Skip to Content

HTTPURLLOC demystified

Recently I had to configure table HTTPURLLOC in order to support a scenario where users were either accessing the system externally through a hardware reverse proxy connected to SAP Web Dispatcher or the SAP system directly. In this blog I want to share my experience with SCN members.

The first take away from this blog is that HTTPURLLOC can’t be used for switching from one protocol to another nor rewriting URLs, that happens elsewhere (e.g. Web Dispatcher modification rules, portal configuration, ICF node settings, etc). HTTPURLLOC has values with valid protocol, host and port combinations that can be used to generate URLs, otherwise the generic URL generation of the system is used. That is why HTTPURLLOC is called an exception table, not a URL generation table.

So now how does it work? Basically the system looks at the request object and tries to determine the requested host, this is usually the virtual host name, DNS alias, etc. which was requested by the client, e.g. the browser. This is the second take away. The host as requested by the client should be preserved throughout the request, even if there are other proxies, load balancers, etc. in the loop. If the client browser requests, this host should be visible in the request object of the SAP system. The only way to guarantee it is that all appliances/programs are instructed to preserve the host that was requested by the client. Apache has the PreserveProxyHost directive for it, Web Dispatcher does it automatically, others might require further configuration.

The third take away is that as with the host requested by the client, the protocol used by the client must be preserved as well. This is especially important if HTTPS is terminated before the request hits the SAP system. Again, configuration directives might be required to insure this. Apache has the RequestHeader directive which can be used to set variable clientprotocol to either HTTPS or HTTP depending on the scenario. Web Dispatcher does it automatically assuming wdisp/add_client_protocol_header is set to true, others might require further configuration.

The fourth take away is to understand how entries in HTTPURLLOC are matched against the request. The most important variable is the protocol, second most important variable is the host, third most important variable is the application and last one is the domain. If the client requested with protocol HTTPS and assuming that the host and protocol are preserved meaning the SAP system sees the original values, the HTTPURLLOC table is queried first for all entries that have the protocol HTTPS. Next the requested application is checked, then the domain and finally the host. There are several rules which will affect the end result meaning whether the entry in HTTPURLLOC will be used or not, the best way is to figure it out yourself by debugging method IF_HTTP_SERVER~GET_LOCATION_EXCEPTION of ABAP class CL_HTTP_SERVER.

The fifth take away is to understand that HTTPURLLOC is client specific and especially if you are using System Logon, you will have to configure HTTPURLLOC for client 000 as well as the clients you use.

The sixth and last take away is to understand that in case the requested host is unknown (it is possible in some scenarios), HTTPURLLOC will be queried based on the protocol and the first match will be used (in ascending order, based on SORT_KEY).

Update 11/22/14: in case you want to generate URLs in an offline scenario (background job, classic GUI transaction, basically anything where there is no IF_HTTP_SERVER object), you should create a default entry in HTTPURLLOC and set the SORT_KEY value to the smallest value of all entries. For example, if you want to generate all NWBC URLs with specific protocol, port and host values, create an entry with the lowest SORT_KEY value and set the application to /NWBC/. That way, regardless in which context the NWBC URL is generated, the URL to NWBC will be generated using the values you specified with the lowest SORT_KEY. The key here is to set a value for APPLICATION.

I hope this blog will save others time and headaches trying to figure out the mysteries of HTTPURLLOC. See also the official documentation on URL Generation in an AS-ABAP – Web Dispatcher Configuration.

You must be Logged on to comment or reply to a post.
  • Hi Samuli,

    this is a really nice article.

    I’ve worked with the HTTPURLLOC Table for scenarios like SNC Partner Access, FSCM Biller Direct etc.

    You know what would be the icing on the cake for this article explaining the HTTPURLLOC Table, if you were to add some examples of the usage, what the different columns are, what to put in each column and why, the sequence of the rows and the importance of the sequence of the rows etc. And pictures of the table in action, in the field of battle so to speak 🙂

    Therefore making this article into a nice introduction, explanation, overview and including annotated examples.

    Best regards,


    • Thanks Andy. I might do what you suggest and publish it as an document. I wrote this blog in 30 minutes after having completed the setup since I had everything fresh in my head. Writing a document takes longer because you have to prepare, setup and verify the test scenario, take screenshots, etc. but definitely something I will do assuming I have some spare time.

      • Hi Samuli,

        no problem whenever you have time.

        HTTPURLLOC is a very important tool when you have a setup including (reverse)proxies, load balancers, web dispatchers, url re-writing etc.

        And the devil as ever is in the detail, hence it would be the icing on the cake to have some examples here as described above, and have the end to end information for anybody touching this subject.

        Best regards,


    • Hi Tobias,

      very nice that’s exactly what I was thinking.

      Very nice link that’s for sharing.

      Samuli, Tobias has connected the dots and the article is complete.

      Best regards,


      • Indeed, I added the link to the documentation. Tobias, I agree the documentation is pretty good in this case, I still had to resort to debugging but it could also be because I work that way.