Apache + SP HTTP reverse proxy to Weblogic

[Sykes, Andy]

Scott,

> The SP does its own header defensing, but a proxy can't, so you just have to be darn sure nothing can directly access the WebLogic tier.

So if I'm forced into the situation where I must use headers, then the SP's spoof-protection system is superior to just setting the headers by hand?

The real root problem is that Oracle pulled AJP13 support out of Weblogic.

- Andy.