Oracle (Apache) HTTP Server - Default Header Size limitation

Does the Oracle HTTP Server have a http header size limitation? If so, what is the maximum size allowed for http headers? Can it be changed, and how?
Which version of Apache shipped with AS 9.0.4? I've been trying to find the answer to my questions in the Apache 1.3 documentation, but I'm not having any luck.
Let me explain my problem. We're using Vintela's Single Sign-On library for authentication in our java applications. Recently we ran into a problem where a user was not being granted access to the application. Much debugging occured, eventually we had to open a trouble ticket with Vintela. They suggested it might be a http header size limitation and to check the configuration for the web cache and apache. We easily found the configuration options for the web cache, but are still looking for apache.
We've by-passed the web cache and accessed the HTTP server directly and we are still experiancing the same problem.
To keep this message short and concise, I've omitted most of our troubleshooting, we're pretty sure the problem is related to a HTTP header size limitation.

One trick I saw the Oracle guys do is telnet to the httpd port and manually type in an HTTP request.
Perhaps ask the Vintela people for a test string that you can paste in a telnet window to test if the server handles it correctly.
Also, you can put Apache in a sort of debug mode as well using the AS Console. I can't remember, but I think this may show the entire http request including the headers.

Similar Messages

  • Configuring Apache HTTP Server with Oracle Weblogic Server plugin

    Hello friends,
    I have a scenario of OIM 9.1.0.2 on Oracle Application Server 11g and Weblogic Server Apache HTTP Server.
    Oracle WebLogic Server is configured in cluster (node1 and node2), also use the Oracle Weblogic Server plugin for integration with Apache.
    One of the tests is to lose one of the nodes for the apache plugin redirects the node that has less overhead.
    When the mode is node1 and node2 stop start mode and try to access the management console of Oracle Identity Manager, the plugin sometimes redirects to the other active node, and on another occasion shows the oracle management console identity manager without the colors of the basic look and feel.
    Deputy of the Apache HTTP Server log, do you expect your comments to solve this case?
    *************************************************log****************************************************
    Server Details are:
    OrigHostInfo [192.168.1.200]
    isOrigHostInfoDNS [0]
    Host [192.168.1.200]
    Port [7002]
    SecurePort [7004]
    Mon Jan 30 22:10:43 2012 <2600713279794431> Initializing lastIndex=0 for a list of length=1
    Mon Jan 30 22:10:43 2012 <2600713279794431> initJVMID: Trying to locate Primary or Secondary using SrvrInfo with JVMID [-872106207]
    Mon Jan 30 22:10:43 2012 <2600713279794431> initJVMID: Found Primary 192.168.1.200:7002:7004
    Mon Jan 30 22:10:43 2012 <2600713279794431> INFO: Closing SSL context
    Mon Jan 30 22:10:43 2012 <2600713279794431> .....internal request /bea_wls_internal/WLDummyInitJVMIDs.....processed
    Mon Jan 30 22:10:43 2012 <2600713279794431> getPreferredFromCookie: Found 1 servers
    Mon Jan 30 22:10:43 2012 <2600713279794431> attempt #0 out of a max of 5
    Mon Jan 30 22:10:43 2012 <2600713279794431> trying connect to PRIMARY '192.168.1.200'/7002/7004
    Mon Jan 30 22:10:43 2012 <2600713279794431> getPooledConn: No more connections in the pool for Host[192.168.1.200] Port[7002] SecurePort[7004]
    Mon Jan 30 22:10:43 2012 <2600713279794431> New SSL URL: match = 0 oid = 22
    Mon Jan 30 22:10:43 2012 <2600713279794431> Connect returns -1, and error no set to 150, msg 'Operation now in progress'
    Mon Jan 30 22:10:43 2012 <2600713279794431> EINPROGRESS in connect() - selecting
    Mon Jan 30 22:10:43 2012 <2600713279794431> Setting peerID for new SSL connection
    Mon Jan 30 22:10:43 2012 <2600713279794431> 0ae2 0436 0000 1b5c ...6...\
    Mon Jan 30 22:10:43 2012 <2600713279794431> Local Port of the socket is 39186
    Mon Jan 30 22:10:43 2012 <2600713279794431> Remote Host 192.168.1.200 Remote Port 7004
    Mon Jan 30 22:10:43 2012 <2600713279794431> created a new connection to preferred server '192.168.1.200/7004' for '/xlWebApp/images/spacer.gif', Local port:39186
    Mon Jan 30 22:10:43 2012 <2600713279794431> INFO: CA certificate missing basicConstraints, validation failed
    Mon Jan 30 22:10:43 2012 <2600713279794431> ERROR: SSLWrite failed
    Mon Jan 30 22:10:43 2012 <2600713279794431> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
    Mon Jan 30 22:10:43 2012 <2600713279794431> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
    Mon Jan 30 22:10:43 2012 <2600713279794431> Marking 192.168.1.200:7004 as bad
    Mon Jan 30 22:10:43 2012 <2600713279794431> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3160
    Mon Jan 30 22:10:43 2012 <2600713279794431> INFO: Closing SSL context
    Mon Jan 30 22:10:43 2012 <2598413279794431>
    ================New Request: [GET /images/cab.gif HTTP/1.1] =================
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: SSL is configured
    Mon Jan 30 22:10:43 2012 <2598413279794431> SSL Main Context not set. Calling InitSSL
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: SSL configured successfully
    Mon Jan 30 22:10:43 2012 <2598413279794431> Using Uri /images/cab.gif
    Mon Jan 30 22:10:43 2012 <2598413279794431> After trimming path: '/images/cab.gif'
    Mon Jan 30 22:10:43 2012 <2598413279794431> adding prepend path: /xlWebApp/
    Mon Jan 30 22:10:43 2012 <2598413279794431> The final request string is '/xlWebApp/images/cab.gif'
    Mon Jan 30 22:10:43 2012 <2598413279794431> Host extracted from serverlist is [192.168.1.100]
    Mon Jan 30 22:10:43 2012 <2598413279794431> Host extracted from serverlist is [192.168.1.200]
    Mon Jan 30 22:10:43 2012 <2598413279794431> Initializing lastIndex=0 for a list of length=2
    Mon Jan 30 22:10:43 2012 <2598413279794431> getListNode: created a new server node: id='192.168.1.100:7004,192.168.1.200:7004' server_name='OIMSERVER', port='443'
    Mon Jan 30 22:10:43 2012 <2598413279794431> getPreferred: availcookie=[JSESSIONID=6RGCPnbTFRG7LBrTRpFnv1QLnQHkxkqr4pjGhhGJyrJWJ1rv86NK!-872106207!NONE]
    Mon Jan 30 22:10:43 2012 <2598413279794431> Found cookie from cookie header: JSESSIONID=6RGCPnbTFRG7LBrTRpFnv1QLnQHkxkqr4pjGhhGJyrJWJ1rv86NK!-872106207!NONE
    Mon Jan 30 22:10:43 2012 <2598413279794431> Parsing cookie JSESSIONID=6RGCPnbTFRG7LBrTRpFnv1QLnQHkxkqr4pjGhhGJyrJWJ1rv86NK!-872106207!NONE
    Mon Jan 30 22:10:43 2012 <2598413279794431> getpreferredServersFromCookie: [-872106207!NONE]
    Mon Jan 30 22:10:43 2012 <2598413279794431> primaryJVMID: [-872106207]
    secondaryJVMID: [NONE]
    Mon Jan 30 22:10:43 2012 <2598413279794431> No of JVMIDs found in cookie: 1
    Mon Jan 30 22:10:43 2012 <2598413279794431> getPreferredFromCookie: Start Position is 0, listLen is 2
    Mon Jan 30 22:10:43 2012 <2598413279794431> getPreferredFromCookie: Either JVMIDs not set or they are stale. Will try to get JVMIDs from WLS
    Mon Jan 30 22:10:43 2012 <2598413279794431> initJVMID: Iterating SrvrList from position 0
    Mon Jan 30 22:10:43 2012 <2598413279794431> ======internal request /bea_wls_internal/WLDummyInitJVMIDs======
    initJVMID: Trying Host[192.168.1.100] Port[7004] SecurePort[7004] useSSL [1] ioTimeout [30] socketTimeout [2]
    Mon Jan 30 22:10:43 2012 <2598413279794431> New SSL URL: match = 0 oid = 0
    Mon Jan 30 22:10:43 2012 <2598413279794431> Connect returns -1, and error no set to 146, msg 'Connection refused'
    Mon Jan 30 22:10:43 2012 <2598413279794431> Error connecting to host 192.168.1.100:7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> *******Exception type [CONNECTION_REFUSED] (Error connecting to host 192.168.1.100:7004 errno = 146) raised at line 1723 of ../nsapi/URL.cpp
    Mon Jan 30 22:10:43 2012 <2598413279794431> initJVMID: Failed to retrieved JVMID for 192.168.1.100:7004:7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> initJVMID: Marked server as BAD
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: Closing SSL context
    Mon Jan 30 22:10:43 2012 <2598413279794431> .....internal request /bea_wls_internal/WLDummyInitJVMIDs.....processed
    Mon Jan 30 22:10:43 2012 <2598413279794431> ======internal request /bea_wls_internal/WLDummyInitJVMIDs======
    initJVMID: Trying Host[192.168.1.200] Port[7004] SecurePort[7004] useSSL [1] ioTimeout [30] socketTimeout [2]
    Mon Jan 30 22:10:43 2012 <2598413279794431> New SSL URL: match = 0 oid = 0
    Mon Jan 30 22:10:43 2012 <2598413279794431> Connect returns -1, and error no set to 150, msg 'Operation now in progress'
    Mon Jan 30 22:10:43 2012 <2598413279794431> EINPROGRESS in connect() - selecting
    Mon Jan 30 22:10:43 2012 <2598413279794431> Setting peerID for new SSL connection
    Mon Jan 30 22:10:43 2012 <2598413279794431> 0ae2 0436 0000 1b5c ...6...\
    Mon Jan 30 22:10:43 2012 <2598413279794431> Local Port of the socket is 39188
    Mon Jan 30 22:10:43 2012 <2598413279794431> Remote Host 192.168.1.200 Remote Port 7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: Certificate validation succeeded
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: Negotiated to cipher: 3
    Mon Jan 30 22:10:43 2012 <2598413279794431> SSLWrite sent 171
    Mon Jan 30 22:10:43 2012 <2598413279794431> SSLWrite completed, sent 171
    Mon Jan 30 22:10:43 2012 <2598413279794431> Reader::fill() SSLRead returned: 0 290
    Mon Jan 30 22:10:43 2012 <2598413279794431> URL::parseHeaders: CompleteStatusLine set to [HTTP/1.1 404 Not Found]
    Mon Jan 30 22:10:43 2012 <2598413279794431> URL::parseHeaders: StatusLine set to [404 Not Found]
    Mon Jan 30 22:10:43 2012 <2598413279794431> parsed all headers OK
    Mon Jan 30 22:10:43 2012 <2598413279794431> Parsing cluster list: -872106207!182584374!7002!7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> parseJVMID: Parsing JVMID '-872106207!182584374!7002!7004'
    Mon Jan 30 22:10:43 2012 <2598413279794431> parseJVMID: Actually parsing '-872106207!182584374!7002!7004'
    Mon Jan 30 22:10:43 2012 <2598413279794431> ServerInfo struct for JVMID '-872106207' populated
    Server Details are:
    OrigHostInfo [192.168.1.200]
    isOrigHostInfoDNS [0]
    Host [192.168.1.200]
    Port [7002]
    SecurePort [7004]
    Mon Jan 30 22:10:43 2012 <2598413279794431> Initializing lastIndex=0 for a list of length=1
    Mon Jan 30 22:10:43 2012 <2598413279794431> initJVMID: Trying to locate Primary or Secondary using SrvrInfo with JVMID [-872106207]
    Mon Jan 30 22:10:43 2012 <2598413279794431> initJVMID: Found Primary 192.168.1.200:7002:7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: Closing SSL context
    Mon Jan 30 22:10:43 2012 <2598413279794431> .....internal request /bea_wls_internal/WLDummyInitJVMIDs.....processed
    Mon Jan 30 22:10:43 2012 <2598413279794431> getPreferredFromCookie: Found 1 servers
    Mon Jan 30 22:10:43 2012 <2598413279794431> attempt #0 out of a max of 5
    Mon Jan 30 22:10:43 2012 <2598413279794431> trying connect to PRIMARY '192.168.1.200'/7002/7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> getPooledConn: No more connections in the pool for Host[192.168.1.200] Port[7002] SecurePort[7004]
    Mon Jan 30 22:10:43 2012 <2598413279794431> New SSL URL: match = 0 oid = 22
    Mon Jan 30 22:10:43 2012 <2598413279794431> Connect returns -1, and error no set to 150, msg 'Operation now in progress'
    Mon Jan 30 22:10:43 2012 <2598413279794431> EINPROGRESS in connect() - selecting
    Mon Jan 30 22:10:43 2012 <2598413279794431> Setting peerID for new SSL connection
    Mon Jan 30 22:10:43 2012 <2598413279794431> 0ae2 0436 0000 1b5c ...6...\
    Mon Jan 30 22:10:43 2012 <2598413279794431> Local Port of the socket is 39189
    Mon Jan 30 22:10:43 2012 <2598413279794431> Remote Host 192.168.1.200 Remote Port 7004
    Mon Jan 30 22:10:43 2012 <2598413279794431> created a new connection to preferred server '192.168.1.200/7004' for '/xlWebApp/images/cab.gif', Local port:39189
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: CA certificate missing basicConstraints, validation failed
    Mon Jan 30 22:10:43 2012 <2598413279794431> ERROR: SSLWrite failed
    Mon Jan 30 22:10:43 2012 <2598413279794431> SEND failed (ret=-1) at 793 of file ../nsapi/URL.cpp
    Mon Jan 30 22:10:43 2012 <2598413279794431> *******Exception type [WRITE_ERROR_TO_SERVER] raised at line 794 of ../nsapi/URL.cpp
    Mon Jan 30 22:10:43 2012 <2598413279794431> Marking 192.168.1.200:7004 as bad
    Mon Jan 30 22:10:43 2012 <2598413279794431> got exception in sendRequest phase: WRITE_ERROR_TO_SERVER [os error=0,  line 794 of ../nsapi/URL.cpp]: at line 3160
    Mon Jan 30 22:10:43 2012 <2598413279794431> INFO: Closing SSL context
    Thanks

    "One of the tests is to lose one of the nodes for the apache plugin redirects the node that has less overhead."
    Note that the plug-in does a round robin load balancing, for example, in the case of three server (1,2,3) it does 1-2-3-1-2-3-1...
    with server 3 going down it does 1-2-1-2-1...
    An example configuration (with SSL off) looks as follows:
    LoadModule weblogic_module   "/home/oracle/weblogic12.1.1/apache/modules/mod_wl.so"
    <IfModule weblogic_module>
         ConnectTimeoutSecs 10
         ConnectRetrySecs 2
         DebugConfigInfo ON
         WLSocketTimeoutSecs 2
         WLIOTimeoutSecs 300
         Idempotent ON
         FileCaching ON
         KeepAliveSecs 20
         KeepAliveEnabled ON
         DynamicServerList ON
         WLProxySSL OFF
    </IfModule>
    <Location /LoadTest6>
         SetHandler weblogic-handler
         WebLogicCluster 172.31.0.175:7002,172.31.0.113:7003
    </Location>Also see the complete example here: http://middlewaremagic.com/weblogic/?p=7795
    "the plugin sometimes redirects to the other active node"
    This is somewhat strange, do you have session binding turned off?
    "and on another occasion shows the oracle management console identity manager without the colors of the basic look and feel."
    This could happen due to mime types (not really sure just a hunch). Here is a general story on this concept: https://developer.mozilla.org/en/Properly_Configuring_Server_MIME_Types
    and the apache module: http://httpd.apache.org/docs/2.2/mod/mod_mime.html

  • Nessus report says: Apache HTTP Server httpOnly Cookie Information Disclosu

    Hi all,
    Security area ran a Nessus script in the network and it found a known vulnerability over Oracle HTTP Server. Nessus gives a recomendation and I think is not the best recomendation because Oracle Application Server 10g R2 doesn't supports Apache 2.2.22 (only 1.3).
    The question is:
    What other action plan can I execute in order to solve the vulnerability issue?
    This is the Nessus report:
    Apache HTTP Server httpOnly Cookie Information Disclosure
    Synopsis:
    The web server running on the remote host has an information disclosure vulnerability.
    Description:
    The version of Apache HTTP Server running on the remote host has an information disclosure vulnerability. Sending a request with HTTP headers long enough to exceed the server limit causes the web server to respond with an HTTP 400. By default, the offending HTTP header and value are displayed on the 400 error page. When used in conjunction with other attacks (e.g., cross-site scripting), this could result in the compromise of httpOnly cookies.
    Risk factor:
    Medium
    CVSS Base Score:4.3
    CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N
    See also:
    http://fd.the-wildcat.de/apache_e36a9cf46c.php
    See also:
    http://httpd.apache.org/security/vulnerabilities_22.html
    See also:
    http://svn.apache.org/viewvc?view=revision&revision=1235454
    Solution:
    Upgrade to Apache version 2.2.22 or later.
    Plugin output:
    Nessus verified this by sending a request with a long Cookie header : GET / HTTP/1.1 Host: ntoracolp01.intrallianz.es:7202 Accept-Language: en Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1 Connection: Close Cookie: z9=AAAAAAAAAAAAAAAAAAAAA......
    Pragma: no-cache User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */* Which caused the Cookie header to be displayed in the default error page (the response shown below has been truncated) : <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>400 Bad Request</TITLE> </HEAD><BODY> <H1>Bad Request</H1> Your browser sent a request that this server could not understand.<P> Size of a request header field exceeds server limit.<P> <PRE> Cookie: z9=AAAAAAAAAAAAAAA.......
    Plugin ID:
    57792
    CVE:
    CVE-2012-0053
    BID:
    51706
    Other references:
    OSVDB:78556, EDB-ID:18442, IAVA:2012-A-0017
    Thanks

    Thanks for reply
    I've added read access to developer directory:
    drwxr--r-x 11 developer users 4096 03-18 21:03 developer
    Nothing changed.
    error_log
    [Tue Mar 18 22:42:47.462658 2014] [authz_core:error] [pid 2150:tid 2941197120] [client 192.168.1.100:56103] AH01630: client denied by server configuration: /home/developer/public_html
    No idea how "public_html" get there?!
    access_log
    192.168.1.100 - - [18/Mar/2014:22:38:34 +0100] "GET /~developer HTTP/1.1" 403 1081
    192.168.1.100 - - [18/Mar/2014:22:38:45 +0100] "GET /~developer/www HTTP/1.1" 403 1081
    192.168.1.100 - - [18/Mar/2014:22:42:47 +0100] "GET /~developer/www HTTP/1.1" 403 1081
    192.168.1.100 - - [18/Mar/2014:22:42:47 +0100] "GET /favicon.ico HTTP/1.1" 404 1099
    192.168.1.100 - - [18/Mar/2014:22:42:47 +0100] "GET /favicon.ico HTTP/1.1" 404 1099
    EDIT
    Ok, I've found the solution for that. In file httpd-userdir.conf UserDir was "public_html" instead of "www".
    Now I'm getting error 500
    error_log
    [Tue Mar 18 22:48:36.841443 2014] [mpm_event:notice] [pid 2803:tid 3074947456] AH00489: Apache/2.4.7 (Unix) mod_python/3.5.0- Python/3.3.5 configured -- resuming normal operations
    [Tue Mar 18 22:48:36.841528 2014] [core:notice] [pid 2803:tid 3074947456] AH00094: Command line: '/usr/bin/httpd'
    [Tue Mar 18 22:48:45.873329 2014] [:error] [pid 2805:tid 3033516864] make_obcallback: could not import mod_python.apache.\n
    [Tue Mar 18 22:48:45.874559 2014] [:error] [pid 2805:tid 3033516864] make_obcallback: Python path being used "['/usr/lib/python33.zip', '/usr/lib/python3.3', '/usr/lib/python3.3/plat-linux', '/usr/lib/python3.3/lib-dynload', '/usr/lib/python3.3/site-packages']".
    [Tue Mar 18 22:48:45.874589 2014] [:error] [pid 2805:tid 3033516864] get_interpreter: no interpreter callback found.
    [Tue Mar 18 22:48:45.874612 2014] [:error] [pid 2805:tid 3033516864] [client 192.168.1.100:56122] python_handler: Can't get/create interpreter., referer: http://192.168.1.108/~developer/
    Last edited by maci3k (2014-03-18 22:37:32)

  • Policy Agent 2.2 for Apache HTTP Server

    hi,
    I'm trying to configure Policy Agent 2.2 for apache http server.
    The agent seems to be installed properly, in fact when I access the protected resource, I get the Access Manager login page.
    Then I log into access manager, but I'm redirected to an error page.
    Looking in log files I can see:
    agent's "amAgent" log file:
    Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
    Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
    Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting password callback.
    Debug 10763:f8fe0 ServiceEngine: Service::do_agent_auth_login(): Setting name callback to 'apache2Agent'.
    Debug 10763:f8fe0 AuthService: BaseService::sendRequest Cookie and Headers =Host: crmzone.company.icteam.it     
                   Cookie: JSESSIONID=193E5E1590C924A42B95A00A51DC0479;amlbcookie=01
    Debug 10763:f8fe0 AuthService: BaseService::sendRequest Content-Length =Content-Length: 620
    Debug 10763:f8fe0 AuthService: BaseService::sendRequest Header Suffix =Accept: text/xml
                   Content-Type: text/xml; charset=UTF-8
    Debug 10763:f8fe0 AuthService: HTTP Status = 200 (OK)
    Debug 10763:f8fe0 AuthService: Http::Response::readAndParse(): No content length in response.
    Error 10763:f8fe0 AuthService: AuthService::processLoginStatus() Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp.
    Error 10763:f8fe0 PolicyEngine: am_policy_evaluate: InternalException in AuthService::processLoginStatus() with error message:Exception message=[Application user ID is not valid.] errorCode='107' templateName=login_failed_template.jsp and code:3
    Warning 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) denying access: status = Access Manager authentication service failure
    Debug 10763:f8fe0 PolicyAgent: am_web_is_access_allowed(): Successfully logged to remote server for GET action by user unknown user to resource http://10.0.0.31:80/SugarOS-Full-4.5.0f.
    Info 10763:f8fe0 PolicyAgent: am_web_is_access_allowed()(http://10.0.0.31:80/SugarOS-Full-4.5.0f, GET) returning status: Access Manager authentication service failure.
    Info 10763:f8fe0 PolicyAgent: process_request(): Access check for URL http://10.0.0.31/SugarOS-Full-4.5.0f returned Access Manager authentication service failure.
    Debug 10763:f8fe0 PolicyAgent: process_request(): returning web result AM_WEB_RESULT_ERROR, data []
    Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): Rendering web result AM_WEB_RESULT_ERROR
    Debug 10763:f8fe0 PolicyAgent: am_web_process_request(): render result function returned AM_SUCCESS.
    Access Manager's "amAuthentication.error" log file:
    "Login Failed|module_instance|Application" Application AUTHENTICATION-268 dc=opensso,dc=java,dc=net "Not Available" INFO apache2Agent 10.0.0.31 "cn=dsameuser,ou=DSAME Users,dc=opensso,dc=java,dc=net" CRMzone
    I tried to change the name of the agent either in its AMAgent.properties or in Access Manager "Agents" configuration page.
    I also used "crypt_util" to generate a new passoword, but nothing seems to happen.
    Where should I look to get more info about this problem? Specific log file?
    Is it due to wrong name/id/password of the agent? I really checked them many times...
    Thanks
    Fabio

    I think the error message "Application user ID is not valid" is pretty self evident.
    Log into the amconsole and go to the root realm/organization. Make sure the Agent profile exists and reset the password again to know value. If you created the agent profile in a sub realm/organization, you will need to make sure the subrealm/organization is set in the AMAgent.properties since the default value is / for the root realm/organization. Update the AMAgent.properties file will the Agent ID and the password generated by the crypt_it tool (com.sun.am.policy.am.username, com.sun.am.policy.am.password)
    If that doesn't work, check the amApplication debug log and then look at the ldap server access logs to see why the auth bind failed.

  • Virtual Hosts in Apache HTTP Server

    How to configure virtual hosts in Apache HTTP Server httpd.conf file.
    If I want to access my server with some other name(alias), how can I do this ?
    Suggestions in this matter would be highly helpful.
    Thanks
    Vidhyut Arora

    Following is a note explaining how to setup
    Virtual hosts.
    Hope this helps
    Ranga
    Note:70647.1
    Subject: Apache Server Virtual Hosting
    Last Revision Date: 07-JUN-2001
    PURPOSE
    This document discusses considerations for setting up virtual hosts on an
    Apache machine, to include how to get the hostname working and how to
    configure Apache.
    SCOPE & APPLICATION
    The information in this document is intended for those who manage multiple sites
    using an Apache machine.
    REFERENCES
    First published in Apache Week issue 31 (6th September 1996)
    Last update 20th September 1998
    Using Virtual Hosts
    Virtual Hosts let you run multiple independent Web sites on a single host with
    a single Apache setup.
    One of the most important facilities in Apache is its ability to run virtual
    hosts. This is now the essential way to run multiple Web services - each with
    different host names and URLs - that appear to be completely separate sites.
    This is widely used by ISPs, hosting sites and content providers who need to
    manage multiple sites but do not want to buy a new machine for each one.
    Picking an IP address
    There are two types of virtual hosts: IP-based and non-IP-based. The former is
    where each virtual host has its own IP address. You must have a new IP address
    for each virtual host you want to set up, either from your existing allocation
    or by obtaining more from your service provider. When you have extra IP
    addresses, you tell your machine to handle them. On some operating systems, you
    can give a single ethernet interface multiple addresses (typically with an
    fconfig alias command). On other systems, you must have a different
    physical interface for each IP address (typically by buying extra ethernet
    cards).
    IP addresses are a resource that costs money and are increasingly difficult to
    get, so modern browsers can now also use 'non-IP' virtual hosts. This
    lets you use the same IP address for multiple host names. When the server
    receives an incoming Web connection, it does not know the hostname that was used
    in the URL. However, the new HTTP/1.1 specification adds a facility where the
    browser must tell the server the hostname it is using, on the Host: header. If
    an older browser connects to a non-IP virtual host, it does not send the Host:
    header, so the server must respond with a list of possible virtual
    hosts. Apache provides some help for configuring a site for both old and new
    browsers.
    Picking a Hostname and Updating the DNS
    Having selected an IP address, the next stage is to update the DNS so that
    browsers can convert the hostname into the right address. The DNS is the system
    that every machine connected to the internet uses to find the IP address of host
    names. If your hostname is not in the DNS, no one can connect to
    your server (except by the unfriendly IP address).
    If the virtual hostname you are going to use is under your existing domain,
    you can just add the record into your own DNS server. If the virtual hostname
    is in someone else's domain, you must get them to add it to their DNS
    server files. In some cases, you want to use a domain not yet used on the
    internet, in which case you must apply for the domain name from the
    InterNIC and set up the primary and secondary DNS servers for it, before adding
    the entry for your virtual host.
    In any of these cases, the entry you need to add to the DNS is an address record
    (an A record) pointing to the appropriate IP address. For example, say you want
    the domain www.my-dom.com to access your host with IP address 10.1.2.3: you
    must add the following line to the DNS zone file for my-dom.com:
    www A 10.1.2.3
    Now, users can enter http://www.my-dom.com/ as a URL in their browsers and get
    to your Web server. However, it will return the same information as if the
    machine's original hostname had been used. So, the final stage is to tell Apache
    how to respond differently to the different addresses.
    How Apache Handles Virtual Hosts
    Configuring Apache for virtual hosts is a two-stage process. First, it needs
    to be told which IP addresses (and ports) to listen to for incoming Web
    connections. By default, Apache listens to port 80 on all IP addresses of the
    local machine, and this is often sufficient. If you have a more complex
    requirement, such as listening on various port numbers, or only to specific IP
    addresses, then the BindAddress or Listen directives can be used.
    Second, having accepted an incoming Web connection, the server must be
    configured to handle the request differently, depending on what virtual host it
    was addressed to. This usually involves configuring Apache to use a different
    DocumentRoot.
    Telling Apache Which Addresses to Listen To
    If you are happy for Apache to listen to all local IP addresses on the port
    specified by the Port directive, you can skip this section. However, there are
    some cases where you want to use the directives explained here:
    - If you have many IP addresses on the machine but only want to run a Web
    server on some of them
    - If one or more of your virtual hosts is on a different port
    - If you want to run multiple copies of the Apache server serving different virtual
    hosts
    There are two ways of telling Apache what addresses and ports to listen to:
    - Use the BindAddress directive to specify a single address or port
    - Use the Listen directive to any number of specific addresses or ports
    For example, if you run your main server on IP address 10.1.2.3 port 80, and a
    virtual host on IP 10.1.2.4 port 8000, you would use:
    Listen 10.1.2.3:80
    Listen 10.1.2.4:8000
    Listen and BindAddress are documented on the Apache site.
    Configuring the Virtual Hosts
    Having gotten Apache to listen to the appropriate IP addresses and ports, the
    final stage is to configure the server to behave differently for requests on
    each of the different addresses. This is done using <VirtualHost> sections in
    the configuration files, normally in httpd.conf.
    A typical (but minimal) virtual host configuration looks like this:
    <VirtualHost 10.1.2.3>
    DocumentRoot /www/vhost1
    ServerName www.my-dom.com
    </VirtualHost>
    This should be placed in the httpd.conf file. You replace the text
    10.1.2.3 with one of your virtual host IP addresses. If you want to specify a
    port as well, follow the IP address with a colon and the port number
    (example: 10.1.2.4:8000). If omitted, the port defaults to 80.
    If no <VirtualHost> sections are given in the configuration files, Apache
    treats requests from the different addresses and ports identically. In terms of
    setting up virtual hosts, we call the default behavior the main server
    configuration. Unless overridden by <VirtualHost> sections, the main server
    behaviour is inherited by all the virtual hosts. When configuring virtual
    hosts, you must decide what changes to make in each of the virtual
    host configurations.
    Any directives inside a <VirtualHost> section apply to just that virtual host.
    The directives either override the configuration give in the main server, or
    supplement it, depending on the directive. For example, the DocumentRoot
    directive in a <VirtualHost> section overrides the main server's DocumentRoot,
    while AddType supplements the main server's mime types.
    Now, when a request arrives, Apache uses the IP address and port it arrived on
    to find a matching virtual host configuration. If no virtual host matches the
    address and port, it is handled by the main server configuration. If it does
    match a virtual host address, Apache uses the configuration of that virtual
    server to handle the request.
    For the example above, the server configuration used is the same as the
    main server, except that the DocumentRoot is /www/vhost1, and the
    ServerName is www.my-dom.com. Directives commonly set in <VirtualHost>
    sections are DocumentRoot, ServerName, ErrorLog and TransferLog. Directives
    that deal with handling requests and resources are valid inside <VirtualHost>
    sections. However, some directives are not valid inside <VirtualHost> sections,
    including BindAddress, StartSevers, Listen, Group and User.
    You can have as many <VirtualHost> sections as you want. You can
    leave one or more of your virtual hosts being handled by the main server, or
    have a <VirtualHost> for every available address and port, and leave the main
    server with no requests to handle.
    VirtualHost sections for non-IP Virtual Hosts
    Non-IP virtual hosts are configured in a very similar way. The IP address that
    the requests arrive on is given in the <VirtualHost> directive, and the
    host name is put in the ServerName directive. The difference is that there
    (usually) is more than one <VirtualHost> section handling the same IP address.
    For Apache to know whether a request arriving on a particular IP
    address is supposed to be a name-based requests, the NameVirtualHost directive
    addresses for name-based requests. A virtual host can handle more than one
    non-IP hostname by using the ServerAlias directive, in addition to the
    ServerName.
    null

  • Apache http server won't run - error 1067 - after installing forms

    Hi, I succesfully installed the 9i on a Windows XP machine. I included the Apache HTTP server in the install. It all worked fine. Then I installed the Oracle development suite (rapid application development selection), and since cannot get the Apache server to run. It gives error 1067. On issueing "F:\oracle\ora90\Apache\Apache>apache.exe start -k" I get the following error: "Syntax error on line 14 of F:\oracle\ora90\rdbms\demo\aqxml.conf: Invalid command 'ApJServGroupMount', perhaps mis-spelled or defined by a module not included in the server configuration".
    Any ideas?? I amnew to both Oracle and Apache. Thanks for any help offered.

    did you install the development suite on a different Oracle home? In case it is on its own oracle home, it happens that the new install overwrites the PATH environment variable and sets the path of the new oracle home prior to the previously installed oracle home, this could affect old oracle home, since it will be looking for libraries and executables at the wrong OH. Change back the PATH environment variable, so the old OH is referred first.
    Start once more the oracle http server, first by means of the windows service, and verify the httpd.pid file doesn't exist prior to attempt restarting it.
    ~ Madrid

  • COREid 7.0.4-  Is Apache HTTP Server 2.2 going to be supported?

    Is Apache HTTP Server 2.2 going to be supported? If so, when?
    Thanks!

    Such a question should of course be answered by product management. maybe you should log a TAR on metalink to get answers.
    What you could try is to configure the COREid into a Apache 2.2 and have this listening on some other ports (eg 90, 543 :-). I did the same in another env where I have the Oracle HTTP Server from the AS and a standard Apache (2.0.46) to use the COREid.
    cu
    Andreas

  • Apache http server won't run - error 1067

    Hi, I succesfully installed the latest version of Oracle RDBMS on a Windows XP machine. I included the APache HTTP server in the install. It all worked fine. Then I installed the Oracle development suite (rapid application development selection), and since cannot get the Apache server to run. It gives error 1067. On issueing "F:\oracle\ora90\Apache\Apache>apache.exe start -k" I get the following error: "Syntax error on line 14 of F:\oracle\ora90\rdbms\demo\aqxml.conf: Invalid command 'ApJServGroupMount', perhaps mis-spelled or defined by a module not included in the server configuration".
    Any ideas?? I amnew to both Oracle and Apache. Thanks for any help offered.

    I have exactly the same problem... does anyone have any ideas how do I solve it.

  • Will Apache HTTP server version 2.2.x be supported for Solaris 10?

    It appears that the Apache 2.0.x package is still being included in the latest release of Solaris 10. When I checked the Apache site, it says they will no longer be releasing updates for the 2.0.x version family. Is Oracle planning to make an Apache 2.2.x package available and develop future patches?

    Hi,
    You can try using the following approach with +'MatchExpression'+ parameter for the +'VirtualHost'+ configuration, which should solve your problem:
    <VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName << Put your apache server ip-address here>>
    ErrorLog logs/error_log
    <Location */CustomLocationPrefix1** >
    SetHandler weblogic-handler
    +## Select the list of apps/urls for APP1+
    WebLogicCluster 192.168.100.1:7001,192.100.1:7002
    CookieName CUSTOM_JSESSIONID_COOKIE_NAME_1
    Debug ALL
    DebugConfigInfo ON
    WLLogFile C:/wlproxy.log
    </Location>
    <Location */CustomLocationPrefix2** >
    SetHandler weblogic-handler
    +## Select the list of apps/urls for APP2+
    WebLogicCluster 192.168.100.3:7001,192.168.100.4:7002
    CookieName CUSTOM_JSESSIONID_COOKIE_NAME_2
    Debug ALL
    DebugConfigInfo ON
    WLLogFile C:/wlproxy.log
    </Location>
    <Location */CustomLocationPrefix3** >
    SetHandler weblogic-handler
    +## Select the list of apps/urls for APP3+
    WebLogicCluster 192.168.100.5:7001,192.168.100.6:7002
    CookieName CUSTOM_JSESSIONID_COOKIE_NAME_3
    Debug ALL
    DebugConfigInfo ON
    WLLogFile C:/wlproxy.log
    </Location>
    <IfModule mod_weblogic.c>
    +## Combine all the locations for the different web-apps you want to route through apache http server+
    +## (i.e., APP1, APP2, APP3 in this case).+
    WebLogicCluster 192.168.100.1:7001,192.168.100.2:7002,192.168.100.3:7001,192.168.100.4:7002,192.168.100.5:7001,192.168.100.6:7002
    MatchExpression *
    +## The following may not be needed (need to recheck)+
    EnforceBasicConstraints OFF
    </IfModule>
    </VirtualHost>
    Regards,
    Deepak Kerur.
    Edited by: user10231088 on Jul 7, 2011 6:36 PM
    Edited by: user10231088 on Jul 7, 2011 6:36 PM

  • Oracle9i - Apache HTTP Server

    I just installed Oracle9i database and everytime I reboot, the Apache HTTP Server trys to start. It gets and error and the error log fills up until my hard drive is full. here is the error log...
    [Sun Jan 18 08:41:53 2004] [warn] FastCGI: server "c:/oracle/ora92/bin/isqlplus" started (pid 2520)
    [Sun Jan 18 08:41:58 2004] [warn] FastCGI: server "c:/oracle/ora92/bin/isqlplus" (pid 2520) terminated with exit with status '3373408'
    I also noticed a problem in the ssl_engine_log file in the same directory as the apache error log...in case they are connected somehow...
    [18/Jan/2004 08:41:30 00460] [warn] Failed to release global mutex lock
    [18/Jan/2004 08:41:30 00460] [warn] Init: (localhost:443) RSA server certificate CommonName (CN) `NOT SECURE!!!' does NOT match server name!?

    I am having the same problem. The Appache error log is filling up my entire hard drive. I just stoped the orace http service that was running deleted the error log file.
    What is causeing this?
    Jeff
    [email protected]

  • APEX Oracle 11g HTTP Server - Cannot get SSL working

    I have installed APEX on Oracle 11g with the Oracle HTTP Server on MS Windows server.
    Data base up and running, APEX up an running.
    All works as expected on port 7777
    When I try 4443 I get error message re self signed certificate by Oracle, but if I click through error message I get an https connection.
    I want to replace default cert with a locally signed cert, and get SSL working on 4443, then switch to port 443.
    I have used the Oracle Wallet manager, generated a CSR, had this signed by my corproate CA, and installed the corporate CA cert and the newly signed server cert into the wallet (with Auto Login Set) and saved it in:
    D:\orahttp\Oracle_WT1\instances\apex\config\OHS\ohs1\keystores\infosec2wallet
    This creates two files: ewallet.p12 and cwallet.sso
    I then manually add the group/users "SYSTEM" and "Administrators" to these two files to match the security tab on the default wallet.
    I T then go to the ssl.conf file located at:
    D:\orahttp\Oracle_WT\instances\apex\config\OHS\ohs1\ssl.conf
    and changed the entry:
    #SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/default"
    SSLWallet "${ORACLE_INSTANCE}/config/${COMPONENT_TYPE}/${COMPONENT_NAME}/keystores/infosec2wallet"
    I then stop and start the Oracle HTTP Server - ohs1 from the start menu.
    Then I try to connect from my desk top machine using the following URL:
    https://us-pghinfosec2.ariba.com:4443/pls/apex/f?p=101:1:
    I get the clasic MS IE Message:
    ==========
    Internet Explorer cannot display the webpage
    Most likely causes:
    You are not connected to the Internet.
    The website is encountering problems.
    There might be a typing error in the address.
    What you can try:
    Diagnose Connection Problems
    More information
    This problem can be caused by a variety of issues, including:
    Internet connectivity has been lost.
    The website is temporarily unavailable.
    The Domain Name Server (DNS) is not reachable.
    The Domain Name Server (DNS) does not have a listing for the website's domain.
    If this is an HTTPS (secure) address, click Tools, click Internet Options, click Advanced, and check to be sure the SSL and TLS protocols are enabled under the security section.
    For offline users
    You can still view subscribed feeds and some recently viewed webpages.
    To view subscribed feeds
    Click the Favorites Center button , click Feeds, and then click the feed you want to view.
    To view recently visited webpages (might not work on all pages)
    Click Tools , and then click Work Offline.
    Click the Favorites Center button , click History, and then click the page you want to view.
    ==========
    I am at a loss as to what to do. It acts like Oracle HTTP can not open my wallet.
    I suspect it needs the password to the wallet but I cannot find any place to specify the password, and Auto Login should have addressed that issue.
    Any insights welcome.
    Thanks - Elton Hay

    Hello Lakshmi,
    >
    I got your point but in our case HTTP Server and Oracle Database (APEX) running on different machines.
    Oracle HTTP Server running on a Windows 2003 server and Oracle Database running on Sun Solaris machine.
    So do i need to change Oracle 10g HTTP Server? do i need to install Oracle 11g HTTP SErver?
    Please let me know if my question is not clear.
    >
    <ul><li>
    I got your point but in our case HTTP Server and Oracle Database (APEX) running on different machines.Did I missed something?
    You should have mentioned this additional information in the original question itself.
    </li>
    <li>Oracle HTTP Server running on a Windows 2003 server and Oracle Database running on Sun Solaris machine.As long as [url http://docs.oracle.com/cd/E37097_01/doc/install.42/e35123/otn_install.htm#BHAFJJDA]dads.conf is configured correctly there should not be a problem with this.
    From Original question:
    We are having Oracle APEX 3.1 version on Oracle 10g Database and Oracle 10g HTTP Server as web server in our organization.How did this setup of APEX worked?(i.e. on different machines)
    If you still have doubt about this you can do the setup and find out before upgrading.
    </li>
    <li>So do i need to change Oracle 10g HTTP Server? do i need to install Oracle 11g HTTP SErver?This question is answered in the above post. As long as you fulfill the [url http://docs.oracle.com/cd/E37097_01/doc/install.42/e35123/pre_require.htm#CFHIIJBE]HTTP Server Requirements for APEX 4.2 (Also we are discussing this long about only Oracle 10g HTTP Server but which version?)
    </li></ul>
    Hope now I am more clear!
    Regards,
    Kiran

  • Installing and Configuring the Apache HTTP Server Plug-In

    Hi,
    I am using WL10.3 in Linux machine.
    I have an environment where I have a single WL server in a domain that is deployed with the web-application
    And I have another domain where I have two managed servers in a cluster that is deployed with the business.
    Now, I want to configure a Apache HTTP server to make it work as a proxy along with the weblogic.
    In my current scenario, the stand alone server proxies the req to the cluster and that is defined in a jndi.properties.
    Now, what should I do if I want to use the Apache
    I have the following questions:
    1. Forget about my env, generally how can I install and configure Apache HTTP plug-in?
    I see we already having libproxy_61.so file inside /bea/wlserver_10.3/server/plugin/linux/i686
    Do i need to install the patch even then as told in http://www.oracle.com/technology/deploy/security/wls-security/2793.html?
    2. While am adding the lines in httpd.conf ,
    LoadModule weblogic_module modules/mod_wl_22.so
    Should I put ibproxy_61.so instead of mod_wl_22.so in this line?
    3. Just by configuring the proxy, the session replication and load balancing will be ensured?
    4.And for my configuration as stated at the beginning few lines, what can be the best architecture?
    Your help is really appreciated.

    Hi,
    Below blog would give you a clear understanding of the Integrating Apache with Weblogic. All your questions are been answered in the below blog.
    http://www.prasannatech.net/2008/07/integrating-apache-tomcat-weblogic.html
    You can for sure apply the patch provided in CVE-2008-3257).
    Keep posted with your findings and let us know if you need any further clarification.
    Regards,
    Hussain

  • Integrating Apache Http Server with Streaming Server

    Hi,
    How to integrate my Apache Http Server with a Darwin Streaming Server or any server?
    Any links are really appreciated.
    Thanks.

    Your question has nothing whatsoever to do with JSP, JSTL, or java. Locking.

  • Cannot connect to database with servlet thru apache http server / vhosts

    Hello,
    I have an application that works perfectly when Tomcat 5.5 is running stand-alone, but when I run Tomcat and Apache HTTP Server together, I get an error when trying to connect to the database. Servlets are working fine otherwise. Connection pooling is setup and working fine for Tomcat stand-alone. With the Apache server, I'm running Virtual Hosts.
    My guess is that I need something in the host block of server.xml about the context.xml where the db resource pool is defined. This is what I have so far in server.xml:
    <Host name="www.mydomain.com" debug="0" appBase="d:/WebApps/mydomain"
    unpackWARs="true" autoDeploy="true">
    <Context path="" docBase="" debug="0"/>
    </Host>
    Or the problem may be caused by something else entirely. Does anybody have any suggestions? Your help is greatly appreciated.
    Thank you,
    Logan

    A little help? Anybody?
    I can connect to the database with Tomcat stand-alone, but not with Tomcat integrated with Apache. I have seen this problem described elsewhere, but no solution has been found.

  • Apache HTTP Server Plug-In for HPUX

    First action:
    Installation of
    BEA Weblogic Server 6.1 Servicepack 4
    Apache Webserver Version 2.0.43
    gcc 3.0.2
    on
    HP-UX hansapp4 B.11.11 U 9000/800
    Apache Webserver can be started !
    Aditional Action:
    Installation of BEA's Apache HTTP Server Plug-In
    as a dynamic shared object:
    Copy of mod_wl_20.so to APACHE_HOME/modules
    Adaption of httpd.conf by adding line
    "LoadModule weblogic_module modules/mod_wl_20.so"
    Result:
    Apache Webserver cannot be started !
    Start of
    [email protected]:/usr/local/apache2/bin> ./apachectl configtest
    gives:
    Syntax error on line 234 of /usr/local/apache2/conf/httpd.conf:
    Cannot load /usr/local/apache2/modules/mod_wl_20.so into server:
    Call to mmap() failed - TEXT /usr/local/apache2/modules/mod_wl_20.so

    While the question is for AS 8, you can try this (mod_proxy-based):
    http://docs.sun.com/source/817-3652-10/agplugin.html#wp34000
    -Alexis

Maybe you are looking for