on 08-13-2012 11:04 PM
Hi
We have a portal system (Instance# 30) for which I would like selective internal URL's to be redirected to https. Here is what we are looking
at doing
For the following links I would like it to move to https
http:\\hostname:53000/nwa
http:\\hostname:53000/useradmin
Here is the design I am looking at
Browser (above URL's) ---------> Web Dispatcher----------------->ICM (Here change to https)-----------------> AS Java Engine
I was looking at using using the parameter
icm/HTTP/redirect_<xx> to redirect these selected URL's
I have set the following parameters in my instance profile
icm/HTTP/redirect_0 = PREFIX=http://<hostname>:53000/useradmin, FROMPROT=http, PROT=https, HOST=<hostname>
icm/HTTP/redirect_1 = PREFIX=http://<hostname>:53000/nwa, FROMPROT=http, PROT=https, HOST=<hostname>
The parameters ssl/ssl_lib is set
The parameter icm/server_port_4 is set to PROT=HTTPS,PORT=53001, VCLIENT=1 (I chose port 5NN01 based on the recommendation from
http://help.sap.com/saphelp_nw73/helpdata/en/09/392712944fc6478c9f1ff198b6b0a7/frameset.htm
My question here is I would receive requests in port 53000 for both http and https. However when I try adding the parameter
icm/server_port_4 with https and 53000 it would not take it. Hence my question - Can I not receive both http and https requests in the same port?
Next, the icm/ server_port_4 parameter that i added to ICM disappeared after I restarted the Instance. Any idea why this might happen.
Note: I am adding the parameter from the ICM web interface by selecting Add Service under Active services in the MMC.
regards
Ravi
Hello Ravi,
A particular port is available eiter for HTTP of HTTPS requests, but nor for both.
If you add a service via ICM web interface of SAPMMC it will disappear at next restart. If you want to keep the new service you need to add it in the profile (icm/server_port_<N>).
Best regards,
Adam
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Adam, so i understand that ICM web interface is like the dynamic parameter of ABAP.
I will not be using this icm/server_port_<n> coz I will be receiving requests in one port. Certain requests which come in via this port will be converted to https by the ICM.
Hence, I have added the following parameters to the instance profile
icm/HTTP/redirect_0 = PREFIX=http://<hostname>:53000/useradmin, FROMPROT=http, PROT=https, HOST=<hostname>
icm/HTTP/redirect_1 = PREFIX=http://<hostname>:53000/nwa, FROMPROT=http, PROT=https, HOST=<hostname>
The parameter ssl/ssl_lib is set as well
$Replace <hostname> with the actual hostname of the server
However seems like when I type in the URL http:<hostname>:53000 there is no redirection being done from http to https.
Is there a trace I can enable to find what might be causing this?
My question here is I would receive requests in port 53000 for both http and https. However when I try adding the parameter
No, this is not possible.. You can only use one port for one protocol. The default https port in the j2ee engine is 5NN01.
See this link for details: http://help.sap.com/saphelp_nw70/helpdata/en/a2/f9d7fed2adc340ab462ae159d19509/content.htm
Kind regards,
Mark
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mark
The requests come in via http port 53000. All requests coming in would be http however I would like my ICM to convert certain requests to https
browser ------------------> ICM ---------------------> Java engine
via http via http
browser ------------------->ICM ------------------------> Java Engine
via http via https
So the ICM needs to do the conversion from http to https for selected requests.
We are looking at using the icm/HTTP/redirect_<xx> parameter to get this in place.
Ravi
Hello Ravi,
It is possible to redirect only specific request from HTTP to HTTPS, as described on SAP Help Portal in documentation icm/HTTP/redirect_<xx> . Excerpt from the document, an example, similar to this situation:
"
icm/HTTP/redirect_0 = PREFIX=/, FROM=/sap*, FROMPROT=http,
PROT=https, HOST=px155.sap.com
Only specific HTTP requests are redirected to HTTPS
"
As far as I can understand, for PREFIX '/' is enough, you don't need to define the whole URL (in this case http://<hostname>:53000/... ), similar to this:
icm/HTTP/redirect_0 = PREFIX=/, FROM=/useradmin, FROMPROT=http, PROT=https, HOST=<hostname>
icm/HTTP/redirect_1 = PREFIX=/, FROM=/nwa, FROMPROT=http, PROT=https, HOST=<hostname>
Hope this helps.
Best regards,
Adam
User | Count |
---|---|
78 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.