cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

hide the bachend systems

Go to solution
Former Member

on ‎01-08-2012 1:14 PM

0 Kudos

Gurus:

We have an EP with ESS application. Employees use a webdispatcher URL to access the EP doing ESS related

jobs.

We face an issue that is HttpWatch can display the hostname of each visited backend system while the EP end user navigates on the EP.

Could you please share your experience on how to overcome this issue, in other words, let no tools like httpwatch be able to display the visited backend systems?

Thanks!!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-09-2012 12:11 PM
0 Kudos

Hi,

I suppose that you are speaking of iviews displaying BSP or Abap webdynpro running in the abap back office sytem.

What is shown by HTTPWATCH is perfectly normal because SAP Portal is NOT a reverse proxy. It just integrates visually the abap web applications and there is still a direct connection from the user browser to the abap system.

The solution is, of course, not to deinstall httpwatch which I am sure is only used by admins.

If you really want to hide the abap system hostname, you can install a SAP Web dispatcher for the abap system on the Portal system. If you use at least release 7.2 from SAP Web dispatcher, you can even use the same web dispatcher for EP and the abap back office system. You would have, of course, to change the configuration of the iviews URL in the portal.

Therefore the only hostname seen from a user browser would be the EP server.

Regards,

Olivier

Show replies
Show replies
Former Member
‎01-09-2012 12:35 PM
0 Kudos

Olivier:

We would consider your recommendation.

Just one more question before I close this thread:

What to be changed on the configuration of the iView URL?

Thanks a lot to all of you!

Answers (1)

Answers (1)

Former Member
‎01-08-2012 2:46 PM
0 Kudos

Hi Helen,

HTTPWatch is a plug-in HTTP Viewer for Internet Explorer, so if dont want to use it dont enable the plug-in from tools.

You have to enable the tool and press on "Record" so that it start showing the HTTP traffic in the system.

So,if you dont enable it or use filters then you will not see the unwanted http traffic in your browser window.

Check these docs for more clarity on this.

http://wiki.sdn.sap.com/wiki/display/BSP/HttpWatch

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e08aede9-1d09-2d10-41b6-fb696a5b0...

http://help.httpwatch.com/#filter_dialog.html

Regards,

Ashutosh

Show replies
Show replies
Former Member
‎01-08-2012 3:11 PM
0 Kudos

Hi!

Thanks for replying.

Our problem is that hackers can use Httpwatch to get our system identities. We cannot prevent all users from using httpwatch and alike.

Do you know how to hide so that no tools like that can display our backend system info?

Thanks!

Former Member
‎01-08-2012 3:38 PM
0 Kudos

Hi Helen,

In that case you should consider moving from HTTP to HTTPS by enabling end to end SSL.We have done same in our env.

Here are some useful pointers for that:

/thread/841814 [original link is broken]

http://help.sap.com/saphelp_nw70/helpdata/EN/d8/a922d7f45f11d5996e00508b5d5211/frameset.htm

http://publib.boulder.ibm.com/infocenter/cssap/v8r4m0/index.jsp?topic=/com.ibm.commonstore.sap.serve...

Regards,

Ashutosh

Former Member
‎01-09-2012 8:21 AM
0 Kudos

Hello Helen,

You can't hide hostname details in HTTPWatch tool. HTTPwatch tool is meant to find the activity done from client browser in order to find root cause of any issue.

I just suggest you to uninstall HTTP watch from client machines and install only when it's required.

Alternatively, you can setup SSL (https) in your landscape as already others suggested if you still want to use httpwatch at client browsers.

Hope it helps.

Thanks,

Siva Kumar

Former Member
‎01-09-2012 12:04 PM
0 Kudos

Siva:

You wrote:

You can't hide hostname details in HTTPWatch tool. HTTPwatch tool is meant to find the activity done from client browser in order to find root cause of any issue.

I recall that I did a full SNC on the communication connection between EP and ECC in another project.

The UNIX sniff tool (not httpwatch which is web-based) could explicitly display the hostnames but everything

else was properly encrypted. Was this because of the same reason you explained? If so, end-to-end SSL can hide

what SNC cannot hide?

Anyway, now end users know our EP application servers' hostnames. Therefore they use the URL for the EP application server

to access the EP instead of the webdispatcher URL per policy.

How do we redirect their URL, i.e.

if they type http://<EP application server>:port/irj, it will automatically change to http://webdisp/irj?

or simply give a message : "please use web dispatcher" w/o giving login page?

All people's opinions appreciated.

Thanks!

Former Member
‎01-09-2012 12:11 PM
0 Kudos

Hi Helen,

I think you can implement the URL re-writing using Apache webserver in place.

Below shows the flow back and forth.

IP <-> Apache <-> Webdispatcher <-> EP Server

Br,

Venky

Former Member
‎01-09-2012 1:22 PM
0 Kudos

Hello Helen,

How do we redirect their URL, i.e. if they type http://<EP application server>:port/irj, it will automatically change to http://webdisp/irj?

- You can achieve this with parameter icm/HTTP/redirect_<xx>. Please take a look at below link for more details.

http://help.sap.com/saphelp_nw04s/helpdata/en/00/040f3a39ce8704e10000000a114084/content.htm

Good Luck.

Thanks,

Siva Kumar

Ask a Question