cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Web Dispatcher not working as a URL filter when doing SSL

Former Member

on ‎06-30-2009 1:25 AM

0 Kudos

Hi all,

We are trying to configure a web dispatcher in our DMZ to take incoming SSL requests and pass them through to our PI box.

We have configured the web dispatcher and also a permissions table which is working fine for regular http requests.

However the permissions table does not appear to be being used for HTTPS requests.

The config files is below, any advice would be appreciated.

Cheers,

John

Profile File

SAPSYSTEMNAME = WDD

SAPGLOBALHOST = sdsapwd01

SAPSYSTEM = 00

INSTANCE_NAME = W00

DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64

DIR_EXECUTABLE = $(DIR_CT_RUN)

DIR_PROFILE = $(DIR_INSTALL)\profile

PF = $(DIRPROFILE)\WDD_W00_sdsapwd01

#----

  1. Accesssability of Message Server

#----

rdisp/mshost = sdsapappdev3.sap.gen-probe.com

ms/http_port = 8110

ms/https_port = 443

#----

  1. Configuration for medium scenario

#----

icm/max_conn = 500

icm/max_sockets = 1024

icm/req_queue_len = 500

icm/min_threads = 10

icm/max_threads = 50

icm/HTTP/admin_0 = PREFIX=/sap/admin,DOCROOT=D:/usr/sap/WDD/W00/work/admin,PORT=8888,HOST=sdsapwd01

mpi/total_size_MB = 80

#----

  1. SAP Web Dispatcher Ports

#----

icm/server_port_0 = PROT=HTTP,PORT=8888,TIMEOUT=1800

icm/server_port_1 = PROT=HTTP,PORT=8080,TIMEOUT=1800

icm/server_port_2 = PROT=ROUTER,PORT=443,TIMEOUT=1800

#----

  1. Start webdispatcher

#----

wdisp/permission_table=
sdsapwd01\sapmnt\WDD\SYS\profile\permissions.txt

WD = $(DIREXECUTABLE)\sapwebdisp$(FT_EXE)

Start_Program_00 = local $(_WD) pf=$(_PF)

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎06-30-2009 2:53 PM
0 Kudos

Hi,

Prakasu is right we are using end to end ssl and as such we don't need the cryptography files.

icm/server_port_2 = PROT=ROUTER,PORT=443,TIMEOUT=1800

This is working fine, the issue is that I want to limit the url's the partner can access using the permission file.

It limits them for http, but https does not apear to be checking the permissions file right now.

Any ideas???

Cheers,

John

Show replies
Show replies
Former Member
‎07-29-2009 4:56 PM
0 Kudos

Use the URI permission table to determine the rules according to which the SAP Web dispatcher should handle incoming URLs. This is a file that lists the rules in rows.

The principle "first matchu201C applies as for the route permission table in the SAProuter. The first entry in the table that matches a request is valid. The other rows are no longer important.

Each row has the form

P/D/S <URI pattern>

where the letter at the start of the row has the following meaning.

P lets the request through. It is forwarded by the SAP Web dispatcher to the appropriate application server.

D refuses the request and sends a message to the client.

S only allows secure connections (HTTPS) for the URL prefix.

URI pattern> is the section of the URL that is labeled in the Cache Key section as translated path.

You can use the wildcard character *, but only at the start or the end of the <URI pattern> string.

Source: http://help.sap.com/saphelp_nw70/helpdata/EN/7a/f2883c18be411ae10000000a114084/content.htm

Regards,

Dan

Former Member
‎06-30-2009 7:46 AM
0 Kudos

Hi,

in your web dispatcher profile file you have said:

icm/server_port_0 = PROT=HTTP,PORT=8888,TIMEOUT=1800

icm/server_port_1 = PROT=HTTP,PORT=8080,TIMEOUT=1800

icm/server_port_2 = PROT=ROUTER,PORT=443,TIMEOUT=1800

Where is the server port for HTTPS protocol?

Regards,

Rajeev Gupta

Show replies
Show replies
Former Member
‎06-30-2009 7:49 AM
0 Kudos

Hi,

icm/server_port_2 = PROT=ROUTER,PORT=443,TIMEOUT=1800

This is the Https port. i thing he is using end to end ssl.

Regards,

Prakasu.M

Former Member
‎06-30-2009 7:28 AM
0 Kudos

Hi,

Have you placed the Cryptography files in the webdispatcher ?

Regards,

Prakasu.M

Show replies
Show replies
Ask a Question