Additional Blogs by Members
cancel
Showing results for 
Search instead for 
Did you mean: 
gregorw
Active Contributor

Business case


We are going to provide CRM Survey’s via personalized Mails to external Customers. The Link had to access our internal SAP CRM Web AS 6.20. To make this secure I had to make sure that only the Survey URL can be called. I’ve installed the SAP Web Dispatcher and configured the URL Filter.


Network Layout



Internet
 

Firewall---web server in DMZ (www.test.com)
-
Internal Network
 
CRM Server   Other Servers and Clients
(crm.test.com)


The web server is running SuSE Linux 9.0 with an Apache web server. The web server is accessible from the Internet via HTTP and HTTPS on the default Ports 80 and 443.


Prerequisites


DNS Setup


To avoid problems with different Hostnames the Name of the Web AS in the Internet has to be the same as in the Intranet. With the separate name we can configure a VirtualServer in Apache. I set up this DNS entries:



    • External DNS: crm.test.com is a Alias to www.test.com

    • Internal DNS crm.test.com resolves to the IP Address of the Server i. e. 192.168.2.2

    • Webserver /etc/hosts 192.168.2.2 crm crm.test.com



With this configuration you can use the Name crm.test.com during the Web Dispatcher configuration.


Ports


Check out the SAP Web Dispatcher Documentation for an overview of the functionality.


Preparation



Download the latest available DW Package and Unicode Library (uclib) from http://service.sap.com/patches/ -> Support Packages and Patches -> SAP NetWeaver -> SAP NETWEAVER -> SAP NETWEAVER 04 -> Entry by Component -> Application Server ABAP -> SAP KERNEL 6.40 32-BIT UNICODE -> Linux on IA32 32bit -> #Database independent: dw_94-20000247.SAR and UCLIB_3-20000247.SARRead Note 552286</li>
</ul>


Implementation


After the preparation you can run the Command “./sapwebdisp –bootstrap" to create a basic Web Dispatcher configuration. During the run you have to provide:




    1. Hostname of Message Server

    2. HTTP Port of Message Server

    3. Instance Number for SAP Web Dispatcher

    4. HTTP Port SAP Web Dispatcher

    5. Type of Configuration (small, medium, large)



When everything’s fine the Profile file “sapwebdisp.pfl” will be created and the Password of the Administration User “icmadm” will be returned. Please make sure to note this password. The SAP Web Dispatcher will be started automatically.




www:/usr/sap/CRP/sapwebdisp # ./sapwebdisp -bootstrap
SAP Web Dispatcher Bootstrap
============================
 
This bootstrap will perform the following steps:
1. create profile file "sapwebdisp.pfl"for SAP Web Dispatcher (if not already existing)
2. create user for web based administration in file "icmauth.txt"(if not already exisiting)
3. start SAP Web Dispatcher with the created profile
 
After the bootstrap you can use the web based administration
 
Generating Profile "sapwebdisp.pfl"
Hostname of Message Server (rdisp/mshost): crm.test.com
HTTP Port of Message Server (ms/http_port): 8100
Checking connection to message server...OK
Unique Instance Number for SAP Web Dispatcher (SAPSYSTEM): 00
HTTP port number for SAP Web Dispatcher: 8000
Create configuration for s(mall), m(edium), l(arge) system (default: medium): s
Profile "sapwebdisp.pfl" generated
Authentication file "icmauth.txt" generated
Web Administration user is "icmadm" with password "1871"
Restart sapwebdisp with profile: sapwebdisp.pfl
sapwebdisp started with new pid 25037
Please extract archive "icmadmin.SAR" to directory ./admin
Web administration accessable with "http://www:8000/sap/wdisp/admin/default.html"
 
SAP Web Dispatcher bootstrap ended (rc=0)
www:/usr/sap/CRP/sapwebdisp # *** SAP Web Dispatcher up and operational (pid: 25037) ***


You can press CTRL + C to stop the SAP Web Dispatcher.



To automatically start SAP Web Dispatcher I’ve created this script in “/etc/init.d/sapwebdisp”:




#!/bin/sh
 
case "$1" in
start)
if test -x /usr/sap/CRP/sapwebdisp/sapwebdisp ; then
echo "Starting SAP Web Dispatcher."
cd /usr/sap/CRP/sapwebdisp/
/usr/sap/CRP/sapwebdisp/sapwebdisp
pf=/usr/sap/CRP/sapwebdisp/sapwebdisp.pfl
-auto_restart
-f /usr/sap/CRP/sapwebdisp/dev_webdisp &
fi
;;
stop)
echo -n "Shutting down SAP Web Dispatcher:"
killproc -2 /usr/sap/CRP/sapwebdisp/sapwebdisp
echo
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
 
exit 0


Link the script to the runlevels you need it with:




insserv -d sapwebdisp


Setup URL Filter


  1. SAP Web Dispatcher permission table
D /sap/bc/bsp/sap/crm_svy_server/test*
P /sap/bc/bsp/sap/crm_svy_server/*
D *


With this configuration the Survey test page can not be accessed, Surveys can be accessed and no other pages can be accessed.



Finaly add this lines on the end of “sapwebdisp.pfl” to let the SAP Web Dispatcher take notice of the permission table:




  1. SAP Web Dispatcher as a URL Filter
wdisp/permission_table = urlfilter.pfl


Restart the SAP Web Dispatcher to activate this settings.


Configure Apache as reverse Proxy


You can find some reverse Proxy basics also here on SDN in https://weblogs.sdn.sap.com/pub/u/12086 [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] [original link is broken] Weblog Series:




The Reverse Proxy Series -- Part 1: Introduction

The Reverse Proxy Series -- Part 2: IIS as a reverse-proxy</li>
</ul>


<p>Because we’re already running an Apache web server for our public website on Port 80 we can not attach the SAP Web Dispatcher to it. So Apache had to act as a reverse Proxy to access the SAPWeb Dispatcher. Here is the VirtualHost configuration:</p>


<pre class="sapCode">
<VirtualHost 192.168.1.2>
    DocumentRoot /srv/www/htdocs
    ServerName crm.test.com
    ErrorLog /var/log/httpd/host.crm.test.com-error_log
    CustomLog /var/log/httpd/host.crm.test.com-access_log combined
    ProxyPass           / http://localhost:8000/
    ProxyPassReverse    / http://localhost:8000/
</VirtualHost>
</pre>
9 Comments