cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

redirection in web dispatcher

Former Member

on ‎01-14-2008 7:43 PM

0 Kudos

Dear Experts,

I have ABAP backend system and I need to open it to internet. Doing so, I have implemented web dispatcher that is running in DMZ. Up to this point everything went on as desired, but one thing.

When I call the URL http://teidom.com:60000 then it redirects to the target host with the local address http://<localhost>.teidom.local:8000/sap/bc/gui/sap/its/webgui. Hereby this is not possible to call the page from internet. This is working only in local network, not in internet. In order to call and view the page from internet, the address has to be intact with no address redirection.

Just to get you closer to understand the situation, here below I wrote down the parameters which I defined for Web Dispatcher (sapwebdisp.pfl).

SAPGLOBALHOST = WebServerRack

SAPSYSTEM = 02

INSTANCE_NAME = W02

DIR_CT_RUN = C:\WebDisp\NTI3867

DIR_EXECUTABLE = C:\WebDisp\NTI3867

#----

  1. Accesssability of Message Server

#----

rdisp/mshost = backsvr.teidom.local

ms/http_port = 8100

#----

  1. Configuration for medium scenario

#----

icm/max_conn = 500

icm/max_sockets = 1024

icm/req_queue_len = 5003

icm/min_threads = 10

icm/max_threads = 50

mpi/total_size_MB = 80

#----

  1. SAP Web Dispatcher Ports

#----

#icm/server_port_0 = PROT=HTTP,PORT=81$$

icm/server_port_0 = PROT=HTTP,PORT=60001

icm/HTTP/redirect_0= PREFIX=/, PORT=8000, PROT=HTTP, TO=/sap/bc/gui/sap/its/webgui, HOST=backsvr.teidom.local

Kind Regards,

Taner Guler

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎01-15-2008 8:34 AM
0 Kudos

Hi Taner,

I think you are asking to the browser to connect directly to the 8000 port of the internal server whic is obviously not possible because of the firewall.

It seems to me that you make a confusion between an URL redirect and an URL rewrite.

The redirect is sent to the browser as a new URL.

Did you try something like

icm/HTTP/redirect_0= PREFIX=/, TO=/sap/bc/gui/sap/its/webgui

You just want the browser to change the URL from / to /sap/bc/gui/sap/its/webgui but don't waant to change anything for the host and port from the web dispatcher because it is used as a reverse proxy.

Regards,

Olivier

Show replies
Show replies
Former Member
‎01-15-2008 12:35 PM
0 Kudos

Hi Olivier,

Thanks a lot for your kind help.

As you suggested I have tried parameter 'icm/HTTP/redirect_0= PREFIX=/, TO=/sap/bc/gui/sap/its/webgui' and this did not work either.

You catched a good point that where I got confused in the field of web dispatcher configuration. I have short of knowledge there. As you well understand, the problem might be on the port 8000. But, this is a standard port for ABAP systems which is required when the service is called from internet. In addition, in the ABAP system when I try the service in SICF transaction then it results 'http: //backsvr.teidom.local:8000/sap/bc/gui/sap/its/webgui' here you see the port number is 8000. Isn't that a proof of the port I used was correct (8000).

What I need to do is, as you well noticed, to rewrite the URL, not a redirection. The address has to be intact, which is internet address, not a local address and not changed.

When I tried parameter 'icm/HTTP/redirect_0= PREFIX=/, TO=/sap/bc/gui/sap/its/webgui' as you suggested in the profile parameter. Then the error has come out as below in web browser.

-

500 Dispatching Error

Error: -26

Version: 7000

Component: HTTP_ROUTE

Date/Time: Tue Jan 15 14:08:04 2008

Module: http_route.c

Line: 3126

Server: WebServerRack__02

Error Tag:

Detail: no valid destination server available for '!ALL' rc=7

-

Regards,

Taner

Former Member
‎01-15-2008 12:58 PM
0 Kudos

Hello again,

>What I need to do is, as you well noticed, to rewrite the URL, not a redirection. The address has >to be intact, which is internet address, not a local address and not changed.

The SAP web dispatcher is not able to rewrite URLs. It can only do redirects which are interpreted by the browser.

It means that you will not be able to hide the "technical URL" from the internet.

I had this need and I had to use Apache+web dispatcher because Apache is able to rewrite URLs

What you need to achieve is when the user types

http://teidom.com:60000/ in his browser the redirect should type

http://teidom.com:60000/sap/bc/gui/sap/its/webgui in the browser

For that the syntax should not be very far from the one I gave you.

You have to experiment...

Regards,

Olivier

Edited by: Olivier CHRETIEN on Jan 15, 2008 1:59 PM

spelling

Former Member
‎01-15-2008 1:19 PM
0 Kudos

Hi Olivier,

Thanks for the quick reply.

Would it be possible you could give me instruction where I can find 'Apache' and try?

So I will continue with the web dispatcher by trying new combinations of parameters as you suggested

Regards,

Ali Taner

Former Member
‎01-15-2008 1:41 PM
0 Kudos

Hi,

Have a look at http://httpd.apache.org

Read this documentation on URL rewriting :

http://httpd.apache.org/docs/2.2/misc/rewriteguide.html

Be careful, this is a complex subject and it took me several weeks to learn how to use Apache as a rewriting URL reverse proxy. But it's very interesting and powerful !

Regards,

Olivier

Former Member
‎01-15-2008 3:12 PM
0 Kudos

Hi Olivier,

Thanks a lot for the help.

Just one more question, do you think that in the firewall I should also open port 8000? Currently only port 60000 is open in the firewall.

Regards,

Taner

Former Member
‎01-15-2008 3:25 PM
0 Kudos

Hi again,

Usually you have 2 firewalls to make a DMZ, one external and one internal.

external firewall DMZ internal firewall

Browser --- HTTP 60000 -

> Webdisp -

> HTTP 8000 -

> WAS ICM

. Webdisp -

> HTTP 8100 -

> WAS Message Server

So you need to open port 60000 on the external firewall and ports 8000 and 8100 on the interna l firewall.

Why do you use port 60000 for HTTP on the internet ?

I always use the standard port 80.

Hope this helps.

Olivier

Edited by: Olivier CHRETIEN on Jan 15, 2008 4:25 PM

This forum editor is crap : not at all WYSIWYG

all my ascii drawing is mixed up !

Matt_Fraser
Active Contributor
‎01-15-2008 6:13 PM
0 Kudos

You should definitely not open port 8000 to the outside, only between your dmz and internal network.

Also, instead of 'rewrites' or 'redirects' you should probably consider configuring your web dispatcher to do ssl termination and re-encryption. This will hide the 'technical' URL from the end-user's browser, as all communication for the end-user will be to/from the web dispatcher, not the internal ABAP server. There are a number of parameters to be configured for this, but the critical one to "turn on" the re-encryption is wdisp/ssl_encrypt = 2. I think maybe this is what you mean by "rewrite" the URL? If so, the web dispatcher absolutely can do this, without Apache or any other webserver or proxy software.

For more information about configuring SSL on the web dispatcher, have a look at the online documentation (http://help.sap.com/saphelp_nw70/helpdata/en/de/89023c59698908e10000000a11402f/frameset.htm) and Note 870127.

Regards,

--Matt

Former Member
‎01-16-2008 7:50 AM
0 Kudos

Hello Matt,

I use SSL termination with re encryption on the Web disptacher and it works very well but it sure does not hide any technical URL.

Its use, in my case, is to encrypt the password for basic authentication.

There is a big differerence between hiding the internal back office server and hiding the "technical" URL.

Regards,

Olivier

Former Member
‎01-16-2008 9:19 AM
0 Kudos

Hi Matt,

It is very kind of you commenting on the subject.

I just want to be sure of the problem that I am facing. My problem is when I call the URL http://teidom.com:60000 from the internet; it is supposed to view the page (information) from ABAP system. But it couldn't.

Web dispatcher is running on the host named 'webdispsvr'

In the firewall I set port 60000 open from internet to web dispatcher server

And in the other firewall (at the back) I set port 8000 open to R3 ABAP system which supplies information to internet.

After setting up the web dispatcher profile according to (thanks Olivier) instructions from help.sap.com

At next stage I started to test

First I tested it in local by URL http://webdispsvr:60000 it works and web browser views the ABAP login windows. From this point of the subject one thing that took my attention was, after pushing enter button for URL http://webdispsvr:60000 then it directly turns to address URL http://<localhost>.teidom.local:8000/sap/bc/gui/sap/its/webgui -- <localhost> is a host of where R3 ABAP system runs on (the address redirects to local address which is not wanted situation in the internet as long as it redirects to local URL address)

Second test was in the internet

Behaviour of the system is same nothing changed

When I call URL http://teidom.com:60000, as it happens in local test, it redirects the URL to http://<localhost>.teidom.local:8000/sap/bc/gui/sap/its/webgui for this reason page could not be viewed when it is called from the internet.

I hope above information is clear enough to get you understand how bad situation I am in.

Isn’t there a way out of this struggle?

Thanks all of you for your great contribution to the situation.

Regards,

Taner

Former Member
‎01-16-2008 9:28 AM
0 Kudos

Hi Matt,

It is very kind of you commenting on the subject.

I just want to be sure of the problem that I am facing. My problem is when I call the URL http://teidom.com:60000 from the internet; it is supposed to view the page (information) from ABAP system. But it couldn't.

Web dispatcher is running on the host named 'webdispsvr'

In the firewall I set port 60000 open from internet to web dispatcher server

And in the other firewall (at the back) I set port 8000 open to R3 ABAP system which supplies information to internet.

After setting up the web dispatcher profile according to (thanks Olivier) instructions from help.sap.com

At next stage I started to test

First I tested it in local by URL http://webdispsvr:60000 it works and web browser views the ABAP login windows. From this point of the subject one thing that took my attention was, after pushing enter button for URL http://webdispsvr:60000 then it directly turns to address URL http://<localhost>.teidom.local:8000/sap/bc/gui/sap/its/webgui -- <localhost> is a host of where R3 ABAP system runs on (the address redirects to local address which is not wanted situation in the internet as long as it redirects to local URL address)

Second test was in the internet

Behaviour of the system is same nothing changed

When I call URL http://teidom.com:60000, as it happens in local test, it redirects the URL to http://<localhost>.teidom.local:8000/sap/bc/gui/sap/its/webgui for this reason page could not be viewed when it is called from the internet.

I hope above information is clear enough to get you understand how bad situation I am in.

Isn’t there a way out of this struggle?

Thanks all of you for your great contribution to the situation.

Regards,

Taner

Ask a Question