The Oracle HTTP Server (OHS) 1.0.2.2 is based on Apache with Oracle mods, and serves as the web listener for the E-Business Suite Release 11i.  I suspect that one our best kept techstack secrets is that Oracle HTTP Server used in Apps 11i can — and should — be upgraded to the latest version available. 


11i Architecture:


We periodically release new versions of OHS to address performance, stability, and security issues.  These new versions are released in “rollup” patches and are certified with a minimum level of the ATG Family pack.  These rollup patches also include fixes for the Database Client, Mod_Plsql, and WebCache.

The latest patch available is Rollup 5, which can be downloaded via patch 4393827.  This patch can be used with TXK (FND) AUTOCONFIG TEMPLATE ROLLUP PATCH K (July 2005) Patch 4104924 and higher.  This rollup contains a large number of important fixes, too many fixes to list here comprehensively.  Here’s an excerpt from the README:
  • 4393898 – SECURITY BUGS FIXED IN

    CPUJUL2005
  • 4199473 – SECURITY BUGS FIXED IN CPUAPR2005
  • 4049349 – SECURITY BUGS FIXED IN CPUJAN2005
  • 3811838 – SECURITY BUGS FIXED IN ALERT 68


  • 2169002 – HTTP 1.1 SUPPORT IN MOD_PROXY
  • 3267065 – SSL FAILS WITH SSLPROTOCOL WHEN ROLLUP4 APPLIED
  • 3351007 – ENABLING ROTATE LOGS INTERMITANTLY DELAYS SHUTDOWN
  • 3501964 – ALLOW EVENT.OCCURRED() TO NOT BE CALLED FROM SESSION.GETVALUE() IN

    APACHEJSERV
  • 3698788 – PROXY_HTTP.C CHANGES FOR SITEMINDER REVERSE PROXY SOLUTION
  • 3840903 – APPS:URL’S REWRITTEN WITH REWRITE NOT WORKING  ON NT (SAME RULES

    WORK ON UNIX)
  • 3477543 – SCRIPT_NAME AND PATH_INFO CANNOT HANDLE 0X5C IN THE URL


  • 3197147   – JVM CRASHES ON AN E-BIZ 11.5.9 ENVIRONMENT CONFIGURED TO

    USE SSL


  • 3889519   – UPLOAD IN SSL DOES NOT WORK WITH IE AFTER SECALERT 68 OR

    DB PATCH 9015
  • 2363247   – UNNECESSARY BITMAP PATH GENERATION AND BITMAP MEM

    ALLOCATION
  • 2379325   – WRONG COST CALCULATED AT KPRCDT
  • 2410612   – CONVENTIONAL EXPORT HAS WRONG DATA ON IMPORT
  • 2528524   – CLEAR TEXT PASSWORDS IN TRACE FILE
This patch is highly recommended for all E-Business Suite Release 11i customers.  Judging from the download statistics for this patch, it’s likely that you don’t have the latest release in your environment.  Given the inclusion of security-related fixes in this patch, I’d urge you to schedule an upgrade to this version at your earliest convenience.

For more details about Oracle HTTP Server rollup certifications with the E-Business Suite, see:
Related