Example of a successful reverse proxy to APEX using Apache and Oracle HTTP

Similar Messages

• Enterprise portal access using reverse proxy using Apache and webdispatcher

  Hi Guys,
  As requirement, we need to give solution to customer about Reverse proxy scenario. I am new to this part.
  What we have think of to use Apache and Web dispatcher.
  I tried to search documents and found some sdn links also but still i am not comfortable to go about.
  Need suggestion and document if anyone has used so far.reverse proxy.
  As basis person, we need to do all ( Apache installation, Apache configuration, Web dispatcher installation and configuration, integration with EP.)
  It will helpful to me if i can get Apache installation, Apache configuration part and integration with EP, or web dispatcher, configuration etc.
  Thanks,
  Deepak

  We used Netscaler for Reverse Proxy implementation and can assure you that network team performed most of the set ups. This was on EP 7.01.
  From BASIS stand point it would be primarily Web Dispatcher Configuration.
  Also refer the links I specified in another thread. There are several scenarios discussed there -
  Re: Post values for userid and passowrd fields in logon page
  http://wiki.sdn.sap.com/wiki/display/BSP/Using+Proxies
  ~ Dhanz

• I set up a reverse  proxy server but the DOJO and auto complete dont work

  I set up a reverse proxy server but the DOJO and auto completer don't work . Am I missing a configuration on the proxy server ?

  Well it would help if you can provide some more details on your configuration/setup.

• Down Time for  Installing APEX 4.2.1 and oracle HTTP server?

  Hi, all:
  I plan to install APEX 4.2.1 and oracle HTTP server on 10.2.0.4 database.
  Is there any down time required during installation?
  I mean during installation, do I need to block users from accessing the database?
  Can they do their normal data entry / inquiry?
  thanks,
  John
  ps. There will be server backup before installation.

  Hi,
  Documentation says
  >
  3.1 Recommended Pre-installation Tasks
  Before installing Oracle Application Express, Oracle recommends that you complete the following steps:
  Review and satisfy all Oracle Application Express installation requirements. See "Oracle Application Express Installation Requirements".
  Shut down with normal or immediate priority the Oracle Database instances where you plan to install Oracle Application Express. On Oracle Real Application Clusters (Oracle RAC) systems, shut down all instances on each node.
  An alternative to shutting down the database is to prevent all users from accessing Oracle Application Express when upgrading your installation from a previous release of Oracle Application Express. Oracle only recommends this option in high availability production environments where planned outages are not available. For all other scenarios, the database should be shut down.
  To disable access to Oracle Application Express when the existing installation is using the Application Express Listener, shut down the appropriate application server where the Application Express listener is deployed.
  To disable user access to Oracle Application Express when the existing installation is using the Oracle HTTP Server with mod_plsql, you should either shut down the Web server or disable the Application Express Database Access Descriptor of the Web server.
  For an existing installation using the embedded PL/SQL gateway, you should disable the Oracle XML DB Protocol Server by setting the HTTP port to 0. This can be accomplished by starting SQL*Plus, connecting as SYS to the database where Oracle Application Express is installed, and running:
  EXEC DBMS_XDB.SETHTTPPORT(0);
  Once you have prevented access from Oracle Application Express users, you should log into SQL*Plus as SYS, connecting to the database where Oracle Application Express is installed, and query V$SESSION to ensure there are no long running sessions which would interfere with the upgrade process.
  Back up the Oracle Database installation.
  Oracle recommends that you create a backup of the current Oracle Database installation before you install Oracle Application Express. You can use Oracle Database Recovery Manager, which is included in the Oracle Database installation, to perform the backup.
  See Also:
  Oracle Database Backup and Recovery User's Guide
  Start the Oracle Database instance that contains the target database.
  After backing up the system, you must start the Oracle instance that contains the target Oracle database. Do not start other processes such as a Web Listener. However, if you are performing a remote installation, make sure the database listener for the remote database has started.
  >
  Regards,
  Jari
  My Blog: http://dbswh.webhop.net/htmldb/f?p=BLOG:HOME:0
  Twitter: http://www.twitter.com/jariolai

• Help with Apache Reverse Proxy configuration with SAP Portal and SAP Webgui

  Dear Experts,
  I have an issue configuring Apache to work with SAP Portal and ERP webgui. Accessing Portal through Reverse Proxy is working fine. But the problem arises when we try to open an iView ERP webgui transaction page from Portal with the Reverse Proxy. Have anyone implemented similar requirements and could advice on the configuration required on the Apache side? Thank you

  hi,
  pls check the below links for reference:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/24396589-0a01-0010-3c8c-ab2e3acf6fe2
  searchsap.techtarget.com/searchSAP/downloads/chapter-december.pdf
  1)Learn to implement the reverse proxy filter and portal gateway in SAP Enterprise Portal 6.0 on Web Application Server 6.40.
  https:/.../irj/sdn/nw-portalandcollaboration?rid=/webcontent/uuid/006efe7b-1b73-2910-c4ae-f45aa408da5b
  .2 )Configuring the Portal for Your Reverse Proxy Filter Solution . ... This document describes the reverse proxy filter mechanism in SAP Enterprise ...
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/32ad9b90-0201-0010-3c8a-c900cd685f8f
  3)have full reverse proxy functionality. Possibly. filter. requests. Internet ... Reverse proxy (optionally with authentication etc.) ...
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/c066c390-0201-0010-3cba-cd42dfbcc8be
  Note:please reward points if solution found helpfull
  Regards
  Chandrakanth.k

• APEX and Oracle HTTP server

  Scenario
  We are considering using APEX with Oracle 10g. However, we don't have Oracle application server.At the same time we do not want to use the Oracle HTTP server(OHS) on the database server. The propsed application intend to use by approx. 5000 users
  Questions
  As APEX requires just OHS and mod_plsql plugin,
  1. Can we install just Oracle HTTP server and mod_plsql on standalone server? Which CD need to be used?
  2. Can OHS can be licensed separately as Oracle Internet application server(Enterprise Edition) based on processor licensing is expensive and not affordable.However, there are other options like Standard Edition and Standard Edition One as well but do not require any other options except OHS and mod_plsql plugin.Hence, what is the cost effective option to have OHS and mod_plsql as a middle tier component to deploy APEX applications
  Thanks in advance

  All,
  I'm by no means a security expert, but I don't think this is a best practice. I think the best practice is to use two HTTP servers: one in the DMZ and one on the DB server. The one in the DMZ can be a standard Apache install - it acts as a proxy server and does not need mod_plsql. The second should be OHS. This configuration allows you to block ports that are usually used to communicate with the DB from the server in the DMZ.
  Did I get that right or am I way off?
  Regards,
  Dan
  http://danielmcghan.us
  http://sourceforge.net/projects/tapigen
  http://sourceforge.net/projects/plrecur
  You can reward this reply by marking it as either Helpful or Correct ;-)

• APEX 4.0 and Oracle XE

  Hello
  When APEX 4.0 is finally released, will it be possible to install into an Oracle XE database as previous versions?
  I am interested in providing a Client demo of some of the Web2.0 features using their own network.
  Regards
  Ade

  I didnot realise Oracle XE 10g database was more advanced than the standard editions
  It is not, and I'm not sure where how you arrived at that conclusion. Oracle XE has much LESS functionality than Oracle SE One, SE or EE. It has not been revised in some time now, and while an ideal demonstration and even development platform, it is quite limited when it comes to using it for production-class applications.
  Thanks,
  - Scott -
  http://spendolini.blogspot.com
  http://www.sumneva.com

• Dynamic table owner in apex 3.0 and Oracle 10g

  I have an application that requires bulk deletes for all rows in a particular department. The application edits incoming data and then moves final approved data to the 'production' db. End users modify their data via bulk load until they are happy with validity checks. At certain times of the year this could be as many as a million rows in a single table with referential integrity deletes in up to 5 additional tables. This generates unnecessary redo and archive logs so I thought we might just create separate schemas for each department (11) and do DROP/CREATE table instead.
  The problem is that I see no way to dynamically change the table owner in ApEx. Is there any way to do this short of export/import to a 11 different parsing schemas?

  ...I thought we might just create separate
  schemas for each department (11) and do DROP/CREATE
  table instead.Instead of doing drop/create on your tables just do a truncate on the table.
  >
  The problem is that I see no way to dynamically
  change the table owner in ApEx. Is there any way to
  do this short of export/import to a 11 different
  parsing schemas?You may try creating your tables as follows
  CREATE TABLE dept1.table_a AS SELECT * FROM old_table WHERE dept=1;
  CREATE TABLE dept2.table_a AS SELECT * FROM old_table WHERE dept=2;
  Then investigate using UNION logic and possibly a flag to show/hide departments...
  SELECT * FROM dept1.table_a WHERE dept=1 AND :P1_FLAG=???;
  UNION
  SELECT * FROM dept2.table_a WHERE dept=2 AND :P1_FLAG=???;
  The above union logic may work for reporting needs but would likely not work for your maintenance pages where you need to insert/update/delete...
  Message was edited by:
  tfa

• Reverse proxying EM

  hi,
  Among of couples of web sites, oracle EM is recently behind Apache reverse proxy, i'm using mod_proxy and mod_proxy_http, the problem is that the images don't appear due to URL resolution. I know about apache_proxy_html but i'm asking if there is another alternative of this one.
  thanks.

  8081 is the application server port.
  even this fails
  NameTrans fn="map" from="/uwc" to="http://192.168.1.34/uwc"
  NameTrans fn="reverse-map" from="http://192.168.1.34/uwc" to="http://192.168.1.34:8082/uwc" rewrite-location="true" rewrite-content-location="true"
  it directs me to
  http://192.168.1.34/uwc/webmail/en/mail.html?lang=en&laurel=on&cal=0 after login which means the source webserver
  but if i specify the port within the above url it works
  http://192.168.1.34:8082/uwc/webmail/en/mail.html?lang=en&laurel=on&cal=0
  which means that the proxy is getting the contents but it redirects to the source url and doesn't rewrite it with the proxy url
  how can i solve it?

• Apache as reverse proxy - 400 Bad request

  Hi all,
  I'm configured apache as reverse proxy according to this blog:
  The Reverse Proxy Series -- Part 3: Apache as a reverse-proxy
  When I try to navigate http://testcomp/irj I get "400 - Bad request"
  See exception;
  <i>Message : User Guest, IP address
  Cannot parse the http request. Http error response [400 Bad Request] will be returned. Request is [Host: sapportal:50000
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
  Accept-Language: en,he;q=0.5
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
  Max-Forwards: 10
  Via: 1.1 localhost
  X-Forwarded-For: 10.0.0.4
  X-Forwarded-Host: 10.0.0.6
  X-Forwarded-Server: localhost
  Connection: Keep-Alive
  GET /irj HTTP/1.1
  Host: sapportal:50000
  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, /
  Accept-Language: en,he;q=0.5
  Accept-Encoding: gzip, deflate
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727)
  Max-Forwards: 10
  Via: 1.1 localhost
  X-Forwarded-For: 10.0.0.4
  X-Forwarded-Host: 10.0.0.6
  X-Forwarded-Server: localhost
  Connection: Keep-Alive
  com.sap.engine.services.httpserver.exceptions.HttpIllegalArgumentException: Incompatible field content in the MIME header.
       at com.sap.engine.services.httpserver.lib.headers.MimeHeaderField.parse(MimeHeaderField.java:364)
       at com.sap.engine.services.httpserver.lib.headers.MimeHeaders.init(MimeHeaders.java:504)
       at com.sap.engine.services.httpserver.server.RequestAnalizer.initialize(RequestAnalizer.java:196)
       at com.sap.engine.services.httpserver.server.Client.initialize(Client.java:84)
       at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:143)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Severity : Error
  Category :
  Location : com.sap.engine.services.httpserver
  Application :
  Thread : SAPEngine_Application_Thread[impl:3]_32
  Datasource : 9332850:C:usrsapPD9JC00j2eeclusterserver0logdefaultTrace.trc
  Message ID : 000C29EFE9A300570000002D00000B9000043A81D3311894
  Source Name : com.sap.engine.services.httpserver
  Argument Objs :
  Arguments :
  Dsr Component :
  Dsr Transaction : 5359e85066e411dcbf6b000c29efe9a3
  Dsr User :
  Indent : 0
  Level : 0
  Message Code :
  Message Type : 0
  Relatives :
  Resource Bundlename :
  Session : 2
  Source : com.sap.engine.services.httpserver
  ThreadObject : SAPEngine_Application_Thread[impl:3]_32
  Transaction :
  User : Guest</i>
  The lines I added to http.conf
  <i>#Enable reverse-proxying
  ProxyVia on
  ProxyTimeout 600
  #disable forward-proxying
  ProxyRequests Off
  #proxy /irj both ways
  ProxyPass /irj http://sapportal:50000/irj
  ProxyPassReverse /irj http://testcomp/irj
  #proxy /logon both ways
  ProxyPass /logon http://sapportal:50000/logon
  ProxyPassReverse /logon http://testcomp/logon</i>
  I tried with apache version 2.2.3 & 2.0.59 with no success.
  My J2EE/Portal version is 6.17.
  Since this is a testing environment the two computers are under the same workgroup (no domain).
  If I naviagte directly to the portal (without the reverse proxy) everything is working.
  How can I solve it?
  Regards,
  Omri

  Hi Jakub,
  Thanks for the answer.
  It's not working for me...
  I'm attaching my httpd.conf file.
  Also, what apache version do you use?
  Can you send me your post your httpd.conf file?
  Thanks,
  Omri
  httpd.conf
  This is the main Apache HTTP server configuration file.  It contains the
  configuration directives that give the server its instructions.
  See <URL:http://httpd.apache.org/docs/2.2/> for detailed information.
  In particular, see
  <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
  for a discussion of each configuration directive.
  Do NOT simply read the instructions in here without understanding
  what they do.  They're here only as hints or reminders.  If you are unsure
  consult the online docs. You have been warned. 
  Configuration and logfile names: If the filenames you specify for many
  of the server's control files begin with "/" (or "drive:/" for Win32), the
  server will use that explicit path.  If the filenames do not begin
  with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
  with ServerRoot set to "c:/apache" will be interpreted by the
  server as "c:/apache/logs/foo.log".
  NOTE: Where filenames are specified, you must use forward slashes
  instead of backslashes (e.g., "c:/apache" instead of "c:\apache").
  If a drive letter is omitted, the drive on which Apache.exe is located
  will be used by default.  It is recommended that you always supply
  an explicit drive letter in absolute paths, however, to avoid
  confusion.
  ThreadsPerChild: constant number of worker threads in the server process
  MaxRequestsPerChild: maximum  number of requests a server process serves
  ThreadsPerChild 250
  MaxRequestsPerChild  0
  ServerRoot: The top of the directory tree under which the server's
  configuration, error, and log files are kept.
  Do not add a slash at the end of the directory path.  If you point
  ServerRoot at a non-local disk, be sure to point the LockFile directive
  at a local disk.  If you wish to share the same ServerRoot for multiple
  httpd daemons, you will need to change at least LockFile and PidFile.
  ServerRoot "c:/apache"
  Listen: Allows you to bind Apache to specific IP addresses and/or
  ports, instead of the default. See also the <VirtualHost>
  directive.
  Change this to Listen on specific IP addresses as shown below to
  prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
  #Listen 12.34.56.78:80
  Listen 80
  Dynamic Shared Object (DSO) Support
  To be able to use the functionality of a module which was built as a DSO you
  have to place corresponding `LoadModule' lines at this location so the
  directives contained in it are actually available before they are used.
  Statically compiled modules (those listed by `httpd -l') do not need
  to be loaded here.
  Example:
  LoadModule foo_module modules/mod_foo.so
  LoadModule actions_module modules/mod_actions.so
  LoadModule alias_module modules/mod_alias.so
  LoadModule asis_module modules/mod_asis.so
  LoadModule auth_basic_module modules/mod_auth_basic.so
  #LoadModule auth_digest_module modules/mod_auth_digest.so
  #LoadModule authn_anon_module modules/mod_authn_anon.so
  #LoadModule authn_dbm_module modules/mod_authn_dbm.so
  LoadModule authn_default_module modules/mod_authn_default.so
  LoadModule authn_file_module modules/mod_authn_file.so
  #LoadModule authz_dbm_module modules/mod_authz_dbm.so
  LoadModule authz_default_module modules/mod_authz_default.so
  LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
  LoadModule authz_host_module modules/mod_authz_host.so
  LoadModule authz_user_module modules/mod_authz_user.so
  LoadModule autoindex_module modules/mod_autoindex.so
  #LoadModule cern_meta_module modules/mod_cern_meta.so
  LoadModule cgi_module modules/mod_cgi.so
  #LoadModule dav_module modules/mod_dav.so
  #LoadModule dav_fs_module modules/mod_dav_fs.so
  #LoadModule deflate_module modules/mod_deflate.so
  LoadModule dir_module modules/mod_dir.so
  LoadModule env_module modules/mod_env.so
  #LoadModule expires_module modules/mod_expires.so
  #LoadModule file_cache_module modules/mod_file_cache.so
  #LoadModule headers_module modules/mod_headers.so
  LoadModule imagemap_module modules/mod_imagemap.so
  LoadModule include_module modules/mod_include.so
  #LoadModule info_module modules/mod_info.so
  LoadModule isapi_module modules/mod_isapi.so
  LoadModule log_config_module modules/mod_log_config.so
  LoadModule mime_module modules/mod_mime.so
  #LoadModule mime_magic_module modules/mod_mime_magic.so
  <b>LoadModule proxy_module modules/mod_proxy.so</b>
  #LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
  #LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
  #LoadModule proxy_connect_module modules/mod_proxy_connect.so
  <b>LoadModule proxy_http_module modules/mod_proxy_http.so</b>
  #LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
  LoadModule negotiation_module modules/mod_negotiation.so
  #LoadModule rewrite_module modules/mod_rewrite.so
  LoadModule setenvif_module modules/mod_setenvif.so
  #LoadModule speling_module modules/mod_speling.so
  #LoadModule status_module modules/mod_status.so
  #LoadModule unique_id_module modules/mod_unique_id.so
  LoadModule userdir_module modules/mod_userdir.so
  #LoadModule usertrack_module modules/mod_usertrack.so
  #LoadModule vhost_alias_module modules/mod_vhost_alias.so
  #LoadModule ssl_module modules/mod_ssl.so
  'Main' server configuration
  The directives in this section set up the values used by the 'main'
  server, which responds to any requests that aren't handled by a
  <VirtualHost> definition.  These values also provide defaults for
  any <VirtualHost> containers you may define later in the file.
  All of these directives may appear inside <VirtualHost> containers,
  in which case these default settings will be overridden for the
  virtual host being defined.
  ServerAdmin: Your address, where problems with the server should be
  e-mailed.  This address appears on some server-generated pages, such
  as error documents.  e.g. [email protected]
  ServerAdmin @@ServerAdmin@@
  ServerName gives the name and port that the server uses to identify itself.
  This can often be determined automatically, but we recommend you specify
  it explicitly to prevent problems during startup.
  If your host doesn't have a registered DNS name, enter its IP address here.
  ServerName localhost:80
  DocumentRoot: The directory out of which you will serve your
  documents. By default, all requests are taken from this directory, but
  symbolic links and aliases may be used to point to other locations.
  DocumentRoot "c:/apache/htdocs"
  Each directory to which Apache has access can be configured with respect
  to which services and features are allowed and/or disabled in that
  directory (and its subdirectories).
  First, we configure the "default" to be a very restrictive set of
  features. 
  <Directory />
      Options FollowSymLinks
      AllowOverride None
      Order deny,allow
      Deny from all
      Satisfy all
  </Directory>
  Note that from this point forward you must specifically allow
  particular features to be enabled - so if something's not working as
  you might expect, make sure that you have specifically enabled it
  below.
  This should be changed to whatever you set DocumentRoot to.
  <Directory "c:/apache/htdocs">
  Possible values for the Options directive are "None", "All",
  or any combination of:
    Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
  Note that "MultiViews" must be named explicitly --- "Options All"
  doesn't give it to you.
  The Options directive is both complicated and important.  Please see
  http://httpd.apache.org/docs/2.2/mod/core.html#options
  for more information.
      Options Indexes FollowSymLinks
  AllowOverride controls what directives may be placed in .htaccess files.
  It can be "All", "None", or any combination of the keywords:
    Options FileInfo AuthConfig Limit
      AllowOverride None
  Controls who can get stuff from this server.
      Order allow,deny
      Allow from all
  </Directory>
  DirectoryIndex: sets the file that Apache will serve if a directory
  is requested.
  <IfModule dir_module>
      DirectoryIndex index.html
  </IfModule>
  The following lines prevent .htaccess and .htpasswd files from being
  viewed by Web clients.
  <FilesMatch "^\.ht">
      Order allow,deny
      Deny from all
  </FilesMatch>
  ErrorLog: The location of the error log file.
  If you do not specify an ErrorLog directive within a <VirtualHost>
  container, error messages relating to that virtual host will be
  logged here.  If you do define an error logfile for a <VirtualHost>
  container, that host's errors will be logged there and not here.
  ErrorLog logs/error.log
  LogLevel: Control the number of messages logged to the error_log.
  Possible values include: debug, info, notice, warn, error, crit,
  alert, emerg.
  LogLevel warn
  <IfModule log_config_module>
  The following directives define some format nicknames for use with
  a CustomLog directive (see below).
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%You need to enable mod_logio.c to use %I and %Oi\" \"%{User-Agent}i\"" combined
      LogFormat "%h %l %u %t \"%r\" %>s %b" common
      <IfModule logio_module>
        LogFormat "%h %l %u %t \"%r\" %>s %b \"%i\" \"%{User-Agent}i\" %I %O" combinedio
      </IfModule>
  The location and format of the access logfile (Common Logfile Format).
  If you do not define any access logfiles within a <VirtualHost>
  container, they will be logged here.  Contrariwise, if you do
  define per-<VirtualHost> access logfiles, transactions will be
  logged therein and not in this file.
      CustomLog logs/access.log common
  If you prefer a logfile with access, agent, and referer information
  (Combined Logfile Format) you can use the following directive.
      #CustomLog logs/access.log combined
  </IfModule>
  <IfModule alias_module>
  Redirect: Allows you to tell clients about documents that used to
  exist in your server's namespace, but do not anymore. The client
  will make a new request for the document at its new location.
  Example:
  Redirect permanent /foo http://www.example.com/bar
  Alias: Maps web paths into filesystem paths and is used to
  access content that does not live under the DocumentRoot.
  Example:
  Alias /webpath /full/filesystem/path
  If you include a trailing / on /webpath then the server will
  require it to be present in the URL.  You will also likely
  need to provide a <Directory> section to allow access to
  the filesystem path.
  ScriptAlias: This controls which directories contain server scripts.
  ScriptAliases are essentially the same as Aliases, except that
  documents in the target directory are treated as applications and
  run by the server when requested rather than as documents sent to the
  client.  The same rules about trailing "/" apply to ScriptAlias
  directives as to Alias.
      ScriptAlias /cgi-bin/ "c:/apache/cgi-bin/"
  </IfModule>
  "c:/apache/cgi-bin" should be changed to whatever your ScriptAliased
  CGI directory exists, if you have that configured.
  <Directory "c:/apache/cgi-bin">
      AllowOverride None
      Options None
      Order allow,deny
      Allow from all
  </Directory>
  Apache parses all CGI scripts for the shebang line by default.
  This comment line, the first line of the script, consists of the symbols
  pound (#) and exclamation followed by the path of the program that
  can execute this specific script.  For a perl script, with perl.exe in
  the C:\Program Files\Perl directory, the shebang line should be:
     #!c:/program files/perl/perl
  Note you mustnot_ indent the actual shebang line, and it must be the
  first line of the file.  Of course, CGI processing must be enabled by
  the appropriate ScriptAlias or Options ExecCGI directives for the files
  or directory in question.
  However, Apache on Windows allows either the Unix behavior above, or can
  use the Registry to match files by extention.  The command to execute
  a file of this type is retrieved from the registry by the same method as
  the Windows Explorer would use to handle double-clicking on a file.
  These script actions can be configured from the Windows Explorer View menu,
  'Folder Options', and reviewing the 'File Types' tab.  Clicking the Edit
  button allows you to modify the Actions, of which Apache 1.3 attempts to
  perform the 'Open' Action, and failing that it will try the shebang line.
  This behavior is subject to change in Apache release 2.0.
  Each mechanism has it's own specific security weaknesses, from the means
  to run a program you didn't intend the website owner to invoke, and the
  best method is a matter of great debate.
  To enable the this Windows specific behavior (and therefore -disable- the
  equivilant Unix behavior), uncomment the following directive:
  #ScriptInterpreterSource registry
  The directive above can be placed in individual <Directory> blocks or the
  .htaccess file, with either the 'registry' (Windows behavior) or 'script'
  (Unix behavior) option, and will override this server default option.
  DefaultType: the default MIME type the server will use for a document
  if it cannot otherwise determine one, such as from filename extensions.
  If your server contains mostly text or HTML documents, "text/plain" is
  a good value.  If most of your content is binary, such as applications
  or images, you may want to use "application/octet-stream" instead to
  keep browsers from trying to display binary files as though they are
  text.
  DefaultType text/plain
  <IfModule mime_module>
  TypesConfig points to the file containing the list of mappings from
  filename extension to MIME-type.
      TypesConfig conf/mime.types
  AddType allows you to add to or override the MIME configuration
  file specified in TypesConfig for specific file types.
      #AddType application/x-gzip .tgz
  AddEncoding allows you to have certain browsers uncompress
  information on the fly. Note: Not all browsers support this.
      #AddEncoding x-compress .Z
      #AddEncoding x-gzip .gz .tgz
  If the AddEncoding directives above are commented-out, then you
  probably should define those extensions to indicate media types:
      AddType application/x-compress .Z
      AddType application/x-gzip .gz .tgz
  AddHandler allows you to map certain file extensions to "handlers":
  actions unrelated to filetype. These can be either built into the server
  or added with the Action directive (see below)
  To use CGI scripts outside of ScriptAliased directories:
  (You will also need to add "ExecCGI" to the "Options" directive.)
      #AddHandler cgi-script .cgi
  For type maps (negotiated resources):
      #AddHandler type-map var
  Filters allow you to process content before it is sent to the client.
  To parse .shtml files for server-side includes (SSI):
  (You will also need to add "Includes" to the "Options" directive.)
      #AddType text/html .shtml
      #AddOutputFilter INCLUDES .shtml
  </IfModule>
  The mod_mime_magic module allows the server to use various hints from the
  contents of the file itself to determine its type.  The MIMEMagicFile
  directive tells the module where the hint definitions are located.
  #MIMEMagicFile conf/magic
  Customizable error responses come in three flavors:
  1) plain text 2) local redirects 3) external redirects
  Some examples:
  #ErrorDocument 500 "The server made a boo boo."
  #ErrorDocument 404 /missing.html
  #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
  #ErrorDocument 402 http://www.example.com/subscription_info.html
  EnableMMAP and EnableSendfile: On systems that support it,
  memory-mapping or the sendfile syscall is used to deliver
  files.  This usually improves server performance, but must
  be turned off when serving from networked-mounted
  filesystems or if support for these functions is otherwise
  broken on your system.
  #EnableMMAP off
  #EnableSendfile off
  Supplemental configuration
  The configuration files in the conf/extra/ directory can be
  included to add extra features or to modify the default configuration of
  the server, or you may simply copy their contents here and change as
  necessary.
  Server-pool management (MPM specific)
  #Include conf/extra/httpd-mpm.conf
  Multi-language error messages
  #Include conf/extra/httpd-multilang-errordoc.conf
  Fancy directory listings
  #Include conf/extra/httpd-autoindex.conf
  Language settings
  #Include conf/extra/httpd-languages.conf
  User home directories
  #Include conf/extra/httpd-userdir.conf
  Real-time info on requests and configuration
  #Include conf/extra/httpd-info.conf
  Virtual hosts
  #Include conf/extra/httpd-vhosts.conf
  Local access to the Apache HTTP Server Manual
  #Include conf/extra/httpd-manual.conf
  Distributed authoring and versioning (WebDAV)
  #Include conf/extra/httpd-dav.conf
  Various default settings
  #Include conf/extra/httpd-default.conf
  Secure (SSL/TLS) connections
  #Include conf/extra/httpd-ssl.conf
  Note: The following must must be present to support
        starting without SSL on platforms with no /dev/random equivalent
        but a statically compiled-in mod_ssl.
  <IfModule ssl_module>
  SSLRandomSeed startup builtin
  SSLRandomSeed connect builtin
  </IfModule>
  <b>ProxyPreserveHost On
  ProxyVia on
  ProxyTimeout 600
  #disable forward-proxying
  ProxyRequests Off
  #proxy /irj both ways
  ProxyPass /irj http://sapportal:50000/irj
  ProxyPassReverse /irj http://sapportal:50000/irj
  #ProxyPassReverse /irj http://testcomp/irj
  #proxy /logon both ways
  ProxyPass /logon http://sapportal:50000/logon
  ProxyPassReverse /logon http://sapportal:50000/logon
  #ProxyPassReverse /logon http://testcomp/logon</b>

• Configuring a Apache Reverse Proxy for OracleAS Portal and OracleAS Single

  I'm trying to implement my Oracle Portal 10g Release 2 with a reverse proxy (Apache 2.2) as described in this link: http://download.oracle.com/docs/cd/B14099_19/core.1012/b13998/variants.htm#BEIFECEH without success. I have Oracle Portal, Oracle SSO,OID in the same domain and Apache Reverse Proxy in another domain. Has anyone had success using OracleAS Portal with a reverse proxy?

  First of all i'm trying to configure a reverse proxy only for Ora SSO (infra tier). Here is what i already do:
  APACHE REVERSE PROXY (Apache 2.2)
  http:/proxy.mycompany.com:80
  ProxyRequests off
  ProxyPassInterpolateEnv On
  ProxyPass / http:/portal.tech.everett.it:7777/
  ProxyPassReverse / http:/portal.tech.everett.it:7777/
  ProxyPreserveHost On
  ORACLE SSO
  http:/portal.mycompany.com:7777
  Here are the steps i already do:
  1- CONFIG OID
  create an ldif file called setdasurl.ldif and insert as follow:
  dn:cn=OperationURLs,cn=DAS,cn=Products,cn=OracleContext
  changetype: modify
  replace: orcldasurlbase
  orcldasurlbase: http:/proxy.mycompany.com/
  then do ldapmodify as follow:
  ldapmodify -x -h portal.mycompany.com -p 3060 -D "cn=orcladmin" -w password1 -v -f setdasurl.ldif
  2- CONFIG ORA SSO (as gentjan user)
  export ORACLE_HOME=/home/gentjan/product/10.1.2/OracleAS/infra/
  2.1-config Apache config of ORA SSO
  vi $ORACLE_HOME/Apache/Apache/conf/httpd.conf
  change from:
  ServerName portal.mycompany.com
  Port 7777
  KeepAlive On
  to:
  ServerName proxy.mycompany.com
  Port 80
  KeepAlive Off
  and add at the end of httpd.conf
  RewriteEngine On
  RewriteOptions inherit
  2.2- update DCM Repository (as root)
  *$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
  2.3- modify SSO Server Home URL to reverse proxy hostname and port (as root)
  *$ORACLE_HOME/sso/bin/ssocfg.sh http proxy.mycompany.com 80*
  2.4- Updating the targets.xml File
  Open the ORACLE_HOME/sysman/emd/targets.xml file and locate the target type oracle_sso_server.
  vi $ORACLE_HOME/sysman/emd/targets.xml
  Update the HTTPMachine and HTTPPort attributes with the proxy server host and port attributes that were passed to ssocfg. For example:
  Property NAME="HTTPMachine" VALUE="proxy.mycompany.com"
  Property NAME="HTTPPort" VALUE="80"
  Property NAME="HTTPProtocol" VALUE="http"
  Save and close the file.
  Reload the Application Server Control Console by issuing this command (as gentjan):
  *$ORACLE_HOME/bin/emctl reload*
  2.5- Re-register mod_osso on SSO Middle-tier with reverse proxy hostname and port
  some needed permissions
  chmod -R 775 /home/gentjan/product/10.1.2/OracleAS/infra/dcm/
  Re-register mod_osso (as gentjan)
  *$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /home/gentjan/product/10.1.2/OracleAS/infra -site_name infra.proxy.mycompany.com -config_mod_osso TRUE -mod_osso_url http:/proxy.mycompany.com:80 -update_mode MODIFY*
  2.6- update DCM Repository (as root)
  *$ORACLE_HOME/dcm/bin/dcmctl updateconfig -ct HTTP_Server -v -d*
  2.7- Restart OC4J_Security and Oracle HTTP Server at Infrastructure tier
  *$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server*
  *$ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_SECURITY*
  After this modifications my reverse proxy is ok.
  I can access to http:/proxy.mycompany.com:80 and this redirect me to Oracle Application Server Welcome page.
  If i try http:/proxy.mycompany.com/pls/orasso/orasso.home, i can view the SSO Server Home page.
  The problem that i find is when i click to Login page for Oracle SSO.
  I have the following error:
  Forbidden You don't have permission to access /pls/orasso/ORASSO.wwsec_app_priv.login on this server.
  So, in other words i can't do the login/logout under reverse proxy. Anyone can help?
  Gentjan

• Retain Orginal URL after Reverse Proxying

  I am trying to do a reverse proxy using Apache config file (Apache 2.2)
  I am able to successfully reverse proxy a user from https://www4.dev.sonet.se/chatview/ to http://pkma-usis.kaddi.sonet.fe/chatview
  But when i try to retain the host domain name after reverse proxy using "Header edit Location" directive, it fails.
  i.e, After redirection to http://pkma-usis.kaddi.sonet.fe:80/chatview the user must see the URL as https://www4.dev.sonet.se/chatview.
  I wanted to know if what I am trying to do is feasible in the first place and if this is a good practice. Following is my config file.
  Can anyone please help me in this? - if I am using a correct approach? any alternate options available? debugging options to find out where my config goes wrong ?
  <Macro SingleNode %h1 %lp %rp>
  <Location /%lp/>
  Header add Set-Cookie "%Chat_SID=h.%{BALANCER_WORKER_ROUTE}e;\
  path=/%lp/;" env=BALANCER_ROUTE_CHANGED
  Header edit Location "^(.*pkma-usis.kaddi.sonet.fe.*/%lp/)(.*)$" "/%lp/$2"
  </Location>
  <Proxy balancer://%lpCluster>
  BalancerMember http://%h1 min=1 smax=3 max=10 ttl=10 route=%h1
  </Proxy>
  ProxyPassReverse /%lp/ http://%h1/%rp/
  RewriteRule ^/%lp/(.*) balancer://%lpCluster/%rp/$1 [proxy]
  ProxySet balancer://%lpCluster stickysession=%Chat_SID
  </Macro>
  <IfDefine DEV>
  Use SingleNode jemma-uusi.stadi.sonera.fi:80 chatview chatview
  </IfDefine>
  <LocationMatch "/chatview/">
  AuthType Basic
  Require valid-user
  AuthName CT
  </LocationMatch>
  ###################################

  Hi,
  I am not sure I 100% understand you setup but it is possible to retain the URL after a proxy :-)
  Here is a edited example from one of our customers:
  1. httpd.conf
  <VirtualHost 172.30.123.10:80>
    ServerName theheat.dk
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://theheat.dk$1
  </VirtualHost>2. ssl.conf
  <VirtualHost 172.30.123.10:443>
  ServerName theheat.dk
  RewriteEngine On
  RewriteRule ^/$ /example/faces/Home [R=301]
  RequestHeader set WL-Proxy-SSL true
  ProxyPass        /example/ http://wintermute:8001/example/
  ProxyPassReverse /example/ http://wintermute:8001/example/3. Admin Console
  In the Admin Console navigate to the Managed Server running on port 8001 and find Configuration => General => Advanced.
  Put a check mark in "WebLogic Plug-In Enabled" even though your are not using the mod_wl plug-in.
  Now select the Protocols tab and then HTTP. Set "Frontend Host" to theheat.dk and for "Frontend HTTPS Port" input 443.
  Hope it helps.
  Regards Peter

• BizTalk published WCF service throwing HTTP 404 error using ISA reverse proxy settings

  I have published my schemas as a WCF service from BizTalk 2010 "Publish WCF Service" wizard. I used Wcf-basicHTTP adapter in receive port. I am able to run the service successfully on localhost IIS and I tested my biztalk solution by sending request using SOAP UI and got response successfully.... Now: Actually, I need to give this service endpoint to my vendor who will send request from outside my company's network i.e. internet. In my infrastrucrue BizTalk is behind the firewall so, we setup a REVERSE proxy server at DMZ layer and it is configured properly. I have tested a simple WCF service by replacing the localhost with Proxy server configured address <DNSName> and it worked absolutely fine. But when I change localhost in my BizTalk schema based published WCF service it is not working and I am getting following error. Really strugling to get it resolved. I wasted a whole 3 days....very upset. Please help me out by giving the detailed step solution. Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Please review the following URL and make sure that it is spelled correctly. Requested URL: /BizTalkServiceInstance/MyService.svc I am surprized why other c# code based WCF services are working fine with reverse proxy settings. Server Error in '/' Application. The resource cannot be found.Is there any special things to consider Biztalk exposed wcf servcie over ssl in IIS cluster with ISA

  Hi Singam :)
  First I would start by browsing any other files (files other than the one from WCF) just to ensure that the reverse-proxy’s redirection rules are set correctly. If you get the same 404 error when you try to access other service/files “through reverse-proxy”,
  then it’s an issue in the redirection rule(s) in reverse-proxy.
  If others are fine i.e. no issue in reverse-proxy setup as such, then try the following for WCF service's web.config file. I have seen this issue in WCF service (not just BizTalk’s artifacts exposed as service in reverse-proxy). Add serviceHostingEnvironment
  config as show with in serviceModel section.
  <system.serviceModel>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  Regards,
  M.R.Ashwin Prabhu
  If this answers your question please mark it accordingly. If this post is helpful, please vote as helpful by clicking the upward arrow mark next to my reply.

• O-Portal behind reverse proxy, aliasing of o-portal url to generic url.

  I'd like to setup o-Portal behind a reverse proxy. This is a proxy service which accepts connections on http://a.b.com/ and gets the content from internal webservers based on the url. For example http://a.b.com/pls/DAD1 comes from an o-Portal server but http://a.b.com/depts/ comes from a webserver. The problem with o-Portal is now, that it creates pages with its servername and port in the URL of the pages it serves out. For example, if it runs on server x.b.com on the port 7777 the links on all pages are http://x.b.com:7777/pls/DAD1. To get it to work correctly with my proxy, all these links should be http://a.b.com/pls/DAD1 and then the proxy gets the pages from http://x.b.com:77777/pls/DAD1.
  How do I tell o-Portal to create this different URL in its pages? You could also say, I'd like to alias http://a.b.com/pls/DAD1 to http://x.b.com:77777/pls/DAD1
  I'm sure there is a configuration setting to change this. We had the same problem with Oracle HR11i and there we got it solved.
  Web Single Sign On applications like IBM WebSeal or Netegrity Siteminder use these kind of proxies to protect the intranet and to create a Single Sign On domain for all web servers.
  Thanks,
  Rainer

  I also would like overcome this issue. I could not find an answer anywhere on Metalink or OTN.
  Can a reverse-proxy (i.e. using ProxyPass & Reverse) be used with and internal Portal?
  John Z
  Butler Mfg. Co.
  [email protected]

• Apache as a reverse proxy for E-recruiting

  We are trying to use apache as a reverse procy for e-recruting. The call to the web proxy is being forwareded correctly but whereas if the page is opened directly on the e-recruiting box it opens a page with a bsp generated logon screen, when using the portal it generates a window dialog for logon and i the get the following message :
  BSP Exception: Das Objekt sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/application.do in der URL /sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/sap/bc/bsp/sap/hrrcf_start_int/application.do?sap-client=100&sap-language=EN&BspClient=100&BspLanguage=EN&rcfSpId=0003&rcfContext=LMUGEN ist nicht gültig.
  Has anyone done apache as a proxy for e-recruting who can share an example or offer any advice?
  Thanks

  Hi Richard,
  you can take this link as a starting point: /people/sap.user72/blog/2006/04/18/the-reverse-proxy-series--part-32-apache-as-a-complex-reverse-proxy
  In your case it seems to me that "/sap/bc/bsp/sap/hrrcf_start_int" gets concatenated 2 more times in your URL than it should.
  That looks like a loop resp. an apache directive which gets executed too often.
  regards, Norbert