A-12 Oracle Fusion Middleware Administrators Guide for Oracle HTTP Server A.1.7 Oracle Proxy Plug-In Usage Information This section highlights development and usage practices to consider when developing an application that runs behind the Oracle Proxy Plug-In. Some of the practices also apply when enabling an application to run behind Oracle Web Cache. ■ Check for configurations based on Oracle HTTP Server being the entry point into the network. This is usually only relevant if an application has a module that plugs directly into Oracle HTTP Server. Specifically, look for dependencies on obtaining information about the client based on the connection made to Oracle HTTP Server, such as using the SSL certificate for authentication. Currently, Secure Socket Layer SSL is not supported, so even if the client uses SSL to connect to the third-party listener, an unencrypted HTTP message will be sent from the third-party listener to Oracle HTTP Server. This means that client certificates will not be available to components that reside behind the plug-in. The environment variable REMOTE_ ADDR has been specifically preserved when Oracle Proxy Plug-In and Oracle Web Cache are used, but other client information may, in practice, represent the system on which the proxy resides rather than the actual client host. These behaviors must be discovered and eliminated in cases where Oracle HTTP Server is not the external listener for Oracle Fusion Middleware. ■ Avoid embedding host names into HTML unless the link is external to the Web site. This includes static HTML pages, dynamic pages generated by servlets, JSPs, PLSQL, and so on. Examine all code that obtains the server name of Oracle HTTP Server to ensure that the code is not embedding the server name into pages that are sent back to the client. To test for this behavior, use a Web crawler application also known as a spider to traverse all links in a Web site. Open source tools with this functionality are available. ■ Avoid returning host and port information in applications such as applets or javascript downloaded to the client. If you have an application that uses browser-based code, ensure that the code does not contain the host name and port of Oracle HTTP Server that actually delivers the content. Instead, it must have the actual client-accessible address used by the third-party listener. ■ Ensure that all URLs within an application can be easily mapped to a set of rules that the proxy can use. To successfully proxy all requests for an application, the Oracle Proxy Plug-In must have a complete description of the URL space for that application. Each Oracle Fusion Middleware application must describe the set of rules necessary to configure the plug-in for that application. This set of rules must include all URLs that the application could generate. If an application generates a URL that is not described by the proxy urlrule parameters, then the request will be served by the third-party HTTP listener, and a document not found error may occur, or a different document may be delivered to the client. Developers of applications that use common top-level directories, such as a reliance on mapping images, should be prepared to the following: ■ Change these common links to something that will not conflict with applications that might already be deployed on the third-party listener. ■ Instruct the user to copy the necessary content to the third-party listener directory structure. For performance reasons, it is a good idea to have the