Why not to use /nwbc to access NWBC?
In this blog I will share a couple of reasons why not to use the default ICF External Alias, from now on alias, /nwbc to access NWBC and why instead you should create a custom one.
List of reasons why not to use /nwbc
- /nwbc is the default, standard, out-of-the-box, alias and it belongs to SAP. Should SAP ever change it, any configuration done to the alias would be gone.
- This is a logical outcome of the previous step, since /nwbc belongs to SAP any change done to it is considered a modification, e.g. repair (bad).
- /nwbc is the first entry point hackers are looking for should your system be externally accessible.
- Using the default is not cool.
Instead of using the default alias /nwbc, create a custom one. Call it for example /z<customer>/nwbc or at least /znwbc. On how to create a custom alias to access NWBC, see How to configure a custom ICF External Alias to access NWBC.