1 Introduction to Oracle HTTP Server Security
Oracle HTTP Server is a web server component for Oracle Fusion Middleware, which provides a listener for Oracle WebLogic Server and the framework for hosting static pages, dynamic pages, and applications over the web.
Oracle HTTP Server also provides key features such as single sign-on, clustered deployment, and high availability, which enhance its operations.
This document describes best practices, general security features, and guidelines for using Oracle HTTP Server. The topics are organized into the following chapters:
- Configuring SSL and TLS Security, describes how to use ciphers and protocols, server certificates, and location directives to ensure secure connections.
- Configurations for Enhanced Security, describes how different secure headers such as X-XSS-Protection, HTTP only, HSTS, content security policy headers, and so on, help to mitigate security issues while using Oracle HTTP Server.
- Protecting Oracle HTTP Server Against Known Web Server Attacks, provides information about protecting Oracle HTTP Server against DoS and slow HTTP attacks.