on 01-12-2013 6:17 AM
Hello,
Hope someone can tell me what I'm missing.
We have an SAP Web Dispatcher 7.2 running in our DMZ that is acting as a reverse proxy of sorts for an internal Netweaver 7.3 Portal.
External users (the general public on the internet) should be able to go to http://abc.company.com and the Web Dispatcher is supposed to send them to the internal Netweaver 7.3 server. The problem is if I go to that address, I get a "Page cannot be displayed".
So I ran a Fiddler trace when trying to go to the address and what's really happening is that my browser gets the 307 redirect and then immediately gets a 502 Bad Gateway response and it shows the name of the internal server (which is bad as well).
The odd thing is that if I instead enter the address that goes directly to the application, it partially works. Let me explain. While we are running a Netweaver 7.3 portal, we are not requiring user to logon to get to this specific Web Dynpro app. So that is where the Web Dispatcher comes into play. The user should be able to type http://abc.company.com and what should happen on our end is the Web Dispatcher should take them to http://internalsrvr.company.com/webdynpro/resources/company.com/vp/VPApp. From that point on, everything clicked on within the app works as expected. It's just the initial redirect that isn't working.
I know I'm missing something obvious in the config, but I copied this config from another config from a test system that was working and just altered server names and pathing as needed.
So could someone please help me out and take a look at these config files tell me if I'm missing something obvious. Any help is appreciated.
Web Dispatcher Profile:
SAPSYSTEMNAME = ABC
SAPGLOBALHOST = sapwdsrvr
SAPSYSTEM = 00
INSTANCE_NAME = W00
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
DIR_EXECUTABLE = $(DIR_CT_RUN)
DIR_PROFILE = $(DIR_INSTALL)\profile
_PF = $(DIR_PROFILE)\ABC_W00_sapwdsrvr
SETENV_00 = PATH=$(DIR_EXECUTABLE);%PATH%
Autostart = 1
#-----------------------------------------------------------------------
# Accessability of Message Server
#-----------------------------------------------------------------------
rdisp/mshost = internalsrvr.company.com
ms/http_port = 8101
#-----------------------------------------------------------------------
# Configuration for medium scenario
#-----------------------------------------------------------------------
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
#-----------------------------------------------------------------------
# SAP Web Dispatcher Ports
#-----------------------------------------------------------------------
#icm/server_port_0 = PROT=HTTP,PORT=81$$
icm/server_port_0 = PROT=HTTP,PORT=80
#-----------------------------------------------------------------------
# SAP Web Dispatcher URL Rewrites
#-----------------------------------------------------------------------
icm/HTTP/mod_0 = PREFIX=/,FILE=C:\usr\sap\ABC\SYS\profile\filter_rules.txt
#-----------------------------------------------------------------------
# Start webdispatcher
#-----------------------------------------------------------------------
_WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)
Start_Program_00 = local $(_WD) pf=$(_PF)
SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec
ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)
sec/libsapsecu = $(ssl/ssl_lib)
ssf/ssfapi_lib = $(ssl/ssl_lib)
Filter_Rules.txt
# Web Dispatcher Rules
if %{HTTP_HOST} RegIMatch abc.company.com*
SetHeader x-sap-webdisp-target-sid SVP
if %{HTTP_HOST} RegIMatch abc.company.com*
RegIRewriteUrl ^/$ /webdynpro/resources/company.com/vp/VPApp [break]
I appreciate any help!
Thanks,
Tom
Helllo Tom,
Are you really sure you want to run the http:// protocol from the DMZ? I would suggest these parameters instead: wdisp/server_info_protocol = https,
wdisp/group_info_protocol = https, wdisp/url_map_protocol = https, and wdisp/ping_protocol = https.
In addition try adding rdisp/TRACE = 3 to the profile and recycle. Look for someting in the trace that matches this "IcrIHandleHTTPClientRequest dest='<URL.com:[port]' URL='/sap/public/icman/ping' -> -1" . The [port] should match the backend icm/server_port_0 profile parameter if I am correct.
If you want to stay with http just ensure you can telnet from the source to the target over the port being used by the standalone SAP Web Dispatcher to call the service '/sap/public/icman/ping'. If you are unable to telnet to that port then you have a firewall block.
You did not mention the the patch level of the Web Dispatcher you have. If you have set you environment vaiables just run sapwebdisp -v from a command prompt.
Bottom line is to upgrade to kernel 426. SAP was kind enough to release SAP 1845042 - Web dispatcher ping over https uses http server port.
Regards,
Dan Mead
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I was hopping to find a solution posted here as I have a similar situation. Using standalone web Dispaterchers pointing to NW 7.30 backend. Replacing our "working" DMZ SAP Web Dispatcher with a 7.20 patch 421 version. Just copied the old profile over and modified as needed.
sapwebdisp pf=<profile> -checkconfig ends with 0 errors and 0 warings!
I am not sure if this parameter is still supported:
icm/HTTP/redirect_0 = PREFIX=/, TO=/sap/public/bc/its/mimes/zcnp_disc/99/default.html
icm/HTTP/logging_0 = PREFIX=/, TO=/sap/public/bc/its/mimes/zcnp_disc/99/default.html, LOGFILE=access_log,MAXSIZEKB=5000, SWITCHTF=month, FILEWRAP=on
I can bring up https://<URL>.com/sap/admin
I get the old 500 Dispatching Error
Error -26
Version 7200
HTTP_ROUTE
http_route.c
3369
{0000000e}
no valid destination server available for '!ALL' rc-4
I am guessing this method of redirect has changed for this version. it does tag to my URL the proper path of /sap/publlic/bc/its/mimes/z*.*
Regards,
Dan Mead
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Well, we gave up and scrapped the whole WD server and rebuilt it clean. Everything is working as expected now. I wish I could give anyone that runs across this thread some insight as to what happened, but we just don't know. There was something causing the problem, but what it was, we'll never know. But rebuilding a clean WD server was our final solution.
For anyone looking for examples of a working config, this is what our final config ended up being. I realize it is different than the original post, and that was expected.
Thanks for your help Samuli.
Here is the WD Profile:
=================
SAPSYSTEMNAME = SWD
SAPGLOBALHOST = <WD Server Name>
SAPSYSTEM = 00
INSTANCE_NAME = W00
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
DIR_EXECUTABLE = $(DIR_CT_RUN)
DIR_PROFILE = $(DIR_INSTALL)\profile
_PF = $(DIR_PROFILE)\SWD_W00_<WD Server Name>
SETENV_00 = PATH=$(DIR_EXECUTABLE);%PATH%
Autostart = 1
#-----------------------------------------------------------------------
# Configuration for Multiple Systems
#-----------------------------------------------------------------------
wdisp/system_0 = MSHOST=<internalsrvr.company.com>, MSPORT=8101, SID=SVP
wdisp/add_client_protocol_header = true
wdisp/add_xforwardedfor_header = true
#-----------------------------------------------------------------------
# Accesssability of Message Server
#-----------------------------------------------------------------------
rdisp/mshost = <internalsrvr.company.com>
ms/http_port = 8101
#-----------------------------------------------------------------------
# Configuration for medium scenario
#-----------------------------------------------------------------------
icm/max_conn = 500
icm/max_sockets = 1024
icm/req_queue_len = 500
icm/min_threads = 10
icm/max_threads = 50
mpi/total_size_MB = 80
#-----------------------------------------------------------------------
# SAP Web Dispatcher Ports
#-----------------------------------------------------------------------
#icm/server_port_0 = PROT=HTTP,PORT=81$$
icm/server_port_0 = PROT=HTTP,PORT=80
#-----------------------------------------------------------------------
# SAP Web Dispatcher URL Rewrites
#-----------------------------------------------------------------------
icm/HTTP/mod_0 = PREFIX=/,FILE=C:\usr\sap\SVP\SYS\profile\filter_rules.txt
#-----------------------------------------------------------------------
# Start webdispatcher
#-----------------------------------------------------------------------
_WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)
Start_Program_00 = local $(_WD) pf=$(_PF)
SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec
ssl/ssl_lib = $(DIR_EXECUTABLE)$(DIR_SEP)$(FT_DLL_PREFIX)sapcrypto$(FT_DLL)
sec/libsapsecu = $(ssl/ssl_lib)
ssf/ssfapi_lib = $(ssl/ssl_lib)
Filter_Rules.txt:
=============
# Rules
if %{HTTP_HOST} RegIMatch abc.company.com*
SetHeader x-sap-webdisp-target-sid SVP
if %{HTTP_HOST} RegIMatch abc.company.com*
RegIRewriteUrl ^/$ /webdynpro/resources/mccormick.com/vp/VPApp [break]
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
OK, we've managed to clean up network routing and such, unfortunately, that wasn't the issue. Also, we corrected some config settings in the WD profile. But upon starting the WD instance, when we look in the dev_webdisp log file, we see this:
*** ERROR => HttpModParseFile: Could not open file: C:\usr\sap\filter_rules.txt [http_rewrite 3648]
Thinking it was a possible permissions issue, we gave Everyone read & execute permissions on that file, but that didn't resolve the issue.
Is this file supposed to be located in a specific location and are there certain permissions on the file that are needed? We are running WD on Windows Server 2008R2.
Thanks,
Tom
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The modification actions are optional. It does not matter where that file resides as long as the service account running the Web Dispatcher can access it.
Now that I have realized, for the first time, that you are actually using modification actions in the Web Dispatcher, it could definitely explain the problem you are seeing. Remove the modification actions, make sure the Web Dispatcher works correctly without them and then try to implement the modification actions one by one to see which one breaks it.
Looking at your rules, I can't see the problem although why are you using the asterisk behind the hostname?
You can also setup the rewrite in NetWeaver Administrator so that you can omit the functionality in the Web Dispatcher. The default rule is to rewrite / to /startPage, you could change that to your requirements.
I just noticed that your configuration is missing the system aliases. Or did you omit that part of the configuration? You need a configuration setting such as
wdisp/system_0 = SID=SVP, MSHOST=internalsrvr.company.com, MSPORT=8101
The reason being that in your rewrite rules, you decide based on the host header to forward requests to a system called "SVP".
See the attached link for details.
http://help.sap.com/saphelp_nw73/helpdata/en/c5/ec466f5544409982c7d3ca29ce1ad3/frameset.htm
icm/HTTP/redirect_0 = PREFIX=/,FOR=yat01.yat.com, FROM=*,TO=/sap/bc/gui/sap/its/webgui,HOST=yat01.yat.com,PROT=HTTP,PORT=8000
not work?
This has nothing to do with SAP. Talk to your network admin(s).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Web Dispatcher doesn't redirect, it acts as a reverse proxy meaning anything accessing the Web Dispatcher is a client to it and Web Dispatcher will become a client for the backend application. Whatever the problem is that you are seeing, it is specific to your network setup. It could be a transparent proxy, Network cache, application firewall, etc. issue. That said, be aware that NetWeaver Portal does redirects.
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.