About oracle http server security – Oracle B12255-01 User Manual
Page 132
About Oracle HTTP Server Security
8-2
Oracle HTTP Server Administrator’s Guide
About Oracle HTTP Server Security
Security can be organized into the three categories of authentication, authorization,
and confidentiality. Oracle HTTP Server provides support for all three of these
categories. It is based on the Apache Web server, and its security infrastructure is
primarily provided by the Apache modules,
, and the
Oracle modules,
. mod_auth provides authentication based on user
name and password pairs, mod_access controls access to the server based on the
characteristics of a request, such as hostname or IP address, mod_ossl provides
confidentiality and authentication with
Based on the Apache model, Oracle HTTP Server provides access control,
authentication, and authorization methods that can be configured with access
control directives in the
file. When URL requests arrive at Oracle
HTTP Server, they are processed in a sequence of steps determined by server
defaults and configuration parameters. The steps for handling URL requests are
implemented through a module or plug-in architecture that is common to many
Web listeners.
shows how URL requests are handled by the server. Each step in this
process is handled by a server module depending on how the server is configured.
For example, if basic authentication is used, then the steps labeled “Authentication”
and “Authorization” in
represent the processing of the mod_auth
module.
Figure 8–1
Steps for Handling URL Requests in Oracle HTTP Server