Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Customizing 403 Access denied error page

former_member619074
Explorer

on ‎2019 Jul 12 2:37 AM

0 Likes
785

Hi, experts.

I have some question about 403 Access denied page below.

when I insert some script inside my system connection URL and try to connect it,

for example, http://myURL<script>alert(1)</script>&department='1234'

this screen appears.

i guess our company bc made this rule by smicm,

but is there any way to change to this page?

i think disabling authentication handler is not the right way,

i just want to customize this page.

thank you, in advance.

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (1)

Answers (1)

kaus19d
Active Contributor
‎2019 Jul 12 7:13 AM
0 Likes

403 access denied meaning your authentication failing & those resource access are restricted for you

Show replies
Show replies
former_member619074
Explorer
‎2019 Jul 12 7:26 AM
0 Likes

Of course, i know. but what i want to ask u is how i can change this page with another customized simple page.

can you tell me how to do?

kaus19d
Active Contributor
‎2019 Jul 12 8:14 AM
0 Likes

You can search for "How to set Sorry Page"

For example,

https://answers.sap.com/questions/5735168/custom-401-unauthorized-error-page.html

former_member619074
Explorer
‎2019 Jul 17 6:17 AM
0 Likes

thank you for your reply but it didn't work properly.

here's are things i've already tried.

- setting error pages on deployment descriptor(SAPUI5)

- set error pages by t-code SICF

- https://help.sap.com/doc/saphelp_nw73ehp1/7.31.19/en-US/48/7ebe5cf9fa3ff6e10000000a42189c/frameset.h...

kaus19d
Active Contributor
‎2019 Jul 17 6:49 AM
0 Likes

Hi YEONSEUNG KIM,

The 403 error page is a default page & its applicable for all the icm_auth check. Meaning once you hit a URL in your browser, it checks the existence & your icm_authorisation where its failing. If i think your scenario properly, I guess you can make use of icm_redirect functionality by putting a static web-page in your server. May I ask if there is a web-dispatcher involved in your URL part

Thanks,

Kaushik

former_member619074
Explorer
‎2019 Jul 17 8:23 AM
0 Likes

Thank you for your kindness. I'm not sure I understood your answer exactly because of my English.

When 403 error page occurs, the URL is like this,

- http://myURL?department=xxxx>;<script>alert(1)</script>&⟨uage=yyyy

and in T-code SMICM, activated authrization handler is below.

Actually, at first My company's security team manger mentioned about this URL(~~<script>~~</script>~~).

He said It can be security weaknesses because it is a basic page provided by SAP, and it can contains some information.

(cross-site scripting)

so i tried to change this page for a long time. but nothing do it.

you mentioned about icm_auth check.

i think i did something wrong for icm

1. set Profile. icm/HTTP/error_templ_path = /usr/sap/HTD/DVEBMGS10/data/icmandir

2. uploaded 3 ICMERR files.

but there's nothing changed T.T...

Thank you.

Ask a Question