Problem :
You are using a Reverse Proxy or SAP Web Dispatcher to access the Portal and in the Security Audit Logs you want to capture the actual client IP address.
Solution:
Prerequisite - When SAP Web Dispatcher is used as reverse Proxy
1. Configure the proxy to send the IP address of the client in the X-Forwarded-For header.
When using SAP Web Dispatcher as Reverse Proxy the parameters that needs to added:
wdisp/add_client_protocol_header = true
wdisp/add_xforwardedfor_header = true
wdisp/handle_webdisp_ap_header = true
2. Set the property ClientIpHeaderName to X-Forwarded-For .
Navigate to /nwa -> configuration -> Infrastructure -> Java system properties -> tab 'Services'
HTTP provider -> properties -> ClientIpHeaderName
Modify -> set with value X-Forwarded-For -> Save
wdisp/add_client_protocol_header = true
wdisp/add_xforwardedfor_header = true
wdisp/handle_webdisp_ap_header = true
2. Set the property ClientIpHeaderName to X-Forwarded-For .
Navigate to /nwa -> configuration -> Infrastructure -> Java system properties -> tab 'Services'
HTTP provider -> properties -> ClientIpHeaderName
Modify -> set with value X-Forwarded-For -> Save
3. To enable the use of the X-Forwarded-For header as provider of the terminal client IP address, the following parameter needs to be set in the ABAP app server:
icm/use_xforwardedfor_header = true
3. Restart to take effect
Note : For 3rd Party reverse proxy please refer the reverse proxy document, else step 2 and 3 will be the same.
No comments:
Post a Comment