Sunday , 30 April 2017

SAP NetWeaver 7.4 AS Java – Filtering Administration Requests

The URLs for NWA have a unique prefix and can be filtered out in the ICM on a rule basis.
In the profile file (we recommend the default profile DEFAULT.PFL), configure the following modification handler:

icm/HTTP/mod_0 = PREFIX=/,FILE=$(DIR_GLOBAL)/security/data/icm_filter_rules.txt

You must then create the rule file in the specified directory and specify the filter rules.
(The directory is usually: usr/sap/SID/SYS/global/security/data/)

If you want to prevent access to administration requests completely, you should define the following rule:

If you want to prevent access to administration requests for external administration, you should define the following rule:

If you want to allow access to administration requests for certain network segments (for example, 10.18.*), you should define the following rule:

If you do not want to restrict access to the administration requests to certain clients, remove the lines from the file or turn the lines into a comment:

The syntax for IPv6 addresses is as follows:

Local host is the string “::1”
An example for an IPv6 address is “fe80::21c:c4ff:fedc”.

The IP address of the client can be determined with the following (temporary) rule:
RegIRedirectUrl ^/ipaddr_echo /echo?clientip=%{REMOTE_ADDR}

Use the browser/client to call the following URL on the server: http://<host>:<http_port>/ipaddr_echo

In the client/browser, the system now displays the IP address of the client in the URL line (for example, http://server.sap.com/echo?clientip=10.18.55.11).

It is important that you remember to remove the temporary rule again.

Check Also

HANA Log Volume is full

Symptom The logvolume is full and the database doesn’t accept any new requests. Other Terms …