cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

blocking anonymous users in WDA

Former Member

on ‎09-12-2007 12:55 PM

0 Kudos

Hi,

We have created a WDA application with anonymous access (set user / passw in SICF). However, during stess testing it became clear that one user can easily start a large number of sessions and bring the server down.

Is it possible to check who is logging on to the system (preferably before starting WDA) so we can block that user if the user is trying to log on more than 1~2 times. Perhaps we can use a cookie or intercept the log on somewhere?

Kind regards,

Raymond Does

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎09-12-2007 4:21 PM
0 Kudos

hi

good

go through this link

http://www.sap-press.de/download/dateien/933/sap_press_bsp_programming.pdf

thanks

mrutyun^

Show replies
Show replies
Former Member
‎09-12-2007 4:28 PM
0 Kudos

Hi Mrutyunjaya,

I do not know how bsp will help me here. I really need to catch the ip address or session cookie of the user who logs on so I can determine if I start the WDA.

Regards,

Raymond

SergioFerrari
Active Contributor
‎09-12-2007 5:20 PM
0 Kudos

Hi Raymond,

I suggested on option in the following Thread:

Tell me if you understand what I mean...

Sergio

Former Member
‎09-17-2007 9:09 AM
0 Kudos

Hi Sergio,

Thanks for your reply. At the moment I am at a different customer site for a portal project. As soon as I work on the WebDynpro project again I will try your suggestion. By the way do you think I should use the cl_icm_api class in a seperate bsp or within the webdynpro? I mean if I put it in the web dynpro the wda application is already in memory and that is basically what I want to prevent.

Another scenario that I am thinking of is to use a reverse proxy (to mask the url) and try to intercept the session cookie from there. What do you think?

Regards,

Raymond

SergioFerrari
Active Contributor
‎09-17-2007 10:01 AM
0 Kudos

The Reverse Proxy is an interesting option but I don't know it so well to help you.

My suggestion is to add an handler to your WDA in the /nSICF.

There you can get all the incoming attributes of the HTTP request saving them in attributes of a custom static class that you have to implement (I don't think cl_icm_api will be useful).

Form you WDA you can verify the IP and reject the requests (yes it seems quite late but you'll reject the request).

Maybe you should study a little bit the ABAP ICF HANDLERs (http://help.sap.com/saphelp_nw04s/helpdata/en/78/985278c06b11d4ad310000e83539c3/content.htm)

Kindly award points for useful answers.

Sergio

Ask a Question