Skip to Content

Business case

We are going to provide CRM Survey’s via personalized Mails to external Customers. The Link had to access our internal SAP CRM Web AS 6.20. To make this secure I had to make sure that only the Survey URL can be called. I’ve installed the SAP Web Dispatcher and configured the URL Filter.

Network Layout


Firewall—web server in DMZ (

Internal Network

CRM Server   Other Servers and Clients

The web server is running SuSE Linux 9.0 with an Apache web server. The web server is accessible from the Internet via HTTP and HTTPS on the default Ports 80 and 443.


DNS Setup

To avoid problems with different Hostnames the Name of the Web AS in the Internet has to be the same as in the Intranet. With the separate name we can configure a VirtualServer in Apache. I set up this DNS entries:

    • External DNS: is a Alias to
    • Internal DNS resolves to the IP Address of the Server i. e.
    • Webserver /etc/hosts crm

With this configuration you can use the Name during the Web Dispatcher configuration.


Check out the SAP Web Dispatcher Documentation for an overview of the functionality.


Download the latest available DW Package and Unicode Library (uclib) from -> Support Packages and Patches -> SAP NetWeaver -> SAP NETWEAVER -> SAP NETWEAVER 04 -> Entry by Component -> Application Server ABAP -> SAP KERNEL 6.40 32-BIT UNICODE -> Linux on IA32 32bit -> #Database independent: dw_94-20000247.SAR and UCLIB_3-20000247.SARRead Note 552286</li>


After the preparation you can run the Command “./sapwebdisp –bootstrap” to create a basic Web Dispatcher configuration. During the run you have to provide:

    1. Hostname of Message Server
    2. HTTP Port of Message Server
    3. Instance Number for SAP Web Dispatcher
    4. HTTP Port SAP Web Dispatcher
    5. Type of Configuration (small, medium, large)

When everything’s fine the Profile file “sapwebdisp.pfl” will be created and the Password of the Administration User “icmadm” will be returned. Please make sure to note this password. The SAP Web Dispatcher will be started automatically.

www:/usr/sap/CRP/sapwebdisp # ./sapwebdisp -bootstrap
SAP Web Dispatcher Bootstrap
This bootstrap will perform the following steps:
1. create profile file "sapwebdisp.pfl"for SAP Web Dispatcher (if not already existing)
2. create user for web based administration in file "icmauth.txt"(if not already exisiting)
3. start SAP Web Dispatcher with the created profile
After the bootstrap you can use the web based administration
Generating Profile "sapwebdisp.pfl"
Hostname of Message Server (rdisp/mshost):
HTTP Port of Message Server (ms/http_port): 8100
Checking connection to message server...OK
Unique Instance Number for SAP Web Dispatcher (SAPSYSTEM): 00
HTTP port number for SAP Web Dispatcher: 8000
Create configuration for s(mall), m(edium), l(arge) system (default: medium): s
Profile "sapwebdisp.pfl" generated
Authentication file "icmauth.txt" generated
Web Administration user is "icmadm" with password "1871"
Restart sapwebdisp with profile: sapwebdisp.pfl
sapwebdisp started with new pid 25037
Please extract archive "icmadmin.SAR" to directory ./admin
Web administration accessable with "http://www:8000/sap/wdisp/admin/default.html"
SAP Web Dispatcher bootstrap ended (rc=0)
www:/usr/sap/CRP/sapwebdisp # *** SAP Web Dispatcher up and operational (pid: 25037) ***

You can press CTRL + C to stop the SAP Web Dispatcher.

To automatically start SAP Web Dispatcher I’ve created this script in “/etc/init.d/sapwebdisp”:

case "$1" in
if test -x /usr/sap/CRP/sapwebdisp/sapwebdisp ; then
echo "Starting SAP Web Dispatcher."
cd /usr/sap/CRP/sapwebdisp/
-f /usr/sap/CRP/sapwebdisp/dev_webdisp &
echo -n "Shutting down SAP Web Dispatcher:"
killproc -2 /usr/sap/CRP/sapwebdisp/sapwebdisp
echo "Usage: $0 {start|stop}"
exit 1
exit 0

Link the script to the runlevels you need it with:

insserv -d sapwebdisp

Setup URL Filter

  1. SAP Web Dispatcher permission table

D /sap/bc/bsp/sap/crm_svy_server/test*
P /sap/bc/bsp/sap/crm_svy_server/*
D *

With this configuration the Survey test page can not be accessed, Surveys can be accessed and no other pages can be accessed.

Finaly add this lines on the end of “sapwebdisp.pfl” to let the SAP Web Dispatcher take notice of the permission table:

  1. SAP Web Dispatcher as a URL Filter

wdisp/permission_table = urlfilter.pfl

Restart the SAP Web Dispatcher to activate this settings.

Configure Apache as reverse Proxy

You can find some reverse Proxy basics also here on SDN in [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] Weblog Series:

The Reverse Proxy Series — Part 1: Introduction

The Reverse Proxy Series — Part 2: IIS as a reverse-proxy</li>

<p>Because we’re already running an Apache web server for our public website on Port 80 we can not attach the SAP Web Dispatcher to it. So Apache had to act as a reverse Proxy to access the SAPWeb Dispatcher. Here is the VirtualHost configuration:</p>

<pre class=”sapCode”>
    DocumentRoot /srv/www/htdocs
    ErrorLog /var/log/httpd/
    CustomLog /var/log/httpd/ combined
    ProxyPass           / http://localhost:8000/
    ProxyPassReverse    / http://localhost:8000/

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

  1. Former Member

    Gregor:/sapwebdisp. The directory we install on DMZ webserver should have directory structre like you mentioned. Can the DW and UCLIB be extracted to any directory specific directory structure we like.

  2. Former Member
    Followed you instructions step-by-step, but am having troubles with teh web dispatcher shutting down immediately after I enter the ./sapwebdisp command.  Have you ever seen this before, and if so how have you gotten past this?
  3. Former Member
    hello gregor,

    what you are thinking about the note 898104 ?

    If your SAP Web dispatcher is executed separately in the DMZ, SAP recommends to use the non-Unicode version.


    1. Gregor Wolf Post author
      Hi Thomas,

      i was not aware of this recommendation. I’ve opened an OSS message asking SAP about the details and if there are problems with the non-unicode Web Dispatcher in front of a Unicode backend system.


  4. We have issue here is mostly related to external parties not being able to access the internal  servers where e.g. the surveys reside. 

    What is best option or the best practice to allow external people to Access Survey? Any Best Practice

    Appreciate your answer
    Irfan Bhimani

  5. Marisa Alejandra Alcaraz
    Hello Gregor,
    Many thanks for your blogs and inputs in SDN posts regarding to this matter.
    They were very useful since I’m blueprinting the survey scenario for customers via internet.

    Best regards,


Leave a Reply