on 09-05-2016 5:38 AM
Hi All, I have a requirement to disable http port and to use https port instead. As a part of this I want to track all http requests that are coming in through allocate http port i.e. 80. I have tried to activate http trace through ST01 & ST12, but seems not efficient enough, e.g. A known http connection (SM59-connetion type H) coming into system was not being recorded in traces. I tried with increasing the trace level from t code SMICM as well. Kindly suggest possible ways to track incoming http requests/connections so that we can redirect all such requests to https before disabling http port. Thanks, Dev.
Hi,
Please try this-
Tcode SMICM
Goto->tracefile->reset (delete current trace file)
Goto->tracefile->set
Set trace level 3
check the trace file
-> revert the trace level to 1
regards
Sury
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can look through all the gateway connections (and sort them) by using the test program for configuring an ACL. You will likely need to do this anyway, as SAP is more or less demanding that you have an ACL in the near future.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Lets agree to a few things:
1) The way HTTP connections to an ABAP stack is handled, is via the ICM ?
2) When you apply an ACL, this also affects connections in the ICM ?
3) When you run the simulationmode of the ACL (note 1689663), ICM connections are also logged if they are not explitictly listed in the ACL file ?
If you can agree to all of the above, running the ACL simulation will therefore be able to identify all HTTP (or HTTPS) connections to the system. This method applies to ALL connections to an SAP system, both the ones in SMGW and in the ones in SMICM (OP only asked about the HTTP, but this is slightly larger, as he can now also look for connections not using f.e. SSL, which is likely the next thing audit will complain about if they want HTTPS internally)
As a side bonus you will also have configured your ACL file when you are done, so you wont have that popping up in your EWA reports.
Hello Dev,
You can activate server side logging by following the instructions on the following help page:
KR,
Amerjit
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.