cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Filtrage des URL pour sap Webdispatcher

Former Member

on ‎01-18-2012 2:57 PM

0 Kudos

Hello,

I installed a sap webdisptcher on Linus REL5. The webdispatcher will be in front of a portal which will then redirect the end users to the sap systems behind. I want to deny the users from connecting to all the URL other than the http://SerName:8100 /irj and http://SerName:8100 /sap/admin for the administor.

I added the followinf parameter to the profile:

icm/HTTP/auth_0 =PREFIX =/,PERMFILE=/usr/sap/ZD1/SYS/global/security/data/Permfile

In the PermFile i add the folloing line:

 
P /irj *        *       *       *
P /sap/admin *  *       *       *
D /* *  *       *       *

but this deny all the connection to the Web Dispatcher inclusing the irj. So asanother solution i had to craete a parameter for every URL i need to deny with a permfile containing the following

D /* * * * *

Do you have a solution to make all the filtering by one permfile?

Best Regards,

Hassan

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎01-18-2012 4:15 PM
0 Kudos

Hi,

I do use URL filtering with SAP Web Dispatcher and I have a single permission file.

There is no need to add a line with D /* * * * * *

By default all URLs are forbidden.

Only URL defined with a P line or S line are authorised.

Beware that the permission file does not support empty lines. You need at least a comment character (#) to begin each empty line.

By the way a SAP Portal is not a reverse proxy. You users will still need to access URL s directly on the SAP back office systems...

Regards,

Olivier

Show replies
Show replies
Former Member
‎01-18-2012 5:28 PM
0 Kudos

Thanks for your reply,

I deleted all the parameter and i added just one with the following :


icm/HTTP/auth_0 =PREFIX =/,PERMFILE=/usr/sap/ZD1/SYS/global/security/data/PermFile

in the Permfile i added the followinf lines (There is no empty lines):


D /useradmin/* * * * *
D /nwa/* * * * *
P /irj/* * * * *
P /sap/admin/* * * * *

In this case it should allow the http://ServerId:8100/irj/ and http://ServerId:8100/sap/admin but it blocks evrything.

Is there something wrong with the file?

Former Member
‎01-19-2012 3:56 PM
0 Kudos

Hi Hassan,

My abap system and web dispatcher are running on windows and my parameter is 

icm/HTTP/auth_0 = PREFIX=/,PERMFILE=permfile.txt,FILTER=1

Here is an extract of my permfile.txt

S /sap/bc/webdynpro/sap/lso*
S /sap/bc/webdynpro/sap/LSO*
S /sap/bc/webdynpro/sap/hap_*
S /sap/bc/webdynpro/sap/HAP_*

My advices : check the FILTER=1 parameter.

Remove all the unneeded "*" characters and try again.

Regards,

Olivier

Former Member
‎01-20-2012 4:52 PM
0 Kudos

Hello Olivier,

Finally i added the paramete following the profile:

 wdisp/permission_table = PermFile

where PermFile is the following:


 P /irj/*

And it worked the webdispatcher denied all the connection exceptthe one for /irj/* . for the administation of Webdispatcher i put it on the port 8200 instead of the default port 8100.

Regards,

Hassan Khanafer

Former Member
‎01-24-2012 5:48 PM
0 Kudos

Hi Hassan,

I'm glad it finally worked for you too, but I'm surprised that you needed to set

wdisp/permission_table = PermFile

because it works for me without this parameter.

One more SAP mystery !

Regards,

Olivier

Ask a Question