Access Control Directives - Oracle

There are several important directives that relate to access control. These directives set the server and server administrator options, and they can be set for the main OHS server or a virtual host. Access control directives are useful when you want to limit the IP addresses or ports the OHS server will listen to, for example. Let's discuss the important access control-related OHS configuration directives, which are the Listen, UseCanonicalName, ServerName, and Port directives.

Listen   The Listen directive tells the OHS server which port and IP address combinations it should listen to for client connection requests. The syntax for the Listen directive is as follows:

  Listen [IP-address:]portnumber

As you can see, you can specify both the IP address and the port number as arguments to the Listen directive. However, the IP address is only an optional argument. If you specify only a certain port number, the OHS server will listen to all requests from all IP addresses on that port. If you specify the optional port number as well as the mandatory port number arguments, the OHS server will listen to requests only from the port number and IP address combination. Here's an example:

  Listen 192.166.14.12:80

exam watch:  By default, the OHS Server listens to every IP address, if you just specify the port number for the Listen directive specification.

The OHS server will listen to requests only from the IP address 192.166.14.12, on port 80. If you specify multiple Listen directives with various IP and port number combinations, OHS will accept connection requests from all the specified combinations of IP addresses and ports. Note that if you leave out the IP address, OHS will honor requests from all IP addresses, as long as they come through the
specified port.

UseCanonicalName   On occasion, the OHS server needs to construct self-referential URLs--that is, URLs that refer back to the same server. When redirecting a URL to the same server (i.e., when the OHS Server has to construct a self-referential URL), it has two choices regarding the host name and port. The first option is to use the host name and port specified by users in the HTTP 1.1 header. The other way is to use the host name and port numbers specified by the ServerName and Port directives. You can choose the latter option by setting the UseCanonicalName setting to ON, which is the default setting for this directive. If you set the UseCanonicalName directive to ON, the Oracle HTTP Server will use the Server Name and Port directives to construct the canonical name for the server.

  Example: ServerName = www.example.com
           Port = 9090
          Canonical Name = www.example.com:9090

Self referential URLs may be useful when you have an intranet server, where you use short names such as www. If a user types a short name such as http://www/test (without the trailing slash), OHS will redirect it by default ( UseCanonicalName is ON by default) to http://www.mydomain.com/test /, and the user may thus be forced to authenticate twice (if you have enabled authentication)--first to //www, and then to //www/test. If you set UseCanonicalName to OFF instead, OHS will redirect this self-referential URL to simply http://www/test/ .

ServerName   The ServerName directive specifies the host name and port that the server uses to identify itself when redirecting user URLs. IF you don't specify the ServerName directive, the OHS server will try to perform a reverse lookup on the IP address to gather the host name information. If you omit the optional port argument for the ServerName directive, then OHS will use the port number specified in the incoming requests. It's a good idea to always explicitly specify the hostname and port by using the ServerName directive. Here's the syntax of the ServerName directive:

  ServerName fully-qualified-domain-name[:port]

As you can see, the fully qualified domain name is mandatory, and the port specification is optional, for the ServerName directive. Let's say the name of the server hosting the OHS server is test.company.com. Let's say the server also has a DNS alias named www.company.com. If your goal is for the server to be always identified as www.company.com, you can do that by setting the following value for the ServerName directive:

 ServerName www.company.com:80

Under a virtual hosting system, the ServerName directive inside the <VirtualHost> container specifies the host names that should be specified in the HTTP 1.1 headers to match the virtual host name.

The ServerName directive defines the host name for the SERVER_NAME variable used in the canonical server name for URL redirection requests.

Port    The Port directive sets the SERVER_PORT environment variable used in redirection requests. If you don't set the Listen directive, the OHS Server accepts connections and redirects to the port number specified by the Port directive. That is, in the absence of the Listen directive, the Port directive specifies the default port for the Web server. If you do set the Listen directive, however, OHS uses the Port directive only for redirection; this is usually the IP and port on the Web cache that sits in front of the OHS. When you use the Listen directive, that directive will override any port value that's been set by you, which will become the default port for redirected URLs or any other URLs generated by the Oracle HTTP Server. The port numbers OHS can use range from 0 to 65535, but all port numbers below 1024 are reserved for system use.

on the job:  You can start OHS only from the root account if you choose port number 80.