on 07-11-2019 2:49 AM
Hi,
I am facing issue in accessing a EXTERNAL URL diverted through SAP Web Dispatcher.
We are calling the external api service https://sandbox.cleeng.com/api/3.0/json-rpc using the web dispatcher https://192.168.1.47:44300/api/3.0/json-rpc
But we are getting the response 403 Forbidden in browser .
The certificate of *.cleeng.com website is already added to the web dispatcher.
The web dispatcher is having self signed certficate. should i get it signed by CA to get this redirection work?
------------------ Landscape ------------------
SAP Web dispatcher version : 7.73
Patch : 123
OS: windows 2008 R2
URL Access : https://sandbox.cleeng.com/api/3.0/json-rpc is accessed by web dispatcher server using the proxy server 192.168.1.25:8080
Requirement : The diverted https://192.168.1.47:44300/api/3.0/json-rpc url will be consumed by sap PO system for further forwarding to ERP system
--------------------------------------
Profile
SAPSYSTEMNAME = WD1
SAPGLOBALHOST = SAPWEBQAS01
SAPSYSTEM = 00
INSTANCE_NAME = W00
DIR_CT_RUN = $(DIR_EXE_ROOT)\$(OS_UNICODE)\NTAMD64
DIR_EXECUTABLE = $(DIR_CT_RUN)
DIR_PROFILE = $(DIR_INSTALL)$(DIR_SEP)profile
_PF = $(DIR_PROFILE)\WD1_W00_SAPWEBQAS01
SETENV_00 = PATH=$(DIR_EXECUTABLE);%PATH%
#----------------------------------------------------------------------- # Back-end system configuration #----------------------------------------------------------------------- #-----------------------------------------------------------------------
wdisp/system_1 = SID=EXT, EXTSRV=https://developers.cleeng.com, SRCSRV=*:44300, SRCURL=/reference/, SET_X_PROXY_HOST=TRUE, STANDARD_COOKIE_FILTER=OFF, PROXY=192.168.1.250:8080
wdisp/system_2 = SID=EX1, EXTSRV=https://sandbox.cleeng.com, SRCSRV=*:44300, SRCURL=/api/, SET_X_PROXY_HOST=TRUE, STANDARD_COOKIE_FILTER=OFF, PROXY=192.168.1.250:8080
wdisp/system_conflict_resolution = 1
#----------------------------------------------------------------------- # Configuration of maximum number of concurrent connections #-----------------------------------------------------------------------
icm/max_conn = 2000
#----------------------------------------------------------------------- # SAP Web Dispatcher Ports #-----------------------------------------------------------------------
icm/server_port_0 = PROT=HTTPS,PORT=44300
icm/server_port_1 = PROT=HTTP,PORT=8111,PROCTIMEOUT=3600
#----------------------------------------------------------------------- # SAP Web Dispatcher Administration #-----------------------------------------------------------------------
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile) #----------------------------------------------------------------------- # Start webdispatcher #----------------------------------------------------------------------- _WD = $(DIR_EXECUTABLE)\sapwebdisp$(FT_EXE)
Restart_Program_00 = local $(_WD) pf=$(_PF)
SETENV_01 = SECUDIR=$(DIR_INSTANCE)/sec
ssl/ssl_lib = E:\usr\sap\WD1\SYS\exe\uc\NTAMD64\sapcrypto.dll
ssl/server_pse = E:\usr\sap\WD1\W00\sec\SAPSSLS.pse
icm/HTTPS/verify_client = 1
ssl/client_pse = E:\usr\sap\WD1\W00\sec\SAPSSLC.pse
wdisp/ssl_encrypt = 0
wdisp/ssl_auth = 0
wdisp/server_info_protocol = https
Thanks & Regards,
Renosh.
hi Isaias Freitas,
need a small help again, what if i need to add a new url for diverting.
for eg:
wdisp/system_3 = SID=EX2, EXTSRV=https://production.bank.com, SRCSRV=*:44300, SRCURL=/api/, SET_X_PROXY_HOST=TRUE, STANDARD_COOKIE_FILTER=OFF, PROXY=192.168.1.250:8080
after i modified the $(DIR_GLOBAL)/security/data/icm_filter_rules.txt with
if%{SID} stricmp "EX1"
SetHeader host sandbox.cleeng.com.
if%{SID} stricmp "EX2"
SetHeader host production.bank.com. its still trying to divert to sandbox.cleeng.com.
regards,
Renosh.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you Isaias Freitas.
The parameter you recommended by you solved the issue.
I added the parameter
icm/HTTP/mod_0 = PREFIX=/,FILE=$(DIR_GLOBAL)/security/data/icm_filter_rules.txt
and added
if%{SID} stricmp "EX1"
SetHeader host sandbox.cleeng.com.
Thanks a lot.
Regards,
Renosh.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Renosh,
At a first glance, your configuration looks correct.
You might need to use a modification rule to manipulate the "host" HTTP header.
This could be one thing causing issues.
if %{SID} stricmp "EX1"
SetHeader host sandbox.cleeng.com
If this does not help, a level 2 trace from the Web Dispatcher would confirm that it is the remote server (sandbox.cleeng.com) that is returning the "403 Forbidden".
Then we would need more details about what they are expecting, to see what the Web Dispatcher would not be sending.
Regards,
Isaías
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
PS: you might also need to activate the client SNI feature / parameter on the Web Dispatcher (SAP Note 2124480 - S-user required).
User | Count |
---|---|
82 | |
11 | |
10 | |
8 | |
6 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.