According to SAP Note <a href="https://service.sap.com/sap/support/notes/864878">864878</a>, I can filter Requests by Client-IP.
But first I don't know how the permission file (PERMFILE) has to look like.
And I don't know if this works with End-to-End HTTPS.
Did you check help.sap.com ?
In fact, you need to use these parameters in the webdispatcher pfl file (usually sapwebdisp.pfl) :
csi/SAP/csa_lib = sapcsa.dll
csi/enable = TRUE
icm/HTTP/auth_0 = PREFIX=/,PERMFILE=permfile.txt,FILTER=1
The permission file is permfile.txt in this example.
The syntax is :
P/D/S <URI-pattern> <USER> <GROUP> <CLIENT-IP> <SERVER-IP>
P /sap/bc/bsp/sap/z_my_bsp/login.html * * myIP *
The login.html page is allowed only when called from myIP.
All pages from z_myother_bsp are authorized from any IP.
You will see that filtering is active from the web administration in the Access handler page.
I did not try the filtering with end-to-en HTTPS.
BEWARE : It took me a long time to figure out that empty lines are forbidden in the permission file. Always begin empty lines with the comment character (#).
Hope this helps.
Your answer is "very helpful".
But I still have to know if End-to-End SSl is possible with this filtering-methode.
I think I cannot filter by User, because the Web Dispatcher is not able to read the User in the encrypted HTTPS-Request.
But I just want to filter by IP and I think this should be possible.
Has anybody experiances with this comination?