cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Web Dispatcher EXTSRV service

former_member141017
Explorer

on ‎07-11-2019 2:49 AM

0 Kudos

Hi,

I am facing issue in accessing a EXTERNAL URL diverted through SAP Web Dispatcher.

We are calling the external api service https://sandbox.cleeng.com/api/3.0/json-rpc using the web dispatcher https://192.168.1.47:44300/api/3.0/json-rpc

But we are getting the response 403 Forbidden in browser .

The certificate of *.cleeng.com website is already added to the web dispatcher.

The web dispatcher is having self signed certficate. should i get it signed by CA to get this redirection work?

------------------ Landscape ------------------

SAP Web dispatcher version : 7.73

Patch : 123

OS: windows 2008 R2

URL Access : https://sandbox.cleeng.com/api/3.0/json-rpc is accessed by web dispatcher server using the proxy server 192.168.1.25:8080

Requirement : The diverted https://192.168.1.47:44300/api/3.0/json-rpc url will be consumed by sap PO system for further forwarding to ERP system

--------------------------------------

Profile

SAPSYSTEMNAME = WD1

SAPGLOBALHOST = SAPWEBQAS01

SAPSYSTEM = 00

INSTANCE_NAME = W00

DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64

DIR_EXECUTABLE = $(DIR_CT_RUN)

DIR_PROFILE = $(DIR_INSTALL)$(DIR_SEP)profile

_PF = $(DIR_PROFILE)\WD1_W00_SAPWEBQAS01

SETENV_00 = PATH=$(DIR_EXECUTABLE);%PATH%

#----------------------------------------------------------------------- # Back-end system configuration #----------------------------------------------------------------------- #-----------------------------------------------------------------------

wdisp/system_1 = SID=EXT, EXTSRV=https://developers.cleeng.com, SRCSRV=*:44300, SRCURL=/reference/, SET_X_PROXY_HOST=TRUE, STANDARD_COOKIE_FILTER=OFF, PROXY=192.168.1.250:8080

wdisp/system_2 = SID=EX1, EXTSRV=https://sandbox.cleeng.com, SRCSRV=*:44300, SRCURL=/api/, SET_X_PROXY_HOST=TRUE, STANDARD_COOKIE_FILTER=OFF, PROXY=192.168.1.250:8080

wdisp/system_conflict_resolution = 1

#----------------------------------------------------------------------- # Configuration of maximum number of concurrent connections #-----------------------------------------------------------------------

icm/max_conn = 2000

#----------------------------------------------------------------------- # SAP Web Dispatcher Ports #-----------------------------------------------------------------------

icm/server_port_0 = PROT=HTTPS,PORT=44300

icm/server_port_1 = PROT=HTTP,PORT=8111,PROCTIMEOUT=3600

#----------------------------------------------------------------------- # SAP Web Dispatcher Administration #-----------------------------------------------------------------------

icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile) #----------------------------------------------------------------------- # Start webdispatcher #----------------------------------------------------------------------- _WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)

Restart_Program_00 = local $(_WD) pf=$(_PF)

SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec

ssl/ssl_lib = E:\usr\sap\WD1\SYS\exe\uc\NTAMD64\sapcrypto.dll

ssl/server_pse = E:\usr\sap\WD1\W00\sec\SAPSSLS.pse

icm/HTTPS/verify_client = 1

ssl/client_pse = E:\usr\sap\WD1\W00\sec\SAPSSLC.pse

wdisp/ssl_encrypt = 0

wdisp/ssl_auth = 0

wdisp/server_info_protocol = https

Thanks & Regards,

Renosh.

Show replies
Show replies
kaus19d
Active Contributor
‎07-12-2019 7:24 AM
0 Kudos

Does this WebDispatcher has Access-Rules file to Permit & Deny access like urlroutetab file

Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member141017
Explorer
‎10-11-2019 12:55 PM
0 Kudos

hi Isaias Freitas,

need a small help again, what if i need to add a new url for diverting.

for eg:

wdisp/system_3 = SID=EX2, EXTSRV=https://production.bank.com, SRCSRV=*:44300, SRCURL=/api/, SET_X_PROXY_HOST=TRUE, STANDARD_COOKIE_FILTER=OFF, PROXY=192.168.1.250:8080

after i modified the $(DIR_GLOBAL)/security/data/icm_filter_rules.txt with

if%{SID} stricmp "EX1"

SetHeader host sandbox.cleeng.com.

if%{SID} stricmp "EX2"

SetHeader host production.bank.com. its still trying to divert to sandbox.cleeng.com.

regards,

Renosh.

Show replies
Show replies
former_member141017
Explorer
‎07-12-2019 1:21 PM
0 Kudos

Thank you Isaias Freitas.

The parameter you recommended by you solved the issue.

I added the parameter

icm/HTTP/mod_0 = PREFIX=/,FILE=$(DIR_GLOBAL)/security/data/icm_filter_rules.txt

and added

if%{SID} stricmp "EX1"

SetHeader host sandbox.cleeng.com.

Thanks a lot.

Regards,

Renosh.

Show replies
Show replies
isaias_freitas
Advisor
Advisor
‎07-11-2019 11:24 PM
0 Kudos

Hello Renosh,

At a first glance, your configuration looks correct.

You might need to use a modification rule to manipulate the "host" HTTP header.

This could be one thing causing issues.

if %{SID} stricmp "EX1"
SetHeader host sandbox.cleeng.com

If this does not help, a level 2 trace from the Web Dispatcher would confirm that it is the remote server (sandbox.cleeng.com) that is returning the "403 Forbidden".

Then we would need more details about what they are expecting, to see what the Web Dispatcher would not be sending.

Regards,

Isaías

Show replies
Show replies
isaias_freitas
Advisor
Advisor
‎07-11-2019 11:27 PM
0 Kudos

PS: you might also need to activate the client SNI feature / parameter on the Web Dispatcher (SAP Note 2124480 - S-user required).

Ask a Question