on 07-23-2007 10:01 AM
According to SAP Note <a href="https://service.sap.com/sap/support/notes/864878">864878</a>, I can filter Requests by Client-IP.
But first I don't know how the permission file (PERMFILE) has to look like.
And I don't know if this works with End-to-End HTTPS.
Kind Regards
Christoph
Hello,
Did you check help.sap.com ?
http://help.sap.com/saphelp_nw70/helpdata/en/42/5cfd3b0e59774ee10000000a114084/frameset.htm
In fact, you need to use these parameters in the webdispatcher pfl file (usually sapwebdisp.pfl) :
csi/SAP/csa_lib = sapcsa.dll
csi/enable = TRUE
icm/HTTP/auth_0 = PREFIX=/,PERMFILE=permfile.txt,FILTER=1
The permission file is permfile.txt in this example.
The syntax is :
P/D/S <URI-pattern> <USER> <GROUP> <CLIENT-IP> <SERVER-IP>
Exemples :
P /sap/bc/bsp/sap/z_my_bsp/login.html * * myIP *
The login.html page is allowed only when called from myIP.
P /sap/bc/bsp/sap/z_my_other_bsp/*
All pages from z_myother_bsp are authorized from any IP.
You will see that filtering is active from the web administration in the Access handler page.
I did not try the filtering with end-to-en HTTPS.
BEWARE : It took me a long time to figure out that empty lines are forbidden in the permission file. Always begin empty lines with the comment character (#).
Hope this helps.
Olivier
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you.
Your answer is "very helpful".
But I still have to know if End-to-End SSl is possible with this filtering-methode.
I think I cannot filter by User, because the Web Dispatcher is not able to read the User in the encrypted HTTPS-Request.
But I just want to filter by IP and I think this should be possible.
Has anybody experiances with this comination?
Regards
Christoph
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.