SAP Web Dispatcher and other 3rd Party Proxy serve...

Privete_member__965006 · ‎07-21-2016

Hello,

I would like to understand the level of security that SAP Web Dispatcher as a proxy running in a DMZ can provide when compared to other commercially available Proxy servers. Our client believes this is the most secure solution for protecting our backend SAP systems against internet intrusion but I would like to review against other available products. According to a wikipedia page, there are many other choices but I can't find a good comparison table that reviews most relevant features needed for security. Examples of web proxy servers include Apache (with mod_proxy or Traffic Server), HAProxy, IIS configured as proxy (e.g., with Application Request Routing), Nginx, Privoxy, Squid, Varnish (reverse proxy only),WinGate, Ziproxy, Tinyproxy, RabbIT4 and Polipo

Please advise.

Thank you.

LutzR · ‎07-21-2016

Hi Shahid Bhaidani, SAP Web Dispatcher's functional focus is on load balancing, endpoint aggregation, port switch and some minor protocol manipulation.

It has some filtering rules, but this does not make it an application level firewall or security gateway.

Unfortunately SAP Web Dispatchers tend to be forgotten concerning regular updates and security patches by operating staff. Also default configuration of e.g. of SSL/TLS is less than secure. Both subjects are really critical if the SAP Web Dispatcher is your Internet endpoint.

SAP Web Dispatcher has no track record as part of the security infrastructure and SAP does not sell it as such.

So what I typically recommend is to use a SAP Web Dispatcher for SAP specific stuff (most times it is load balancing) but to always put a BigIP F5 or comparable in front. An interesting feature to ease firewall pains is SAP Web Dispatcher's ability for "Reverse Invoke".

Regards,

Lutz

SAP Web Dispatcher and other 3rd Party Proxy server options