How do I protect WebLogic Server from security attacks from bogus clients using the WL-Proxy-Client-Cert header?
Submitted by: AdministratorThe WL-Proxy-Client-Cert header can be spoofed (used) by any client which has direct access to WebLogic Server. WebLogic Server takes the certificate information from that header, trusting that is came from a secure source (the plug-in) and use that information to authenticate the user. In previous releases of WebLogic Server, the default behavior was to always trust that header. Now you need to explicitly define trust of the WL-Proxy-Client-Cert header. A new parameter clientCertProxy allows WebLogic Server to on the implicit trust of the certificate header. If you need an additional level of security, use a connection filter to limit all connections into WebLogic Server (therefore allowing WebLogic Server to only accept connections from the machine on which the plug-in is running).
The clientCertProxy parameter has been added to the HTTPClusterServlet and Web applications.
For the HTTPClusterServlet, add the parameter to the web.xml file as follows:
<context-param>
<param-name>clientCertProxy</param-name>
<param-value>true</param-value>
</context-param>
For Web applications, add the parameter to the web.xml file as follows:
ServletRequestImpl context-param
<context-param>
<param-name>weblogic.http.clientCertProxy</param-name>
<param-value>true</param-value>
</context-param>
You can also use this parameter in a cluster as follows:
<Cluster ClusterAddress="127.0.0.1" Name="MyCluster"
ClientCertProxyHeader="true"/>
Submitted by: Administrator
The clientCertProxy parameter has been added to the HTTPClusterServlet and Web applications.
For the HTTPClusterServlet, add the parameter to the web.xml file as follows:
<context-param>
<param-name>clientCertProxy</param-name>
<param-value>true</param-value>
</context-param>
For Web applications, add the parameter to the web.xml file as follows:
ServletRequestImpl context-param
<context-param>
<param-name>weblogic.http.clientCertProxy</param-name>
<param-value>true</param-value>
</context-param>
You can also use this parameter in a cluster as follows:
<Cluster ClusterAddress="127.0.0.1" Name="MyCluster"
ClientCertProxyHeader="true"/>
Submitted by: Administrator
Read Online BEA Weblogic Job Interview Questions And Answers
Top BEA Weblogic Questions
☺ | Can I use the getAttribute() and setAttribute() methods of Version 2.2 of the Java Servlet API to parse XML documents? |
☺ | Which of the following are the benefits of MDB (Message Driven Beans) over standard JMS consumers? |
☺ | Why do I get an error while trying to retrieve the text for ORA-12705? |
☺ | Why am I getting an ORA-01000: maximum open cursors exceeded error, even though I closed all ResultSet, Statement, and Connection objects? |
☺ | Can WebLogic Server start with a UNIX boot? |
Top Application Program Categories
☺ | AutoCAD Interview Questions. |
☺ | Microsoft Office Interview Questions. |
☺ | Microsoft Outlook Interview Questions. |
☺ | Microsoft Excel Interview Questions. |
☺ | MATLAB Interview Questions. |