on 06-30-2009 1:25 AM
Hi all,
We are trying to configure a web dispatcher in our DMZ to take incoming SSL requests and pass them through to our PI box.
We have configured the web dispatcher and also a permissions table which is working fine for regular http requests.
However the permissions table does not appear to be being used for HTTPS requests.
The config files is below, any advice would be appreciated.
Cheers,
John
Profile File
SAPSYSTEMNAME = WDD
SAPGLOBALHOST = sdsapwd01
SAPSYSTEM = 00
INSTANCE_NAME = W00
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
DIR_EXECUTABLE = $(DIR_CT_RUN)
DIR_PROFILE = $(DIR_INSTALL)\profile
PF = $(DIRPROFILE)\WDD_W00_sdsapwd01
#----
Accesssability of Message Server
#----
rdisp/mshost = sdsapappdev3.sap.gen-probe.com
ms/http_port = 8110
ms/https_port = 443
#----
Configuration for medium scenario
#----
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
icm/HTTP/admin_0 = PREFIX=/sap/admin,DOCROOT=D:/usr/sap/WDD/W00/work/admin,PORT=8888,HOST=sdsapwd01
mpi/total_size_MB = 80
#----
SAP Web Dispatcher Ports
#----
icm/server_port_0 = PROT=HTTP,PORT=8888,TIMEOUT=1800
icm/server_port_1 = PROT=HTTP,PORT=8080,TIMEOUT=1800
icm/server_port_2 = PROT=ROUTER,PORT=443,TIMEOUT=1800
#----
Start webdispatcher
#----
wdisp/permission_table=
sdsapwd01\sapmnt\WDD\SYS\profile\permissions.txt
WD = $(DIREXECUTABLE)\sapwebdisp$(FT_EXE)
Start_Program_00 = local $(_WD) pf=$(_PF)
Hi,
Prakasu is right we are using end to end ssl and as such we don't need the cryptography files.
icm/server_port_2 = PROT=ROUTER,PORT=443,TIMEOUT=1800
This is working fine, the issue is that I want to limit the url's the partner can access using the permission file.
It limits them for http, but https does not apear to be checking the permissions file right now.
Any ideas???
Cheers,
John
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Use the URI permission table to determine the rules according to which the SAP Web dispatcher should handle incoming URLs. This is a file that lists the rules in rows.
The principle "first matchu201C applies as for the route permission table in the SAProuter. The first entry in the table that matches a request is valid. The other rows are no longer important.
Each row has the form
P/D/S <URI pattern>
where the letter at the start of the row has the following meaning.
P lets the request through. It is forwarded by the SAP Web dispatcher to the appropriate application server.
D refuses the request and sends a message to the client.
S only allows secure connections (HTTPS) for the URL prefix.
URI pattern> is the section of the URL that is labeled in the Cache Key section as translated path.
You can use the wildcard character *, but only at the start or the end of the <URI pattern> string.
Source: http://help.sap.com/saphelp_nw70/helpdata/EN/7a/f2883c18be411ae10000000a114084/content.htm
Regards,
Dan
Hi,
in your web dispatcher profile file you have said:
icm/server_port_0 = PROT=HTTP,PORT=8888,TIMEOUT=1800
icm/server_port_1 = PROT=HTTP,PORT=8080,TIMEOUT=1800
icm/server_port_2 = PROT=ROUTER,PORT=443,TIMEOUT=1800
Where is the server port for HTTPS protocol?
Regards,
Rajeev Gupta
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Have you placed the Cryptography files in the webdispatcher ?
Regards,
Prakasu.M
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.