setting this parameter.
For information on setting logging without
using the deprecated parameter, see
Section 3.4, "Deprecated Directives for
Apache HTTP Server."
WLProxyPassThrough OFF If you have a chained proxy setup, where a Oracle HTTP Server
proxy plug-in or HttpClusterServlet is
running behind some other proxy or load
balancer, you must explicitly enable the Apache HTTP Server
WLProxyPassThrough parameter. This
Microsoft IIS
parameter allows the header to be passed
through the chain of proxies.
WLProxySSL OFF Set this parameter to ON to maintain SSL Oracle HTTP Server
communication between the plug-in and
WebLogic Server when the following
conditions exist: Apache HTTP Server
■ An HTTP client request specifies the Microsoft IIS
HTTPS protocol
■ The request is passed through one or
more proxy servers (including the
WebLogic Server proxy plug-ins)
■ The connection between the plug-in
and WebLogic Server uses the HTTP
protocol
When WLProxySSL is set to ON, the location
header returned to the client from
WebLogic Server specifies the HTTPS
protocol.


WLProxySSLPassThrough OFF If a load balancer or other software Oracle HTTP Server
deployed in front of the web server and
plug-in is the SSL termination point, and
that product sets the WL-Proxy-SSL request Apache HTTP Server
header to true or false based on whether or
Microsoft IIS
not the client connected to it over SSL, set
WLProxySSLPassThrough to ON so that the
use of SSL is passed on to the Oracle
WebLogic Server.
If the SSL termination point is in the web
server where the plug-in operates, or the
load balancer does not set WL-Proxy-SSL,
set WLProxySSLPassThrough to OFF
(default).
WLRetryAfterDroppedConn ALL Tells the Apache plug-in which requests to Apache HTTP Server
ection retry when a connection is lost before WLS
Oracle HTTP Server
sends the status line. Valid arguments are:
■ ALL: All requests will be retried.
Microsoft IIS
■ IDEMPOTENT: Only requests using
idempotent methods will be retried.
■ NONE: No requests will be retried.
WLSendHdrSeparately ON When this parameter is set to ON, the Microsoft IIS
header and body of the response are sent in
separate packets.
Note: If you need to send the header and
body of the response in two calls, for
example, in cases where you have other
ISAPI filters or programmatic clients that
expect headers before the body, set this
parameter to ON.
WLServerInitiatedFailov ON This controls whether or not a 503 error Oracle HTTP Server
er response from Oracle WebLogic Server
triggers a failover to another server.
Normally, the plug-in will attempt to Apache HTTP Server
failover to another server when a 503 error
Microsoft IIS
response is received. When
WLServerInitiatedFailover is set to OFF,
the 503 error response will be returned to
the client immediately.
WLSocketTimeoutSecs 2 (must be Set the timeout for the socket while Oracle HTTP Server
greater than connecting, in seconds. See
0) ConnectTimeoutSecs and
ConnectRetrySecs for additional details. Apache HTTP Server
Microsoft IIS


WLSRequest OFF This is an alternative to the WLSRequest Oracle HTTP Server
On mechanism of identifying requests to be
Apache HTTP Server
forwarded to Oracle WebLogic Server. For
example,
WLSRequest ON
PathTrim /weblogic
</Location>
The use of WLSRequest ON instead of
SetHandler weblogic-handler has the
following advantages:
■ Lower web server processing overhead
in general
■ Resolves substantial performance
degradation when the web server
DocumentRoot is on a slow filesystem
■ Resolves 403 errors for URIs which
cannot be mapped to the filesystem
due to the filesystem length
restrictions
WLTempDir See the For Oracle HTTP server, Apache HTTP Oracle HTTP Server
Debug Server and Oracle iPlanet HTTP Server, this
parameter directive specifies the location of the _wl_
proxy directory for POST data files. Apache HTTP Server
For Microsoft IIS, this directive specifies the Microsoft IIS
directory where a wlproxy.log will be
created. If the location fails, the Plug-In
resorts to creating the log file under
C:/temp. It also specifies the location of the
_wl_proxy directory for POST data files.
When both WLTempDir and WLLogFile are
set, WLLogFile will override as to the
location of wlproxy.log. WLTempDir will still
determine the location of _wl_proxy
directory.
7.1.1 Location of POST Data Files

When the FileCaching parameter is set to ON, and the size of the POST data in a
request is greater than 2048 bytes, the POST data is first read into a temporary file on
disk and then forwarded to the WebLogic Server in chunks of 8192 bytes. This
preserves the POST data during failover.
The temporary POST file is located under /tmp/_wl_proxy for UNIX. For Windows it
is located as follows (if WLTempDir is not specified):
1. Environment variable TMP
2. Environment variable TEMP
3. C:\Temp
/tmp/_wl_proxy is a fixed directory and is owned by the HTTP Server user. When
there are multiple HTTP Servers installed by different users, some HTTP Servers
might not be able to write to this directory. This condition results in an error.
To correct this condition, use the WLTempDir parameter to specify a different location
for the _wl_proxy directory for POST data files.

SSL Parameters for Web Server Plug-Ins
7.2 SSL Parameters for Web Server Plug-Ins

Note: SCG Certificates are not supported for use with WebLogic
Server Proxy Plug-Ins. Non-SCG certificates work appropriately and
allow SSL communication between WebLogic Server and the plug-in.
KeyStore-related initialization parameters are not supported for use
with WebLogic Server Proxy Plug-Ins
The SSL parameters for Web Server plug-ins are shown in Table 7–2. Parameters are
case sensitive.
Table 7–2 SSL Parameters for Web Server Plug-Ins

Parameter Default Description Applicable to
SecureProxy OFF Set this parameter to ON to enable the use of the SSL protocol Oracle HTTP Server
for all communication between the plug-in and WebLogic
Oracle iPlanet Web
Server. Remember to configure a port on the corresponding
Server
WebLogic Server for the SSL protocol before defining this
parameter. Apache HTTP Server
This parameter may be set at two levels: in the configuration Microsoft IIS
for the main server and—if you have defined any virtual
hosts—in the configuration for the virtual host. The
configuration for the virtual host inherits the SSL
configuration from the configuration of the main server if the
setting is not overridden in the configuration for the virtual
host.
WebLogicSSLVers none Selects the SSL protocol version to use for communication Apache HTTP Server
ion between the plug-in and the WebLogic Server. The following
Oracle HTTP Server
values are accepted:
■ SSLv3: Uses SSL v3
■ TLSv1: Uses TLS v1
■ TLSv1_1: Uses TLS v1.1
■ TLSv1_2: Uses TLS v1.2
The SSL protocol version chosen is used for all the connections
from the plug-in to WebLogic Server. Hence define this
parameter at the global scope.
By default, this directive is not set. If not configured, the best
protocol supported by both the plug-in and WebLogic Server
is used.
WLSSLWallet none WLSSLWallet performs one-way or two-way SSL based on Oracle HTTP Server
how SSL is configured for Oracle WebLogic Server.
Oracle iPlanet Web
Requires the path of an Oracle Wallet (containing an SSO Server
wallet file) as an argument.
Apache HTTP Server
For example, WLSSLWallet "${ORACLE_
Microsoft IIS
INSTANCE}/config/fmwconfig/components/${COMPONENT_
TYPE}/instances/${COMPONENT_NAME}/keystores/default"

PLGWL 2

Uploaded by

Copyright:

Available Formats

PLGWL 2

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PLGWL 2

Uploaded by

Copyright:

Available Formats

Oracle®

[1] Fusion Middleware

Primary Author: Srinivas Sudhindra

Contributors: Seema Alevoor, Jeff Trawick, Yulong Shi, Edwin Spear

Preface ................................................................................................................................................................ vii

1 Overview of Web Server Proxy Plug-Ins 12.1.2

2 Configuring the WebLogic Proxy Plug-In for Oracle HTTP Server

6 Common Configuration Tasks

7 Parameters for Web Server Plug-Ins

Access to Oracle Support

1.1 What are WLS Web Server Proxy Plug-Ins?

1.1.1 Connection Pooling and Keep-Alive

Note: Client connections are managed by the web server.

Overview of Web Server Proxy Plug-Ins 12.1.2 1-1

1.1.2 Proxying Requests

1.2 Availability of WLS Web Server Proxy Plug-In 12.1.2

Table 1–1 Availability of Version 12.1.2 Plug-Ins

1.3 Upgrading from 1.0 Plug-Ins

1-2 Using Oracle WebLogic Server Proxy Plug-Ins 12.1.2

1.3.1 Upgrade Instructions

Table 1–2 Upgrade Instructions by Plug-In

1.3.2 Considerations for Upgrading to Web Server Proxy Plug-ins 12.1.2

1.4 Features of the Version 12.1.2 Plug-Ins

1.4.1 Standard Encryption Strength Allows Simplified Naming

Overview of Web Server Proxy Plug-Ins 12.1.2 1-3

1.4.2 Version 12.1.2 Plug-Ins Use Oracle Security Framework

1.4.3 Version 12.1.2 Plug-Ins Support IPv6

1.4.4 Version 12.1.2 Plug-Ins Support Two-Way SSL

1.4.5 Deprecated Directives in Version 12.1.2

1.5 Support and Patching

1-4 Using Oracle WebLogic Server Proxy Plug-Ins 12.1.2

Overview of Web Server Proxy Plug-Ins 12.1.2 1-5

1-6 Using Oracle WebLogic Server Proxy Plug-Ins 12.1.2

Oracle HTTP Server

Note: The WebLogic Proxy Plug-In provides features that are

2.1 Prerequisites for Configuring the WebLogic Proxy Plug-In

2. In the Domain Structure pane, expand the Environment node.

2.2 Configuring the WebLogic Proxy Plug-In Using Fusion Middleware

4. Specify the configuration settings as described in the following table:

2-2 Using Oracle WebLogic Server Proxy Plug-Ins 12.1.2

5. If necessary, add any expression overrides in the Match Expression field.

Note: If you are converting an existing third-party server to proxy

2-4 Using Oracle WebLogic Server Proxy Plug-Ins 12.1.2

Note: If you need to append File Name, use the DefaultFileName

f. Click Add Row again to save the new row

2.2.1 Using the Search Function

2.2.2 Using the AutoFill Function

2.3 Configuring the WebLogic Proxy Plug-In Manually

Note: Oracle recommends that you specify directives within the

■ To forward requests to an application running on a single Oracle WebLogic

■ To forward requests to an application running on a cluster of Oracle

2-6 Using Oracle WebLogic Server Proxy Plug-Ins 12.1.2

■ To configure multiple destinations—say, an application running on a single

#For an application running on a cluster

■ To configure the WebLogic Proxy Plug-In so that it can link to managed

Note:If you are using SSL termination and routing requests to

After enabling the WebLogic plugin, restart the Administration Server.

These examples show two different ways of routing requests to Oracle

2.4 Deprecated Directives for Oracle HTTP Server

Service method="(GET|HEAD|POST)" type="~magnus-internal/" fn="send-file"