Technical data
11 Installing and Configuring the Apache HTTP Server Plug-In
11-16 Administration Guide
WebLogicPort 7001
PathTrim /weblogic
</IfModule>
The following configuration is the correct setup:
<Location /weblogic>
SetHandler weblogic-handler
PathTrim /weblogic
</Location>
n The Include directive does not work with Apache SSL. You must configure all
parameters directly in the
httpd.conf file. Do not use the following
configuration when using SSL:
<IfModule mod_weblogic.c>
MatchExpression *.jsp
Include weblogic.conf
</IfModule>
n The current implementation of the WebLogic Server Apache plug-in does not
support the use of multiple certificate files.
Specifying Trust of the WL-Proxy-Client-Cert Header
The plug-in can encode users’ identity certifications in the WL-Proxy-Client-Cert
header and pass the header to WebLogic Server instances (see Proxying Requests to
Another HTTP Server in the WebLogic Server Administration Guide). A WebLogic
Server instance uses the certificate information from that header, trusting that it comes
from a secure source (the Plug-In), to authenticate the user. In previous releases of
WebLogic Server, the default behavior was to always trust the
WL-Proxy-Client-Cert header. Beginning with WebLogic Server 6.1 SP2, you
need to explicitly define trust of the
WL-Proxy-Client-Cert header. A new
parameter,
clientCertProxy, allows WebLogic Server to determine whether to trust
the certificate header. For an additional level of security, use a connection filter to limit
all connections into WebLogic Server (therefore allowing WebLogic Server to only
accept connections from the machine on which the plug-in is running).
The
clientCertProxy parameter has been added to the HTTPClusterServlet and
Web applications.
For the
HTTPClusterServlet, add the parameter to the web.xml file as follows:
<context-param>