Manualshelf

Corporation Server User Manual

ManualsBrandsOracle ManualsServerB12255-01
71727374757677787980
mod_certheaders
Oracle HTTP Server Modules 7-5
mod_certheaders
Enables reverse proxies that terminate SSL connections in front of Oracle HTTP
Server to transfer information regarding SSL connection, such as SSL client
certificate information, to Oracle HTTP Server, and applications running behind
Oracle HTTP Server. This information is transferred from the reverse proxy to
Oracle HTTP Server using HTTP headers. The information is transferred from the
headers to the standard CGI environment variable, which mod_ossl or mod_ssl
populates if the SSL connection is terminated by Oracle HTTP Server. It also enables
certain requests to be treated as HTTPS requests even though they are received
through HTTP.
Perform the following steps to configure mod_certheaders:
1. Configure Oracle HTTP Server to load mod_certheaders. To do this, add a
LoadModule directive to httpd.conf file.
UNIX: LoadModule certheaders_module libexec/mod_
certheaders.so
Windows: LoadModule certheaders_module
modules/ApacheModuleCertHeaders.dll
2. Specify which headers should be translated to CGI environment variables. This
can be achieved by using the AddCertHeader directive. This directive takes a
single argument, which is the CGI environment variable that should be
populated from a HTTP header on incoming requests. For example, to populate
the SSL_CLIENT_CERT CGI environment variable, add the following line to
httpd.conf:
AddCertHeader SSL_CLIENT_CERT
The AddCertHeader directive can be a global setting if it is placed in the base
virtual server section of httpd.conf. It can be specific to a single virtual host
by placing it within a virtual host container, or it can be specific to a set of URIs
by placing it within a <Directory> or <Location> container directive within
httpd.conf. The combination of these directives are additive, so that for a
given URI, all directives that are specific to that URI will be added to any that
are specific to that request’s virtual host, which will be added to any that is
defined for that base virtual host.