icm/HTTP/auth

Posted by — January 13, 2015 in SAP PARAMETER Leave a reply

Parameter

icm/HTTP/auth

Short text

Access Restrictions in the ICM and SAP Web Dispatcher

Parameter Description

This is a vector parameter in the format [parameter name]_[index]. You do not need to enter ascending values for the index; that is, you could, for example, configure only icm/HTTP/auth_2.

You can use this parameter to block HTTP requests using a number of different criteria. When the filter is activated, it filters each HTTP(S) request to the ICM or Web Dispatcher before the request is sent to another HTTP handler (file access, cache, administration, redirect), or to the backend system (ABAP or J2EE Engine).

You can filter requests using the following criteria:

• URL
• Client IP Address
• Server IP Address
• User name/user group and password
• String search in the URL

The configuration has the following syntax:

icm/HTTP/auth = PREFIX=[URL prefix][,PERMFILE=[permission file]] [,AUTHFILE=[authentication file]] [, FILTER=SAP] [, CASE=TRUE|FALSE]

The specified values have the following meanings:

PREFIX
URL prefix for which the HTTP subhandler is to be called.

PERMFILE
Optional specification. Name of the permission file in the file system.

AUTHFILE
Optional specification. Name of the user file or system for authentication of an operating system user

FILTER
Optional specification. Name of the profile for the search template (default value: SAP). You can deactivate the filter by switching to “. You can dynamically activate/deactivate the filter by setting the parameter csi/enable.

CASE
Specifies the case sensitivity of URL prefixes in PERMFILE. TRUE means that the URL prefixes are handled case-sensitively. FALSE means that the URL prefixes are handled case-insensitively. The default is FALSE. We also recommend this setting. Since SAP AS ABAP handles URLs case-insensitively, you should always configure negative lists case-insensitively. CASE=TRUE can only be used meaningfully if the permission file only contains positive entries (entries of type “P”).

Application Area

ICM

Parameter Unit

Character string

Default Value

icm/HTTP/auth_0= PREFIX=/, FILTER=SAP

Who is permitted to make changes?

Customer

Operating System Restrictions

None

Database System Restrictions

None

Are other parameters affected or dependent?

csi/enable Global parameter to activate/deactivate the filtering. csi/SAP/csa_lib Path to the dynamic library that is to be loaded to filter the HTTP request.

Values allowed

See description

You May Also Like

jstartup/shutdown_timeout : Timeout for the jstart controller process to wait for shutdown of child processes

jstartup/security_level : Security level for jcontrol

jstartup/sdm_properties : Path to SDM properties file

jstartup/recorder : Flight recorder configuration

Leave a Reply?