cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

HTTP port disablement, how to track all incoming requests to http port?

Former Member

on ‎09-05-2016 5:38 AM

0 Kudos

Hi All, I have a requirement to disable http port and to use https port instead. As a part of this I want to track all http requests that are coming in through allocate http port i.e. 80. I have tried to activate http trace through ST01 & ST12, but seems not efficient enough, e.g. A known http connection (SM59-connetion type H) coming into system was not being recorded in traces. I tried with  increasing the trace level from t code SMICM as well. Kindly suggest possible ways to track incoming http requests/connections so that we can redirect all such requests to https before disabling http port. Thanks, Dev.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎09-13-2016 1:16 PM
0 Kudos

Hi,

Please try this-

Tcode SMICM

Goto->tracefile->reset (delete current trace file)

Goto->tracefile->set

Set trace level 3

check the trace file

-> revert the trace level to 1

regards

Sury

Show replies
Show replies
former_member352986
Explorer
‎09-09-2016 2:03 PM
0 Kudos

You can look through all the gateway connections (and sort them) by using the test program for configuring an ACL. You will likely need to do this anyway, as SAP is more or less demanding that you have an ACL in the near future.

Show replies
Show replies
isaias_freitas
Advisor
Advisor
‎09-10-2016 12:11 AM
0 Kudos

Hello,

The Gateway process of an SAP system ("gwrd") is not involved in HTTP communication.

Regards,

Isaías

former_member352986
Explorer
‎09-10-2016 9:03 AM
0 Kudos

However, if you look in the SMICM, you will notice that the ACL IS in fact also monitoring HTTP aswell as gateway. This makes this method ideal for identifying all incoming connection,not just HTTP.

Former Member
‎09-10-2016 4:48 PM
0 Kudos

Hello Hasse,

AFAIK, SMICM is for monitoring the ICM and not the Gateway (gwrd). As Isaias said the gateway (gwrd) is not involved in HTTP communication. Maybe you are referring to the SAP Netweaver Gateway:

KR,

Amerjit

former_member352986
Explorer
‎09-12-2016 9:30 PM
0 Kudos

Lets agree to a few things:

1) The way HTTP connections to an ABAP stack is handled, is via the ICM ?

2) When you apply an ACL, this also affects connections in the ICM ?

3) When you run the simulationmode of the ACL (note 1689663), ICM connections are also logged if they are not explitictly listed in the ACL file ?

If you can agree to all of the above, running the ACL simulation will therefore be able to identify all HTTP (or HTTPS) connections to the system. This method applies to ALL connections to an SAP system, both the ones in SMGW and in the ones in SMICM (OP only asked about the HTTP, but this is slightly larger, as he can now also look for connections not using f.e. SSL, which is likely the next thing audit will complain about if they want HTTPS internally)

As a side bonus you will also have configured your ACL file when you are done, so you wont have that popping up in your EWA reports.

isaias_freitas
Advisor
Advisor
‎09-12-2016 11:00 PM
0 Kudos

Hello Hansen,

That simulation mode is specific to the gateway.

It does not affect the ICM.

Regards,

Isaías

former_member352986
Explorer
‎09-13-2016 8:33 AM
0 Kudos

That HEAVILY depends on your SAP version. That might have been true for a 6.0 system. But it is not for a modern system.

isaias_freitas
Advisor
Advisor
‎09-13-2016 1:17 PM
0 Kudos

Hello Hansen,

I was not talking about the possibility of having an ACL file.

I was addressing the simulation mode of note 1689663.

This simulation mode is exclusive to the gateway.

Kind regards,

Isaías

Former Member
‎09-05-2016 8:22 AM
0 Kudos

Hello Dev,

You can activate server side logging by following the instructions on the following help page:

icm/HTTP/logging_<xx> - Internet Communication Manager (ICM) - SAP NetWeaver - SAP Lib...

KR,

Amerjit

Show replies
Show replies
Ask a Question