on 09-12-2007 12:55 PM
Hi,
We have created a WDA application with anonymous access (set user / passw in SICF). However, during stess testing it became clear that one user can easily start a large number of sessions and bring the server down.
Is it possible to check who is logging on to the system (preferably before starting WDA) so we can block that user if the user is trying to log on more than 1~2 times. Perhaps we can use a cookie or intercept the log on somewhere?
Kind regards,
Raymond Does
hi
good
go through this link
http://www.sap-press.de/download/dateien/933/sap_press_bsp_programming.pdf
thanks
mrutyun^
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sergio,
Thanks for your reply. At the moment I am at a different customer site for a portal project. As soon as I work on the WebDynpro project again I will try your suggestion. By the way do you think I should use the cl_icm_api class in a seperate bsp or within the webdynpro? I mean if I put it in the web dynpro the wda application is already in memory and that is basically what I want to prevent.
Another scenario that I am thinking of is to use a reverse proxy (to mask the url) and try to intercept the session cookie from there. What do you think?
Regards,
Raymond
The Reverse Proxy is an interesting option but I don't know it so well to help you.
My suggestion is to add an handler to your WDA in the /nSICF.
There you can get all the incoming attributes of the HTTP request saving them in attributes of a custom static class that you have to implement (I don't think cl_icm_api will be useful).
Form you WDA you can verify the IP and reject the requests (yes it seems quite late but you'll reject the request).
Maybe you should study a little bit the ABAP ICF HANDLERs (http://help.sap.com/saphelp_nw04s/helpdata/en/78/985278c06b11d4ad310000e83539c3/content.htm)
Kindly award points for useful answers.
Sergio
User | Count |
---|---|
78 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.