Has anyone configured Web Dispatcher to route HTTPS traffic without terminating it via Modification Handlers? It does not work for me. I think the issue may be that the HTTPS traffic is encrypted, so the Web Dispatcher is not able to inspect it. Or, it could be that I have it set as a "ROUTER" and it does not inspect it. Any Advise?

We have a Five System Landscape; Two Parallel Development Landscapes (QA1 and QA2), and one Regression Test Landscape

(QR3). Development systems are not discussed as they have no partner connectivity (DA1 and DA2).

Goal: Install one Web Dispatcher for all QAS systems in order to provide a Load Balancer.

Supporting Documentation:

How to Scale Up Netweaver Process Integration

(http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/c02f072f-3799-2c10-e0b8-d98d323c0908?QuickLink=index&overridelayout=true )

How to Fast-Switch Integration Scenarios between SAP PI Runtimes, Part II: Web Dispatcher

(http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/304039f4-d1e4-2d10-cb83-d90b3880258d?QuickLink=index&overridelayout=true )

SAP Netweaver CE 7.2: SAP Web Dispatcher for Multiple Systems

(http://help.sap.com/saphelp_nwce72/helpdata/en/b0/ebfa88e9164d26bdf1d21a7ef6fc25/frameset.htm )

Requirements: We want to have one external IP opened in our firewall. e.g. 192.168.1.10. We want to create three hostname aliases that resolve to the same exact external IP. e.g. slqqa1.acme.com, slqqa2.acme.com, slqqr3.acme.com all resolve to 192.168.1.10. Partners can then point to any of the three environments to conduct their test with the respective systems. One of three WSDLs from the QAS systems will be provided to the partners, indicating which system they should be connecting to.

1. We do not want to terminate the SSL at the dispatcher because we use the SSL Client Certificates for authenticating partner logins, so we want the SSL Client certificate to pass through the DISPATCHER to the backend PI system. To

Accomplish this, we modified the Web Dispatcher Profile as follows:

icm/server_port_1 = PROT=ROUTER,PORT=443,TIMEOUT=900,EXTBIND=1

2. We want to use Modification Handlers to route the inbound transactions based on HTTP_HOST

To our profile we add:

wdisp/system_0 = SID=QA1, MSHOST=slqqa1, MSPORT=8101

wdisp/system_1 = SID=QA2, MSHOST=slqqa2, MSPORT=8101

wdisp/system_2 = SID=QR3, MSHOST=slqqr3, MSPORT=8101

To $(DIR_GLOBAL)/security/data/icm_filter_rules.txt we add:

#QA1 requests

if % regimatch slqqa1* SetHeader x-sap-webdisp-target-sid QA1 [break] #QA2 requests if % regimatch slqqa2*

SetHeader x-sap-webdisp-target-sid QA2 [break]

#QR3 requests

if % regimatch slqqr3*

SetHeader x-sap-webdisp-target-sid QR3 [break]

Result: Configuration fails. Since the incoming web traffic is HTTPS, I think the SOAP HEADERS are encrypted, as a result the Web Dispatcher cannot determine the hostname in HTTP_HOST and cannot route the traffic as desired. I changed the above configuration to use port 8100 instead of 443, and changed ROUTER to HTTP, and the configuration

works.