on 2008 Mar 26 2:38 PM
Hi,
I want to enforce the use of SSL in the EP only for the logon to the Portal (/logon). Can I achive this with the SAP WebDispatcher or do I have to use a proxy solution (eg. Apache 2)?
With apache2 as a proxy, the rules are quite simple:
ProxyPass /logon https://server/logon
ProxyPassReverse /logon https://server/logon
ProxyPass /irj http://server/irj
ProxyPassReverse /irj http://server/irj
I´ve read that I can configure the WebDispatcher to do a URL redirect like / to http://server/irj/portal:
icm/HTTP/redirect_0 = PREFIX=/, TO=/irj/index.html
Can I enforce this only for a specific URL and a new protocol (HTTPS)?
Example:
icm/HTTP/redirect_0 = PREFIX=/logon TO=/logon, PROT=HTTPS HOST=server, PORT=50001
icm/HTTP/redirect_1 = PREFIX=/irj TO=/irj, PROT=HTTP HOST=server, PORT=50000
Is the Webdispatcher capable of doing this or is it only a pass-through of the URL and only the protocol can be adjusted?
br,
Tobias
Tobias,
I don't think Webdispatcher can do Reverse proxy functionalities. Apache is best in your scenario, also the new apache LB module allows you to use it as a load balancer as well. We are using Apache as both reverse proxy and load balancer, thus eliminating the need for webdispatcher.
~Yasin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
as a matter of fact, you can use Web Dispatcher as a reverse proxy. It's just not a full reverse proxy like Apache. An initial request from an SAP system can't use the Web Dispatcher. But the normal use case (Browser -> SAP) is supported and the Web Dispatcher is working perfectly.
The advantage of Web Dispatcher over Apache is the built-in support for ABAP BSP applications. Apache can't support this and any other load balancing solution (HW, Round-Rubin, DNS) won't achive the same level of load balancing as Web Dispatcher. Also, the general load balancing is better, because the Web Dispatcher knows the load of the application server.
My solution involves a rule on the Web Dispatcher for a protocol switch from HTTP to HTTPS for request to /logon and for normal portal requests like /irj I enforce the use of HTTP.
br,
Tobias
Hi Tobias,
I totally agree with you on the fact that Webdispatcher can be used as a reverse proxy to a certain extent. We are using Apache as both reverse proxy and load balancer to load balance our portal servers, as we don't want to use too many components i.e., apache as reverse proxy and Webdispatcher as load balancer.
We have put some custom rules in apache to read the server ID and cookie info to maintain stickiness and intelligently load balance the requests based on the algorithm (Request Counting and Weighted Traffic Counting). Apache can even detect if your portal server is down, and forward the requests to the other node.
We have created 2 apache services with it's own config files. One for 443 and the other for 80. Any requests going to port 80 will be automatically redirected to port 443.
Here is the redirect rule on apache service 80:
RewriteEngine On
RewriteCond % !=on
RewriteRule ^/(.*) https://%%
Hope this would be of some help. Thanks.
~Yasin
Found the answer by myself.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
69 | |
10 | |
8 | |
7 | |
6 | |
6 | |
6 | |
6 | |
6 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.