Recently I had to configure table HTTPURLLOC in order to support a scenario where users were either accessing the system externally through a hardware reverse proxy connected to SAP Web Dispatcher or the SAP system directly. In this blog I want to share my experience with SCN members.
The first take away from this blog is that HTTPURLLOC can't be used for switching from one protocol to another nor rewriting URLs, that happens elsewhere (e.g. Web Dispatcher modification rules, portal configuration, ICF node settings, etc). HTTPURLLOC has values with valid protocol, host and port combinations that can be used to generate URLs, otherwise the generic URL generation of the system is used. That is why HTTPURLLOC is called an exception table, not a URL generation table.
So now how does it work? Basically the system looks at the request object and tries to determine the requested host, this is usually the virtual host name, DNS alias, etc. which was requested by the client, e.g. the browser. This is the second take away. The host as requested by the client should be preserved throughout the request, even if there are other proxies, load balancers, etc. in the loop. If the client browser requests abc.company.com, this host should be visible in the request object of the SAP system. The only way to guarantee it is that all appliances/programs are instructed to preserve the host that was requested by the client. Apache has the PreserveProxyHost directive for it, Web Dispatcher does it automatically, others might require further configuration.
The third take away is that as with the host requested by the client, the protocol used by the client must be preserved as well. This is especially important if HTTPS is terminated before the request hits the SAP system. Again, configuration directives might be required to insure this. Apache has the RequestHeader directive which can be used to set variable clientprotocol to either HTTPS or HTTP depending on the scenario. Web Dispatcher does it automatically assuming wdisp/add_client_protocol_header is set to true, others might require further configuration.
The fourth take away is to understand how entries in HTTPURLLOC are matched against the request. The most important variable is the protocol, second most important variable is the host, third most important variable is the application and last one is the domain. If the client requested abc.company.com with protocol HTTPS and assuming that the host and protocol are preserved meaning the SAP system sees the original values, the HTTPURLLOC table is queried first for all entries that have the protocol HTTPS. Next the requested application is checked, then the domain and finally the host. There are several rules which will affect the end result meaning whether the entry in HTTPURLLOC will be used or not, the best way is to figure it out yourself by debugging method IF_HTTP_SERVER~GET_LOCATION_EXCEPTION of ABAP class CL_HTTP_SERVER.
The fifth take away is to understand that HTTPURLLOC is client specific and especially if you are using System Logon, you will have to configure HTTPURLLOC for client 000 as well as the clients you use.
The sixth and last take away is to understand that in case the requested host is unknown (it is possible in some scenarios), HTTPURLLOC will be queried based on the protocol and the first match will be used (in ascending order, based on SORT_KEY).
I hope this blog will save others time and headaches trying to figure out the mysteries of HTTPURLLOC. See also the official documentation on URL Generation in an AS-ABAP - Web Dispatcher Configuration.