Apache + SP HTTP reverse proxy to Weblogic

Sykes, Andy a.sykes at ucl.ac.uk
Fri Nov 18 15:12:00 GMT 2011


> The SP does its own header defensing, but a proxy can't, so you just have to be darn sure nothing can directly access the WebLogic tier.

So if I'm forced into the situation where I must use headers, then the SP's spoof-protection system is superior to just setting the headers by hand?

The real root problem is that Oracle pulled AJP13 support out of Weblogic.

- Andy.

More information about the users mailing list