Oracle B12255-01 Manuale Utente

About Oracle HTTP Server Security

Oracle HTTP Server Administrator’s Guide

Security can be organized into the three categories of authentication, authorization,
and confidentiality. Oracle HTTP Server provides support for all three of these
categories. It is based on the Apache Web server, and its security infrastructure is
primarily provided by the Apache modules,

, and the

Oracle modules,

. mod_auth provides authentication based on user

name and password pairs, mod_access controls access to the server based on the
characteristics of a request, such as hostname or IP address, mod_ossl provides
confidentiality and authentication with

Based on the Apache model, Oracle HTTP Server provides access control,
authentication, and authorization methods that can be configured with access
control directives in the

 file. When URL requests arrive at Oracle

HTTP Server, they are processed in a sequence of steps determined by server
defaults and configuration parameters. The steps for handling URL requests are
implemented through a module or plug-in architecture that is common to many
Web listeners.

 shows how URL requests are handled by the server. Each step in this

process is handled by a server module depending on how the server is configured.
For example, if basic authentication is used, then the steps labeled “Authentication”
and “Authorization” in

 represent the processing of the mod_auth

module.