Hello,
We've set up a webdispatcher to grant access to a WAS Java from the internet. For security, we've implemented an URL filter using parameter wdisp/permission_table. This is also where there is strange behavior:
Most URL's are filtered as stated in the permission table, with exception of the webdispatcher administrative pages. This means that http://<host>/sap/admin (no port, access on port 80) is accessible from the internet, even though an explicit deny has been set on /sap/* and /sap/admin/*.
Has anybody seen this behavior aswell and what can I do to protect the webdispatcher's administrative pages from access from "outside"?
Regards, Wilbert