Parameter | Recommended Value | Description |
is/HTTP/show_server_header | FALSE | Prohibits information disclosure by the Web Dispatcher Server Header. |
is/HTTP/show_detailed_errors | FALSE | Prohibits information disclosure by Web Dispatcher Error Messages. |
icm/SMTP/show_server_header | FALSE | Prohibits information disclosure by the Internet Communication Manager (ICM) Server Header. |
icm/HTTP/auth_<x> | PREFIX=/,PERMFILE=/<filepath>/permfile,FILTER=SAP | Enables URL Filtering through the Authorization Handler (ideally in the form of a URL Whitelist, so that everything else unknown will be blocked). Web Dispatchers less than 7.31: Do an update urgently or use wdisp/permission_table instead. |
icm/HTTP/admin_<x> | 1.) Should contain CLIENTHOST=<IP Adresse(s) of Admin Clients, semicolon separated> | Restricts administrative access to a defined admin client. |
icm/HTTP/error_templ_path | /usr/sap/<SID>/<Instance>/data/icmerror | Redirects the disclosure of error information to an individual error page (this can be a blank one). |
rdisp/TRACE_HIDE_SEC_DATA | 1 | Disables sensitive personal information such as security session cookies in HTTP request/response traces. |
icm/trace_secured_data | 0 | Deactivates the display of HTTPS data packages in ICM traces. |
icm/accept_forwarded_cert_via_http | 0 | Disables HTTPS certificate forwarding as HTTP header. |
icm/trusted_reverse_proxy_<x> | Should not contain wildcards (*) for SUBJECT or ISSUER | Trusts only selected Reverse Proxys. |
icm/server_port_<x> | should contain PROT=HTTPS (instead of HTTP) | Protects the Server Port using HTTPS. |
Parameter has been removed in the current version of the template. |
#-----------------------------------------------------------------------
# SAP Web Dispatcher Security Configuration
#-----------------------------------------------------------------------
# For Monitoring with Solution Manager, the Security Configuration
# is located in the Default Profile (DEFAULT.pfl)
# Do NOT use the following Parameters in this Instance Profile:
# is/HTTP/show_server_header
# is/HTTP/show_detailed_error
# icm/SMTP/show_server_header
# icm/HTTP/auth_<x>
# icm/HTTP/admin_<x>
# icm/HTTP/error_templ_path
# rdisp/TRACE_HIDE_SEC_DATA
# icm/trace_secured_data
# icm/accept_forwarded_cert_via_http
# icm/trusted_reverse_proxy_<x>
# icm/server_port_<x>
#-----------------------------------------------------------------------
# SAP Web Dispatcher Ports
#-----------------------------------------------------------------------
# -> Default Profile (DEFAULT.pfl)
#-----------------------------------------------------------------------
# SAP Web Dispatcher Administration
#-----------------------------------------------------------------------
# -> Default Profile (DEFAULT.pfl)
#-----------------------------------------------------------------------
#-----------------------------------------------------------------------
# SAP Web Dispatcher Security Configuration
#-----------------------------------------------------------------------
# For Monitoring with Solution Manager, the Security Configuration
# is located in this Default Profile.
# Do NOT overwrite the following Parameters in the Instance Profile:
is/HTTP/show_server_header = FALSE
is/HTTP/show_detailed_errors = FALSE
icm/SMTP/show_server_header = FALSE
icm/HTTP/auth_0 = PREFIX=/,PERMFILE=/sapmnt/<SID>/profile/permfile,FILTER=SAP
icm/HTTP/error_templ_path = /usr/sap/<SID>/<Instance>/data/icmerror
rdisp/TRACE_HIDE_SEC_DATA = 1
icm/trace_secured_data = 0
icm/accept_forwarded_cert_via_http = 0
icm/trusted_reverse_proxy_0 = SUBJECT="",ISSUER=""
#-----------------------------------------------------------------------
# SAP Web Dispatcher Ports
#-----------------------------------------------------------------------
icm/server_port_0 = PROT=HTTPS,PORT=<Port>
#-----------------------------------------------------------------------
# SAP Web Dispatcher Administration
#-----------------------------------------------------------------------
icm/HTTP/admin_0 = PREFIX=/sap/wdisp/admin,DOCROOT=$(DIR_DATA)$(DIR_SEP)icmandir,AUTHFILE=$(icm/authfile),CLIENTHOST=<IP address>
#-----------------------------------------------------------------------#
Line Content | Operator | Operator Pattern |
is/HTTP/show_server_header = FALSE | = | is/HTTP/show_server_header = FALSE |
is/HTTP/show_detailed_errors = FALSE | = | is/HTTP/show_detailed_errors = FALSE |
icm/SMTP/show_server_header = FALSE | = | icm/SMTP/show_server_header = FALSE |
icm/HTTP/auth_0 | Regex | .*profile/permfile,FILTER=SAP |
icm/HTTP/admin_0 | Regex | .*CLIENTHOST=.* |
icm/HTTP/error_templ_path | Regex | .*/data/icmerror |
rdisp/TRACE_HIDE_SEC_DATA = 1 | = | rdisp/TRACE_HIDE_SEC_DATA = 1 |
icm/trace_secured_data = 0 | = | icm/trace_secured_data = 0 |
icm/accept_forwarded_cert_via_http = 0 | = | icm/accept_forwarded_cert_via_http = 0 |
icm/trusted_reverse_proxy_0 | Regex | ^.*(ISSUER|SUBJECT)[^*]+$ |
icm/server_port_0 | Regex | .*icm/server_port_0 = PROT=HTTPS.* |
icm/server_port_1 | Regex | .*icm/server_port_1 = PROT=HTTPS.* |
icm/server_port_2 | Regex | .*icm/server_port_2 = PROT=HTTPS.* |
Removed rows (Context Menu - Remove Drilldown) | Added rows (Navigation Block - Free Characteristics - Drilldown in the Rows) | Filtered rows (Context Menu - Select Filter Value) |
|
|
|
How to create fiori-based Security Dashboards in Solution Manager Dashboard Builder: https://blogs.sap.com/2019/04/26/how-to-create-fiori-based-security-dashboards-in-solution-manager-d...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
11 | |
6 | |
5 | |
5 | |
4 | |
4 | |
4 | |
3 | |
3 | |
3 |