on 01-18-2012 2:57 PM
Hello,
I installed a sap webdisptcher on Linus REL5. The webdispatcher will be in front of a portal which will then redirect the end users to the sap systems behind. I want to deny the users from connecting to all the URL other than the http://SerName:8100 /irj and http://SerName:8100 /sap/admin for the administor.
I added the followinf parameter to the profile:
icm/HTTP/auth_0 =PREFIX =/,PERMFILE=/usr/sap/ZD1/SYS/global/security/data/Permfile
In the PermFile i add the folloing line:
P /irj * * * *
P /sap/admin * * * *
D /* * * * *
but this deny all the connection to the Web Dispatcher inclusing the irj. So asanother solution i had to craete a parameter for every URL i need to deny with a permfile containing the following
D /* * * * *
Do you have a solution to make all the filtering by one permfile?
Best Regards,
Hassan
Hi,
I do use URL filtering with SAP Web Dispatcher and I have a single permission file.
There is no need to add a line with D /* * * * * *
By default all URLs are forbidden.
Only URL defined with a P line or S line are authorised.
Beware that the permission file does not support empty lines. You need at least a comment character (#) to begin each empty line.
By the way a SAP Portal is not a reverse proxy. You users will still need to access URL s directly on the SAP back office systems...
Regards,
Olivier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks for your reply,
I deleted all the parameter and i added just one with the following :
icm/HTTP/auth_0 =PREFIX =/,PERMFILE=/usr/sap/ZD1/SYS/global/security/data/PermFile
in the Permfile i added the followinf lines (There is no empty lines):
D /useradmin/* * * * *
D /nwa/* * * * *
P /irj/* * * * *
P /sap/admin/* * * * *
In this case it should allow the http://ServerId:8100/irj/ and http://ServerId:8100/sap/admin but it blocks evrything.
Is there something wrong with the file?
Hi Hassan,
My abap system and web dispatcher are running on windows and my parameter is
icm/HTTP/auth_0 = PREFIX=/,PERMFILE=permfile.txt,FILTER=1
Here is an extract of my permfile.txt
S /sap/bc/webdynpro/sap/lso*
S /sap/bc/webdynpro/sap/LSO*
S /sap/bc/webdynpro/sap/hap_*
S /sap/bc/webdynpro/sap/HAP_*
My advices : check the FILTER=1 parameter.
Remove all the unneeded "*" characters and try again.
Regards,
Olivier
Hello Olivier,
Finally i added the paramete following the profile:
wdisp/permission_table = PermFile
where PermFile is the following:
P /irj/*
And it worked the webdispatcher denied all the connection exceptthe one for /irj/* . for the administation of Webdispatcher i put it on the port 8200 instead of the default port 8100.
Regards,
Hassan Khanafer
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.